Content of the invention
It is an object of the invention to provide the method and device that concludes the business on a kind of block chain, it is intended to solve the friendship on block chain
The big problem of loaded down with trivial details, overhead easy to operate.
For achieving the above object, the present invention provides a kind of method that concludes the business on block chain, the side concluded the business on the block chain
Method includes:
S1, after certificate revocation list is published on block chain by certificate authority, the synchronous card of the block chain
Each node of book revocation list to the block chain;
S2, after the intelligent contract on the node receives the transaction request for carrying parameter transaction, accesses the block
Authority on chain revokes system, and the certificate revocation that is revoked based on the authority on system, the parameter transaction and the node is clear
The authority of transaction request described in single pair of is verified, is responded or transaction request described in refusal respond according to the result.
Preferably, step S2 includes:
S21, revokes system by the authority and the parameter transaction is parsed;
S22, when parsing obtains certificate information and certificate authority, whether the analysis certificate information belongs to the certificate is hung
Certificate revocation information in pin inventory, is verified with the authority to the transaction request;
S23, if the certificate information belongs to the certificate revocation information in the certificate revocation list, refusal respond institute
State transaction request;
S24, if the certificate information belongs to the non-certificate revocation information in the certificate revocation list, responds the friendship
Easily ask.
Preferably, in the certificate revocation list, also record has whether the corresponding each fraction limit of non-certificate revocation information is hung
The information of pin, then step S24 also include:
Corresponding for non-certificate revocation information each fraction limit is not respectively revoked card with the certificate revocation list by S241 respectively
Letter ceases corresponding certificate authority and compares;
S242, if there is fraction limit not to be revoked, responds the transaction request;
S243, if each fraction limit is revoked, transaction request described in refusal respond.
Preferably, after step S21, also include:
If not obtaining the certificate authority, transaction request described in refusal respond after parsing.
For achieving the above object, the present invention also provides the device that concludes the business on a kind of block chain, transaction on the block chain
Device includes:
Synchronization module, for after certificate revocation list is published on block chain by certificate authority, the block chain
Each node of the synchronous certificate revocation list to the block chain;
Transaction modules, for, after the intelligent contract on the node receives the transaction request for carrying parameter transaction, visiting
Ask that the authority on the block chain revokes system, revoked on system, the parameter transaction and the node based on the authority
Certificate revocation list is verified to the authority of the transaction request, is responded according to the result or transaction described in refusal respond please
Ask.
Preferably, the transaction modules include:
Access unit, parses to the parameter transaction for revoking system by the authority;
Authentication unit, for when parsing obtains certificate information and certificate authority, analyzing whether the certificate information belongs to
Certificate revocation information in the certificate revocation list, is verified with the authority to the transaction request;
First processing units, if belong to the letter of certificate revocation in the certificate revocation list for the certificate information
Cease, then transaction request described in refusal respond;
Second processing unit, if belong to the non-certificate revocation letter in the certificate revocation list for the certificate information
Breath, then respond the transaction request.
Preferably, in the certificate revocation list, also record has whether the corresponding each fraction limit of non-certificate revocation information is hung
The information of pin, the second processing unit also include:
Compare subelement, for by corresponding for non-certificate revocation information each fraction limit respectively with the certificate revocation list in
Respectively the corresponding certificate authority of non-certificate revocation information is compared;
3rd processes subelement, if for there is fraction limit not to be revoked, responding the transaction request;
Fourth process subelement, if be revoked for each fraction limit, transaction request described in refusal respond.
Preferably, the transaction modules are further included:5th processing unit, if for parsing after do not obtain the certificate
Authority, then transaction request described in refusal respond.
The invention has the beneficial effects as follows:After the certificate revocation list of the present invention is published to block chain, block chain is by its synchronization
To each node of block chain, will certificate revocation list be stored directly on block chain, when intelligent contract receive transaction please
When asking, directly on block chain, certificate revocation list can be obtained in real time, system, transaction request are revoked according to the authority for being accessed
The parameter transaction of middle carrying is verified to the authority of the transaction request with certificate revocation list, it is not necessary to believable by one
Mechanism inquires about the authority of transaction from CA so that transactional operation is simple and efficient, mitigates overhead.
Specific embodiment
The principle and feature of the present invention are described below in conjunction with accompanying drawing, example is served only for explaining the present invention, and
Non- for limiting the scope of the present invention.
As shown in figure 1, Fig. 1 is the schematic flow sheet of one embodiment of method that concludes the business on block chain of the present invention, the block chain
The method of upper transaction is comprised the following steps:
Step S1, after certificate revocation list is published on block chain by certificate authority, the block chain synchronization institute
Certificate revocation list is stated to each node of the block chain;
Block chain (Blockchain) be by the data chunk for being produced using cryptography method for a string into, each block
The cryptographic Hash (hash) of a block is contained, and current block, shape is initially connected to from original block (genesis block)
Blocking chain.Block chain is also the distributed data base system participated in by node, is substantially the database account of a decentralization
This, records all of transaction record, and by taking the block chain of bit coin as an example, each person of participating in business is the section of block network
Point, each node have a complete public account book backup, have recite all of transaction letter since being born from bit coin above
Breath.Any one node initiates each node that trading activity is required for being delivered to relevant information in block network, so as to
Account book on all nodes can be verified this transaction behavior and accurately update.Additionally, account book is blockette storage, with
The increase of transaction, new data block can be attached on already present chain, form chain structure.
After certificate revocation list is published on block chain by certificate authority, block chain can utilize the equity of itself
(Peer-to-peer, P2P) network and common recognition algorithm are synchronized to certificate revocation list on each node of block chain, will demonstrate,prove
Book revocation list is propagated on each node of block chain.Wherein, preserve in certificate revocation list and hung by certificate authority
Each certificate revocation information and non-certificate revocation information not being revoked of pin, if certificate information has been revoked, does not have
The corresponding intelligent contract of execution is had permission, i.e., is traded without authority, if certificate information is not revoked, i.e., certificate revocation is clear
The not certificate information in list, then have permission the corresponding intelligent contract of execution, that is, have permission and be traded.
In addition, the information of certificate revocation in certificate revocation list is it may happen that change, and now, certificate authority meeting
Issuing one and the certificate revocation list after updating being carried to block chain, the certificate revocation list of storage is replaced with renewal by block chain again
Certificate revocation list afterwards, or according to renewal after certificate revocation list change storage certificate revocation list.
Step S2, after the intelligent contract on the node receives the transaction request for carrying parameter transaction, accesses described
Authority on block chain revokes system, revokes the certificate on system, the parameter transaction and the node based on the authority and hangs
Pin inventory is verified to the authority of the transaction request, is responded or transaction request described in refusal respond according to the result.
In the present embodiment, the intelligent contract that each node on block chain can be on storage running block chain, an intelligence
Contract is a set of promise (promises) for defining in digital form, can execute these promises above including contract participant
Agreement.When the transaction request of a carrying parameter transaction is passed on the node of block chain, this parameter transaction can be recorded
To in the corresponding transaction journal of the node and pass to intelligent contract corresponding with the parameter transaction simultaneously to go to run, and by the transaction
Code on the corresponding intelligent contract of parameter is updated to its data of intelligent contract.
Wherein, parameter transaction includes that certificate information and corresponding certificate authority, certificate information include certification authority, card
Preface row number, validity period of certificate, user profile of certificate holder etc..
After the intelligent contract on node receives the transaction request for carrying parameter transaction, by accessing the power on block chain
Limit is revoked system and has been possible to card to obtain in the certificate information in parameter transaction and corresponding certificate authority, but the parameter transaction
Book authority is also possible to without certificate authority.Authority revokes system for processing the authority matters of correlation, and such as authority is revoked and is
System can execute and parameter transaction is parsed etc..When the authority to transaction request is verified, if it is possible to from transaction ginseng
Certificate information and certificate authority is got in number, then by the certificate revocation list on corresponding with intelligent contract for certificate information node
In the information of certificate revocation compare, to verify that whether the certificate information is certificate revocation information, if certificate letter
Breath is certificate revocation information, then the transaction request lack of competence is traded, if the certificate information is not certificate revocation letter
Breath, then the transaction request has permission and is traded.
Compared with prior art, after the certificate revocation list of the present embodiment is published to block chain, block chain is synchronized to
Each node of block chain, will certificate revocation list be stored directly on block chain, when intelligent contract receives transaction request
When, system, transaction request can be revoked according to the authority for being accessed from directly certificate revocation list being obtained in real time on block chain
The parameter transaction of middle carrying is verified to the authority of the transaction request with certificate revocation list, it is not necessary to believable by one
Mechanism inquires about the authority of transaction from CA so that transactional operation is simple and efficient, mitigates overhead.
In a preferred embodiment, as shown in Fig. 2 on the basis of the embodiment of above-mentioned Fig. 1, above-mentioned steps S2 enter one
Step includes:
S21, revokes system by the authority and the parameter transaction is parsed;
S22, when parsing obtains certificate information and certificate authority, whether the analysis certificate information belongs to the certificate is hung
Certificate revocation information in pin inventory, is verified with the authority to the transaction request;
S23, if the certificate information belongs to the certificate revocation information in the certificate revocation list, refusal respond institute
State transaction request;
S24, if the certificate information belongs to the non-certificate revocation information in the certificate revocation list, responds the friendship
Easily ask.
In the present embodiment, if the intelligent contract for running on the node of block chain or storing receives carrying parameter transaction
After transaction request, the authority on the block chain chain can be accessed by predetermined address and system be revoked with to the transaction request
Authority verified, specifically, access the block chain chain on authority revoke system when, by authority revoke system to transaction
Parameter is parsed, if parsing obtains certificate information but do not parse obtaining certificate authority, the transaction request lack of competence is described
It is traded, the transaction request refused by intelligent contract;If parsing obtains certificate information and certificate authority, further analysis is demonstrate,proved
Whether letter breath belongs to the certificate revocation information in certificate revocation list, specifically, can be by certificate information and certificate revocation
The information of certificate revocation in inventory is compared one by one, to determine whether the certificate information belongs to revoking in revocation list
Certificate information.If certificate information belongs to the certificate revocation information in certificate revocation list, the transaction request lack of competence is carried out
Transaction, intelligent contract refusal respond transaction request;If certificate information is not belonging to the certificate revocation in certificate revocation list
Information, then the transaction request have permission and be traded, intelligent contract responds the transaction request.
In addition, if can only parse from parameter transaction obtaining certificate information, but fail to access certificate authority after parsing,
Then also lack of competence is traded the transaction request.
The present embodiment revokes system when the authority to transaction request is verified by accessing the authority on block chain,
System is revoked by authority to parse parameter transaction, when parsing obtains certificate information and certificate authority, by certificate of analysis
Whether information belongs to the information of certificate revocation in certificate revocation list to verify the authority of transaction request, it is possible to increase
The speed of transaction data process.
In a preferred embodiment, as shown in figure 3, on the basis of the embodiment of above-mentioned Fig. 2, in certificate revocation list
The information whether corresponding each fraction limit of non-certificate revocation information is revoked can also be recorded, in this embodiment, if detection
The certificate revocation information being not belonging to the certificate information in the certificate revocation list, then step S24 can also enter
One step comprises the steps:
Step S241, by corresponding for non-certificate revocation information each fraction limit respectively with respectively do not hang in the certificate revocation list
The corresponding certificate authority of pin certificate information is compared, and determines whether the fraction limit is revoked.If so, step is then entered
S242, otherwise, execution step S243.
Step S242, responds the transaction request.
Step S243, transaction request described in refusal respond.
In the present embodiment, in certificate revocation list, record has whether the corresponding each fraction limit of non-certificate revocation information is revoked
Information, that is, record the information that each fraction limit has been revoked or do not revoked.
In the present embodiment, a certificate information corresponds to multiple fractions limits, in order that user is revoked in part fraction limit
Afterwards, other certificate authority affairs can also be executed on block chain by certificate information, the present embodiment is in certificate revocation list
The information that whether corresponding each fraction limit is revoked under certificate information is have recorded, if certificate information is not revoked, further
By corresponding for non-certificate revocation information each fraction limit corresponding certificate of non-certificate revocation information each with certificate revocation list respectively
Authority is compared, if there is fraction limit not revoke, response transaction is asked, if each fraction limit is revoked, refusal respond is handed over
Easily ask.
As shown in figure 4, Fig. 4 is the structural representation of one embodiment of device that concludes the business on block chain of the present invention, the block chain
The device of upper transaction includes:
Synchronization module 101, for after certificate revocation list is published on block chain by certificate authority, the block
Each node of the synchronous certificate revocation list to the block chain of chain;
Block chain (Blockchain) be by the data chunk for being produced using cryptography method for a string into, each block
The cryptographic Hash (hash) of a block is contained, and current block, shape is initially connected to from original block (genesis block)
Blocking chain.Block chain is also the distributed data base system participated in by node, is substantially the database account of a decentralization
This, records all of transaction record, and by taking the block chain of bit coin as an example, each person of participating in business is the section of block network
Point, each node have a complete public account book backup, have recite all of transaction letter since being born from bit coin above
Breath.Any one node initiates each node that trading activity is required for being delivered to relevant information in block network, so as to
Account book on all nodes can be verified this transaction behavior and accurately update.Additionally, account book is blockette storage, with
The increase of transaction, new data block can be attached on already present chain, form chain structure.
After certificate revocation list is published on block chain by certificate authority, block chain can utilize the equity of itself
(Peer-to-peer, P2P) network and common recognition algorithm are synchronized to certificate revocation list on each node of block chain, will demonstrate,prove
Book revocation list is propagated on each node of block chain.Wherein, preserve in certificate revocation list and hung by certificate authority
Each certificate revocation information and non-certificate revocation information not being revoked of pin, if certificate information has been revoked, does not have
The corresponding intelligent contract of execution is had permission, i.e., is traded without authority, if certificate information is not revoked, i.e., certificate revocation is clear
The not certificate information in list, then have permission the corresponding intelligent contract of execution, that is, have permission and be traded.
In addition, the information of certificate revocation in certificate revocation list is it may happen that change, and now, certificate authority meeting
Issuing one and the certificate revocation list after updating being carried to block chain, the certificate revocation list of storage is replaced with renewal by block chain again
Certificate revocation list afterwards, or according to renewal after certificate revocation list change storage certificate revocation list.
Transaction modules 102, for when the intelligent contract on the node receive carry parameter transaction transaction request after,
The authority accessed on the block chain revokes system, is revoked on system, the parameter transaction and the node based on the authority
Certificate revocation list the authority of the transaction request is verified, according to the result respond or refusal respond described in conclude the business
Request.
In the present embodiment, the intelligent contract that each node on block chain can be on storage running block chain, an intelligence
Contract is a set of promise (promises) for defining in digital form, can execute these promises above including contract participant
Agreement.When the transaction request of a carrying parameter transaction is passed on the node of block chain, this parameter transaction can be recorded
To in the corresponding transaction journal of the node and pass to intelligent contract corresponding with the parameter transaction simultaneously to go to run, and by the transaction
Code on the corresponding intelligent contract of parameter is updated to its data of intelligent contract.
Wherein, parameter transaction includes that certificate information and corresponding certificate authority, certificate information include certification authority, card
Preface row number, validity period of certificate, user profile of certificate holder etc..
After the intelligent contract on node receives the transaction request for carrying parameter transaction, by accessing the power on block chain
Limit is revoked system and has been possible to card to obtain in the certificate information in parameter transaction and corresponding certificate authority, but the parameter transaction
Book authority is also possible to without certificate authority, and authority revokes system for processing the authority matters of correlation, and such as authority is revoked and is
System can execute and parameter transaction is parsed etc..When the authority to transaction request is verified, if it is possible to from transaction ginseng
Certificate information and certificate authority is got in number, then by the certificate revocation list on corresponding with intelligent contract for certificate information node
In the information of certificate revocation compare, to verify that whether the certificate information is certificate revocation information, if certificate letter
Breath is certificate revocation information, then the transaction request lack of competence is traded, if the certificate information is not certificate revocation letter
Breath, then the transaction request has permission and is traded.
In a preferred embodiment, on the basis of the embodiment of above-mentioned Fig. 4, above-mentioned transaction modules 102 are further wrapped
Include:
Access unit, parses to the parameter transaction for revoking system by the authority;
Authentication unit, for when parsing obtains certificate information and certificate authority, analyzing whether the certificate information belongs to
Certificate revocation information in the certificate revocation list, is verified with the authority to the transaction request;
First processing units, if belong to the letter of certificate revocation in the certificate revocation list for the certificate information
Cease, then transaction request described in refusal respond;
Second processing unit, if belong to the non-certificate revocation letter in the certificate revocation list for the certificate information
Breath, then respond the transaction request.
In the present embodiment, if the intelligent contract for running on the node of block chain or storing receives carrying parameter transaction
After transaction request, the authority on the block chain chain can be accessed by predetermined address and system be revoked with to the transaction request
Authority verified, specifically, access the block chain chain on authority revoke system when, by authority revoke system to transaction
Parameter is parsed, if parsing obtains certificate information but do not parse obtaining certificate authority, the transaction request lack of competence is described
It is traded, the transaction request refused by intelligent contract;If parsing obtains certificate information and certificate authority, further analysis is demonstrate,proved
Whether letter breath belongs to the certificate revocation information in certificate revocation list, specifically, can be by certificate information and certificate revocation
The information of certificate revocation in inventory is compared one by one, to determine whether the certificate information belongs to revoking in revocation list
Certificate information.If certificate information belongs to the certificate revocation information in certificate revocation list, the transaction request lack of competence is carried out
Transaction, intelligent contract refusal respond transaction request;If certificate information is not belonging to the certificate revocation in certificate revocation list
Information, then the transaction request have permission and be traded, intelligent contract responds the transaction request.
In addition, if can only parse from parameter transaction obtaining certificate information, but fail to access certificate authority after parsing,
Then also lack of competence is traded the transaction request.
The present embodiment revokes system when the authority to transaction request is verified by accessing the authority on block chain,
System is revoked by authority to parse parameter transaction, when parsing obtains certificate information and certificate authority, by certificate of analysis
Whether information belongs to the information of certificate revocation in certificate revocation list to verify the authority of transaction request, it is possible to increase
The speed of transaction data process.
In a preferred embodiment, on the basis of the above embodiments, in certificate revocation list, also record does not hang
The information whether corresponding each fraction limit of pin certificate information is revoked, if the certificate information belongs to non-certificate revocation information, institute
Stating second processing unit includes:
Compare subelement, for by corresponding for non-certificate revocation information each fraction limit respectively with the certificate revocation list in
Respectively the corresponding certificate authority of non-certificate revocation information is compared;
3rd processes subelement, if for there is fraction limit not revoke, responding the transaction request;
Fourth process subelement, if revoked for each fraction limit, transaction request described in refusal respond.
In the present embodiment, a certificate information corresponds to multiple fractions limits, in order that user is revoked in part fraction limit
Afterwards, other certificate authority affairs can also be executed on block chain by certificate information, the present embodiment is in certificate revocation list
The information that whether corresponding each fraction limit is revoked under certificate information is have recorded, if certificate information is not revoked, further
By corresponding for non-certificate revocation information each fraction limit corresponding certificate of non-certificate revocation information each with certificate revocation list respectively
Authority is compared, if there is fraction limit not revoke, response transaction is asked, if each fraction limit is revoked, refusal respond is handed over
Easily ask.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all spirit in the present invention and
Within principle, any modification, equivalent substitution and improvements that is made etc. should be included within the scope of the present invention.