CN107769922A - Block chain safety management system and method - Google Patents
Block chain safety management system and method Download PDFInfo
- Publication number
- CN107769922A CN107769922A CN201711054192.4A CN201711054192A CN107769922A CN 107769922 A CN107769922 A CN 107769922A CN 201711054192 A CN201711054192 A CN 201711054192A CN 107769922 A CN107769922 A CN 107769922A
- Authority
- CN
- China
- Prior art keywords
- book keeping
- keeping operation
- qualification
- operation person
- person
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0847—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The present invention provides a kind of block chain safety management system and method, wherein authorities are responsible for the book keeping operation qualification of each book keeping operation person;Each book keeping operation person by the information package in its public key and the chain to be recorded to block into new block, to release after being signed with its private key to the information.Participating in each node of block chain will only be recorded in chain from the block for possessing book keeping operation qualification and the effective book keeping operation person of its digital signature.The system effectively supervises user and book keeping operation person's identity using authorities, and the restriction of the book keeping operation qualification for book keeping operation person prevents bad book keeping operation person to disturb the normal operation of block catenary system, improves stability and security.
Description
Technical field
The present invention relates to the safety management system and method for block chain technology, more particularly, to block chain.
Background technology
Block chain is a kind of chained record knot for being sequentially in time combined into data block in a manner of being sequentially connected
Structure, and the distributed accounting system that can not be distorted He can not forge ensured in a manner of cryptography.Block generally wraps in structure
Include build (header) and block (body) two parts.Build is used to be linked to block above, and the Transaction Information of block record is
A upper block formed after, the block be created before generation all exchange of value activities, this feature ensure that database
Integrality.Block chain uses distributed book keeping operation mode, and transaction every time is only included in block chain (hereinafter referred to as by book keeping operation person
Cochain) just come into force at last.Transaction book keeping operation is completed jointly by the multiple nodes for being distributed in different places, and each node is remembered
Record is complete account, and each node also verifies the correctness of other nodes records results participate in recording while.
Only when the whole network major part node (or even all nodes) all thinks that this records correct simultaneously, or all participation records
Node all comparison results adopt unanimously after, the authenticity of record can just obtain the whole network accreditation, and record data just allows cochain.
The mode of block chain generally use full energy matries, user anonymously (such as can be remembered by the node with book keeping operation power
Account person) transaction is included in block chain, any node can strive for the power of book keeping operation by competition mechanism that block chain is set or rule
Profit.Regardless of whether it is user or book keeping operation person, its identity disguise is all very strong, therefore is difficult to find and chase after in time in block chain
Track user or the malfeasance of book keeping operation person, it is also difficult to effectively prevent the operation of illegal book keeping operation person's malicious interference block catenary system.
The content of the invention
Therefore, a kind of it is an object of the invention to overcome above-mentioned prior art the defects of, there is provided safe block chain management
System and method.
The purpose of the present invention is achieved through the following technical solutions:
On the one hand, the invention provides a kind of block chain safety management system, the system to include authorities and book keeping operation person, institute
State the book keeping operation qualification that authorities are used to manage each book keeping operation person;Each book keeping operation person is used in response to receiving in the chain to be recorded to block
Information generate and issue new block, the public key of the block including the book keeping operation person, described information and with corresponding with the public key
The digital signature that is generated to described information of private key;Wherein, it is only from possessing book keeping operation qualification and its digital signature is effectively kept accounts
The block of person is allowed to record into block chain.
In said system, the public key and private key of the book keeping operation person can be generated by authorities, the book keeping operation with book keeping operation person
The related information of qualification is included in book keeping operation person's public key.
In said system, authorities can be in response to the request of book keeping operation person, the identity encryption to book keeping operation person, and is adding
The information related to the book keeping operation qualification of the book keeping operation person is filled in ciphertext data after close to obtain the public key of the book keeping operation person;And profit
Private key corresponding with the public key is produced with Identity Based Cryptography algorithm.
In said system, the information related to the book keeping operation qualification of book keeping operation person may include the beginning and ending time of book keeping operation qualification or expire
Time.
In said system, the public key and private key of the book keeping operation person can locally be generated by book keeping operation person, the book keeping operation person
Its public key and/or identity are sent to authorities to ask qualification of keeping accounts.
In said system, authorities can issue the information related to the book keeping operation qualification of book keeping operation person into block chain, described
The information related to the book keeping operation qualification of book keeping operation person includes one or more of following:The book keeping operation person that book keeping operation qualification is awarded is public
Key, the entry-into-force time for qualification of keeping accounts, the book keeping operation person's public key for being revoked book keeping operation qualification, book keeping operation qualification revocation time.
Another aspect, the invention provides a kind of block chain method for managing security, this method includes:
Generated by book keeping operation person in response to receiving the information in the chain to be recorded to block and issue new block, the block includes
Public key, described information and the digital signature generated with private key corresponding with the public key to described information of the book keeping operation person;
In response to receiving new block, whether the digital signature for judging to include in the block is effective and verifies public in the block
Whether book keeping operation person corresponding to key has book keeping operation qualification;
It will be recorded from the block with book keeping operation qualification and the effective book keeping operation person of its digital signature into block chain.
In the above method, may also include by authorities is that each book keeping operation person generates its corresponding public key and private key, with book keeping operation
The information that the book keeping operation qualification of person is related is included in book keeping operation person's public key.
In the above method, the information related to the book keeping operation qualification of book keeping operation person may include the beginning and ending time of book keeping operation qualification or expire
Time.
In the above method, it may also include and its public key and/or identity are sent to authorities to ask by the book keeping operation person
Ask book keeping operation qualification;
The information related to the book keeping operation qualification of book keeping operation person is issued into block chain in response to the request of book keeping operation person by authorities,
The information related to the book keeping operation qualification of book keeping operation person includes one or more of following:The book keeping operation person of book keeping operation qualification is awarded
Public key, the entry-into-force time for qualification of keeping accounts, the book keeping operation person's public key for being revoked book keeping operation qualification, book keeping operation qualification revocation time.
Compared with prior art, the advantage of the invention is that:
User and book keeping operation person's identity are effectively supervised using authorities, the restriction of the book keeping operation qualification for book keeping operation person prevents not
Good book keeping operation person disturbs the normal operation of block catenary system, improves stability and security;And it effectively prevent due to area
It is low and flexible that existing decentralization management, transaction cost are maintained caused by block chain strong controllable while various illegal acts
The features such as
Brief description of the drawings
Embodiments of the present invention is further illustrated referring to the drawings, wherein:
Fig. 1 is the structural representation according to the block chain safety management system of the embodiment of the present invention;
Fig. 2 is the schematic flow sheet according to the block chain method for managing security of the embodiment of the present invention.
Embodiment
In order that the purpose of the present invention, technical scheme and advantage are more clearly understood, pass through below in conjunction with accompanying drawing specific real
Applying example, the present invention is described in more detail.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention,
It is not intended to limit the present invention.
Fig. 1 gives the structural representation of block chain safety management system according to an embodiment of the invention.The system
Mainly include authorities and book keeping operation person.Wherein authorities are the public credibility roles by book keeping operation person and users to trust, and it can be
Government organs, industry organization, company are even personal.Authorities herein are not limited to some specific tissue or individual
People, there can be multiple authorities, be responsible for different business, such as carrying out the authorities of account management, for carrying out currency
Authorities of management etc..Book keeping operation person be responsible for various data and information package being stored in the node of block chain in block chain (can be with
Referred to as cochain).Its various relevant information can be saved in block chain by authorities by book keeping operation person, and account can be used in user
The various transactional operations such as payment are carried out by block chain.Each user can possess one or more accounts, and account is to use
The entity that family is traded in block chain, each account is bound with one to it or natural related public private key pair, private
Key is taken care of by the owner of the account, must not reveal.The quantity to book keeping operation person and user account quantity do not limit herein
System, is not also restricted to the concrete form of used block chain.
In this embodiment, authorities are the public credibility role by book keeping operation person and users to trust, each book keeping operation person and use
Family performs the operation related to the information of authorities without other users in system when receiving the information from authorities
Or the confirmation or checking of book keeping operation person.Authorities can perform different business or operation according to the actual requirements, such as user management,
Account management, book keeping operation person's management, trade management etc..Generally, authorities are for its operation to be performed or service selection, generation
Or it is provided for the public key and private key being digitally signed.In one embodiment, authorities can be in all of its execution
Signed in operation or business using with a pair of public keys and private key.Preferably, authorities can be in different operations or business
It is middle using different unsymmetrical key to signing, and can also use different rivest, shamir, adelmans, such as
RSA, Elgamal, SM2, elliptic curve encryption algorithm (ECC) etc..These public keys and private key can be referred to as system public key respectively
And system private key (System_Private_Key) (System_Public_Key).Table 1 gives the business of authorities and its right
The corresponding relation of signature algorithm and public private key pair is answered to illustrate.
Table 1
Wherein the System_Public_Key and System_Private_Key of different business can be with identical or different, institute
The specific algorithm used can also be identical or different.Because authorities can be made up of multiple relatively independent entities, such as can be permitted
Perhaps different entities are each responsible for business or the operations such as account foundation, account management, note issuance, currency recovery, clearance;Can also
More than two different entities are allowed to perform identical business, for example, being held by two different banks or other financial institutions
Row note issuance is operated, and different entities can be signed when carrying out note issuance using different algorithm and unsymmetrical key.
When system is initially set up or when block chain is established, authorities can set and issue authorities parameter.The authority
Square parameter may include authorities business and each business corresponding to " business " in system public key and signature algorithm, such as table 1,
Content corresponding to " algorithm " and " System_Public_Key " row.And system private key is tightly taken care of by authorities, can not reveal.
Generally, the authorities parameter that authorities are issued can be stored in the first block of block chain, book keeping operation person and user can be
After authorities issue its parameter, it is loaded into the equipment of oneself and is used for follow-up.
In one embodiment, user identity can be managed by authorities.Authorities can be according to user's
Account opening request, one or more accounts are established to the user based on the identity of user, these accounts can include real name account
Family and/or anonymous account.Wherein User Identity refers to the mark of user real identification, can be uniquely true by the mark
User identity is determined, for example, it may be identification card number, passport No., register of company number etc..In one example, can be according to pre-
Fixed fill rule is filled to User Identity, and to obtain one or more real name accounts, the content of filling can wrap
Include but be not limited to random number, numbering, character etc.., can be to being obtained after filling if user will also establish anonymous account
Real name account is encrypted, and anonymous account is used as using the ciphertext data after encryption.Authorities can utilize symmetric cryptography or non-right
Claim encryption method that real name account is encrypted.For example, it can use public key that the real name account after filling is encrypted to obtain
Anonymous account, anonymous account is decrypted using private key, so as to which User Identity is only visible to authorities.In another example power
Prestige side the real name account obtained after filling can also be encrypted using symmetric key, for example with DES, 3DES, IDEA etc.
Algorithm, and anonymous account is decrypted by the symmetric key.Authorities are responsible for tight keeping and are used to enter anonymous account
The key of row decryption.The mechanism of opening an account that this real name account and anonymous account are combined, the different demands of user can be met.
For each account generated, authorities distribute or generated corresponding public private key pair for it.Preferably, authorities
Using the account in itself as public key, private corresponding with the account is produced using private key generating algorithm in Identity Based Cryptography
Key.Identity based encryption (Identity-Base Cryptography, IBC) and asymmetric encryption mechanism, wherein public key
It can be arbitrary character string or Bit String, be generated by private key generator (PKG, private key generations)
Private key corresponding with public key.System can automatically generate master key and systematic parameter during initialization, then private key generator base
In master key, systematic parameter and user account generate private key corresponding with the user account.Wherein master key is strict by authorities
Secrecy, systematic parameter can be announced by authorities, and the private key generated is supplied to user via safe and secret channel.Authorities can
Will be issued for the systematic parameter of Identity-based encryption in the form of authorities parameter, and block chain is stored in by book keeping operation person
In.
, will be with by book keeping operation person meanwhile the information related to user account is sent to the book keeping operation person on block chain by authorities
The related information record of user account is in block chain.For example, authorities generation account is opened an account message, including such as this open
The identifier of family message, each user account list, time or the like information of opening an account, and by network by account open an account message send out
Give the book keeping operation person on block chain.Before these information are sent, authorities, which can utilize, corresponding with account management business is
System private key is opened an account the book keeping operation person being then forwarded to after message is signed on block chain to the account, and such book keeping operation person is receiving message
When, system public key corresponding with account management business in authorities parameter can be used to test the digital signature in message
Card, so as to verify the reliability of the information and validity.After being verified, account is opened an account message cochain (i.e. by book keeping operation person
Effective message accounting is entered to the operation in block chain) the completion so that account is opened an account.
User is after the systematic parameter of private key corresponding with its each account and authorities issue is received, it is possible to adopts
Various transaction are carried out based on block chain with each account, related Transaction Information is recorded in block chain by book keeping operation person.Example
Such as, user can use its account private key and systematic parameter to sign the information sent, and the side for receiving information is permissible
Using the user account in itself and the signature of information of the systematic parameter to being received is verified.In this embodiment, with
The account at family is used as public key in itself, utilizes private key corresponding to the generation of IBC algorithms, it is not necessary to the support of PKI systems, it is not necessary to CA,
The participation of digital certificate etc., reduce system foundation, management and maintenance cost.In addition, when believable third party needs to know certain
Corresponding to individual account during user real identification, inquiry can be made requests on to authorities.When authorities approve the trusted third party
During request, if anonymous account, then it can be used for by authorities keeping to the key that anonymous account is decrypted to the account
Family is decrypted, and then removes filling information from the clear data after decryption according to predetermined filling rule, just can obtain and
User Identity corresponding to the account.It can be seen that in an embodiment of the present invention, authorities simultaneously need not be safeguarded and preserved and be any
Database, such as the database on corresponding relation between user account and user identity, so as to both reduce operation cost, again
Reduce the risk of user profile leakage.And compared with the digital cash account pattern of full energy matries, it is more beneficial for strike and washes
The criminal offences such as money, corruption.
If from above-described embodiment as can be seen that using anonymous account, its during user identity is merchandised for digital cash
His user and book keeping operation person are anonymous, and only authorities could know the true identity of user according to user account, so as to
Both it ensure that the transparency based on the transaction of block chain and flexibility, and can were effectively supervised by authorities to Trading parties,
To prevent malfeasant generation.And although authorities are introduced in such scheme, do not increase extra system and build
Vertical, operation, safeguard, management and supervision cost, authorities only need to protect the private key for being used to be digitally signed of oneself with
For the master key of Identity-based encryption, the various information related to user account are also to be protected by block chain
Deposit, thus maintaining the block chain advantage such as go centre management, transaction cost low in itself.
In one embodiment, authorities also include the business of management book keeping operation person and its qualification of keeping accounts.Used with above-mentioned management
The mode of family identity is similar, and authorities can be managed to the identity of book keeping operation person and its book keeping operation qualification.Only awarded through authorities
The book keeping operation person of power can just be eligible to participate in the competition of book keeping operation power, to be operated to block chain.Each book keeping operation person possesses for remembering
The public private key pair of account, need the public key of oneself being together packed into block when generating block, and after block generates
Whole block and block key message are digitally signed with corresponding private key.Correspondingly, each of the block catenary system is participated in
When individual node receives the block, it is necessary to using the public key verifications digital signature in block validity, so as to verify the block
Source;Verify whether the holder of the public key in block obtains book keeping operation qualification simultaneously.If the two checkings are not all of leading to
Cross, then assert that the block is invalid, and abandon it.
In one embodiment, the public private key pair for being used to keep accounts corresponding to above-mentioned each book keeping operation person can be given birth to by authorities
Into or distribute.Authorities can be in response to the request of book keeping operation person, and the identity based on book keeping operation person identifies to generate book keeping operation person
Symbol.Wherein book keeping operation person's identity refers to the mark of book keeping operation person's true identity, and book keeping operation person can be uniquely determined by the mark
Identity, for example, it may be identification card number, passport No., register of company number etc.., can be to book keeping operation person for more preferable anonymity
Identity is encrypted to obtain book keeping operation person's identifier.Preferably, book keeping operation qualification start-stop can be filled in identifier of keeping accounts
Date or Expiration Date, the expiration time of book keeping operation qualification is so directly obtained by reading book keeping operation person's identifier can.So, respectively
Node just can judge whether the book keeping operation person has when receiving new block by the identifier for the book keeping operation person for generating the block
Book keeping operation qualification.
For each book keeping operation person, the corresponding public private key pair for being used to keep accounts can be distributed or generated to authorities.Preferable
In embodiment, authorities think that book keeping operation person's identifier of the book keeping operation person as public key, is situated between as explained above with user identity management
Continue, private key corresponding with the book keeping operation person, the private generated are produced using private key generating algorithm in Identity Based Cryptography
Key is supplied to book keeping operation person via safe and secret channel.In the case where book keeping operation person is overlapping with domestic consumer identity, book keeping operation person's public key
Obtained from can also being the information relevant with book keeping operation qualification as some account filling of user.Each node is receiving new block
When, the time for being related to book keeping operation qualification included in book keeping operation person's public key of current time and the block can be compared to determine this
Whether book keeping operation person has book keeping operation qualification;Such as check current time whether the book keeping operation qualification marked in book keeping operation person's public key of the block
Between commencement date and deadline or whether the Expiration Date not marked into book keeping operation person's public key also.In this embodiment, if book keeping operation person
The book keeping operation qualification effective time included in public key expires, and authorities distribute or generated newly public and private without for the book keeping operation person
Key, then illustrate that the book keeping operation qualification of the book keeping operation person has been revoked.In yet another embodiment, authorities are that each book keeping operation person generates it
The process of corresponding public and private key and the process of authorizing for qualification of keeping accounts can separate what is carried out, and authorities are each book keeping operation person distribution or raw
Into public key in can not include with the relevant information of book keeping operation qualification, but be contained in the message of authorities generation and send
Into block chain.Such as each book keeping operation person, book keeping operation person's identity is encrypted to obtain book keeping operation person's identifier for authorities,
And using book keeping operation person's identifier as public key, private key corresponding with the public key is obtained using Identity Based Cryptography method.And
For authorizing for book keeping operation person's book keeping operation qualification, authorities can be by the way that each book keeping operation person's public key and its book keeping operation membership information be included in such as
Message shown in table 2 below is distributed in block chain to complete.
In yet another embodiment, the public private key pair for being used to keep accounts corresponding to above-mentioned each book keeping operation person is locally generated at it
's.In this embodiment, book keeping operation person sends jointly to authorities to apply keeping accounts by its identity and for the public key of book keeping operation
Qualification.Authorities authorize book keeping operation qualification for the legal book keeping operation person of identity.Authorities can be in response to book keeping operation person's request or regular
The information related to book keeping operation qualification is distributed on block chain by ground.For example, authorities can be by the information related to book keeping operation qualification
Authorized included in book keeping operation qualification in message, and authorize the book keeping operation qualification to message and be distributed in block chain.Table 2 gives book keeping operation money
Lattice authorize an example of message, and message is authorized in the book keeping operation qualification includes text and the signature to text.Text can include but
It is not limited to book keeping operation qualification and authorizes the system that authorities authorize business for carrying out book keeping operation qualification in message identifier, such as table 1 above
The information such as public key, book keeping operation person's list of public keys that book keeping operation qualification is awarded, book keeping operation qualification entry-into-force time.Authorities use provides with book keeping operation
The signature algorithm that lattice are authorized in system private key and corresponding cryptographic algorithm corresponding to business is authorizing message just to the book keeping operation qualification
Text is signed, and obtains the digital signature to text.
Table 2
Authorized book keeping operation person receives in system authorize message by the book keeping operation qualification of authorities issue after, checking book keeping operation money
Lattice authorize the validity of message, and checking content includes but is not limited to:(1) the system public key that checking book keeping operation qualification is authorized in message has
Lack of competence, such as examine the system public key and whether there is in the authorities parameter that book keeping operation person is previously saved and correspond to authorities
Business is authorized in book keeping operation qualification in parameter;(2) verify that the validity of digital signature in message is authorized in the book keeping operation qualification, such as using
Qualification of being kept accounts in authorities parameter authorizes system public key and cryptographic algorithm corresponding to business and digital signature is verified etc..Checking
By rear, book keeping operation person authorizes book keeping operation qualification to message packing cochain.Each node, can be according in block when receiving new block
These information in message are authorized in the book keeping operation qualification preserved in chain, judge whether the book keeping operation person for generating the new block possesses book keeping operation money
Lattice.
In yet another embodiment, the book keeping operation qualification of some book keeping operation persons can also be cancelled by authorities.Such as when need
When cancelling the book keeping operation qualification of some book keeping operation persons, the information related to these book keeping operation persons can be included in book keeping operation qualification by authorities
Revocation message is distributed in block chain.Table 3 gives an example of book keeping operation qualification revocation message, book keeping operation qualification revocation message
Signature including text and to text.Text can be including but not limited to book keeping operation qualification revocation message identifier, authorities with removing
Write off the information such as system public key corresponding to account qualification business, the list of public keys of book keeping operation person to be cancelled, book keeping operation qualification revocation time.
Authorities are used with the signature algorithm in the revocation book keeping operation corresponding system private key of qualification business and corresponding cryptographic algorithm to the note
The text of account qualification revocation message is signed, so as to obtain the digital signature to text.
Table 3
After book keeping operation person receives the book keeping operation qualification revocation message by authorities issue, having for book keeping operation qualification revocation message is verified
Effect property, checking content include but is not limited to:(1) the system public key in checking book keeping operation qualification revocation message has lack of competence, such as core
The real system public key is with the presence or absence of in the authorities parameter that book keeping operation person is previously saved and corresponding to the book keeping operation in authorities parameter
Qualification cancels business;(2) validity of digital signature in book keeping operation qualification revocation message is verified, such as using in authorities parameter
System public key and cryptographic algorithm are verified etc. to digital signature corresponding to book keeping operation qualification revocation business.After being verified, book keeping operation
Person will keep accounts qualification revocation message packing cochain.Each node can also preserve when receiving new block according in block chain
Book keeping operation qualification revocation message in these information, whether the book keeping operation qualification of book keeping operation person for judging to generate the new block removed
Pin.
It should be understood that the book keeping operation qualification authentication mode introduced in the above-described embodiments can be used and be combined with each other simultaneously, one
Minute mark account person can be by generating public and private key by authorities and being included in its corresponding public key to the related information of book keeping operation qualification
In mode obtain book keeping operation qualification;And a part of book keeping operation person can be by issuing the book keeping operation qualification in block chain through authorities
Relevant information obtains book keeping operation qualification;Book keeping operation person for including book keeping operation qualification temporal information in its public key, can also be via power
The book keeping operation qualification of prestige side's issue cancels message quickly to cancel its qualification of keeping accounts.
Fig. 2 gives the schematic flow sheet of block chain method for managing security according to an embodiment of the invention.This method
Mainly include:(1) generated by book keeping operation person and issue new block in response to receiving the information to be saved to block chain, the block
Include received information, the digital signature generated using book keeping operation person's private key to described information and book keeping operation corresponding with the private key
Person's public key;(2) in response to receiving new block, each participation node of the block chain is public based on the book keeping operation person included in the block
Key come verify the digital signature included in the block whether effectively and verify the public key holder whether have book keeping operation qualification.Such as
The two checkings of fruit are not all of by then assert that the block is invalid, and abandon it.If the two checking all by,
Locally recording the block.
As introduced above, the book keeping operation qualification of each book keeping operation person is by authorities management.In one embodiment, weigh
The information related to book keeping operation qualification can be included in the public key for generating or distributing for book keeping operation person by prestige side.Such as authorities can be with
In response to the request of book keeping operation person, the identity based on book keeping operation person generates book keeping operation person's identifier, and the qualification that will such as keep accounts rises
Only the information related to book keeping operation qualification of date or Expiration Date etc are filled into book keeping operation person's identifier, are so passed through and are read book keeping operation
Person's identifier can directly obtains the expiration time of book keeping operation qualification.Preferably, authorities think book keeping operation person's mark of the book keeping operation person
Know symbol and be used as public key, introduced as explained above with user identity management, calculated using private key generation in Identity Based Cryptography
Method produces private key corresponding with the book keeping operation person, and the private key generated is supplied to book keeping operation person via safe and secret channel.Keeping accounts
In the case that person is overlapping with domestic consumer identity, book keeping operation person's public key can also be the filling of some account and book keeping operation qualification by user
Obtained from relevant information.Each node, can be by current time with being wrapped in book keeping operation person's public key of the block when receiving new block
The time for being related to book keeping operation qualification contained is compared to determine whether the book keeping operation person has book keeping operation qualification;Such as check that current time is
Between the no book keeping operation qualification commencement date and deadline marked in book keeping operation person's public key of the block or whether also book keeping operation person's public key is not arrived
The Expiration Date of middle mark.In this embodiment, if the book keeping operation qualification effective time included in book keeping operation person's public key expires, and it is authoritative
Just and without distributing or generating new public and private key for the book keeping operation person, then mean that the book keeping operation qualification of the book keeping operation person has been revoked,
Block from the book keeping operation person is considered as invalid block by each node.
In yet another embodiment, authorities can ask in response to book keeping operation person or regularly will be related to book keeping operation qualification
Information is distributed on block chain.The public private key pair for being used to keep accounts corresponding to each book keeping operation person can locally generate at it.
In the embodiment, book keeping operation person sends jointly to authorities to apply for qualification of keeping accounts by its identity and for the public key of book keeping operation.
Authorities authorize book keeping operation qualification for the legal book keeping operation person of identity.For example, authorities can be by the information related to book keeping operation qualification
Authorized included in the book keeping operation qualification introduced above in association with table 2 in message, and authorize the book keeping operation qualification to message and be distributed to block chain
In.Authorized book keeping operation person receives in system authorize message by the book keeping operation qualification of authorities issue after, checking book keeping operation qualification is awarded
Give the validity of message and be wrapped into cochain.Each node, can be according to preserving when receiving new block in block chain
These information in message are authorized in book keeping operation qualification, judge whether the book keeping operation person for generating the new block possesses book keeping operation qualification.
In yet another embodiment, this method can also include the book keeping operation that some book keeping operation persons are quickly cancelled by authorities
Qualification.Such as when needing to cancel the book keeping operation qualification of some book keeping operation persons, authorities can be by the information related to these book keeping operation persons
It is distributed to included in the book keeping operation qualification revocation message introduced as explained above with table 3 in block chain.Book keeping operation person is received by authorities
After the book keeping operation qualification revocation message of issue, verify the validity of book keeping operation qualification revocation message and be wrapped into cochain.Participating in should
Each node of block chain, can also be according to this in the book keeping operation qualification revocation message preserved in block chain when receiving new block
Whether a little information, the book keeping operation qualification for judging to generate the book keeping operation person of the new block have been revoked.
Although the present invention be described by means of preferred embodiments, but the present invention be not limited to it is described here
Embodiment, also include made various changes and change without departing from the present invention.
Claims (10)
1. a kind of block chain safety management system, the system includes authorities and book keeping operation person, and the authorities are each for managing
The book keeping operation qualification of book keeping operation person;Each book keeping operation person is used to generate and issue new in response to receiving the information in the chain to be recorded to block
Block, the public key of the block including the book keeping operation person, described information and is generated with private key corresponding with the public key to described information
Digital signature;
Wherein, it is only from possessing book keeping operation qualification and the block of the effective book keeping operation person of its digital signature is allowed to record to block chain
In.
2. system according to claim 1, wherein the public key and private key of the book keeping operation person are generated by authorities, with note
The information that the book keeping operation qualification of account person is related is included in book keeping operation person's public key.
3. system according to claim 2, wherein authorities are in response to the request of book keeping operation person, the identity to book keeping operation person
Encryption, and the information related to the book keeping operation qualification of the book keeping operation person is filled in ciphertext data after encryption to obtain the book keeping operation person's
Public key;And private key corresponding with the public key is produced using Identity Based Cryptography algorithm.
4. the system according to Claims 2 or 3, wherein the information related to the book keeping operation qualification of book keeping operation person includes book keeping operation qualification
Beginning and ending time or expiration time.
5. system according to claim 1, wherein the public key and private key of the book keeping operation person are locally generated by book keeping operation person
Or generated by authorities.
6. system according to claim 5, wherein authorities issue the information related to the book keeping operation qualification of book keeping operation person to area
In block chain, the information related to the book keeping operation qualification of book keeping operation person includes one or more of following:Book keeping operation qualification is awarded
Book keeping operation person's public key, keep accounts qualification entry-into-force time, be revoked book keeping operation qualification book keeping operation person's public key, book keeping operation qualification revocation the time.
7. a kind of block chain method for managing security, this method include:
Generated by book keeping operation person in response to receiving the information in the chain to be recorded to block and issue new block, the block includes the note
Public key, described information and the digital signature generated with private key corresponding with the public key to described information of account person;
In response to receiving new block, whether the digital signature for judging to include in the block is effective and verifies public key pair in the block
Whether the book keeping operation person answered has book keeping operation qualification;
It will be recorded from the block with book keeping operation qualification and the effective book keeping operation person of its digital signature into block chain.
8. it is according to the method for claim 7, in addition to by authorities that each book keeping operation person generates its corresponding public key and private
Key, the information related to the book keeping operation qualification of book keeping operation person are included in book keeping operation person's public key.
9. according to the method for claim 8, wherein the information related to the book keeping operation qualification of book keeping operation person includes book keeping operation qualification
Beginning and ending time or expiration time.
10. according to the method for claim 7, in addition to its public key and/or identity are sent to by the book keeping operation person
Authorities with ask keep accounts qualification;
The information related to the book keeping operation qualification of book keeping operation person is issued into block chain in response to the request of book keeping operation person by authorities, it is described
The information related to the book keeping operation qualification of book keeping operation person includes one or more of following:The book keeping operation person that book keeping operation qualification is awarded is public
Key, the entry-into-force time for qualification of keeping accounts, the book keeping operation person's public key for being revoked book keeping operation qualification, book keeping operation qualification revocation time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711054192.4A CN107769922B (en) | 2017-10-31 | 2017-10-31 | Block chain safety management system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711054192.4A CN107769922B (en) | 2017-10-31 | 2017-10-31 | Block chain safety management system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107769922A true CN107769922A (en) | 2018-03-06 |
CN107769922B CN107769922B (en) | 2020-02-18 |
Family
ID=61270996
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711054192.4A Active CN107769922B (en) | 2017-10-31 | 2017-10-31 | Block chain safety management system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107769922B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109033776A (en) * | 2018-09-07 | 2018-12-18 | 广东工业大学 | A kind of personnel management methods, system, equipment and computer readable storage medium |
CN109104287A (en) * | 2018-07-27 | 2018-12-28 | 众安信息技术服务有限公司 | The method and apparatus communicated in block chain |
CN110245522A (en) * | 2019-01-16 | 2019-09-17 | 腾讯科技(深圳)有限公司 | Data processing method, terminal and medium in block chain financial account system |
CN110298180A (en) * | 2019-04-01 | 2019-10-01 | 北京深安未来科技有限公司 | A kind of notarization management system based on block chain |
CN110380857A (en) * | 2018-04-12 | 2019-10-25 | 中国移动通信有限公司研究院 | Digital certificate processing method and processing device, block chain node, storage medium |
CN110535848A (en) * | 2019-08-22 | 2019-12-03 | 腾讯科技(深圳)有限公司 | A kind of information storage means and device |
CN110929872A (en) * | 2019-10-18 | 2020-03-27 | 如般量子科技有限公司 | Anti-quantum-computation private key backup, loss report and recovery method and system based on alliance chain and identity cryptography |
CN110992029A (en) * | 2019-12-02 | 2020-04-10 | 中国科学院计算技术研究所 | Block chain management system and method |
CN111343292A (en) * | 2020-02-10 | 2020-06-26 | 广州根链国际网络研究院有限公司 | Authoritative DNS server information updating method and system |
CN111371556A (en) * | 2020-02-21 | 2020-07-03 | 运易通科技有限公司 | Block link point accounting method, device, equipment and storage medium |
CN112801648A (en) * | 2021-01-28 | 2021-05-14 | 杉德银卡通信息服务有限公司 | Account configuration management method and system based on payment scene |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150371224A1 (en) * | 2014-06-24 | 2015-12-24 | Phaneendra Ramaseshu Lingappa | Cryptocurrency infrastructure system |
CN106485168A (en) * | 2016-10-17 | 2017-03-08 | 成都知道创宇信息技术有限公司 | A kind of method whether being modified using MD5 value checking contract documents |
CN106530072A (en) * | 2016-11-22 | 2017-03-22 | 天津米游科技有限公司 | Block chain consensus mechanism |
CN107124403A (en) * | 2017-04-14 | 2017-09-01 | 朱清明 | The generation method and computing device of common recognition block in block chain |
-
2017
- 2017-10-31 CN CN201711054192.4A patent/CN107769922B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150371224A1 (en) * | 2014-06-24 | 2015-12-24 | Phaneendra Ramaseshu Lingappa | Cryptocurrency infrastructure system |
CN106485168A (en) * | 2016-10-17 | 2017-03-08 | 成都知道创宇信息技术有限公司 | A kind of method whether being modified using MD5 value checking contract documents |
CN106530072A (en) * | 2016-11-22 | 2017-03-22 | 天津米游科技有限公司 | Block chain consensus mechanism |
CN107124403A (en) * | 2017-04-14 | 2017-09-01 | 朱清明 | The generation method and computing device of common recognition block in block chain |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110380857B (en) * | 2018-04-12 | 2020-09-11 | 中国移动通信有限公司研究院 | Digital certificate processing method and device, block chain node and storage medium |
CN110380857A (en) * | 2018-04-12 | 2019-10-25 | 中国移动通信有限公司研究院 | Digital certificate processing method and processing device, block chain node, storage medium |
US11863692B2 (en) | 2018-04-12 | 2024-01-02 | China Mobile Communication Co., Ltd Research Inst | Digital certificate processing method and device, blockchain node and storage medium |
CN109104287A (en) * | 2018-07-27 | 2018-12-28 | 众安信息技术服务有限公司 | The method and apparatus communicated in block chain |
CN109033776A (en) * | 2018-09-07 | 2018-12-18 | 广东工业大学 | A kind of personnel management methods, system, equipment and computer readable storage medium |
CN110245522A (en) * | 2019-01-16 | 2019-09-17 | 腾讯科技(深圳)有限公司 | Data processing method, terminal and medium in block chain financial account system |
CN110298180A (en) * | 2019-04-01 | 2019-10-01 | 北京深安未来科技有限公司 | A kind of notarization management system based on block chain |
CN110535848A (en) * | 2019-08-22 | 2019-12-03 | 腾讯科技(深圳)有限公司 | A kind of information storage means and device |
CN110929872A (en) * | 2019-10-18 | 2020-03-27 | 如般量子科技有限公司 | Anti-quantum-computation private key backup, loss report and recovery method and system based on alliance chain and identity cryptography |
CN110929872B (en) * | 2019-10-18 | 2022-10-18 | 如般量子科技有限公司 | Anti-quantum computing private key backup, loss reporting and recovery method and system |
CN110992029A (en) * | 2019-12-02 | 2020-04-10 | 中国科学院计算技术研究所 | Block chain management system and method |
CN111343292A (en) * | 2020-02-10 | 2020-06-26 | 广州根链国际网络研究院有限公司 | Authoritative DNS server information updating method and system |
CN111343292B (en) * | 2020-02-10 | 2022-09-27 | 广州根链国际网络研究院有限公司 | Authoritative DNS server information updating method and system |
CN111371556A (en) * | 2020-02-21 | 2020-07-03 | 运易通科技有限公司 | Block link point accounting method, device, equipment and storage medium |
CN112801648A (en) * | 2021-01-28 | 2021-05-14 | 杉德银卡通信息服务有限公司 | Account configuration management method and system based on payment scene |
Also Published As
Publication number | Publication date |
---|---|
CN107769922B (en) | 2020-02-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107769922A (en) | Block chain safety management system and method | |
CN106920080B (en) | Account management method and system for digital currency | |
CN107240017B (en) | Block chain transaction management system and method | |
CN111008836B (en) | Privacy security transfer payment method, device, system and storage medium | |
CN108009917B (en) | Transaction verification and registration method and system for digital currency | |
CN108418680B (en) | Block chain key recovery method and medium based on secure multi-party computing technology | |
CN106910072A (en) | Digital cash management method and system | |
CN108764874B (en) | Anonymous transfer method, system and storage medium based on block chain | |
JP2020145733A (en) | Method for managing a trusted identity | |
CN107819753B (en) | Block chain transaction system and method without complete anonymity | |
CN105635049B (en) | Tax-supervise system method and apparatus based on client identification password | |
CN102959559B (en) | For the method producing certificate | |
DE69634715T2 (en) | Method and device for creating and managing a secret key of a public-key cryptosystem | |
CN107911216A (en) | A kind of block chain transaction method for secret protection and system | |
CN106934605A (en) | User identity management method and system in digital cash | |
CN107180350A (en) | A kind of method of the multi-party shared transaction metadata based on block chain, apparatus and system | |
WO2021008453A1 (en) | Method and system for offline blockchain transaction based on identifier authentication | |
CN105900375A (en) | Efficient methods for protecting identity in authenticated transmissions | |
CN109660485A (en) | A kind of authority control method and system based on the transaction of block chain | |
PT739560E (en) | CRYPTOGRAPHIC SYSTEM AND PROCESS WITH KEY WARRANTY CHARACTERISTICS | |
CN106797311A (en) | For the method for security password generation | |
JPH10240848A (en) | Method for transferring fund for electronic coin between user terminals | |
CN103854180B (en) | Credit voucher generating method and system, and application authorization method and system | |
CN107682364A (en) | One kind license chain privacy method of commerce | |
CN106845275B (en) | A kind of the electronic bill management system and method for secret protection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 330096 399 Huoju street, Qingshanhu District, Nanchang City, Jiangxi Province Patentee after: Jiede (China) Technology Co.,Ltd. Address before: 330096 399 Huoju street, Qingshanhu District, Nanchang City, Jiangxi Province Patentee before: Jiede (China) Information Technology Co.,Ltd. |