CN107769922A - Block chain safety management system and method - Google Patents

Block chain safety management system and method Download PDF

Info

Publication number
CN107769922A
CN107769922A CN201711054192.4A CN201711054192A CN107769922A CN 107769922 A CN107769922 A CN 107769922A CN 201711054192 A CN201711054192 A CN 201711054192A CN 107769922 A CN107769922 A CN 107769922A
Authority
CN
China
Prior art keywords
book keeping
keeping operation
qualification
operation person
person
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711054192.4A
Other languages
Chinese (zh)
Other versions
CN107769922B (en
Inventor
伍鹏程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiede China Technology Co ltd
Original Assignee
Giesecke and Devrient China Information Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient China Information Technologies Co Ltd filed Critical Giesecke and Devrient China Information Technologies Co Ltd
Priority to CN201711054192.4A priority Critical patent/CN107769922B/en
Publication of CN107769922A publication Critical patent/CN107769922A/en
Application granted granted Critical
Publication of CN107769922B publication Critical patent/CN107769922B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The present invention provides a kind of block chain safety management system and method, wherein authorities are responsible for the book keeping operation qualification of each book keeping operation person;Each book keeping operation person by the information package in its public key and the chain to be recorded to block into new block, to release after being signed with its private key to the information.Participating in each node of block chain will only be recorded in chain from the block for possessing book keeping operation qualification and the effective book keeping operation person of its digital signature.The system effectively supervises user and book keeping operation person's identity using authorities, and the restriction of the book keeping operation qualification for book keeping operation person prevents bad book keeping operation person to disturb the normal operation of block catenary system, improves stability and security.

Description

Block chain safety management system and method
Technical field
The present invention relates to the safety management system and method for block chain technology, more particularly, to block chain.
Background technology
Block chain is a kind of chained record knot for being sequentially in time combined into data block in a manner of being sequentially connected Structure, and the distributed accounting system that can not be distorted He can not forge ensured in a manner of cryptography.Block generally wraps in structure Include build (header) and block (body) two parts.Build is used to be linked to block above, and the Transaction Information of block record is A upper block formed after, the block be created before generation all exchange of value activities, this feature ensure that database Integrality.Block chain uses distributed book keeping operation mode, and transaction every time is only included in block chain (hereinafter referred to as by book keeping operation person Cochain) just come into force at last.Transaction book keeping operation is completed jointly by the multiple nodes for being distributed in different places, and each node is remembered Record is complete account, and each node also verifies the correctness of other nodes records results participate in recording while. Only when the whole network major part node (or even all nodes) all thinks that this records correct simultaneously, or all participation records Node all comparison results adopt unanimously after, the authenticity of record can just obtain the whole network accreditation, and record data just allows cochain.
The mode of block chain generally use full energy matries, user anonymously (such as can be remembered by the node with book keeping operation power Account person) transaction is included in block chain, any node can strive for the power of book keeping operation by competition mechanism that block chain is set or rule Profit.Regardless of whether it is user or book keeping operation person, its identity disguise is all very strong, therefore is difficult to find and chase after in time in block chain Track user or the malfeasance of book keeping operation person, it is also difficult to effectively prevent the operation of illegal book keeping operation person's malicious interference block catenary system.
The content of the invention
Therefore, a kind of it is an object of the invention to overcome above-mentioned prior art the defects of, there is provided safe block chain management System and method.
The purpose of the present invention is achieved through the following technical solutions:
On the one hand, the invention provides a kind of block chain safety management system, the system to include authorities and book keeping operation person, institute State the book keeping operation qualification that authorities are used to manage each book keeping operation person;Each book keeping operation person is used in response to receiving in the chain to be recorded to block Information generate and issue new block, the public key of the block including the book keeping operation person, described information and with corresponding with the public key The digital signature that is generated to described information of private key;Wherein, it is only from possessing book keeping operation qualification and its digital signature is effectively kept accounts The block of person is allowed to record into block chain.
In said system, the public key and private key of the book keeping operation person can be generated by authorities, the book keeping operation with book keeping operation person The related information of qualification is included in book keeping operation person's public key.
In said system, authorities can be in response to the request of book keeping operation person, the identity encryption to book keeping operation person, and is adding The information related to the book keeping operation qualification of the book keeping operation person is filled in ciphertext data after close to obtain the public key of the book keeping operation person;And profit Private key corresponding with the public key is produced with Identity Based Cryptography algorithm.
In said system, the information related to the book keeping operation qualification of book keeping operation person may include the beginning and ending time of book keeping operation qualification or expire Time.
In said system, the public key and private key of the book keeping operation person can locally be generated by book keeping operation person, the book keeping operation person Its public key and/or identity are sent to authorities to ask qualification of keeping accounts.
In said system, authorities can issue the information related to the book keeping operation qualification of book keeping operation person into block chain, described The information related to the book keeping operation qualification of book keeping operation person includes one or more of following:The book keeping operation person that book keeping operation qualification is awarded is public Key, the entry-into-force time for qualification of keeping accounts, the book keeping operation person's public key for being revoked book keeping operation qualification, book keeping operation qualification revocation time.
Another aspect, the invention provides a kind of block chain method for managing security, this method includes:
Generated by book keeping operation person in response to receiving the information in the chain to be recorded to block and issue new block, the block includes Public key, described information and the digital signature generated with private key corresponding with the public key to described information of the book keeping operation person;
In response to receiving new block, whether the digital signature for judging to include in the block is effective and verifies public in the block Whether book keeping operation person corresponding to key has book keeping operation qualification;
It will be recorded from the block with book keeping operation qualification and the effective book keeping operation person of its digital signature into block chain.
In the above method, may also include by authorities is that each book keeping operation person generates its corresponding public key and private key, with book keeping operation The information that the book keeping operation qualification of person is related is included in book keeping operation person's public key.
In the above method, the information related to the book keeping operation qualification of book keeping operation person may include the beginning and ending time of book keeping operation qualification or expire Time.
In the above method, it may also include and its public key and/or identity are sent to authorities to ask by the book keeping operation person Ask book keeping operation qualification;
The information related to the book keeping operation qualification of book keeping operation person is issued into block chain in response to the request of book keeping operation person by authorities, The information related to the book keeping operation qualification of book keeping operation person includes one or more of following:The book keeping operation person of book keeping operation qualification is awarded Public key, the entry-into-force time for qualification of keeping accounts, the book keeping operation person's public key for being revoked book keeping operation qualification, book keeping operation qualification revocation time.
Compared with prior art, the advantage of the invention is that:
User and book keeping operation person's identity are effectively supervised using authorities, the restriction of the book keeping operation qualification for book keeping operation person prevents not Good book keeping operation person disturbs the normal operation of block catenary system, improves stability and security;And it effectively prevent due to area It is low and flexible that existing decentralization management, transaction cost are maintained caused by block chain strong controllable while various illegal acts The features such as
Brief description of the drawings
Embodiments of the present invention is further illustrated referring to the drawings, wherein:
Fig. 1 is the structural representation according to the block chain safety management system of the embodiment of the present invention;
Fig. 2 is the schematic flow sheet according to the block chain method for managing security of the embodiment of the present invention.
Embodiment
In order that the purpose of the present invention, technical scheme and advantage are more clearly understood, pass through below in conjunction with accompanying drawing specific real Applying example, the present invention is described in more detail.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, It is not intended to limit the present invention.
Fig. 1 gives the structural representation of block chain safety management system according to an embodiment of the invention.The system Mainly include authorities and book keeping operation person.Wherein authorities are the public credibility roles by book keeping operation person and users to trust, and it can be Government organs, industry organization, company are even personal.Authorities herein are not limited to some specific tissue or individual People, there can be multiple authorities, be responsible for different business, such as carrying out the authorities of account management, for carrying out currency Authorities of management etc..Book keeping operation person be responsible for various data and information package being stored in the node of block chain in block chain (can be with Referred to as cochain).Its various relevant information can be saved in block chain by authorities by book keeping operation person, and account can be used in user The various transactional operations such as payment are carried out by block chain.Each user can possess one or more accounts, and account is to use The entity that family is traded in block chain, each account is bound with one to it or natural related public private key pair, private Key is taken care of by the owner of the account, must not reveal.The quantity to book keeping operation person and user account quantity do not limit herein System, is not also restricted to the concrete form of used block chain.
In this embodiment, authorities are the public credibility role by book keeping operation person and users to trust, each book keeping operation person and use Family performs the operation related to the information of authorities without other users in system when receiving the information from authorities Or the confirmation or checking of book keeping operation person.Authorities can perform different business or operation according to the actual requirements, such as user management, Account management, book keeping operation person's management, trade management etc..Generally, authorities are for its operation to be performed or service selection, generation Or it is provided for the public key and private key being digitally signed.In one embodiment, authorities can be in all of its execution Signed in operation or business using with a pair of public keys and private key.Preferably, authorities can be in different operations or business It is middle using different unsymmetrical key to signing, and can also use different rivest, shamir, adelmans, such as RSA, Elgamal, SM2, elliptic curve encryption algorithm (ECC) etc..These public keys and private key can be referred to as system public key respectively And system private key (System_Private_Key) (System_Public_Key).Table 1 gives the business of authorities and its right The corresponding relation of signature algorithm and public private key pair is answered to illustrate.
Table 1
Wherein the System_Public_Key and System_Private_Key of different business can be with identical or different, institute The specific algorithm used can also be identical or different.Because authorities can be made up of multiple relatively independent entities, such as can be permitted Perhaps different entities are each responsible for business or the operations such as account foundation, account management, note issuance, currency recovery, clearance;Can also More than two different entities are allowed to perform identical business, for example, being held by two different banks or other financial institutions Row note issuance is operated, and different entities can be signed when carrying out note issuance using different algorithm and unsymmetrical key.
When system is initially set up or when block chain is established, authorities can set and issue authorities parameter.The authority Square parameter may include authorities business and each business corresponding to " business " in system public key and signature algorithm, such as table 1, Content corresponding to " algorithm " and " System_Public_Key " row.And system private key is tightly taken care of by authorities, can not reveal. Generally, the authorities parameter that authorities are issued can be stored in the first block of block chain, book keeping operation person and user can be After authorities issue its parameter, it is loaded into the equipment of oneself and is used for follow-up.
In one embodiment, user identity can be managed by authorities.Authorities can be according to user's Account opening request, one or more accounts are established to the user based on the identity of user, these accounts can include real name account Family and/or anonymous account.Wherein User Identity refers to the mark of user real identification, can be uniquely true by the mark User identity is determined, for example, it may be identification card number, passport No., register of company number etc..In one example, can be according to pre- Fixed fill rule is filled to User Identity, and to obtain one or more real name accounts, the content of filling can wrap Include but be not limited to random number, numbering, character etc.., can be to being obtained after filling if user will also establish anonymous account Real name account is encrypted, and anonymous account is used as using the ciphertext data after encryption.Authorities can utilize symmetric cryptography or non-right Claim encryption method that real name account is encrypted.For example, it can use public key that the real name account after filling is encrypted to obtain Anonymous account, anonymous account is decrypted using private key, so as to which User Identity is only visible to authorities.In another example power Prestige side the real name account obtained after filling can also be encrypted using symmetric key, for example with DES, 3DES, IDEA etc. Algorithm, and anonymous account is decrypted by the symmetric key.Authorities are responsible for tight keeping and are used to enter anonymous account The key of row decryption.The mechanism of opening an account that this real name account and anonymous account are combined, the different demands of user can be met.
For each account generated, authorities distribute or generated corresponding public private key pair for it.Preferably, authorities Using the account in itself as public key, private corresponding with the account is produced using private key generating algorithm in Identity Based Cryptography Key.Identity based encryption (Identity-Base Cryptography, IBC) and asymmetric encryption mechanism, wherein public key It can be arbitrary character string or Bit String, be generated by private key generator (PKG, private key generations) Private key corresponding with public key.System can automatically generate master key and systematic parameter during initialization, then private key generator base In master key, systematic parameter and user account generate private key corresponding with the user account.Wherein master key is strict by authorities Secrecy, systematic parameter can be announced by authorities, and the private key generated is supplied to user via safe and secret channel.Authorities can Will be issued for the systematic parameter of Identity-based encryption in the form of authorities parameter, and block chain is stored in by book keeping operation person In.
, will be with by book keeping operation person meanwhile the information related to user account is sent to the book keeping operation person on block chain by authorities The related information record of user account is in block chain.For example, authorities generation account is opened an account message, including such as this open The identifier of family message, each user account list, time or the like information of opening an account, and by network by account open an account message send out Give the book keeping operation person on block chain.Before these information are sent, authorities, which can utilize, corresponding with account management business is System private key is opened an account the book keeping operation person being then forwarded to after message is signed on block chain to the account, and such book keeping operation person is receiving message When, system public key corresponding with account management business in authorities parameter can be used to test the digital signature in message Card, so as to verify the reliability of the information and validity.After being verified, account is opened an account message cochain (i.e. by book keeping operation person Effective message accounting is entered to the operation in block chain) the completion so that account is opened an account.
User is after the systematic parameter of private key corresponding with its each account and authorities issue is received, it is possible to adopts Various transaction are carried out based on block chain with each account, related Transaction Information is recorded in block chain by book keeping operation person.Example Such as, user can use its account private key and systematic parameter to sign the information sent, and the side for receiving information is permissible Using the user account in itself and the signature of information of the systematic parameter to being received is verified.In this embodiment, with The account at family is used as public key in itself, utilizes private key corresponding to the generation of IBC algorithms, it is not necessary to the support of PKI systems, it is not necessary to CA, The participation of digital certificate etc., reduce system foundation, management and maintenance cost.In addition, when believable third party needs to know certain Corresponding to individual account during user real identification, inquiry can be made requests on to authorities.When authorities approve the trusted third party During request, if anonymous account, then it can be used for by authorities keeping to the key that anonymous account is decrypted to the account Family is decrypted, and then removes filling information from the clear data after decryption according to predetermined filling rule, just can obtain and User Identity corresponding to the account.It can be seen that in an embodiment of the present invention, authorities simultaneously need not be safeguarded and preserved and be any Database, such as the database on corresponding relation between user account and user identity, so as to both reduce operation cost, again Reduce the risk of user profile leakage.And compared with the digital cash account pattern of full energy matries, it is more beneficial for strike and washes The criminal offences such as money, corruption.
If from above-described embodiment as can be seen that using anonymous account, its during user identity is merchandised for digital cash His user and book keeping operation person are anonymous, and only authorities could know the true identity of user according to user account, so as to Both it ensure that the transparency based on the transaction of block chain and flexibility, and can were effectively supervised by authorities to Trading parties, To prevent malfeasant generation.And although authorities are introduced in such scheme, do not increase extra system and build Vertical, operation, safeguard, management and supervision cost, authorities only need to protect the private key for being used to be digitally signed of oneself with For the master key of Identity-based encryption, the various information related to user account are also to be protected by block chain Deposit, thus maintaining the block chain advantage such as go centre management, transaction cost low in itself.
In one embodiment, authorities also include the business of management book keeping operation person and its qualification of keeping accounts.Used with above-mentioned management The mode of family identity is similar, and authorities can be managed to the identity of book keeping operation person and its book keeping operation qualification.Only awarded through authorities The book keeping operation person of power can just be eligible to participate in the competition of book keeping operation power, to be operated to block chain.Each book keeping operation person possesses for remembering The public private key pair of account, need the public key of oneself being together packed into block when generating block, and after block generates Whole block and block key message are digitally signed with corresponding private key.Correspondingly, each of the block catenary system is participated in When individual node receives the block, it is necessary to using the public key verifications digital signature in block validity, so as to verify the block Source;Verify whether the holder of the public key in block obtains book keeping operation qualification simultaneously.If the two checkings are not all of leading to Cross, then assert that the block is invalid, and abandon it.
In one embodiment, the public private key pair for being used to keep accounts corresponding to above-mentioned each book keeping operation person can be given birth to by authorities Into or distribute.Authorities can be in response to the request of book keeping operation person, and the identity based on book keeping operation person identifies to generate book keeping operation person Symbol.Wherein book keeping operation person's identity refers to the mark of book keeping operation person's true identity, and book keeping operation person can be uniquely determined by the mark Identity, for example, it may be identification card number, passport No., register of company number etc.., can be to book keeping operation person for more preferable anonymity Identity is encrypted to obtain book keeping operation person's identifier.Preferably, book keeping operation qualification start-stop can be filled in identifier of keeping accounts Date or Expiration Date, the expiration time of book keeping operation qualification is so directly obtained by reading book keeping operation person's identifier can.So, respectively Node just can judge whether the book keeping operation person has when receiving new block by the identifier for the book keeping operation person for generating the block Book keeping operation qualification.
For each book keeping operation person, the corresponding public private key pair for being used to keep accounts can be distributed or generated to authorities.Preferable In embodiment, authorities think that book keeping operation person's identifier of the book keeping operation person as public key, is situated between as explained above with user identity management Continue, private key corresponding with the book keeping operation person, the private generated are produced using private key generating algorithm in Identity Based Cryptography Key is supplied to book keeping operation person via safe and secret channel.In the case where book keeping operation person is overlapping with domestic consumer identity, book keeping operation person's public key Obtained from can also being the information relevant with book keeping operation qualification as some account filling of user.Each node is receiving new block When, the time for being related to book keeping operation qualification included in book keeping operation person's public key of current time and the block can be compared to determine this Whether book keeping operation person has book keeping operation qualification;Such as check current time whether the book keeping operation qualification marked in book keeping operation person's public key of the block Between commencement date and deadline or whether the Expiration Date not marked into book keeping operation person's public key also.In this embodiment, if book keeping operation person The book keeping operation qualification effective time included in public key expires, and authorities distribute or generated newly public and private without for the book keeping operation person Key, then illustrate that the book keeping operation qualification of the book keeping operation person has been revoked.In yet another embodiment, authorities are that each book keeping operation person generates it The process of corresponding public and private key and the process of authorizing for qualification of keeping accounts can separate what is carried out, and authorities are each book keeping operation person distribution or raw Into public key in can not include with the relevant information of book keeping operation qualification, but be contained in the message of authorities generation and send Into block chain.Such as each book keeping operation person, book keeping operation person's identity is encrypted to obtain book keeping operation person's identifier for authorities, And using book keeping operation person's identifier as public key, private key corresponding with the public key is obtained using Identity Based Cryptography method.And For authorizing for book keeping operation person's book keeping operation qualification, authorities can be by the way that each book keeping operation person's public key and its book keeping operation membership information be included in such as Message shown in table 2 below is distributed in block chain to complete.
In yet another embodiment, the public private key pair for being used to keep accounts corresponding to above-mentioned each book keeping operation person is locally generated at it 's.In this embodiment, book keeping operation person sends jointly to authorities to apply keeping accounts by its identity and for the public key of book keeping operation Qualification.Authorities authorize book keeping operation qualification for the legal book keeping operation person of identity.Authorities can be in response to book keeping operation person's request or regular The information related to book keeping operation qualification is distributed on block chain by ground.For example, authorities can be by the information related to book keeping operation qualification Authorized included in book keeping operation qualification in message, and authorize the book keeping operation qualification to message and be distributed in block chain.Table 2 gives book keeping operation money Lattice authorize an example of message, and message is authorized in the book keeping operation qualification includes text and the signature to text.Text can include but It is not limited to book keeping operation qualification and authorizes the system that authorities authorize business for carrying out book keeping operation qualification in message identifier, such as table 1 above The information such as public key, book keeping operation person's list of public keys that book keeping operation qualification is awarded, book keeping operation qualification entry-into-force time.Authorities use provides with book keeping operation The signature algorithm that lattice are authorized in system private key and corresponding cryptographic algorithm corresponding to business is authorizing message just to the book keeping operation qualification Text is signed, and obtains the digital signature to text.
Table 2
Authorized book keeping operation person receives in system authorize message by the book keeping operation qualification of authorities issue after, checking book keeping operation money Lattice authorize the validity of message, and checking content includes but is not limited to:(1) the system public key that checking book keeping operation qualification is authorized in message has Lack of competence, such as examine the system public key and whether there is in the authorities parameter that book keeping operation person is previously saved and correspond to authorities Business is authorized in book keeping operation qualification in parameter;(2) verify that the validity of digital signature in message is authorized in the book keeping operation qualification, such as using Qualification of being kept accounts in authorities parameter authorizes system public key and cryptographic algorithm corresponding to business and digital signature is verified etc..Checking By rear, book keeping operation person authorizes book keeping operation qualification to message packing cochain.Each node, can be according in block when receiving new block These information in message are authorized in the book keeping operation qualification preserved in chain, judge whether the book keeping operation person for generating the new block possesses book keeping operation money Lattice.
In yet another embodiment, the book keeping operation qualification of some book keeping operation persons can also be cancelled by authorities.Such as when need When cancelling the book keeping operation qualification of some book keeping operation persons, the information related to these book keeping operation persons can be included in book keeping operation qualification by authorities Revocation message is distributed in block chain.Table 3 gives an example of book keeping operation qualification revocation message, book keeping operation qualification revocation message Signature including text and to text.Text can be including but not limited to book keeping operation qualification revocation message identifier, authorities with removing Write off the information such as system public key corresponding to account qualification business, the list of public keys of book keeping operation person to be cancelled, book keeping operation qualification revocation time. Authorities are used with the signature algorithm in the revocation book keeping operation corresponding system private key of qualification business and corresponding cryptographic algorithm to the note The text of account qualification revocation message is signed, so as to obtain the digital signature to text.
Table 3
After book keeping operation person receives the book keeping operation qualification revocation message by authorities issue, having for book keeping operation qualification revocation message is verified Effect property, checking content include but is not limited to:(1) the system public key in checking book keeping operation qualification revocation message has lack of competence, such as core The real system public key is with the presence or absence of in the authorities parameter that book keeping operation person is previously saved and corresponding to the book keeping operation in authorities parameter Qualification cancels business;(2) validity of digital signature in book keeping operation qualification revocation message is verified, such as using in authorities parameter System public key and cryptographic algorithm are verified etc. to digital signature corresponding to book keeping operation qualification revocation business.After being verified, book keeping operation Person will keep accounts qualification revocation message packing cochain.Each node can also preserve when receiving new block according in block chain Book keeping operation qualification revocation message in these information, whether the book keeping operation qualification of book keeping operation person for judging to generate the new block removed Pin.
It should be understood that the book keeping operation qualification authentication mode introduced in the above-described embodiments can be used and be combined with each other simultaneously, one Minute mark account person can be by generating public and private key by authorities and being included in its corresponding public key to the related information of book keeping operation qualification In mode obtain book keeping operation qualification;And a part of book keeping operation person can be by issuing the book keeping operation qualification in block chain through authorities Relevant information obtains book keeping operation qualification;Book keeping operation person for including book keeping operation qualification temporal information in its public key, can also be via power The book keeping operation qualification of prestige side's issue cancels message quickly to cancel its qualification of keeping accounts.
Fig. 2 gives the schematic flow sheet of block chain method for managing security according to an embodiment of the invention.This method Mainly include:(1) generated by book keeping operation person and issue new block in response to receiving the information to be saved to block chain, the block Include received information, the digital signature generated using book keeping operation person's private key to described information and book keeping operation corresponding with the private key Person's public key;(2) in response to receiving new block, each participation node of the block chain is public based on the book keeping operation person included in the block Key come verify the digital signature included in the block whether effectively and verify the public key holder whether have book keeping operation qualification.Such as The two checkings of fruit are not all of by then assert that the block is invalid, and abandon it.If the two checking all by, Locally recording the block.
As introduced above, the book keeping operation qualification of each book keeping operation person is by authorities management.In one embodiment, weigh The information related to book keeping operation qualification can be included in the public key for generating or distributing for book keeping operation person by prestige side.Such as authorities can be with In response to the request of book keeping operation person, the identity based on book keeping operation person generates book keeping operation person's identifier, and the qualification that will such as keep accounts rises Only the information related to book keeping operation qualification of date or Expiration Date etc are filled into book keeping operation person's identifier, are so passed through and are read book keeping operation Person's identifier can directly obtains the expiration time of book keeping operation qualification.Preferably, authorities think book keeping operation person's mark of the book keeping operation person Know symbol and be used as public key, introduced as explained above with user identity management, calculated using private key generation in Identity Based Cryptography Method produces private key corresponding with the book keeping operation person, and the private key generated is supplied to book keeping operation person via safe and secret channel.Keeping accounts In the case that person is overlapping with domestic consumer identity, book keeping operation person's public key can also be the filling of some account and book keeping operation qualification by user Obtained from relevant information.Each node, can be by current time with being wrapped in book keeping operation person's public key of the block when receiving new block The time for being related to book keeping operation qualification contained is compared to determine whether the book keeping operation person has book keeping operation qualification;Such as check that current time is Between the no book keeping operation qualification commencement date and deadline marked in book keeping operation person's public key of the block or whether also book keeping operation person's public key is not arrived The Expiration Date of middle mark.In this embodiment, if the book keeping operation qualification effective time included in book keeping operation person's public key expires, and it is authoritative Just and without distributing or generating new public and private key for the book keeping operation person, then mean that the book keeping operation qualification of the book keeping operation person has been revoked, Block from the book keeping operation person is considered as invalid block by each node.
In yet another embodiment, authorities can ask in response to book keeping operation person or regularly will be related to book keeping operation qualification Information is distributed on block chain.The public private key pair for being used to keep accounts corresponding to each book keeping operation person can locally generate at it. In the embodiment, book keeping operation person sends jointly to authorities to apply for qualification of keeping accounts by its identity and for the public key of book keeping operation. Authorities authorize book keeping operation qualification for the legal book keeping operation person of identity.For example, authorities can be by the information related to book keeping operation qualification Authorized included in the book keeping operation qualification introduced above in association with table 2 in message, and authorize the book keeping operation qualification to message and be distributed to block chain In.Authorized book keeping operation person receives in system authorize message by the book keeping operation qualification of authorities issue after, checking book keeping operation qualification is awarded Give the validity of message and be wrapped into cochain.Each node, can be according to preserving when receiving new block in block chain These information in message are authorized in book keeping operation qualification, judge whether the book keeping operation person for generating the new block possesses book keeping operation qualification.
In yet another embodiment, this method can also include the book keeping operation that some book keeping operation persons are quickly cancelled by authorities Qualification.Such as when needing to cancel the book keeping operation qualification of some book keeping operation persons, authorities can be by the information related to these book keeping operation persons It is distributed to included in the book keeping operation qualification revocation message introduced as explained above with table 3 in block chain.Book keeping operation person is received by authorities After the book keeping operation qualification revocation message of issue, verify the validity of book keeping operation qualification revocation message and be wrapped into cochain.Participating in should Each node of block chain, can also be according to this in the book keeping operation qualification revocation message preserved in block chain when receiving new block Whether a little information, the book keeping operation qualification for judging to generate the book keeping operation person of the new block have been revoked.
Although the present invention be described by means of preferred embodiments, but the present invention be not limited to it is described here Embodiment, also include made various changes and change without departing from the present invention.

Claims (10)

1. a kind of block chain safety management system, the system includes authorities and book keeping operation person, and the authorities are each for managing The book keeping operation qualification of book keeping operation person;Each book keeping operation person is used to generate and issue new in response to receiving the information in the chain to be recorded to block Block, the public key of the block including the book keeping operation person, described information and is generated with private key corresponding with the public key to described information Digital signature;
Wherein, it is only from possessing book keeping operation qualification and the block of the effective book keeping operation person of its digital signature is allowed to record to block chain In.
2. system according to claim 1, wherein the public key and private key of the book keeping operation person are generated by authorities, with note The information that the book keeping operation qualification of account person is related is included in book keeping operation person's public key.
3. system according to claim 2, wherein authorities are in response to the request of book keeping operation person, the identity to book keeping operation person Encryption, and the information related to the book keeping operation qualification of the book keeping operation person is filled in ciphertext data after encryption to obtain the book keeping operation person's Public key;And private key corresponding with the public key is produced using Identity Based Cryptography algorithm.
4. the system according to Claims 2 or 3, wherein the information related to the book keeping operation qualification of book keeping operation person includes book keeping operation qualification Beginning and ending time or expiration time.
5. system according to claim 1, wherein the public key and private key of the book keeping operation person are locally generated by book keeping operation person Or generated by authorities.
6. system according to claim 5, wherein authorities issue the information related to the book keeping operation qualification of book keeping operation person to area In block chain, the information related to the book keeping operation qualification of book keeping operation person includes one or more of following:Book keeping operation qualification is awarded Book keeping operation person's public key, keep accounts qualification entry-into-force time, be revoked book keeping operation qualification book keeping operation person's public key, book keeping operation qualification revocation the time.
7. a kind of block chain method for managing security, this method include:
Generated by book keeping operation person in response to receiving the information in the chain to be recorded to block and issue new block, the block includes the note Public key, described information and the digital signature generated with private key corresponding with the public key to described information of account person;
In response to receiving new block, whether the digital signature for judging to include in the block is effective and verifies public key pair in the block Whether the book keeping operation person answered has book keeping operation qualification;
It will be recorded from the block with book keeping operation qualification and the effective book keeping operation person of its digital signature into block chain.
8. it is according to the method for claim 7, in addition to by authorities that each book keeping operation person generates its corresponding public key and private Key, the information related to the book keeping operation qualification of book keeping operation person are included in book keeping operation person's public key.
9. according to the method for claim 8, wherein the information related to the book keeping operation qualification of book keeping operation person includes book keeping operation qualification Beginning and ending time or expiration time.
10. according to the method for claim 7, in addition to its public key and/or identity are sent to by the book keeping operation person Authorities with ask keep accounts qualification;
The information related to the book keeping operation qualification of book keeping operation person is issued into block chain in response to the request of book keeping operation person by authorities, it is described The information related to the book keeping operation qualification of book keeping operation person includes one or more of following:The book keeping operation person that book keeping operation qualification is awarded is public Key, the entry-into-force time for qualification of keeping accounts, the book keeping operation person's public key for being revoked book keeping operation qualification, book keeping operation qualification revocation time.
CN201711054192.4A 2017-10-31 2017-10-31 Block chain safety management system and method Active CN107769922B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711054192.4A CN107769922B (en) 2017-10-31 2017-10-31 Block chain safety management system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711054192.4A CN107769922B (en) 2017-10-31 2017-10-31 Block chain safety management system and method

Publications (2)

Publication Number Publication Date
CN107769922A true CN107769922A (en) 2018-03-06
CN107769922B CN107769922B (en) 2020-02-18

Family

ID=61270996

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711054192.4A Active CN107769922B (en) 2017-10-31 2017-10-31 Block chain safety management system and method

Country Status (1)

Country Link
CN (1) CN107769922B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109033776A (en) * 2018-09-07 2018-12-18 广东工业大学 A kind of personnel management methods, system, equipment and computer readable storage medium
CN109104287A (en) * 2018-07-27 2018-12-28 众安信息技术服务有限公司 The method and apparatus communicated in block chain
CN110245522A (en) * 2019-01-16 2019-09-17 腾讯科技(深圳)有限公司 Data processing method, terminal and medium in block chain financial account system
CN110298180A (en) * 2019-04-01 2019-10-01 北京深安未来科技有限公司 A kind of notarization management system based on block chain
CN110380857A (en) * 2018-04-12 2019-10-25 中国移动通信有限公司研究院 Digital certificate processing method and processing device, block chain node, storage medium
CN110535848A (en) * 2019-08-22 2019-12-03 腾讯科技(深圳)有限公司 A kind of information storage means and device
CN110929872A (en) * 2019-10-18 2020-03-27 如般量子科技有限公司 Anti-quantum-computation private key backup, loss report and recovery method and system based on alliance chain and identity cryptography
CN110992029A (en) * 2019-12-02 2020-04-10 中国科学院计算技术研究所 Block chain management system and method
CN111343292A (en) * 2020-02-10 2020-06-26 广州根链国际网络研究院有限公司 Authoritative DNS server information updating method and system
CN111371556A (en) * 2020-02-21 2020-07-03 运易通科技有限公司 Block link point accounting method, device, equipment and storage medium
CN112801648A (en) * 2021-01-28 2021-05-14 杉德银卡通信息服务有限公司 Account configuration management method and system based on payment scene

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150371224A1 (en) * 2014-06-24 2015-12-24 Phaneendra Ramaseshu Lingappa Cryptocurrency infrastructure system
CN106485168A (en) * 2016-10-17 2017-03-08 成都知道创宇信息技术有限公司 A kind of method whether being modified using MD5 value checking contract documents
CN106530072A (en) * 2016-11-22 2017-03-22 天津米游科技有限公司 Block chain consensus mechanism
CN107124403A (en) * 2017-04-14 2017-09-01 朱清明 The generation method and computing device of common recognition block in block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150371224A1 (en) * 2014-06-24 2015-12-24 Phaneendra Ramaseshu Lingappa Cryptocurrency infrastructure system
CN106485168A (en) * 2016-10-17 2017-03-08 成都知道创宇信息技术有限公司 A kind of method whether being modified using MD5 value checking contract documents
CN106530072A (en) * 2016-11-22 2017-03-22 天津米游科技有限公司 Block chain consensus mechanism
CN107124403A (en) * 2017-04-14 2017-09-01 朱清明 The generation method and computing device of common recognition block in block chain

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110380857B (en) * 2018-04-12 2020-09-11 中国移动通信有限公司研究院 Digital certificate processing method and device, block chain node and storage medium
CN110380857A (en) * 2018-04-12 2019-10-25 中国移动通信有限公司研究院 Digital certificate processing method and processing device, block chain node, storage medium
US11863692B2 (en) 2018-04-12 2024-01-02 China Mobile Communication Co., Ltd Research Inst Digital certificate processing method and device, blockchain node and storage medium
CN109104287A (en) * 2018-07-27 2018-12-28 众安信息技术服务有限公司 The method and apparatus communicated in block chain
CN109033776A (en) * 2018-09-07 2018-12-18 广东工业大学 A kind of personnel management methods, system, equipment and computer readable storage medium
CN110245522A (en) * 2019-01-16 2019-09-17 腾讯科技(深圳)有限公司 Data processing method, terminal and medium in block chain financial account system
CN110298180A (en) * 2019-04-01 2019-10-01 北京深安未来科技有限公司 A kind of notarization management system based on block chain
CN110535848A (en) * 2019-08-22 2019-12-03 腾讯科技(深圳)有限公司 A kind of information storage means and device
CN110929872A (en) * 2019-10-18 2020-03-27 如般量子科技有限公司 Anti-quantum-computation private key backup, loss report and recovery method and system based on alliance chain and identity cryptography
CN110929872B (en) * 2019-10-18 2022-10-18 如般量子科技有限公司 Anti-quantum computing private key backup, loss reporting and recovery method and system
CN110992029A (en) * 2019-12-02 2020-04-10 中国科学院计算技术研究所 Block chain management system and method
CN111343292A (en) * 2020-02-10 2020-06-26 广州根链国际网络研究院有限公司 Authoritative DNS server information updating method and system
CN111343292B (en) * 2020-02-10 2022-09-27 广州根链国际网络研究院有限公司 Authoritative DNS server information updating method and system
CN111371556A (en) * 2020-02-21 2020-07-03 运易通科技有限公司 Block link point accounting method, device, equipment and storage medium
CN112801648A (en) * 2021-01-28 2021-05-14 杉德银卡通信息服务有限公司 Account configuration management method and system based on payment scene

Also Published As

Publication number Publication date
CN107769922B (en) 2020-02-18

Similar Documents

Publication Publication Date Title
CN107769922A (en) Block chain safety management system and method
CN106920080B (en) Account management method and system for digital currency
CN107240017B (en) Block chain transaction management system and method
CN111008836B (en) Privacy security transfer payment method, device, system and storage medium
CN108009917B (en) Transaction verification and registration method and system for digital currency
CN108418680B (en) Block chain key recovery method and medium based on secure multi-party computing technology
CN106910072A (en) Digital cash management method and system
CN108764874B (en) Anonymous transfer method, system and storage medium based on block chain
JP2020145733A (en) Method for managing a trusted identity
CN107819753B (en) Block chain transaction system and method without complete anonymity
CN105635049B (en) Tax-supervise system method and apparatus based on client identification password
CN102959559B (en) For the method producing certificate
DE69634715T2 (en) Method and device for creating and managing a secret key of a public-key cryptosystem
CN107911216A (en) A kind of block chain transaction method for secret protection and system
CN106934605A (en) User identity management method and system in digital cash
CN107180350A (en) A kind of method of the multi-party shared transaction metadata based on block chain, apparatus and system
WO2021008453A1 (en) Method and system for offline blockchain transaction based on identifier authentication
CN105900375A (en) Efficient methods for protecting identity in authenticated transmissions
CN109660485A (en) A kind of authority control method and system based on the transaction of block chain
PT739560E (en) CRYPTOGRAPHIC SYSTEM AND PROCESS WITH KEY WARRANTY CHARACTERISTICS
CN106797311A (en) For the method for security password generation
JPH10240848A (en) Method for transferring fund for electronic coin between user terminals
CN103854180B (en) Credit voucher generating method and system, and application authorization method and system
CN107682364A (en) One kind license chain privacy method of commerce
CN106845275B (en) A kind of the electronic bill management system and method for secret protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 330096 399 Huoju street, Qingshanhu District, Nanchang City, Jiangxi Province

Patentee after: Jiede (China) Technology Co.,Ltd.

Address before: 330096 399 Huoju street, Qingshanhu District, Nanchang City, Jiangxi Province

Patentee before: Jiede (China) Information Technology Co.,Ltd.