CN108615154B - Block chain digital signature system based on hardware encryption protection and using process - Google Patents
Block chain digital signature system based on hardware encryption protection and using process Download PDFInfo
- Publication number
- CN108615154B CN108615154B CN201810406816.2A CN201810406816A CN108615154B CN 108615154 B CN108615154 B CN 108615154B CN 201810406816 A CN201810406816 A CN 201810406816A CN 108615154 B CN108615154 B CN 108615154B
- Authority
- CN
- China
- Prior art keywords
- data
- digital signature
- hardware encryption
- encryption protection
- protection module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a block chain digital signature system based on hardware encryption protection and a using process, and the system comprises a user side, a management side, a digital signature protection system and a hardware encryption protection module, wherein the user side is in bidirectional communication connection with the hardware encryption protection module through the digital signature protection system, the management side is an off-line system and is in bidirectional communication connection with the hardware encryption protection module through the digital signature protection system, the user side is in communication connection with an external block chain network, the hardware encryption protection module is an HSM (high speed memory) hardware encryption machine or a CPU (central processing unit) adopting an Intel SGX technology, a user private key and a signature rule of the system are both positioned in the hardware encryption protection module, the user private key is positioned in the hardware encryption protection module and is continuously online and can adapt to high-frequency transaction, and the private key and the signature rule are also in an encrypted form when stored, so that the risks of system invasion, user account hijacking, digital currency stealing, block chain transaction and the like are effectively reduced.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain digital signature system based on hardware encryption protection and a use process.
Background
A block chain is generally understood to be a distributed ledger, which is also essentially a distributed computing and storage system, where different block chain nodes agree through a certain computing rule and store the agreed transaction execution results in a database in the form of blocks, and a plurality of blocks constitute the block chain.
In the block chain technology system, communication among nodes and trust achievement need to rely on a digital signature technology, which mainly realizes identity confirmation and ensures information integrity. Digital signatures involve tools such as private keys, public keys, and wallets. Digital signatures have two roles, one to prove that a message was indeed sent by the sender of the message, and to determine the integrity of the message. The method comprises the steps of encrypting the sending content by using a public key of a specific receiver through an asymmetric encryption mechanism of the private key and the public key, decrypting the sending content only by using the private key of the specific receiver, thereby realizing the safety guarantee of information transmission of the specified receiver, and ensuring the integrity of the sending information by performing the same Hash calculation on the message content at a sending end and a receiving end and comparing Hash values. Therefore, the private key is the most important part in the block chain technology, and because the private key can uniquely represent the identity of the user, the storage and the use of the private key must be absolutely secure, and once the private key is leaked and used by others, the private key means that the block chain user is completely stolen and replaced.
At present, a cold wallet mode, namely off-line storage, is mainly adopted for storing and managing the private key, and an on-line reading mode is adopted during use, so that the private key has certain safety, but the use efficiency is very low, the private key is completely not suitable for application scenes needing high-frequency operation, the off-line storage means that the private key cannot be effectively retrieved once the private key is lost or forgotten, and in addition, if an enterprise stores the private key in an off-line mode, the private key needs to be manually managed and taken, and stealing of the private key by a ghost is difficult to prevent.
The operation process of using the private key to carry out digital signature must be absolutely controllable, and because the current use mode of the digital signature is carried out in a computer operating system through program calling, the risk that the digital signature operation or a digital signature function interface is controlled by an attacker exists. Recently, security incidents that private keys are lost due to hacker attacks or hacking of enterprises or exchanges and a large amount of virtual money is finally lost have occurred many times, and a technology capable of safely and controllably managing and using the private keys and digital signatures is needed in a block chain ecosystem. Therefore, a block chain digital signature system based on hardware encryption protection and a using process are provided.
Disclosure of Invention
The present invention is directed to a block chain digital signature system based on hardware encryption protection and a using process thereof, so as to solve the problems mentioned in the background art.
In order to achieve the purpose, the invention provides the following technical scheme:
the utility model provides a block chain digital signature system based on hardware encryption protection, the system includes user, management end, digital signature protection system, hardware encryption protection module, the user passes through digital signature protection system and hardware encryption protection module both way communication and is connected, the management end passes through digital signature protection system and hardware encryption protection module both way communication and is connected, the user is connected with outside block chain network communication, the management end is the off-line system, can only visit at local or local area network to ensure the security of this system.
Furthermore, the hardware encryption protection module is an HSM hardware encryption machine or a CPU adopting an Intel SGX technology, the HSM hardware encryption machine is a physical computing device, and may be an independent hardware device or may be installed on a user's computer in the form of a hardware board card, and the Intel SGX is an extension of the Intel CPU technology system, and is used for enhancing the security of data processing. The Intel SGX does not handle the identification and isolation of all malware on the operating system, but instead encapsulates the security operations of legitimate software within a scope that protects it from malware attacks. By means of the SGX technology of the Intel processor, the system enters a trusted mode to execute through the hardware mode switching of the CPU, and only necessary hardware is used for forming a completely isolated privileged safety mode. The Intel SGX technology can provide a safety processing function similar to that of an HSM hardware encryption machine, but greatly saves the installation and manufacturing cost, thereby improving the applicability of the technical scheme of the invention.
The use process of the block chain digital signature system based on hardware encryption protection comprises a setting initialization process and a transaction data request process of the digital signature protection system, and the process comprises the following steps:
setting an initialization process:
m1, a user transmits the rule data D1 to a digital signature protection system through a management terminal, and the digital signature protection system forwards the rule data D1 to a hardware encryption protection module;
m2, the hardware encryption protection module encrypts and encapsulates the regular data D1 to obtain encrypted data D2;
m3, the hardware encryption protection module sends the encrypted data D2 to a digital signature protection system, and the digital signature protection system stores the encrypted data D2;
transaction data request process:
s1, a user transmits transaction data D3 to a digital signature protection system through a user side;
s2, the digital signature protection system identifies the transaction data D3 and extracts and arranges the transaction data D3 into original data D4;
s3, the digital signature protection system transmits the native data D4 to a hardware encryption protection module;
s4, after acquiring the native data D4, the hardware encryption protection module carries out logic judgment on whether the native data D2 is loaded with the encrypted data:
a1, when encrypted data D2 are loaded in a hardware encryption protection module, the hardware encryption protection module decrypts the encrypted data D2 to obtain regular data D1 in M1;
a2, when the encrypted data D2 is not loaded in the hardware encryption protection module, the hardware encryption protection module sends an instruction to the digital signature protection system, and the step A1 is repeated after the encrypted data D2 is called and loaded from the digital signature protection system;
s5, the hardware encryption protection module compares the rule data D1 with the original data D4, and performs logic judgment:
b1, when the original data D4 meets the requirement of the regular data D1, carrying out authentication signature on the original data D4 to obtain authentication data D5;
b2, when the native data D4 does not meet the requirement of the rule data D1, rejecting a signature request of the native data D4;
s6, the hardware encryption protection module sends the authentication data D5 to a digital signature protection system;
s7, constructing a digital signature protection system to obtain authentication transaction data D6, and transmitting the authentication transaction data D6 to a user side;
and S8, the user side broadcasts the authentication transaction data D6 to an external block chain network.
Further, the rule data D1 includes a user's blockchain private key and signature rules.
Further, the number of the users is at least one, and the rule data D1 and the transaction data D3 include unique tag data for confirming which user is operating, thereby performing matching operation.
Further, the signature rule comprises a limit upper limit and an address white list.
Further, the signature rule includes an age.
Further, in the step S5, in the case of B2, the hardware encryption protection module forwards the rejection to the digital signature protection system, and the digital signature protection system feeds back the rejection to the user side.
Compared with the prior art, the invention has the beneficial effects that: a block chain digital signature system based on hardware encryption protection and a using process thereof are provided, a user private key and a signature rule are isolated from a user side through a hardware encryption protection module, the user private key and the signature rule are both positioned in the hardware encryption protection module during use, the user private key is continuously positioned in the hardware encryption protection module on line, the security of the private user key and the security of a digital signature process are ensured to be controllable, meanwhile, the system can well adapt to high-frequency transaction and multi-user transaction scenes under the block chain technical condition, an attacker is prevented, in addition, the user private key and the signature rule are stored in the digital signature protection system in an encrypted form during storage, information in the system cannot be directly obtained even if being stolen by other people, the security degree is high, and the stealing of private keys and the hijacking of digital signature functions including inner ghost can be prevented.
Drawings
FIG. 1 is a flow chart illustrating a setup initialization process according to the present invention;
FIG. 2 is a flow chart illustrating a transaction data request process according to the present invention.
Detailed Description
The technical solutions in the present invention are clearly and completely described below with reference to specific embodiments, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the security of data is relative, and there may not be a scheme of absolute security, for example, although the account password information of the user is kept by high-strength encryption, in some cases, the user himself/herself carelessly reveals the password plaintext, which may cause the user account to be completely controlled, and the situation will be the same as the user himself/herself operates, so the scheme of the present invention needs to be established in a basic trust environment to discuss the security and theft prevention, for the technical scheme of the present invention, the basic use environment is that the user account basic information is revealed by the plaintext manner without considering the user account basic information itself and stolen by others, the data of the signed authenticated transaction data D6 is not changed, and the addresses that the user autonomously adds to the address white list in the signature rule are all securely trusted without considering the security problem (e.g. theft by trusted people and acquaintances) in the address white list.
Example one
The user has a wallet account with a blockchain and is ready to use the system of the present invention to secure his digital currency. Xiaoming has 10 digital currencies and is only ready to transact with a friend's xiao zhuang or xiao qing. Firstly, the user logs in the management terminal of the user, the management terminal is an off-line system, the management terminal can only access through a local area network and does not allow access through the Internet, and therefore safety is enhanced. The Xiaoming sets a payment upper limit of 1 digital currency through a management end, an allowed address list contains digital wallet addresses of friends, xiao zhuang and xiao qing, the management end transmits the limit of the payment upper limit and the allowed address as rule data D1 to a digital signature protection system, the digital signature protection system forwards the rule data D1 to a hardware encryption protection module, the hardware encryption protection module encrypts and encapsulates the rule data D1 to obtain encrypted data D2, the hardware encryption protection module sends the encrypted data D2 to the digital signature protection system, the digital signature protection system stores the encrypted data D2, the hardware encryption protection module system also contains the encapsulated encrypted data D2 at the moment, the whole setting initialization process is finished, the transaction condition of the Xiaoming digital currency can be changed only when the payment upper limit is 1 digital currency and the wallet address object of transfer is a xiao zhang or xiao qing, the Xiaoming can change the rule data D1 through the management end, for example, the payment upper limit is changed into 0.5 digital currency to form new rule data D1, the changed key data D2 can be changed successfully, and the encrypted data can be replaced by the original encrypted data D2.
When a transaction is carried out, for example, xiaoming takes out 0.3 digital money from an account of the xiaoming and transfers the digital money to an address of a xianqing digital wallet, firstly, the xiaoming transmits a data request to be transferred as transaction data D3 to a digital signature protection system through a user terminal, the digital signature protection system identifies the transaction data D3 and extracts and arranges the transaction data into native data D4, the arrangement purpose of the native data D4 is to facilitate comparison so as to reduce data redundancy caused by useless information, and data of an authentication signature can be formed in a later flow. The digital signature protection system transmits the original data D4 to the hardware encryption protection module, the hardware encryption protection module decrypts the encrypted data D2 to obtain the regular data D1 with the payment upper limit changed into 1 digital currency and the allowable address being small blue or small blue, the regular data D1 also comprises a block chain private key for signature, the hardware encryption protection module compares the original data D4 with the regular data D1 to find that the original data D4 accords with the regular data D1 and the transaction is allowed, the original data D4 carries out authentication signature through the block chain private key obtained by decryption of the hardware encryption protection module to obtain authentication data D5 and transmits the authentication data D5 to the digital signature protection system, the digital signature protection system constructs to obtain authentication transaction data D6 and transmits the authentication transaction data D6 to a user side, and the user side broadcasts the authentication transaction data D6 to an external block chain network, so that the whole process of transferring 0.3 digital currency to the small blue address is completed.
In the transaction process, if the encrypted data D2 is not loaded in the hardware encryption protection module (for example, the hardware encryption protection module is powered off halfway), the encrypted data D2 needs to be called and loaded from the digital signature protection system, although the content limitation of the signature rule is not limited to the quota upper limit and the address white list, and may include the time limit, such as the expiration time of the address white list, the number of times of transferring digital currency, and the like, according to the need, for example, the address of xiaoqing is deleted from the white list after the signature rule is established for 24 hours.
Example two
The hacker wants to steal the small and clear digital currency, and supposing that the small black finds an interface of the digital signature protection system, the small black also sends a transaction data request to the digital signature protection system, and requests to transfer 10 digital currencies to the address of the small black, and the transfer process is the same as the first embodiment, the hardware encryption protection module compares the rule data D1 with the native data D4, and finds that the upper limit of payment is not met, and the address of the small black is not in the address white list, so the hardware encryption protection module rejects the data request of the native data D4, and forwards the rejection to the digital signature protection system, and the digital signature protection system feeds back the rejection to the user end to play a certain warning role, and in general, in order to ensure hackers or to transfer the digital currencies in the account of the invaded as far as possible, it is assumed that a small amount of digital currencies (e.g. 0.01 digital currencies at a time) are transferred each time, but the address of the small black is still not in the address white list, so the transaction cannot be approved, and the transaction data D6 cannot be authenticated.
EXAMPLE III
The hacker Xiao Hei 35274c, the Xiao Ming digital currency is screened, the Xiao Ming digital currency is supposed to invade into the Xiao Ming digital signature protection system, and the Xiao Hei finds out the rule data D1 in the digital signature protection system, although the rule data D1 contains a block chain private key and a signature rule, the rule data D1 is the encrypted data D2 obtained by encrypting and packaging through a hardware encryption protection module, the hardware encryption protection module cannot break the encryption from the outside, and the encrypted data D2 can only be used in the hardware encryption protection module, so the hacker Xiao Hei still cannot break or modify the encrypted data D2, and therefore the Xiao Ming digital currency cannot be transferred to the address in the non-address white list, although the Xiao Hei can control the Xiao Ming digital signature protection system, the biggest influence is that the Xiao Ming can not use the system, and the Xiao Ming digital currency cannot be stolen to the own address.
In addition, under the condition that a plurality of users all use the same system of the invention, the rule data D1 and the transaction data D3 contain unique tag data, which can be used to confirm which user is operating, and the unique tag data can be the wallet address of the user, and the system of the invention contains primary authentication (the user name and the password which are the same as many software), so when the primary authentication is broken by intrusion, an intruder (such as a hacker in example two and three is black) can not modify the encrypted data D2 obtained by encryption encapsulation, and thus the digital money of other users can not be transferred to the address which is not in the address white list.
The system adopts a hardware encryption protection technology to ensure the security of the block chain digital signature, a user private key and a signature rule are both stored in a hard encryption protection module, so that external invasion and stealing can be effectively prevented, the security of the private key and the security and controllability of a digital signature process can be ensured under the condition that the private key is continuously online, high-frequency transaction under the block chain technical condition can be well adapted, the user private key and the signature rule also exist in an encrypted form when being stored in an external backup mode, and the user private key and the signature rule cannot be read and stolen even if a memory is invaded and stolen, so that the security of the block chain transaction is greatly improved.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (6)
1. A use process of a block chain digital signature system based on hardware encryption protection is characterized in that: the system comprises a user side, a management side, a digital signature protection system and a hardware encryption protection module, wherein the use process comprises a setting initialization process and a transaction data request process of the digital signature protection system, and the processes are as follows:
setting an initialization process:
m1, a user transmits the rule data D1 to a digital signature protection system through a management terminal, and the digital signature protection system forwards the rule data D1 to a hardware encryption protection module;
m2, the hardware encryption protection module encrypts and encapsulates the regular data D1 to obtain encrypted data D2;
m3, the hardware encryption protection module sends the encrypted data D2 to a digital signature protection system, and the digital signature protection system stores the encrypted data D2;
transaction data request process:
s1, a user transmits transaction data D3 to a digital signature protection system through a user side;
s2, the transaction data D3 are identified by the digital signature protection system, and original data D4 are extracted and sorted out;
s3, the digital signature protection system transmits the native data D4 to a hardware encryption protection module;
s4, after acquiring the native data D4, the hardware encryption protection module carries out logic judgment on whether the native data D2 is loaded with the encrypted data:
a1, when encrypted data D2 are loaded in a hardware encryption protection module, the hardware encryption protection module decrypts the encrypted data D2 to obtain regular data D1 in M1;
a2, when the encrypted data D2 is not loaded in the hardware encryption protection module, the hardware encryption protection module sends an instruction to the digital signature protection system, and the step A1 is repeated after the encrypted data D2 is called and loaded from the digital signature protection system;
s5, the hardware encryption protection module compares the regular data D1 with the original data D4, and performs logic judgment:
b1, when the original data D4 meets the requirement of the regular data D1, carrying out authentication signature on the original data D4 to obtain authentication data D5;
b2, when the native data D4 do not meet the requirements of the rule data D1, rejecting the data request of the native data D4;
s6, the hardware encryption protection module sends the authentication data D5 to a digital signature protection system;
s7, constructing a digital signature protection system to obtain authentication transaction data D6, and transmitting the authentication transaction data D6 to a user side;
and S8, the user side broadcasts the authentication transaction data D6 to an external block chain network.
2. The use flow of the hardware encryption protection based block chain digital signature system according to claim 1, wherein: the rule data D1 includes a user's blockchain private key and signature rules.
3. The use flow of the hardware encryption protection based block chain digital signature system according to claim 2, wherein: the number of the users is at least one, and the rule data D1 and the transaction data D3 contain unique tag data.
4. The use flow of the hardware encryption protection based block chain digital signature system according to claim 2, wherein: the signature rule comprises a limit upper limit and an address white list.
5. The use flow of the hardware encryption protection based block chain digital signature system according to claim 2, wherein: the signature rule includes an age.
6. The use flow of the hardware encryption protection based block chain digital signature system according to claim 2, wherein: in the step of S5, under the condition of B2, the hardware encryption protection module forwards the rejection to the digital signature protection system, and the digital signature protection system feeds back the rejection to the user side.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810406816.2A CN108615154B (en) | 2018-05-01 | 2018-05-01 | Block chain digital signature system based on hardware encryption protection and using process |
CN202310339096.3A CN116362747A (en) | 2018-05-01 | 2018-05-01 | Block chain digital signature system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810406816.2A CN108615154B (en) | 2018-05-01 | 2018-05-01 | Block chain digital signature system based on hardware encryption protection and using process |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310339096.3A Division CN116362747A (en) | 2018-05-01 | 2018-05-01 | Block chain digital signature system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108615154A CN108615154A (en) | 2018-10-02 |
CN108615154B true CN108615154B (en) | 2023-04-18 |
Family
ID=63661557
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810406816.2A Active CN108615154B (en) | 2018-05-01 | 2018-05-01 | Block chain digital signature system based on hardware encryption protection and using process |
CN202310339096.3A Pending CN116362747A (en) | 2018-05-01 | 2018-05-01 | Block chain digital signature system |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310339096.3A Pending CN116362747A (en) | 2018-05-01 | 2018-05-01 | Block chain digital signature system |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN108615154B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210374724A1 (en) * | 2018-10-19 | 2021-12-02 | Bell Identification B.V. | Secure digital wallet processing system |
CN109754250B (en) * | 2018-12-27 | 2021-06-08 | 石更箭数据科技(上海)有限公司 | Data transaction method and system, platform and storage medium |
CN110222485B (en) * | 2019-05-14 | 2021-01-12 | 浙江大学 | Industrial control white list management system and method based on SGX software protection extended instruction |
CN110545190B (en) * | 2019-09-06 | 2021-08-13 | 腾讯科技(深圳)有限公司 | Signature processing method, related device and equipment |
CN116976890A (en) * | 2019-09-20 | 2023-10-31 | 余欢 | Multi-sign encryption transaction system of block chain |
CN111091380B (en) * | 2019-10-25 | 2023-05-09 | 趣派(海南)信息科技有限公司 | Block chain asset management method based on friend hidden verification |
CN111475782B (en) * | 2020-04-08 | 2022-11-08 | 浙江大学 | API (application program interface) key protection method and system based on SGX (generalized Standard X) software extension instruction |
CN111798224A (en) * | 2020-06-03 | 2020-10-20 | 杭州云象网络技术有限公司 | SGX-based digital currency payment method |
CN113098692B (en) * | 2021-04-06 | 2023-07-28 | 湖北央中巨石信息技术有限公司 | Synchronous consensus algorithm, system and medium for multiple parties under same prefabrication rule |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102004053890A1 (en) * | 2004-11-09 | 2006-05-11 | Service Concepts Gmbh Integrated Services | Virtual chip card for computer-supported central generation of an asymmetric pair of keys for encrypted storage as a key object offers a private key for a user in a database |
CN104408622A (en) * | 2014-12-10 | 2015-03-11 | 公安部第三研究所 | System and method for confirming electronic trade based on independent password equipment |
CN106327184A (en) * | 2016-08-22 | 2017-01-11 | 中国科学院信息工程研究所 | Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation |
CN106685995A (en) * | 2017-02-23 | 2017-05-17 | 王锐 | Data query system for leaked account based on hardware encryption |
CN106850200A (en) * | 2017-01-25 | 2017-06-13 | 中钞信用卡产业发展有限公司北京智能卡技术研究院 | A kind of method for using the digital cash based on block chain, system and terminal |
BE1024384B1 (en) * | 2016-12-22 | 2018-02-05 | Itext Group Nv | Distributed blockchain-based method for digitally signing a PDF document |
-
2018
- 2018-05-01 CN CN201810406816.2A patent/CN108615154B/en active Active
- 2018-05-01 CN CN202310339096.3A patent/CN116362747A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102004053890A1 (en) * | 2004-11-09 | 2006-05-11 | Service Concepts Gmbh Integrated Services | Virtual chip card for computer-supported central generation of an asymmetric pair of keys for encrypted storage as a key object offers a private key for a user in a database |
CN104408622A (en) * | 2014-12-10 | 2015-03-11 | 公安部第三研究所 | System and method for confirming electronic trade based on independent password equipment |
CN106327184A (en) * | 2016-08-22 | 2017-01-11 | 中国科学院信息工程研究所 | Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation |
BE1024384B1 (en) * | 2016-12-22 | 2018-02-05 | Itext Group Nv | Distributed blockchain-based method for digitally signing a PDF document |
CN106850200A (en) * | 2017-01-25 | 2017-06-13 | 中钞信用卡产业发展有限公司北京智能卡技术研究院 | A kind of method for using the digital cash based on block chain, system and terminal |
CN106685995A (en) * | 2017-02-23 | 2017-05-17 | 王锐 | Data query system for leaked account based on hardware encryption |
Also Published As
Publication number | Publication date |
---|---|
CN116362747A (en) | 2023-06-30 |
CN108615154A (en) | 2018-10-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108615154B (en) | Block chain digital signature system based on hardware encryption protection and using process | |
JP7121810B2 (en) | Systems, methods, devices and terminals for secure blockchain transactions and sub-networks | |
CN108012268B (en) | SIM card for ensuring safe use of application software on mobile phone terminal | |
EP2991267B1 (en) | Apparatus for providing puf-based hardware otp and method for authenticating 2-factor using same | |
EP1415430B1 (en) | A method and a system for processing information in an electronic device | |
US20140211944A1 (en) | System and method of protecting, storing and decrypting keys over a computerized network | |
CN109412812B (en) | Data security processing system, method, device and storage medium | |
CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
WO2006041517A2 (en) | Partition and recovery of a verifiable digital secret | |
JP2016531508A (en) | Data secure storage | |
TW201540038A (en) | Methods and apparatus for migrating keys | |
US8397281B2 (en) | Service assisted secret provisioning | |
US20210352101A1 (en) | Algorithmic packet-based defense against distributed denial of service | |
WO2015117523A1 (en) | Access control method and device | |
US20190288833A1 (en) | System and Method for Securing Private Keys Behind a Biometric Authentication Gateway | |
BE1024812A1 (en) | A SECURITY APPROACH FOR THE STORAGE OF CREDENTIALS FOR OFFLINE USE AND AGAINST COPY PROTECTED CLEAN CONTENT IN DEVICES | |
US10902093B2 (en) | Digital rights management for anonymous digital content sharing | |
US11431514B1 (en) | Systems for determining authenticated transmissions of encrypted payloads | |
CN112637172A (en) | Novel data security and confidentiality method | |
CN111538973A (en) | Personal authorization access control system based on state cryptographic algorithm | |
CN111901312A (en) | Method, system, equipment and readable storage medium for network access control | |
US11463251B2 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
KR102539418B1 (en) | Apparatus and method for mutual authentication based on physical unclonable function | |
KR101947408B1 (en) | Puf-based hardware device for providing one time password, and method for 2-factor authenticating using thereof | |
CN114117471A (en) | Confidential data management method, electronic device, storage medium, and program product |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20230315 Address after: Room 620, R&D Building, Shanghai Jiaotong University (Jiaxing) Science Park, 321 Jiachuang Road, Xiuzhou District, Jiaxing City, Zhejiang Province, 314000 Applicant after: Zhejiang Haoan Information Technology Co.,Ltd. Address before: 200127 Room 102, No. 15, Lane 1578, Pujian Road, Pudong New Area, Shanghai Applicant before: Wang Rui |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |