CN109067539B - Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium - Google Patents

Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium Download PDF

Info

Publication number
CN109067539B
CN109067539B CN201810612555.XA CN201810612555A CN109067539B CN 109067539 B CN109067539 B CN 109067539B CN 201810612555 A CN201810612555 A CN 201810612555A CN 109067539 B CN109067539 B CN 109067539B
Authority
CN
China
Prior art keywords
node
client
certificate
transaction
chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810612555.XA
Other languages
Chinese (zh)
Other versions
CN109067539A (en
Inventor
陈贯策
陈宇杰
李辉忠
张开翔
范瑞彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201810612555.XA priority Critical patent/CN109067539B/en
Publication of CN109067539A publication Critical patent/CN109067539A/en
Application granted granted Critical
Publication of CN109067539B publication Critical patent/CN109067539B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Economics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a alliance chain transaction method, which comprises the following steps: when a transaction request sent by a client is received, a client certificate carried in the transaction request and a service message signed by the client are obtained; judging whether the client certificate is valid; when the client certificate is valid, re-signing the service message through a pre-stored private key of the organization node; and sending the service message after the re-signature to a transaction node corresponding to the transaction request. The invention also discloses a alliance chain transaction device and a computer readable storage medium. The invention can realize safe and effective identity authentication of the alliance chain participants, thereby ensuring the authenticity and the safety of the alliance chain transaction.

Description

Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium
Technical Field
The present invention relates to the field of blockchain technologies, and in particular, to a method and an apparatus for federation chain transaction, and a computer-readable storage medium.
Background
In recent years, with the development of internet finance, blockchain technology is gradually introduced into business transactions of financial institutions such as banks. The blockchain technology is a brand-new network application technology formed by combining a traditional encryption technology and an internet distributed technology, and in the internet transaction process based on the blockchain technology, the authentication of membership in a blockchain is one of important steps for guaranteeing the authenticity and the safety of the blockchain transaction.
The current block chain is generally divided into a public chain, a alliance chain and a private chain according to different admittance forms of constituent nodes of the block chain, wherein the alliance chain is a block chain applied among organizations, each node of the block chain generally has a corresponding entity organization, such as a bank, an insurance, a security, a business association and the like, and each organization forms an alliance related to interests and maintains healthy operation of the block chain together.
However, at present, a complete certificate system is lacking for the federation chain-based transaction, which is not favorable for performing safe and effective identity authentication on federation chain participants, and especially under the conditions that the number of federation chain participants is large, the identity is complex, and the federation chain transaction is not completely trusted, the authenticity and the security of the federation chain transaction cannot be ensured.
Disclosure of Invention
The invention mainly aims to provide a federation chain transaction method, equipment and a computer-readable storage medium, aiming at realizing safe and effective identity authentication of federation chain participants so as to ensure the authenticity and the safety of federation chain transactions.
To achieve the above object, the present invention provides a federation chain transaction method, including the following steps:
when a transaction request sent by a client is received, a client certificate carried in the transaction request and a service message signed by the client are obtained;
judging whether the client certificate is valid;
when the client certificate is valid, re-signing the service message through a pre-stored private key of the organization node;
and sending the service message after the re-signature to a transaction node corresponding to the transaction request.
Preferably, before the step of obtaining the client certificate carried in the transaction request and the service packet signed by the client when the transaction request sent by the client is received, the method further includes:
initiating a certificate authority application request to a alliance chain management node, wherein the certificate authority application request carries authority information;
receiving a chain root certificate and a mechanism root certificate returned by the alliance chain management node according to the application request;
storing the chain root certificate and the organization root certificate, and generating an organization node certificate and a client certificate according to the organization root certificate;
and issuing the institution node certificate to the corresponding institution node, and issuing the client certificate to the corresponding institution node client.
Preferably, the step of determining whether the client certificate is valid includes:
judging whether the client certificate is in a preset validity period or not;
if the client certificate is in a preset validity period, acquiring a prestored chain root certificate, and judging whether the client certificate is issued by a alliance chain management node corresponding to the chain root certificate;
and if the client certificate is issued by the alliance chain management node corresponding to the chain root certificate, judging that the client certificate is valid.
Preferably, the step of re-signing the service packet through a pre-stored private key of the organization node includes:
determining an encryption module currently used by the organization node;
and re-signing the service message by combining a pre-stored mechanism node private key and a preset encryption algorithm in the encryption module.
Preferably, the step of determining the cryptographic module currently used by the authority node comprises:
displaying an encryption module selection interface to the client;
and taking the encryption module selected based on the encryption module selection interface as the encryption module currently used by the organization node.
Preferably, the step of re-signing the service packet by using a pre-stored private key of the organization node and combining with a preset encryption algorithm in the encryption module includes:
when the mechanism node uses a national secret encryption module currently, calculating an abstract of the service message by adopting a national secret SM3 algorithm, and signing the calculated message abstract by combining a prestored mechanism node private key with a national secret SM2 algorithm to obtain a re-signed service message;
when the mechanism node uses an elliptic curve encryption module currently, the hash encryption algorithm is adopted to calculate the abstract of the service message, and the calculated message abstract is signed by combining the elliptic curve ECDSA encryption algorithm through a prestored mechanism node private key to obtain the service message after re-signing.
Preferably, the federation chain transaction method further comprises:
when the enterprise node performs transaction consensus with other enterprise nodes in the alliance chain, acquiring block data to be consensus;
signing the block data by combining a pre-stored mechanism node private key and a preset encryption algorithm in the encryption module;
and sending the tagged block data to other mechanism nodes in the alliance chain to perform block consensus.
Preferably, the step of signing the block data by using a pre-stored mechanism node private key and combining with a preset encryption algorithm in the encryption module includes:
when the organization node currently uses a national secret encryption module, adopting a national secret SM3 algorithm and a national secret SM2 algorithm to tag the block data;
and when the mechanism node uses an elliptic curve encryption module currently, the block data is signed by adopting a Hash encryption algorithm and an elliptic curve ECDSA encryption algorithm.
Preferably, the step of sending the tagged block data to other enterprise nodes in the federation chain for block consensus includes:
encrypting the data transmission channel of the mechanism node according to a preset channel encryption algorithm in the encryption module;
and sending the signed block data to other organization nodes in the alliance chain through the encrypted data transmission channel to perform block consensus.
Preferably, after the step of sending the tagged block data to other enterprise nodes in the federation chain for block consensus, the method further includes:
when the organization node and other organization nodes in the alliance chain reach a transaction consensus, acquiring block data after the disk is dropped;
performing a landing encryption on the landed block data according to a preset encryption algorithm in the encryption module, wherein when the mechanism node currently uses a national secret encryption module, the landing encryption is performed on the landed block data by adopting a national secret SM4 algorithm; and when the mechanism node currently uses an elliptic curve encryption module, performing falling encryption on the block data subjected to falling by adopting an Advanced Encryption Standard (AES) encryption algorithm.
In addition, to achieve the above object, the present invention also provides a federation chain transaction apparatus including: a memory, a processor, and a federation chain transaction program stored on the memory and executable on the processor, the federation chain transaction program when executed by the processor implementing the steps of a federation chain transaction method as described above.
Furthermore, to achieve the above object, the present invention also provides a computer readable storage medium having stored thereon a federation chain transaction program, which when executed by a processor implements the steps of the federation chain transaction method as described above.
According to the alliance chain transaction method provided by the invention, when receiving a transaction request sent by a client, an organization node acquires a client certificate carried in the transaction request and a service message signed by the client; judging whether the client certificate is valid; when the client certificate is valid, re-signing the service message through a pre-stored private key of the organization node; and sending the service message after the re-signature to a transaction node corresponding to the transaction request. By the method, the identity authentication of the client and the institution node participating in the alliance chain transaction is realized through the client certificate and the institution node certificate, so that the authenticity and the safety of the alliance chain transaction are ensured.
Drawings
FIG. 1 is a schematic diagram of an apparatus architecture of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first exemplary embodiment of a federation chain transaction method of the present invention;
FIG. 3 is a schematic diagram of a detailed step of step S20 in FIG. 2;
FIG. 4 is a flowchart illustrating a second exemplary embodiment of a federation chain transaction method of the present invention;
FIG. 5 is a schematic diagram illustrating the components of a cryptographic module according to an embodiment of the present invention;
FIG. 6 is a schematic diagram illustrating an elliptic curve cryptography module according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: when a transaction request sent by a client is received, a client certificate carried in the transaction request and a service message signed by the client are obtained; judging whether the client certificate is valid; when the client certificate is valid, re-signing the service message through a pre-stored private key of the organization node; and sending the service message after the re-signature to a transaction node corresponding to the transaction request.
At present, a complete certificate system is lacked in the transaction based on the alliance chain, which is not beneficial to performing safe and effective identity authentication on the alliance chain participants, and especially under the conditions that the number of the alliance chain participants is large, the identity is complex, and the complete credibility is not achieved, the authenticity and the safety of the alliance chain transaction cannot be guaranteed.
The alliance chain transaction method provided by the invention realizes the identity authentication of the client and the organization node participating in the alliance chain transaction through the client certificate and the organization node certificate, thereby ensuring the authenticity and the safety of the alliance chain transaction.
As shown in fig. 1, fig. 1 is a schematic device structure diagram of a hardware operating environment according to an embodiment of the present invention.
The alliance chain transaction device of the embodiment of the invention can be a server, a PC (personal computer) or a virtual machine device.
As shown in fig. 1, the apparatus may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the device architecture shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a federation chain transaction program.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to invoke the federation chain transaction program stored in the memory 1005 and perform the following operations:
when a transaction request sent by a client is received, a client certificate carried in the transaction request and a service message signed by the client are obtained;
judging whether the client certificate is valid;
when the client certificate is valid, re-signing the service message through a pre-stored private key of the organization node;
and sending the service message after the re-signature to a transaction node corresponding to the transaction request.
Further, processor 1001 may invoke a federation chain transaction program stored in memory 1005, and also perform the following operations:
initiating a certificate authority application request to a alliance chain management node, wherein the certificate authority application request carries authority information;
receiving a chain root certificate and a mechanism root certificate returned by the alliance chain management node according to the application request;
storing the chain root certificate and the organization root certificate, and generating an organization node certificate and a client certificate according to the chain root certificate and the organization root certificate;
and issuing the institution node certificate to the corresponding institution node, and issuing the client certificate to the corresponding institution node client.
Further, processor 1001 may invoke a federation chain transaction program stored in memory 1005, and also perform the following operations:
judging whether the client certificate is in a preset validity period or not;
if the client certificate is in a preset validity period, acquiring a prestored chain root certificate, and judging whether the client certificate is issued by a alliance chain management node corresponding to the chain root certificate;
and if the client certificate is issued by the alliance chain management node corresponding to the chain root certificate, judging that the client certificate is valid.
Further, processor 1001 may invoke a federation chain transaction program stored in memory 1005, and also perform the following operations:
determining an encryption module currently used by the organization node;
and re-signing the service message by combining a pre-stored mechanism node private key and a preset encryption algorithm in the encryption module.
Further, processor 1001 may invoke a federation chain transaction program stored in memory 1005, and also perform the following operations:
displaying an encryption module selection interface to the client;
and taking the encryption module selected based on the encryption module selection interface as the encryption module currently used by the organization node.
Further, processor 1001 may invoke a federation chain transaction program stored in memory 1005, and also perform the following operations:
when the mechanism node uses a national secret encryption module currently, calculating an abstract of the service message by adopting a national secret SM3 algorithm, and signing the calculated message abstract by combining a prestored mechanism node private key with a national secret SM2 algorithm to obtain a re-signed service message;
when the mechanism node uses an elliptic curve encryption module currently, the hash encryption algorithm is adopted to calculate the abstract of the service message, and the calculated message abstract is signed by combining the elliptic curve ECDSA encryption algorithm through a prestored mechanism node private key to obtain the service message after re-signing.
Further, processor 1001 may invoke a federation chain transaction program stored in memory 1005, and also perform the following operations:
when the enterprise node performs transaction consensus with other enterprise nodes in the alliance chain, acquiring block data to be consensus;
signing the block data by combining a pre-stored mechanism node private key and a preset encryption algorithm in the encryption module;
and sending the tagged block data to other mechanism nodes in the alliance chain to perform block consensus.
Further, processor 1001 may invoke a federation chain transaction program stored in memory 1005, and also perform the following operations:
when the organization node currently uses a national secret encryption module, adopting a national secret SM3 algorithm and a national secret SM2 algorithm to tag the block data;
and when the mechanism node uses an elliptic curve encryption module currently, the block data is signed by adopting a Hash encryption algorithm and an elliptic curve ECDSA encryption algorithm.
Further, processor 1001 may invoke a federation chain transaction program stored in memory 1005, and also perform the following operations:
encrypting the data transmission channel of the mechanism node according to a preset channel encryption algorithm in the encryption module;
and sending the signed block data to other organization nodes in the alliance chain through the encrypted data transmission channel to perform block consensus.
Further, processor 1001 may invoke a federation chain transaction program stored in memory 1005, and also perform the following operations:
when the organization node and other organization nodes in the alliance chain reach a transaction consensus, acquiring block data after the disk is dropped;
performing a landing encryption on the landed block data according to a preset encryption algorithm in the encryption module, wherein when the mechanism node currently uses a national secret encryption module, the landing encryption is performed on the landed block data by adopting a national secret SM4 algorithm; and when the mechanism node currently uses an elliptic curve encryption module, performing falling encryption on the block data subjected to falling by adopting an Advanced Encryption Standard (AES) encryption algorithm.
Based on the hardware structure, the embodiment of the alliance chain transaction method is provided.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of a federation chain transaction method of the present invention, the method including:
step S10, when a transaction request sent by a client is received, a client certificate carried in the transaction request and a service message signed by the client are obtained;
the current block chain is generally divided into a public chain, a federation chain and a private chain according to different admission forms of constituent nodes of the block chain, and the embodiment is applied to an application scenario of the federation chain.
In the context of a federation chain, an organization refers to a member that participates in a networking blockchain in a logical sense, and each organization provides its own node to participate in networking in a physical sense, that is, a plurality of nodes in blockchain networking may belong to the same organization, and for each organization node, it may receive and process a transaction request initiated by a client corresponding to the organization node, and send the processed transaction request to a corresponding transaction node in the federation chain, thereby performing a transaction based on the federation chain.
In this embodiment, the client pre-stores a client public and private key pair and a client certificate issued by the organization node, and when a transaction is required, the client signs a transaction service message through a client private key, encapsulates the client certificate and the signed service message in a transaction request, and sends the transaction request to the organization node; and then, the mechanism node analyzes the received transaction request to obtain a client certificate carried in the transaction request and a service message signed by the client.
It should be noted that, when the client performs data transmission with the organization node, the client may encrypt the data transmission channel through a preset channel encryption algorithm, such as a national secret encryption algorithm and an elliptic curve encryption algorithm, and then send the transaction request to the organization node through the encrypted data transmission channel.
Further, before the step S10, the method may further include: initiating a certificate authority application request to a alliance chain management node, wherein the certificate authority application request carries authority information; receiving a chain root certificate and a mechanism root certificate returned by the alliance chain management node according to the application request; storing the chain root certificate and the organization root certificate, and generating an organization node certificate and a client certificate according to the chain root certificate and the organization root certificate; and issuing the institution node certificate to the corresponding institution node, and issuing the client certificate to the corresponding institution node client.
In this embodiment, the above-mentioned enterprise node may also serve as an enterprise management node to apply for an identity certificate to a federation chain management node. Specifically, before performing a federation chain transaction, an organization management node first initiates an organization certificate application request to the federation chain management node, where the organization certificate application request carries organization information, and the organization information may include an organization name, an organization code, and the like; an administrator of the alliance chain management node can verify the authenticity of the organization information in an offline mode, when the authentication is passed, the alliance chain management node generates an organization root certificate according to a chain root certificate stored in advance, and the organization root certificate is used as a secondary certificate under the chain root certificate; and then, the organization management node receives the chain root certificate and the organization root certificate issued by the alliance chain management node, and generates an organization node certificate and a client certificate according to the organization root certificate, wherein the organization node certificate is used as a secondary certificate under the organization root certificate, and the client certificate is used as a secondary certificate under the organization node certificate. And then, the organization management node issues the organization node certificate to the corresponding organization node, and issues the client certificate to the corresponding organization node client.
Through the method, a perfect certificate system is established, and the safe and effective identity authentication of the coalition chain participants is facilitated subsequently.
Step S20, determining whether the client certificate is valid;
in this step, after obtaining the client certificate, the organization node determines whether the client certificate is valid.
In a determination manner, referring to fig. 3, fig. 3 is a schematic diagram illustrating a detailed step of step S20 in fig. 2, and the step S20 may further include:
step S21, judging whether the client certificate is in a preset validity period;
if the client certificate is within the preset validity period, executing step S22, obtaining a prestored chaining root certificate, and determining whether the client certificate is issued by a federation chain management node corresponding to the chaining root certificate;
if the client certificate is issued by the federation chain management node corresponding to the chain root certificate, executing step S23, and determining that the client certificate is valid.
Specifically, the transaction node may first read a validity period of the certificate from the client certificate, and if the current time is within the validity period, it indicates that the certificate is not expired, at this time, the organization node acquires, through its own browser, a chain root certificate preset in the browser, and determines whether the client certificate is issued by a federation chain management node corresponding to the chain root certificate, where the federation chain management node may be a trust root or a secondary certificate issuing node under the trust root; and if the client certificate is judged to be issued by the alliance chain management node corresponding to the chain root certificate, judging that the client certificate is valid, namely the client identity is valid. Otherwise, the client identity is judged to be invalid, and when the client identity is judged to be invalid, the alliance chain transaction is terminated and identity invalid information is returned to the client.
By the aid of the judging mode, the validity of the client certificate is accurately judged.
Of course, in more determination manners, one or two of the validity period of the certificate, the validity of the federation chain management node, and whether the certificate exists in the certificate revocation list may be selected for determination, and the determination may be flexibly set in specific implementation.
When the client certificate is valid, executing step S30, and re-signing the service packet through a pre-stored private key of the organization node;
and when the client certificate is judged to be valid, the organization node carries out re-signing on the service message signed by the client through a pre-stored organization node private key.
Specifically, in a federation chain transaction, a client has an own asymmetric key, namely a public key and a private key, and after signing a service message through the own private key, the client sends the signed service message to an organization node; the mechanism node also has an own asymmetric key, and after receiving the service message signed by the client, the mechanism node packages the service message into a block after verifying that the service message signed by the client passes through, signs the data of the block by a pre-stored private key of the mechanism node, and the signed sent block data and service message can be regarded as behaviors which cannot be repudiated by the mechanism node.
And step S40, sending the service message after re-signing to a trading node corresponding to the trading request.
In this step, the organization node sends the re-signed block data and the service message to the transaction node corresponding to the transaction request. The transaction corresponding to the transaction request includes, but is not limited to, a peer contract, a transfer, a remittance, a settlement, a quick payment, and the like.
And after receiving the block data and the service message which are re-signed, the transaction node authenticates the validity of the identity of the transaction node, and when the identity of the transaction node is authenticated to be valid, the transaction node executes transaction operation corresponding to the transaction request.
Certainly, the organization node may also send the re-signed block data and service packet, the pre-stored organization node certificate, and the service packet signed by the client and the client certificate to the transaction node corresponding to the transaction request, at this time, the transaction node may authenticate the validity of the organization node and the client identity respectively according to the received re-signed block data and service packet, the pre-stored organization node certificate, and the service packet signed by the client and the client certificate, when the identities of the organization node and the client are both authenticated to be valid, it is indicated that the organization node is a real organization node, and the client is a real client, at this time, the transaction node executes the transaction operation corresponding to the transaction request.
In the network data transmission, an attacker may forge or intercept information sent by the client and the transaction node so as to carry out illegal transaction, so that the client and the transaction node are subjected to dual identity authentication, the client and the transaction node participating in the transaction can be guaranteed to be legal, and the safety of block chain transaction is guaranteed.
In the alliance chain transaction method provided by this embodiment, when receiving a transaction request sent by a client, an organization node acquires a client certificate carried in the transaction request and a service packet signed by the client; judging whether the client certificate is valid; when the client certificate is valid, re-signing the service message through a pre-stored private key of the organization node; and sending the service message after the re-signature to a transaction node corresponding to the transaction request. By the method, the identity authentication of the client and the institution node participating in the alliance chain transaction is realized through the client certificate and the institution node certificate, so that the authenticity and the safety of the alliance chain transaction are ensured.
Referring to fig. 4, fig. 4 is a flowchart illustrating a federation chain transaction method according to a second embodiment of the present invention. Based on the above-mentioned embodiment shown in fig. 2, step S30 may include:
step S31, determining the encryption module currently used by the organization node;
and step S32, re-signing the service message by combining a pre-stored mechanism node private key and a preset encryption algorithm in the encryption module.
Wherein, the step S31 may include: displaying an encryption module selection interface to the client; and taking the encryption module selected based on the encryption module selection interface as the encryption module currently used by the organization node. Step S32 may include: when the mechanism node uses a national secret encryption module currently, calculating an abstract of the service message by adopting a national secret SM3 algorithm, and signing the calculated message abstract by combining a prestored mechanism node private key with a national secret SM2 algorithm to obtain a re-signed service message; when the mechanism node uses an elliptic curve encryption module currently, the hash encryption algorithm is adopted to calculate the abstract of the service message, and the calculated message abstract is signed by combining the elliptic curve ECDSA encryption algorithm through a prestored mechanism node private key to obtain the service message after re-signing.
In this embodiment, when the mechanism node re-signs the service packet, it first determines the encryption module currently used by the mechanism node. Specifically, if a certain default encryption module is preset in the mechanism node, the default encryption module can be directly determined as the encryption module currently used by the mechanism node; if the mechanism node does not use any encryption module currently, an encryption module selection interface can be displayed to the client so as to facilitate the client user to select the currently used encryption module, wherein the encryption module can comprise a national secret encryption module and an elliptic curve encryption module.
Referring to fig. 5 and 6, fig. 5 is a schematic diagram of a cryptographic module in an embodiment of the present invention, and fig. 6 is a schematic diagram of an elliptic curve cryptographic module in an embodiment of the present invention. The encryption module comprises SM2, SM3, SM4, GM-CA, GM-TLS and other units, the elliptic curve encryption module comprises ECDSA, SHA3-256, AES, ECC-CA, ECC-TLS and other units, and the specific module information is defined as follows:
SM 2/ECDSA: and the block chain link and the node commonly identify the signature and check the signature, and the client sends the transaction signature and check the signature.
SM3/SHA 3-256: in the consensus process, the block data is subjected to summarization operation, and the client performs summarization operation on the transaction data.
SM 4/AES: and performing encryption and decryption operation on the block link point data. And carrying out encryption and decryption operation on the private key data of the node and the mechanism.
GM-CA/ECC-CA: verifying the identity of the organization and the administrator entity, issuing a root certificate for the chain, issuing a secondary root certificate for the organization, and issuing a node certificate for the node.
GM-TLS/ECC-TLS: and channel encryption and decryption are carried out between the nodes, and channel encryption and decryption are carried out between the client and the nodes, so that the data transmission safety is ensured.
When the mechanism node uses the national secret encryption module currently, the national secret SM3 algorithm is adopted to calculate the abstract of the service message, and the calculated message abstract is signed by combining the national secret SM2 algorithm through the prestored private key of the mechanism node to obtain the re-signed service message.
When the mechanism node uses the elliptic curve encryption module currently, the hash encryption algorithm (such as SHA3-256 algorithm) is adopted to calculate the abstract of the service message, and the calculated message abstract is signed by combining the elliptic curve ECDSA encryption algorithm through the prestored private key of the mechanism node to obtain the service message after re-signing.
It should be noted that, the national secret encryption algorithm is used in the alliance chain, which can meet the supervision requirement of the national secret algorithm; in addition, different algorithm types can be selected for compiling during compiling the block chain, so that algorithm pluggable is realized to reduce coupling, for example, the national secret encryption module and the elliptic curve encryption module can be designed into a pluggable mode, and therefore the encryption algorithm required to be adopted can be flexibly selected according to actual requirements during specific implementation.
Further, based on the first and second embodiments of the federation chain transaction method of the present invention, a third embodiment of the federation chain transaction method of the present invention is provided.
In this embodiment, the federation chain transaction method may further include: when the enterprise node performs transaction consensus with other enterprise nodes in the alliance chain, acquiring block data to be consensus; signing the block data by combining a pre-stored mechanism node private key and a preset encryption algorithm in the encryption module; and sending the tagged block data to other mechanism nodes in the alliance chain to perform block consensus.
The difference from the foregoing embodiment is that the federation chain transaction method of this embodiment further includes a consensus process, where the consensus process is used to ensure that the nodes participating in the federation chain transaction have a consistent confirmation result for the transaction data. Specifically, for a certain organization node, when the certain organization node performs transaction consensus with other organization nodes in the alliance chain, block data to be consensus is obtained first, and then the block data is signed by combining a preset encryption algorithm in a currently used encryption module through a pre-stored organization node private key.
For example, when the organization node currently uses a national secret encryption module, the block data is signed by using a national secret SM3 algorithm and a national secret SM2 algorithm; and when the mechanism node uses an elliptic curve encryption module currently, the block data is signed by adopting a Hash encryption algorithm and an elliptic curve ECDSA encryption algorithm.
And then, the mechanism node sends the tagged block data to other mechanism nodes in the alliance chain to perform block consensus, and the specific consensus algorithm can refer to the consensus algorithm in the prior art, which is not described herein again.
Further, the step of sending the tagged block data to other enterprise nodes in the federation chain for block consensus may include: encrypting the data transmission channel of the mechanism node according to a preset channel encryption algorithm in the encryption module; and sending the signed block data to other organization nodes in the alliance chain through the encrypted data transmission channel to perform block consensus. Specifically, when the preset channel encryption algorithm in the encryption module is a national encryption algorithm, the national encryption algorithm is adopted to encrypt the data transmission channel of the mechanism node, and when the preset channel encryption algorithm in the encryption module is an elliptic curve encryption algorithm, the elliptic curve encryption algorithm is adopted to encrypt the data transmission channel of the mechanism node, so that the security of data transmission is ensured.
Further, after the step of sending the tagged block data to other enterprise nodes in the federation chain for block consensus, the method may further include: when the organization node and other organization nodes in the alliance chain reach a transaction consensus, acquiring block data after the disk is dropped; and performing falling encryption on the block data subjected to falling according to a preset encryption algorithm in the encryption module. Specifically, when the mechanism node currently uses a national secret encryption module, a national secret SM4 algorithm is adopted to perform landing encryption on the block data after landing; when the mechanism node uses the elliptic curve encryption module at present, the block data subjected to the disk dropping is subjected to disk dropping encryption by adopting an Advanced Encryption Standard (AES) encryption algorithm, so that the safety of the block data subjected to the disk dropping is ensured.
In the embodiment, different encryption modules are adopted in the consensus process, so that multi-algorithm support of the whole alliance chain transaction process is realized.
The invention also provides alliance chain transaction equipment.
The alliance chain transaction device of the invention comprises: a memory, a processor, and a federation chain transaction program stored on the memory and executable on the processor, the federation chain transaction program when executed by the processor implementing the steps of a federation chain transaction method as described above.
The method implemented when the alliance chain transaction program running on the processor is executed may refer to each embodiment of the alliance chain transaction method of the present invention, and details are not described herein.
The invention also provides a computer readable storage medium.
The computer readable storage medium of the present invention has stored thereon a federation chain transaction program which, when executed by a processor, implements the steps of a federation chain transaction method as described above.
The method implemented when the alliance chain transaction program running on the processor is executed may refer to each embodiment of the alliance chain transaction method of the present invention, and details are not described herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (9)

1. A alliance chain transaction method, wherein the alliance chain transaction method comprises the following steps:
when a transaction request sent by a client is received, a client certificate carried in the transaction request and a service message signed by the client are obtained;
judging whether the client certificate is valid;
when the client certificate is valid, re-signing the service message through a pre-stored private key of the organization node;
sending the re-signed service message, a pre-stored organization node certificate, the service message signed by the client and the client certificate to a transaction node corresponding to the transaction request so that the transaction node can carry out validity authentication on the organization node and the client;
the step of re-signing the service packet includes:
displaying an encryption module selection interface to the client;
taking the encryption module selected based on the encryption module selection interface as the encryption module currently used by the organization node;
when the mechanism node uses a national secret encryption module currently, calculating an abstract of the service message by adopting a national secret SM3 algorithm, and signing the calculated message abstract by combining a prestored mechanism node private key with a national secret SM2 algorithm to obtain a re-signed service message;
when the mechanism node uses an elliptic curve encryption module currently, the hash encryption algorithm is adopted to calculate the abstract of the service message, and the calculated message abstract is signed by combining the elliptic curve ECDSA encryption algorithm through a prestored mechanism node private key to obtain the service message after re-signing.
2. The alliance-link transaction method according to claim 1, wherein before the step of obtaining the client certificate carried in the transaction request and the service packet signed by the client when receiving the transaction request sent by the client, the method further comprises:
initiating a certificate authority application request to a alliance chain management node, wherein the certificate authority application request carries authority information;
receiving a chain root certificate and a mechanism root certificate returned by the alliance chain management node according to the application request;
storing the chain root certificate and the organization root certificate, and generating an organization node certificate and a client certificate according to the organization root certificate;
and issuing the institution node certificate to the corresponding institution node, and issuing the client certificate to the corresponding institution node client.
3. A federation chain transaction method as recited in claim 1, wherein said step of determining whether the client certificate is valid comprises:
judging whether the client certificate is in a preset validity period or not;
if the client certificate is in a preset validity period, acquiring a prestored chain root certificate, and judging whether the client certificate is issued by a alliance chain management node corresponding to the chain root certificate;
and if the client certificate is issued by the alliance chain management node corresponding to the chain root certificate, judging that the client certificate is valid.
4. A federation chain transaction method as claimed in claim 1, wherein the federation chain transaction method further comprises:
when the enterprise node performs transaction consensus with other enterprise nodes in the alliance chain, acquiring block data to be consensus;
signing the block data by combining a pre-stored mechanism node private key and a preset encryption algorithm in the encryption module;
and sending the tagged block data to other mechanism nodes in the alliance chain to perform block consensus.
5. The alliance-link transaction method of claim 4, wherein the step of signing the block data by a pre-stored private key of the authority node in combination with a preset encryption algorithm in the encryption module comprises:
when the organization node currently uses a national secret encryption module, adopting a national secret SM3 algorithm and a national secret SM2 algorithm to tag the block data;
and when the mechanism node uses an elliptic curve encryption module currently, the block data is signed by adopting a Hash encryption algorithm and an elliptic curve ECDSA encryption algorithm.
6. The federation chain transaction method of claim 4, wherein the step of sending the tagged block data to other enterprise nodes in the federation chain for block consensus comprises:
encrypting the data transmission channel of the mechanism node according to a preset channel encryption algorithm in the encryption module;
and sending the signed block data to other organization nodes in the alliance chain through the encrypted data transmission channel to perform block consensus.
7. The federation chain transaction method of claim 4, wherein after the step of sending the tagged block data to other federation chain nodes for block consensus, further comprising:
when the organization node and other organization nodes in the alliance chain reach a transaction consensus, acquiring block data after the disk is dropped;
performing a landing encryption on the landed block data according to a preset encryption algorithm in the encryption module, wherein when the mechanism node currently uses a national secret encryption module, the landing encryption is performed on the landed block data by adopting a national secret SM4 algorithm; and when the mechanism node currently uses an elliptic curve encryption module, performing falling encryption on the block data subjected to falling by adopting an Advanced Encryption Standard (AES) encryption algorithm.
8. A federation chain transaction apparatus, the federation chain transaction apparatus comprising: memory, a processor and a federation chain transaction program stored on the memory and executable on the processor, the federation chain transaction program when executed by the processor implementing the steps of a federation chain transaction method of any one of claims 1 to 7.
9. A computer-readable storage medium having stored thereon a federation chain transaction program that, when executed by a processor, implements the steps of a federation chain transaction method of any one of claims 1 to 7.
CN201810612555.XA 2018-06-13 2018-06-13 Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium Active CN109067539B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810612555.XA CN109067539B (en) 2018-06-13 2018-06-13 Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810612555.XA CN109067539B (en) 2018-06-13 2018-06-13 Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN109067539A CN109067539A (en) 2018-12-21
CN109067539B true CN109067539B (en) 2021-09-28

Family

ID=64820903

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810612555.XA Active CN109067539B (en) 2018-06-13 2018-06-13 Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109067539B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111369355A (en) * 2018-12-26 2020-07-03 航天信息股份有限公司 Transaction data processing method and device based on alliance chain
CN109728954B (en) * 2019-01-04 2022-03-04 深圳壹账通智能科技有限公司 Federation node point management system and method
CN109785145B (en) * 2019-01-24 2021-03-23 易保互联医疗信息科技(北京)有限公司 Fixed-point drugstore financing method based on block chain, storage medium and computer equipment
CN110011988B (en) * 2019-03-21 2021-08-10 平安科技(深圳)有限公司 Block chain-based certificate verification method and device, storage medium and electronic device
CN110247757B (en) * 2019-04-19 2022-07-19 中国工商银行股份有限公司 Block chain processing method, device and system based on cryptographic algorithm
CN110163756B (en) * 2019-05-28 2023-07-18 深圳市迅雷网络技术有限公司 Transaction method, system, server and blockchain system based on alliance chain
CN110635990B (en) * 2019-09-12 2021-04-06 核芯互联科技(青岛)有限公司 Method and system for receiving electronic file issuing receipt by communication network node
CN110601816B (en) * 2019-09-18 2021-09-28 腾讯科技(深圳)有限公司 Lightweight node control method and device in block chain system
CN110598375B (en) * 2019-09-20 2021-03-16 腾讯科技(深圳)有限公司 Data processing method, device and storage medium
CN110717162B (en) * 2019-09-29 2022-04-22 南京金宁汇科技有限公司 Block chain multi-factor identity authentication method, system and storage medium
CN110708170B (en) * 2019-12-13 2020-03-27 腾讯科技(深圳)有限公司 Data processing method and device and computer readable storage medium
CN111340485B (en) * 2020-02-19 2023-03-14 北京众享比特科技有限公司 Configuration method of digital certificate for alliance block chain, terminal and root certificate server
CN111612456A (en) * 2020-04-27 2020-09-01 深圳壹账通智能科技有限公司 Expired digital certificate management and control method, system, device and storage medium
CN112837064B (en) * 2021-03-31 2024-02-20 中国工商银行股份有限公司 Signature method, signature verification method and signature verification device for alliance chain
CN113382018A (en) * 2021-06-29 2021-09-10 深圳市高德信通信股份有限公司 Multi-chain management method and system based on block chain
CN115208580B (en) * 2022-07-14 2024-05-24 北京泰尔英福科技有限公司 Trusted service positioning method and system based on industrial Internet identification analysis

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106780033A (en) * 2016-12-16 2017-05-31 杭州云象网络技术有限公司 A kind of digital ticket transaction system construction method based on alliance's chain
CN107392040A (en) * 2017-04-28 2017-11-24 阿里巴巴集团控股有限公司 A kind of method and device for checking of knowing together
CN107426157A (en) * 2017-04-21 2017-12-01 杭州趣链科技有限公司 A kind of alliance's chain authority control method based on digital certificate and ca authentication system
CN107657553A (en) * 2017-09-21 2018-02-02 浙江惠码科技有限公司 A kind of electronic contract generation method based on alliance's chain, information anti-fake method of tracing to the source
CN107911216A (en) * 2017-10-26 2018-04-13 矩阵元技术(深圳)有限公司 A kind of block chain transaction method for secret protection and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9960920B2 (en) * 2016-01-26 2018-05-01 Stampery Inc. Systems and methods for certification of data units and/or certification verification
CN107819749A (en) * 2017-10-26 2018-03-20 平安科技(深圳)有限公司 Block catenary system and transaction data processing method based on ether mill

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106780033A (en) * 2016-12-16 2017-05-31 杭州云象网络技术有限公司 A kind of digital ticket transaction system construction method based on alliance's chain
CN107426157A (en) * 2017-04-21 2017-12-01 杭州趣链科技有限公司 A kind of alliance's chain authority control method based on digital certificate and ca authentication system
CN107392040A (en) * 2017-04-28 2017-11-24 阿里巴巴集团控股有限公司 A kind of method and device for checking of knowing together
CN107657553A (en) * 2017-09-21 2018-02-02 浙江惠码科技有限公司 A kind of electronic contract generation method based on alliance's chain, information anti-fake method of tracing to the source
CN107911216A (en) * 2017-10-26 2018-04-13 矩阵元技术(深圳)有限公司 A kind of block chain transaction method for secret protection and system

Also Published As

Publication number Publication date
CN109067539A (en) 2018-12-21

Similar Documents

Publication Publication Date Title
CN109067539B (en) Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium
US11588637B2 (en) Methods for secure cryptogram generation
US20240007308A1 (en) Confidential authentication and provisioning
CN109756485B (en) Electronic contract signing method, electronic contract signing device, computer equipment and storage medium
CN109309565B (en) Security authentication method and device
CN109088889B (en) SSL encryption and decryption method, system and computer readable storage medium
EP2304636B1 (en) Mobile device assisted secure computer network communications
CN105007279B (en) Authentication method and Verification System
CN110995757B (en) Encryption device, encryption system, and data encryption method
CN117579281A (en) Method and system for ownership verification using blockchain
CN105577612B (en) Identity authentication method, third-party server, merchant server and user terminal
US20170070353A1 (en) Method of managing credentials in a server and a client system
CN112351037B (en) Information processing method and device for secure communication
KR101879758B1 (en) Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate
CN112910660B (en) Certificate issuing method, adding method and transaction processing method of blockchain system
US20210241270A1 (en) System and method of blockchain transaction verification
CN107566393A (en) A kind of dynamic rights checking system and method based on trust certificate
CN109889344A (en) The transmission method and computer readable storage medium of terminal, data
CN112927026A (en) Coupon processing method and device, electronic equipment and computer storage medium
US20240187221A1 (en) Agile cryptographic deployment service
CN113592484B (en) Account opening method, system and device
CN115208642A (en) Identity authentication method, device and system based on block chain
CN114065170A (en) Method and device for acquiring platform identity certificate and server
CN114238915A (en) Digital certificate adding method and device, computer equipment and storage medium
CN102420798A (en) Network authentication system and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant