CN110175467A - Signature file store method, device and computer equipment based on block chain - Google Patents

Signature file store method, device and computer equipment based on block chain Download PDF

Info

Publication number
CN110175467A
CN110175467A CN201910341157.3A CN201910341157A CN110175467A CN 110175467 A CN110175467 A CN 110175467A CN 201910341157 A CN201910341157 A CN 201910341157A CN 110175467 A CN110175467 A CN 110175467A
Authority
CN
China
Prior art keywords
block chain
signature
signature file
terminal
digital certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910341157.3A
Other languages
Chinese (zh)
Inventor
李洪
江琳
刘翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910341157.3A priority Critical patent/CN110175467A/en
Publication of CN110175467A publication Critical patent/CN110175467A/en
Priority to PCT/CN2019/103540 priority patent/WO2020215575A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party

Abstract

This application discloses a kind of signature file store method, device, computer equipment and storage mediums based on block chain, which comprises receives and is plugged with the signature request on specified signature file that the terminal of ukey is sent;The digital certificate that the terminal is sent is obtained, and utilizes the identity of ukey signature plug-in unit terminal according to the digital certificate authentication in preset integrated plugin;If the authentication of the terminal is errorless, the terminal is allowed to execute signature operation on the specified signature file;Whether the judgement specified signature file with signature is effective;If the specified signature file is effective, the specified signature file with signature is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is a block chain node of the block chain.It signed to realize support signature file, save signature file and guarantee signature file authenticity.

Description

Signature file store method, device and computer equipment based on block chain
Technical field
This application involves computer field is arrived, especially relate to a kind of signature file store method based on block chain, Device, computer equipment and storage medium.
Background technique
Enterprise is in development process, and contract is landed all in the form of contract, and electronic contract increasingly becomes development and becomes Gesture carries out electronics conjunction in order to realize the online signing of electronic contract generally on third-party online signing platform at present Same signing.But the authority of third-party online signing platform is difficult to be guaranteed, the electronics for being not suitable for saving signing closes Together, it is in contrast easier to be tampered with electronic contract, therefore the safety of electronic contract cannot be guaranteed, if there is contract When dispute, there is the possibility being tampered in the electronic contract saved in third-party online signing platform, then electronic contract is true Reality can be queried, and the solution of dispute is unfavorable for.Therefore prior art shortage can support electron contract, can save electronics Contract and the technical solution for guaranteeing electronic contract authenticity.
Summary of the invention
The main purpose of the application is to provide a kind of signature file store method, device, computer based on block chain to set Standby and storage medium, it is intended to signature file be supported to sign, save signature file and guarantee signature file authenticity.
In order to achieve the above-mentioned object of the invention, the application proposes a kind of signature file store method based on block chain, application In server, comprising the following steps:
It receives and is plugged with the signature request on specified signature file that the terminal of ukey is sent, wherein being deposited in the ukey Contain digital certificate;
The digital certificate that the terminal is sent is obtained, and utilizes the ukey signature plug-in unit root in preset integrated plugin According to the identity of terminal described in the digital certificate authentication, wherein the integrated plugin includes ukey signature plug-in unit and digital certificate school Test plug-in unit;
If the authentication of the terminal is errorless, the terminal is allowed to execute signature behaviour on the specified signature file Make, obtains the specified signature file with signature;
According to preset inspection rule, whether the judgement specified signature file with signature is effective, wherein described pre- If inspection rule include at least the validity of the digital certificate examined using digital certificate verification plug-in unit;
If the specified signature file is effective, the specified signature file with signature is stored in and is constructed in advance In all block chain nodes in block chain network, wherein the server is a block chain node of the block chain.
Further, CertPubKey is recorded in the digital certificate, the corresponding user of the ukey holds certificate and private key, The digital certificate for obtaining the terminal and sending, and using the ukey signature plug-in unit in preset integrated plugin according to institute The identity of terminal described in digital certificate authentication is stated, wherein the integrated plugin includes that ukey signature plug-in unit and digital certificate verification are inserted The step of part includes:
Obtain the digital certificate of the terminal transmission, for the information of authentication and according to the certificate private The ciphertext that key obtains after encrypting to the information for authentication;
The CertPubKey is obtained from the digital certificate using ukey signature plug-in unit;
The ciphertext is decrypted using the CertPubKey, obtains solution confidential information;
Judge whether the solution confidential information is identical as the information for authentication;
If the solution confidential information is identical as the information for authentication, determine the authentication of the terminal without Accidentally.
Further, described according to preset inspection rule, whether the judgement specified signature file with signature has Effect, wherein the preset inspection rule, which is included at least, examines having for the digital certificate using digital certificate verification plug-in unit The step of effect property, include:
The validity date of the digital certificate is extracted from the digital certificate using digital certificate verification plug-in unit;
Judge current date whether within the validity date;
If current date not within the validity date, determines that the specified signature file with signature is invalid.
Further, it is described judge the step of current date is whether within the validity date after, comprising:
If current date within the validity date, extracts from the digital certificate and signs and issues the digital certificate E-business certification authorized organization;
Judge that the e-business certification authorized organization whether there is in preset trusted certificate authority list;
If the e-business certification authorized organization is present in preset trusted certificate authority list, the tool is determined There is the specified signature file of signature effective.
Further, if the specified signature file is effective, the specified signature file with signature is protected In the presence of in all block chain nodes in the block chain network constructed in advance, wherein the server is one of the block chain Before the step of block chain node, comprising:
Block chain class is created in the server using appointed language, establishes and creates after by block chain class instantiation Generation block;
Based on the wound generation block, other blocks are generated, wherein recording the cryptographic Hash of previous block in other described blocks;
Using agree to the block chain default common recognition mechanism terminal as block chain node, to establish the block chain Network.
Further, the terminal to agree to the default common recognition mechanism of the block chain is as block chain node, thus The step of establishing the block chain network, comprising:
Receive the request that block chain is added that the terminal for the default common recognition mechanism for agreeing to the block chain is sent;
Judge that the IP address of the terminal of the default common recognition mechanism for agreeing to the block chain whether there is in preset power It limits in IP list;
If the IP address of the terminal of the default common recognition mechanism for agreeing to the block chain is present in preset permission IP column In table, then using the terminal of the default common recognition mechanism for agreeing to the block chain as block chain node, to establish the area Block chain network.
Further, if the specified signature file is effective, the specified signature file with signature is protected In the presence of in all block chain nodes in the block chain network constructed in advance, wherein the server is one of the block chain After the step of block chain node, comprising:
Receive the signature file inquiry request that designated blocks chain node is sent;
Account right is logged in by the inquiry designated blocks chain node, to judge that the designated blocks chain node is It is no that there is signature file search access right;
If the designated blocks chain node has signature file search access right, allow the designated blocks chain querying node Signature file.
The application provides a kind of signature file save set based on block chain, is applied to server, comprising:
Signature request receiving unit, for receiving the signature on specified signature file for being plugged with the terminal of ukey and sending Request, wherein being stored with digital certificate in the ukey;
Identity authenticating unit, the digital certificate sent for obtaining the terminal, and utilize preset integrated plugin In ukey signature plug-in unit terminal according to the digital certificate authentication identity, wherein the integrated plugin include ukey label Name plug-in unit and digital certificate verify plug-in unit;
Specified signature file acquiring unit allows the terminal in institute if the authentication for the terminal is errorless It states and executes signature operation on specified signature file, obtain the specified signature file with signature;
Effective judging unit, for according to preset inspection rule, judgement is described, and to there is the specified signature file signed to be It is no effective, wherein the preset inspection rule, which is included at least, examines the digital certificate using digital certificate verification plug-in unit Validity;
Specified signature file storage unit, if effective for the specified signature file, by the finger with signature Determine in all block chain nodes that signature file is stored in the block chain network constructed in advance, wherein the server is described One block chain node of block chain.
The application provides a kind of computer equipment, including memory and processor, and the memory is stored with computer journey The step of sequence, the processor realizes any of the above-described the method when executing the computer program.
The application provides a kind of computer readable storage medium, is stored thereon with computer program, the computer program The step of method described in any of the above embodiments is realized when being executed by processor.
Signature file store method, device, computer equipment and the storage medium based on block chain of the application is received and is inserted The signature request on specified signature file for being connected to the terminal transmission of ukey permits if the authentication of the terminal is errorless Perhaps the described terminal executes signature operation on the specified signature file, the specified signature file with signature is obtained, if described Specified signature file is effective, then the specified signature file is recorded to all block chains into the block chain network constructed in advance In node.To the authenticity for realizing on-line signature, saving signature file and guaranteeing the signature file saved.
Detailed description of the invention
Fig. 1 is the flow diagram of the signature file store method based on block chain of one embodiment of the application;
Fig. 2 is the structural schematic block diagram of the signature file save set based on block chain of one embodiment of the application;
Fig. 3 is the structural schematic block diagram of the computer equipment of one embodiment of the application.
The embodiments will be further described with reference to the accompanying drawings for realization, functional characteristics and the advantage of the application purpose.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not For limiting the application.
Referring to Fig.1, the embodiment of the present application provides a kind of signature file store method based on block chain, is applied to service Device, comprising the following steps:
The signature request on specified signature file that the terminal that S1, reception are plugged with ukey is sent, wherein the ukey In be stored with digital certificate;
S2, the digital certificate that the terminal is sent is obtained, and is signed and is inserted using the ukey in preset integrated plugin The identity of part terminal according to the digital certificate authentication, wherein the integrated plugin includes ukey signature plug-in unit and number card Book verifies plug-in unit;
If the authentication of S3, the terminal are errorless, the terminal is allowed to execute label on the specified signature file Name operation, obtains the specified signature file with signature;
S4, according to preset inspection rule, whether the judgement specified signature file with signature effective, wherein described Preset inspection rule includes at least the validity that the digital certificate is examined using digital certificate verification plug-in unit;
If S5, the specified signature file are effective, the specified signature file with signature is stored in preparatory structure In all block chain nodes in the block chain network built, wherein the server is a block chain link of the block chain Point.
As described in above-mentioned steps S1, the signature on specified signature file for receiving the terminal transmission for being plugged with ukey is asked It asks, wherein being stored with digital certificate in the ukey.Wherein ukey (also referred to as USBKEY) is that a kind of by USB, (general serial is total Line interface) directly it is connected with computer, the small memory device with cryptographic authorization functions, reliable high speed, it is stored in ukey Digital certificate, for verifying the identity of the ukey holder and executing signature operation.Digital certificate refers to by the of authority Tripartite mechanism --- CA mechanism (Certificate Authority, e-business certification authorized organization) is signed and issued, in net The certificate of identity, alternatively referred to as CA certificate are identified on network.The digital certificate includes the identity information and certificate public affairs of holder Key, corresponding certificate and private key are that the corresponding user of the ukey holds.Specified signature file any can need to sign electronically Electronic document, such as electronic contract.It is plugged with the terminal of ukey, compared to the terminal for not being plugged with ukey, due to being utilized The identification verification function of ukey, safety are higher.
As described in above-mentioned steps S2, the digital certificate that the terminal is sent is obtained, and utilize preset integrated plugin In ukey signature plug-in unit terminal according to the digital certificate authentication identity, wherein the integrated plugin include ukey label Name plug-in unit and digital certificate verify plug-in unit.Present embodiment uses the collection including ukey signature plug-in unit and digital certificate verification plug-in unit At plug-in unit, for isolated plug-in unit, the step of substep calls plug-in unit is saved, is disposably needed this method to be used Plug-in unit unified call, integrated level is high, time-saving and efficiency.Wherein, the sign process of the plug-in unit identity of verifying the terminal of ukey can be Any way, such as corresponding data certificate is obtained from the CA mechanism for signing and issuing the data certificate, judge the CA mechanism Whether data certificate and the data certificate that the terminal is sent are identical, then determine that the identity of the terminal is true if they are the same.Into one Step ground, the process of the ukey signature plug-in unit identity of verifying the terminal include: the digital certificate for obtaining the terminal and sending, The information for authentication is encrypted for the information of authentication and according to the certificate and private key close Text;The CertPubKey is obtained from the digital certificate using ukey signature plug-in unit;Using the ukey sign plug-in unit, The ciphertext is decrypted using the CertPubKey, obtains solution confidential information;Judge the solution confidential information whether with the use It is identical in the information of authentication;If the solution confidential information is identical as the information for authentication, the end is determined The authentication at end is errorless.
As described in above-mentioned steps S3, if the authentication of the terminal is errorless, allow the terminal in the specified label Signature operation is executed on name file, obtains the specified signature file with signature.If the authentication of the terminal is errorless, can To be not in certainly the phenomenon that acting as fraudulent substitute for a person, therefore allows the terminal to execute signature on the specified signature file and grasp Make, obtains the specified signature file with signature.
As described in above-mentioned steps S4, according to preset inspection rule, the judgement specified signature file with signature is It is no effective, wherein the preset inspection rule, which is included at least, examines the digital certificate using digital certificate verification plug-in unit Validity.Although the validity of digital certificate also needs further really it has been observed that having determined that the identity of terminal is errorless Recognize.Wherein examining the process of the validity of the digital certificate using digital certificate verification plug-in unit includes: from the number Information relevant to validity of the digital certificate, such as validity date, the CA mechanism signed and issued etc. are extracted in certificate, further according to Whether information relevant to validity judges the digital certificate effective, for example, judge current date whether validity date it It is interior.Further, according to preset inspection rule, the judgement whether effective process of specified signature file with signature is also It may include that arbitrarily can determine whether the whether effective mode of signature file.
As described in above-mentioned steps S5, if the specified signature file is effective, by the specified signature text with signature Part is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is the block chain One block chain node.If the specified signature file is effective, then the specified signature file preservation can be completed online Signature deposits card.In order to guarantee the safety of specified signature file and guarantee that specified signature file content is not tampered, therefore will be described Specified signature file records in all block chain nodes into the block chain constructed in advance and (is stored in the public affairs of the block chain Altogether in account book), so that characteristic can not be changed using the data of block chain to increase the safety of specified signature file.Wherein, institute The mode of building for stating block chain can be any way, such as can be by the server as block chain network promoter, specifically Process includes: to create a Blockchain class (block chain class) with any operable language, and creation is for storing up in constructed fuction Deposit the list of block chain;After Blockchain class instantiation, establish wound generation block (without first block before block); Determine that (such as proof of work mechanism, equity prove that mechanism, share authorisation verification mechanism and Pool are tested for the common recognition mechanism of block chain Demonstrate,prove pond);Node of the terminal for agreeing to the common recognition mechanism as the block chain network is received, described is built in advance to obtain Block chain network.Wherein, the node (main body interacted) of the block chain network can be the agreement common recognition mechanism Terminal.Wherein, interconnected between each node, can be mutually authenticated data whether be tampered (using cryptographic Hash with it is non-in block chain Symmetric cryptosystem).The block chain can be publicly-owned chain, alliance's chain either privately owned chain.
In one embodiment, CertPubKey is recorded in the digital certificate, the corresponding user of the ukey holds Certificate and private key, the digital certificate for obtaining the terminal and sending, and signed using the ukey in preset integrated plugin The identity of plug-in unit terminal according to the digital certificate authentication, wherein the integrated plugin includes ukey signature plug-in unit and number Certificate verifies the step S2 of plug-in unit, includes:
S201, the digital certificate that the terminal sends is obtained, for the information of authentication and according to the card The ciphertext that book private key obtains after encrypting to the information for authentication;
S202, the CertPubKey is obtained from the digital certificate using ukey signature plug-in unit;
S203, the ciphertext is decrypted using the CertPubKey, obtains solution confidential information;
S204, judge whether the solution confidential information is identical as the information for authentication;
If S205, the solution confidential information are identical as the information for authentication, the identity of the terminal is determined It verifies errorless.
As described above, realizing the identity for verifying the terminal.Record has CertPubKey in the digital certificate, described The corresponding user of ukey holds the certificate and private key, therefore when needing to verify the identity of terminal, uses it by the user The certificate and private key held, to for authentication information (can be any information, for decrypted by server after information pair Than) encrypted, to obtain ciphertext.And server can execute decryption by the CertPubKey recorded in plain text in digital certificate Operation.If the ciphertext is not that the certificate and private key encrypts to obtain, then what server was decrypted by CertPubKey It is inevitable not identical as the information for authentication to solve confidential information, it is possible thereby to determine that the identity of the terminal is wrong;Instead It, then determine that the authentication of the terminal is errorless.
In one embodiment, described according to preset inspection rule, the judgement specified signature text with signature Whether part is effective, wherein the preset inspection rule, which is included at least, examines the number using digital certificate verification plug-in unit The step S4 of the validity of certificate includes:
S401, the effective day for extracting the digital certificate from the digital certificate using digital certificate verification plug-in unit Phase;
S402, judge current date whether within the validity date;
If S403, current date not within the validity date, determine the specified signature file with signature In vain.
As described above, realizing according to preset inspection rule, whether the judgement specified signature file with signature Effectively.Wherein, the relevant information of validity date, such as effective from date and effective Close Date are described in digital certificate. The process for extracting the validity date of the digital certificate includes: to obtain the effective from date for extracting the digital certificate and effectively Close Date, using effective from date and to the date between effective Close Date as validity date.If current date Not within the validity date, then determine that the specified signature file with signature is invalid, if current date has described It imitates within the date, then can be determined that the date is errorless.
In one embodiment, it is described judge current date whether the step S402 within the validity date it Afterwards, comprising:
If S404, current date within the validity date, extract from the digital certificate and sign and issue the number The e-business certification authorized organization of certificate;
S405, judge that the e-business certification authorized organization whether there is in preset trusted certificate authority list;
If S406, the e-business certification authorized organization are present in preset trusted certificate authority list, determine The specified signature file for having signature is effective.
Credible recognized by judging that e-business certification authorized organization (CA) whether there is in preset as described above, realizing It demonstrate,proves in Institution list, so that whether the judgement specified signature file with signature is effective.E-business certification authorized organization It is not unalterable, and the permission that can be authorized is also not necessarily identical, therefore should verify e-business certification authorization machine Structure.Specifically, it is preset with trusted certificate authority list in the server, the e-business certification that being described can trust is awarded Mechanism is weighed, to only need to judge that e-business certification authorized organization with the presence or absence of the trusted certificate authority list, just can then verify that The e-business certification authorized organization.If the e-business certification authorized organization is present in preset trusted certificate authority column In table, then it is assumed that the e-business certification authorized organization is errorless, and then determines that the specified signature file with signature has Effect.
In one embodiment, if the specified signature file is effective, by the specified label with signature Name file is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is the block Before the step S5 of one block chain node of chain, comprising:
S41, block chain class is created in the server using appointed language, is built after by block chain class instantiation Vertical wound generation block;
S42, it is based on the wound generation block, generates other blocks, wherein recording the Kazakhstan of previous block in other described blocks Uncommon value;
S43, default common recognition mechanism to agree to the block chain terminal as block chain node, to establish the area Block chain network.
As described above, realizing building block chain network.Wherein appointed language includes that JAVA, C++, Python etc. arbitrarily may be used Row language.Class (Class) is the basis that Object-oriented Programming Design realizes Information encapsulation.Class is a kind of user defined type, Claim type.Each class includes the function that data illustrate with one group of operation data or transmit message.The block chain class is description The class of block chain.Block chain class is instantiated, is the object for stating a block chain type, (is not had to obtain wound generation block First block before having block), wherein the cryptographic Hash of previous block can be recorded as 0 in wound generation block.It is based on the wound generation again Block generates other blocks, wherein other described blocks record the cryptographic Hash of previous block, so that constituting one has multi-region The block chain of block.The terminal of the default common recognition mechanism of the block chain be will have agreed to again as block chain node, thus described in establishing Block chain network.Wherein, the common recognition mechanism such as proof of work mechanism, equity proves mechanism, share authorisation verification mechanism Deng.Accordingly, the block chain network is established.
In one embodiment, described to agree to the terminal of the default common recognition mechanism of the block chain as block chain link Point, to establish the step S43 of the block chain network, comprising:
The request for the addition block chain that S4301, the terminal for receiving the default common recognition mechanism for agreeing to the block chain are sent;
S4302, judge that the IP address of the terminal of the default common recognition mechanism for agreeing to the block chain whether there is in pre- If permission IP list in;
If the IP address of the terminal of S4303, the default common recognition mechanism for agreeing to the block chain is present in preset power It limits in IP list, then using the terminal of the default common recognition mechanism for agreeing to the block chain as block chain node, to establish The block chain network.
As described above, realizing determining block chain node.Use the mode of verifying authorization to limit area in present embodiment Block chain node, to establish the block chain network, i.e., preferred block chain network is alliance's chain or privately owned chain.Due to this block chain It is preferred for storing electronic contract, therefore each side for selecting and participating in, be expected to participate in, be related to the electronic contract is the block chain Node, the block chain can be made to be easier to build, managed and is more flexible.Specifically, by judging the agreement block The IP address of the terminal of the default common recognition mechanism of chain whether there is in preset permission IP list, if described agree to the block The IP address of the terminal of the default common recognition mechanism of chain is present in preset permission IP list, then agrees to the block chain for described Default common recognition mechanism terminal as block chain node, to establish the block chain network.
In one embodiment, if the specified signature file is effective, by the specified label with signature Name file is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is the block After the step S5 of one block chain node of chain, comprising:
S51, the signature file inquiry request that designated blocks chain node is sent is received;
S52, account right is logged in by the inquiry designated blocks chain node, to judge the designated blocks chain link Whether point has signature file search access right;
If S53, the designated blocks chain node have signature file search access right, allow the designated blocks chain node Query signature file.
As described above, realizing the inquiry of signature file.Electronic contract has certain confidentiality, it is undesirable that irrelevant Personnel inquire, and search access right is arranged accordingly.Specifically, account right is logged in by the inquiry block chain node, from And judge whether the block chain node has signature file search access right, if the block chain node is inquired with signature file Permission then allows the block chain node query signature file.Wherein, the account number that logs in includes that user name logs in or ukey Identity logs in.The process for logging in account right for inquiring the block chain node includes: that acquisition logs in account number, judges preset label Account number is logged in the presence or absence of described in name file polling permissions list, then determines that there is signature file search access right if it exists.
The signature file store method based on block chain of the application receives specifying for the terminal transmission for being plugged with ukey Signature request on signature file allows the terminal in the specified signature text if the authentication of the terminal is errorless Signature operation is executed on part, the specified signature file with signature is obtained, if the specified signature file is effective, by the finger Determine in all block chain nodes that signature file is recorded into the block chain network constructed in advance.To realize on-line signature, It saves signature file and guarantees the authenticity of the signature file saved.
Referring to Fig. 2, the embodiment of the present application provides a kind of signature file save set based on block chain, is applied to service Device, comprising:
Signature request receiving unit 10, for receiving the label on specified signature file for being plugged with the terminal of ukey and sending Name request, wherein being stored with digital certificate in the ukey;
Identity authenticating unit 20, the digital certificate sent for obtaining the terminal, and inserted using preset integrate The identity of ukey signature plug-in unit terminal according to the digital certificate authentication in part, wherein the integrated plugin includes ukey Signature plug-in unit and digital certificate verify plug-in unit;
Specified signature file acquiring unit 30 allows the terminal to exist if the authentication for the terminal is errorless Signature operation is executed on the specified signature file, obtains the specified signature file with signature;
Effective judging unit 40, for according to preset inspection rule, the judgement specified signature file with signature Whether effectively, wherein the preset inspection rule, which is included at least, examines the number card using digital certificate verification plug-in unit The validity of book;
Specified signature file storage unit 50 has signature for described if effective for the specified signature file Specified signature file is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is institute State a block chain node of block chain.
As described in said units 10, the signature on specified signature file for receiving the terminal transmission for being plugged with ukey is asked It asks, wherein being stored with digital certificate in the ukey.Wherein ukey (also referred to as USBKEY) is that a kind of by USB, (general serial is total Line interface) directly it is connected with computer, the small memory device with cryptographic authorization functions, reliable high speed, it is stored in ukey Digital certificate, for verifying the identity of the ukey holder and executing signature operation.Digital certificate refers to by the of authority Tripartite mechanism --- CA mechanism (Certificate Authority, e-business certification authorized organization) is signed and issued, in net The certificate of identity, alternatively referred to as CA certificate are identified on network.The digital certificate includes the identity information and certificate public affairs of holder Key, corresponding certificate and private key are that the corresponding user of the ukey holds.Specified signature file any can need to sign electronically Electronic document, such as electronic contract.It is plugged with the terminal of ukey, compared to the terminal for not being plugged with ukey, due to being utilized The identification verification function of ukey, safety are higher.
As described in said units 20, the digital certificate that the terminal is sent is obtained, and utilize preset integrated plugin In ukey signature plug-in unit terminal according to the digital certificate authentication identity, wherein the integrated plugin include ukey label Name plug-in unit and digital certificate verify plug-in unit.Present embodiment uses the collection including ukey signature plug-in unit and digital certificate verification plug-in unit At plug-in unit, for isolated plug-in unit, the step of substep calls plug-in unit is saved, is disposably needed this method to be used Plug-in unit unified call, integrated level is high, time-saving and efficiency.Wherein, the sign process of the plug-in unit identity of verifying the terminal of ukey can be Any way, such as corresponding data certificate is obtained from the CA mechanism for signing and issuing the data certificate, judge the CA mechanism Whether data certificate and the data certificate that the terminal is sent are identical, then determine that the identity of the terminal is true if they are the same.Into one Step ground, the process of the ukey signature plug-in unit identity of verifying the terminal include: the digital certificate for obtaining the terminal and sending, The information for authentication is encrypted for the information of authentication and according to the certificate and private key close Text;The CertPubKey is obtained from the digital certificate using ukey signature plug-in unit;Using the ukey sign plug-in unit, The ciphertext is decrypted using the CertPubKey, obtains solution confidential information;Judge the solution confidential information whether with the use It is identical in the information of authentication;If the solution confidential information is identical as the information for authentication, the end is determined The authentication at end is errorless.
As described in said units 30, if the authentication of the terminal is errorless, allow the terminal in the specified label Signature operation is executed on name file, obtains the specified signature file with signature.If the authentication of the terminal is errorless, can To be not in certainly the phenomenon that acting as fraudulent substitute for a person, therefore allows the terminal to execute signature on the specified signature file and grasp Make, obtains the specified signature file with signature.
As described in said units 40, according to preset inspection rule, the judgement specified signature file with signature is It is no effective, wherein the preset inspection rule, which is included at least, examines the digital certificate using digital certificate verification plug-in unit Validity.Although the validity of digital certificate also needs further really it has been observed that having determined that the identity of terminal is errorless Recognize.Wherein examining the process of the validity of the digital certificate using digital certificate verification plug-in unit includes: from the number Information relevant to validity of the digital certificate, such as validity date, the CA mechanism signed and issued etc. are extracted in certificate, further according to Whether information relevant to validity judges the digital certificate effective, for example, judge current date whether validity date it It is interior.Further, according to preset inspection rule, the judgement whether effective process of specified signature file with signature is also It may include that arbitrarily can determine whether the whether effective mode of signature file.
As described in said units 50, if the specified signature file is effective, by the specified signature text with signature Part is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is the block chain One block chain node.If the specified signature file is effective, then the specified signature file preservation can be completed online Signature deposits card.In order to guarantee the safety of specified signature file and guarantee that specified signature file content is not tampered, therefore will be described Specified signature file records in all block chain nodes into the block chain constructed in advance and (is stored in the public affairs of the block chain Altogether in account book), so that characteristic can not be changed using the data of block chain to increase the safety of specified signature file.Wherein, institute The mode of building for stating block chain can be any way, such as can be by the server as block chain network promoter, specifically Process includes: to create a Blockchain class (block chain class) with any operable language, and creation is for storing up in constructed fuction Deposit the list of block chain;After Blockchain class instantiation, establish wound generation block (without first block before block); Determine that (such as proof of work mechanism, equity prove that mechanism, share authorisation verification mechanism and Pool are tested for the common recognition mechanism of block chain Demonstrate,prove pond);Node of the terminal for agreeing to the common recognition mechanism as the block chain network is received, described is built in advance to obtain Block chain network.Wherein, the node (main body interacted) of the block chain network can be the agreement common recognition mechanism Terminal.Wherein, interconnected between each node, can be mutually authenticated data whether be tampered (using cryptographic Hash with it is non-in block chain Symmetric cryptosystem).The block chain can be publicly-owned chain, alliance's chain either privately owned chain.
In one embodiment, CertPubKey is recorded in the digital certificate, the corresponding user of the ukey holds Certificate and private key, the identity authenticating unit 20, comprising:
Digital certificate obtains subelement, for obtaining the digital certificate of the terminal transmission, for authentication Information and the ciphertext obtained after being encrypted according to the certificate and private key to the information for authentication;
CertPubKey obtains subelement, for obtaining the card from the digital certificate using ukey signature plug-in unit Book public key;
Subelement is decrypted, for the ciphertext to be decrypted using the CertPubKey, obtains solution confidential information;
Decrypt information judgement subunit, for judge the solution confidential information whether with the information phase for authentication Together;
Authentication is without misinterpretation subelement, if for the solution confidential information and the information phase for authentication Together, then determine that the authentication of the terminal is errorless.
As described above, realizing the identity for verifying the terminal.Record has CertPubKey in the digital certificate, described The corresponding user of ukey holds the certificate and private key, therefore when needing to verify the identity of terminal, uses it by the user The certificate and private key held, to for authentication information (can be any information, for decrypted by server after information pair Than) encrypted, to obtain ciphertext.And server can execute decryption by the CertPubKey recorded in plain text in digital certificate Operation.If the ciphertext is not that the certificate and private key encrypts to obtain, then what server was decrypted by CertPubKey It is inevitable not identical as the information for authentication to solve confidential information, it is possible thereby to determine that the identity of the terminal is wrong;Instead It, then determine that the authentication of the terminal is errorless.
In one embodiment, effective judging unit 40, comprising:
Validity date extracts subelement, for extracting institute from the digital certificate using digital certificate verification plug-in unit State the validity date of digital certificate;
Validity date judgment sub-unit, for judging current date whether within the validity date;
It is invalid to determine subelement, if judgement is described to have signature for current date not within the validity date Specified signature file it is invalid.
As described above, realizing according to preset inspection rule, whether the judgement specified signature file with signature Effectively.Wherein, the relevant information of validity date, such as effective from date and effective Close Date are described in digital certificate. The process for extracting the validity date of the digital certificate includes: to obtain the effective from date for extracting the digital certificate and effectively Close Date, using effective from date and to the date between effective Close Date as validity date.If current date Not within the validity date, then determine that the specified signature file with signature is invalid, if current date has described It imitates within the date, then can be determined that the date is errorless.
In one embodiment, effective judging unit 40, comprising:
Authorized organization extracts subelement, if for current date within the validity date, from the digital certificate It is middle to extract the e-business certification authorized organization for signing and issuing the digital certificate;
Trusted certificate authority judgment sub-unit, for judging that the e-business certification authorized organization whether there is in default Trusted certificate authority list in;
Subelement is effectively determined, if being present in preset trusted certificate authority for the e-business certification authorized organization In list, then determine that the specified signature file with signature is effective.
Credible recognized by judging that e-business certification authorized organization (CA) whether there is in preset as described above, realizing It demonstrate,proves in Institution list, so that whether the judgement specified signature file with signature is effective.E-business certification authorized organization It is not unalterable, and the permission that can be authorized is also not necessarily identical, therefore should verify e-business certification authorization machine Structure.Specifically, it is preset with trusted certificate authority list in the server, the e-business certification that being described can trust is awarded Mechanism is weighed, to only need to judge that e-business certification authorized organization with the presence or absence of the trusted certificate authority list, just can then verify that The e-business certification authorized organization.If the e-business certification authorized organization is present in preset trusted certificate authority column In table, then it is assumed that the e-business certification authorized organization is errorless, and then determines that the specified signature file with signature has Effect.
In one embodiment, described device, comprising:
Wound generation block establishes unit, for creating block chain class in the server using appointed language, by the area Wound generation block is established after the instantiation of block chain class;
Block generation unit generates other blocks, wherein recording in other described blocks for being based on the wound generation block The cryptographic Hash of previous block;
Block chain network establishes unit, for using the terminal of agreeing to the default common recognition mechanism of the block chain as block chain Node, to establish the block chain network.
As described above, realizing building block chain network.Wherein appointed language includes that JAVA, C++, Python etc. arbitrarily may be used Row language.Class (Class) is the basis that Object-oriented Programming Design realizes Information encapsulation.Class is a kind of user defined type, Claim type.Each class includes the function that data illustrate with one group of operation data or transmit message.The block chain class is description The class of block chain.Block chain class is instantiated, is the object for stating a block chain type, (is not had to obtain wound generation block First block before having block), wherein the cryptographic Hash of previous block can be recorded as 0 in wound generation block.It is based on the wound generation again Block generates other blocks, wherein other described blocks record the cryptographic Hash of previous block, so that constituting one has multi-region The block chain of block.The terminal of the default common recognition mechanism of the block chain be will have agreed to again as block chain node, thus described in establishing Block chain network.Wherein, the common recognition mechanism such as proof of work mechanism, equity proves mechanism, share authorisation verification mechanism Deng.Accordingly, the block chain network is established.
In one embodiment, the block chain network establishes unit, comprising:
Request receiving subelement is added, what the terminal for receiving the default common recognition mechanism for agreeing to the block chain was sent adds Enter the request of block chain;
Permission IP judgment sub-unit, the IP of the terminal for judging the default common recognition mechanism for agreeing to the block chain Location whether there is in preset permission IP list;
Block chain network establishes subelement, if the IP of the terminal for the default common recognition mechanism for agreeing to the block chain Address is present in preset permission IP list, then using the terminal of the default common recognition mechanism for agreeing to the block chain as area Block chain node, to establish the block chain network.
As described above, realizing determining block chain node.Use the mode of verifying authorization to limit area in present embodiment Block chain node, to establish the block chain network, i.e., preferred block chain network is alliance's chain or privately owned chain.Due to this block chain It is preferred for storing electronic contract, therefore each side for selecting and participating in, be expected to participate in, be related to the electronic contract is the block chain Node, the block chain can be made to be easier to build, managed and is more flexible.Specifically, by judging the agreement block The IP address of the terminal of the default common recognition mechanism of chain whether there is in preset permission IP list, if described agree to the block The IP address of the terminal of the default common recognition mechanism of chain is present in preset permission IP list, then agrees to the block chain for described Default common recognition mechanism terminal as block chain node, to establish the block chain network.
In one embodiment, described device, comprising:
Inquiry request receiving unit, for receiving the signature file inquiry request of designated blocks chain node transmission;
Search access right judging unit, for logging in account right by the inquiry designated blocks chain node, to sentence Whether the designated blocks chain node that breaks has signature file search access right;
Allow query unit, if for the designated blocks chain node have signature file search access right, allow described in Designated blocks chain node query signature file.
As described above, realizing the inquiry of signature file.Electronic contract has certain confidentiality, it is undesirable that irrelevant Personnel inquire, and search access right is arranged accordingly.Specifically, account right is logged in by the inquiry block chain node, from And judge whether the block chain node has signature file search access right, if the block chain node is inquired with signature file Permission then allows the block chain node query signature file.Wherein, the account number that logs in includes that user name logs in or ukey Identity logs in.The process for logging in account right for inquiring the block chain node includes: that acquisition logs in account number, judges preset label Account number is logged in the presence or absence of described in name file polling permissions list, then determines that there is signature file search access right if it exists.
The signature file save set based on block chain of the application receives specifying for the terminal transmission for being plugged with ukey Signature request on signature file allows the terminal in the specified signature text if the authentication of the terminal is errorless Signature operation is executed on part, the specified signature file with signature is obtained, if the specified signature file is effective, by the finger Determine in all block chain nodes that signature file is recorded into the block chain network constructed in advance.To realize on-line signature, It saves signature file and guarantees the authenticity of the signature file saved.
Referring to Fig. 3, a kind of computer equipment is also provided in the embodiment of the present invention, which can be server, Its internal structure can be as shown in the figure.The computer equipment includes that the processor, memory, network connected by system bus connects Mouth and database.Wherein, the processor of the Computer Design is for providing calculating and control ability.The storage of the computer equipment Device includes non-volatile memory medium, built-in storage.The non-volatile memory medium be stored with operating system, computer program and Database.The internal memory provides environment for the operation of operating system and computer program in non-volatile memory medium.The meter The database of machine equipment is calculated for storing data used in the signature file store method based on block chain.The net of the computer equipment Network interface is used to communicate with external terminal by network connection.To realize a kind of base when the computer program is executed by processor In the signature file store method of block chain.
Above-mentioned processor executes the above-mentioned signature file store method based on block chain, is applied to server, including following Step: it receives and is plugged with the signature request on specified signature file that the terminal of ukey is sent, wherein being stored in the ukey There is digital certificate;The digital certificate that the terminal is sent is obtained, and is signed and is inserted using the ukey in preset integrated plugin The identity of part terminal according to the digital certificate authentication, wherein the integrated plugin includes ukey signature plug-in unit and number card Book verifies plug-in unit;If the authentication of the terminal is errorless, the terminal is allowed to execute label on the specified signature file Name operation, obtains the specified signature file with signature;According to preset inspection rule, the judgement specified label with signature Whether name file is effective, wherein the preset inspection rule is included at least using described in digital certificate verification plug-in unit inspection The validity of digital certificate;If the specified signature file is effective, the specified signature file with signature is stored in In all block chain nodes in the block chain network constructed in advance, wherein the server is a block of the block chain Chain node.
In one embodiment, CertPubKey is recorded in the digital certificate, the corresponding user of the ukey holds Certificate and private key, the digital certificate for obtaining the terminal and sending, and signed using the ukey in preset integrated plugin The identity of plug-in unit terminal according to the digital certificate authentication, wherein the integrated plugin includes ukey signature plug-in unit and number Certificate verifies the step of plug-in unit, include: the digital certificate for obtaining the terminal and sending, for authentication information, with And the ciphertext obtained after being encrypted according to the certificate and private key to the information for authentication;It is signed using the ukey Name plug-in unit obtains the CertPubKey from the digital certificate;The ciphertext is decrypted using the CertPubKey, is obtained Confidential information must be solved;Judge whether the solution confidential information is identical as the information for authentication;If the solution confidential information with The information for authentication is identical, then determines that the authentication of the terminal is errorless.
In one embodiment, described according to preset inspection rule, the judgement specified signature text with signature Whether part is effective, wherein the preset inspection rule, which is included at least, examines the number using digital certificate verification plug-in unit The step of validity of certificate includes: that the number is extracted from the digital certificate using digital certificate verification plug-in unit The validity date of certificate;Judge current date whether within the validity date;If current date is not in the validity date Within, then determine that the specified signature file with signature is invalid.
In one embodiment, it is described judge the step of current date is whether within the validity date after, packet It includes: if current date within the validity date, extracts the electronics for signing and issuing the digital certificate from the digital certificate Business confirming authorized organization;Judge that the e-business certification authorized organization whether there is in preset trusted certificate authority list In;If the e-business certification authorized organization is present in preset trusted certificate authority list, determine described with label The specified signature file of name is effective.
In one embodiment, if the specified signature file is effective, by the specified label with signature Name file is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is the block Before the step of one block chain node of chain, comprising: create block chain class in the server using appointed language, inciting somebody to action Wound generation block is established after the block chain class instantiation;Based on the wound generation block, other blocks are generated, wherein in other described blocks Record the cryptographic Hash of previous block;Using agree to the block chain default common recognition mechanism terminal as block chain node, from And establish the block chain network.
In one embodiment, described to agree to the terminal of the default common recognition mechanism of the block chain as block chain link Point, thus the step of establishing the block chain network, comprising: receive the terminal hair for the default common recognition mechanism for agreeing to the block chain The request of the addition block chain sent;Judge whether the IP address of the terminal of the default common recognition mechanism for agreeing to the block chain deposits It is in preset permission IP list;If the IP address of the terminal of the default common recognition mechanism for agreeing to the block chain is present in In preset permission IP list, then using the terminal of the default common recognition mechanism for agreeing to the block chain as block chain node, To establish the block chain network.
In one embodiment, if the specified signature file is effective, by the specified label with signature Name file is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is the block After the step of one block chain node of chain, comprising: receive the signature file inquiry request that designated blocks chain node is sent;It is logical Cross inquire the designated blocks chain node log in account right, to judge whether the designated blocks chain node has signature File polling permission;If the designated blocks chain node has signature file search access right, allow the designated blocks chain link Point query signature file.
It will be understood by those skilled in the art that structure shown in figure, only part relevant to application scheme is tied The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme.
The computer equipment of the application, the signature on specified signature file for receiving the terminal transmission for being plugged with ukey are asked It asks, if the authentication of the terminal is errorless, allows the terminal to execute signature operation on the specified signature file, obtain There must be the specified signature file of signature, if the specified signature file is effective, the specified signature file is recorded to pre- In all block chain nodes in the block chain network first constructed.To realize on-line signature, preservation signature file and guarantee The authenticity of the signature file of preservation.
One embodiment of the application also provides a kind of computer readable storage medium, is stored thereon with computer program, calculates The signature file store method based on block chain is realized when machine program is executed by processor, and is applied to server, including following step It is rapid: to receive and be plugged with the signature request on specified signature file that the terminal of ukey is sent, wherein being stored in the ukey Digital certificate;The digital certificate that the terminal is sent is obtained, and utilizes the ukey signature plug-in unit in preset integrated plugin According to the identity of terminal described in the digital certificate authentication, wherein the integrated plugin includes ukey signature plug-in unit and digital certificate Verify plug-in unit;If the authentication of the terminal is errorless, the terminal is allowed to execute signature on the specified signature file Operation obtains the specified signature file with signature;According to preset inspection rule, the judgement specified signature with signature Whether file is effective, wherein the preset inspection rule, which is included at least, examines the number using digital certificate verification plug-in unit The validity of word certificate;If the specified signature file is effective, the specified signature file with signature is stored in pre- In all block chain nodes in the block chain network first constructed, wherein the server is a block chain of the block chain Node.
In one embodiment, CertPubKey is recorded in the digital certificate, the corresponding user of the ukey holds Certificate and private key, the digital certificate for obtaining the terminal and sending, and signed using the ukey in preset integrated plugin The identity of plug-in unit terminal according to the digital certificate authentication, wherein the integrated plugin includes ukey signature plug-in unit and number Certificate verifies the step of plug-in unit, include: the digital certificate for obtaining the terminal and sending, for authentication information, with And the ciphertext obtained after being encrypted according to the certificate and private key to the information for authentication;It is signed using the ukey Name plug-in unit obtains the CertPubKey from the digital certificate;The ciphertext is decrypted using the CertPubKey, is obtained Confidential information must be solved;Judge whether the solution confidential information is identical as the information for authentication;If the solution confidential information with The information for authentication is identical, then determines that the authentication of the terminal is errorless.
In one embodiment, described according to preset inspection rule, the judgement specified signature text with signature Whether part is effective, wherein the preset inspection rule, which is included at least, examines the number using digital certificate verification plug-in unit The step of validity of certificate includes: that the number is extracted from the digital certificate using digital certificate verification plug-in unit The validity date of certificate;Judge current date whether within the validity date;If current date is not in the validity date Within, then determine that the specified signature file with signature is invalid.
In one embodiment, it is described judge the step of current date is whether within the validity date after, packet It includes: if current date within the validity date, extracts the electronics for signing and issuing the digital certificate from the digital certificate Business confirming authorized organization;Judge that the e-business certification authorized organization whether there is in preset trusted certificate authority list In;If the e-business certification authorized organization is present in preset trusted certificate authority list, determine described with label The specified signature file of name is effective.
In one embodiment, if the specified signature file is effective, by the specified label with signature Name file is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is the block Before the step of one block chain node of chain, comprising: create block chain class in the server using appointed language, inciting somebody to action Wound generation block is established after the block chain class instantiation;Based on the wound generation block, other blocks are generated, wherein in other described blocks Record the cryptographic Hash of previous block;Using agree to the block chain default common recognition mechanism terminal as block chain node, from And establish the block chain network.
In one embodiment, described to agree to the terminal of the default common recognition mechanism of the block chain as block chain link Point, thus the step of establishing the block chain network, comprising: receive the terminal hair for the default common recognition mechanism for agreeing to the block chain The request of the addition block chain sent;Judge whether the IP address of the terminal of the default common recognition mechanism for agreeing to the block chain deposits It is in preset permission IP list;If the IP address of the terminal of the default common recognition mechanism for agreeing to the block chain is present in In preset permission IP list, then using the terminal of the default common recognition mechanism for agreeing to the block chain as block chain node, To establish the block chain network.
In one embodiment, if the specified signature file is effective, by the specified label with signature Name file is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is the block After the step of one block chain node of chain, comprising: receive the signature file inquiry request that designated blocks chain node is sent;It is logical Cross inquire the designated blocks chain node log in account right, to judge whether the designated blocks chain node has signature File polling permission;If the designated blocks chain node has signature file search access right, allow the designated blocks chain link Point query signature file.
The computer readable storage medium of the application, receive be plugged with that the terminal of ukey sends on specified signature file Signature request allow the terminal to execute label on the specified signature file if the authentication of the terminal is errorless Name operation, obtains the specified signature file with signature, if the specified signature file is effective, by the specified signature file It records in all block chain nodes into the block chain network constructed in advance.To realize on-line signature, save signature text Part and the authenticity for guaranteeing the signature file saved.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, Any reference used in provided herein and embodiment to memory, storage, database or other media, Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double speed are according to rate SDRAM (SSRSDRAM), enhancing Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, device, article or the method that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, device, article or method institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, device of element, article or method.
The foregoing is merely preferred embodiment of the present application, are not intended to limit the scope of the patents of the application, all utilizations Equivalent structure or equivalent flow shift made by present specification and accompanying drawing content is applied directly or indirectly in other correlations Technical field, similarly include in the scope of patent protection of the application.

Claims (10)

1. a kind of signature file store method based on block chain is applied to server characterized by comprising
It receives and is plugged with the signature request on specified signature file that the terminal of ukey is sent, wherein being stored in the ukey Digital certificate;
The digital certificate that the terminal is sent is obtained, and using the ukey signature plug-in unit in preset integrated plugin according to institute The identity of terminal described in digital certificate authentication is stated, wherein the integrated plugin includes that ukey signature plug-in unit and digital certificate verification are inserted Part;
If the authentication of the terminal is errorless, the terminal is allowed to execute signature operation on the specified signature file, Obtain the specified signature file with signature;
According to preset inspection rule, whether the judgement specified signature file with signature is effective, wherein described preset Inspection rule includes at least the validity that the digital certificate is examined using digital certificate verification plug-in unit;
If the specified signature file is effective, the specified signature file with signature is stored in the block constructed in advance In all block chain nodes in chain network, wherein the server is a block chain node of the block chain.
2. the signature file store method according to claim 1 based on block chain, which is characterized in that the digital certificate In record CertPubKey, the corresponding user of the ukey holds certificate and private key, the number for obtaining the terminal and sending Word certificate, and utilize the body of ukey signature plug-in unit terminal according to the digital certificate authentication in preset integrated plugin Part, wherein the integrated plugin includes the steps that ukey signature plug-in unit and digital certificate verification plug-in unit, comprising:
Obtain the digital certificate of the terminal transmission, for the information of authentication and according to the certificate and private key pair The ciphertext that the information for authentication obtains after being encrypted;
The CertPubKey is obtained from the digital certificate using ukey signature plug-in unit;
The ciphertext is decrypted using the CertPubKey, obtains solution confidential information;
Judge whether the solution confidential information is identical as the information for authentication;
If the solution confidential information is identical as the information for authentication, determine that the authentication of the terminal is errorless.
3. the signature file store method according to claim 1 based on block chain, which is characterized in that the basis is default Inspection rule, whether the judgement specified signature file with signature effective, wherein the preset inspection rule is at least Include the steps that the validity for examining the digital certificate using digital certificate verification plug-in unit, includes:
The validity date of the digital certificate is extracted from the digital certificate using digital certificate verification plug-in unit;
Judge current date whether within the validity date;
If current date not within the validity date, determines that the specified signature file with signature is invalid.
4. the signature file store method according to claim 3 based on block chain, which is characterized in that the judgement is current After the step of whether date is within the validity date, comprising:
If current date within the validity date, extracts the electronics for signing and issuing the digital certificate from the digital certificate Business confirming authorized organization;
Judge that the e-business certification authorized organization whether there is in preset trusted certificate authority list;
If the e-business certification authorized organization is present in preset trusted certificate authority list, determine described with label The specified signature file of name is effective.
5. the signature file store method according to claim 1 based on block chain, which is characterized in that if the finger Determine that signature file is effective, then the specified signature file with signature is stored in the institute in the block chain network constructed in advance Have in block chain node, wherein before the step of server is a block chain node of the block chain, comprising:
Block chain class is created in the server using appointed language, wound generation is established after by block chain class instantiation Block;
Based on the wound generation block, other blocks are generated, wherein recording the cryptographic Hash of previous block in other described blocks;
Using agree to the block chain default common recognition mechanism terminal as block chain node, to establish the block link network Network.
6. the signature file store method according to claim 5 based on block chain, which is characterized in that described to agree to The terminal of the default common recognition mechanism of block chain is stated as block chain node, thus the step of establishing the block chain network, comprising:
Receive the request that block chain is added that the terminal for the default common recognition mechanism for agreeing to the block chain is sent;
Judge that the IP address of the terminal of the default common recognition mechanism for agreeing to the block chain whether there is in preset permission IP In list;
If the IP address of the terminal of the default common recognition mechanism for agreeing to the block chain is present in preset permission IP list, Then using the terminal of the default common recognition mechanism for agreeing to the block chain as block chain node, to establish the block link network Network.
7. the signature file store method according to claim 1 based on block chain, which is characterized in that if the finger Determine that signature file is effective, then the specified signature file with signature is stored in the institute in the block chain network constructed in advance Have in block chain node, wherein after the step of server is a block chain node of the block chain, comprising:
Receive the signature file inquiry request that designated blocks chain node is sent;
Account right is logged in by the inquiry designated blocks chain node, to judge whether the designated blocks chain node has There is signature file search access right;
If the designated blocks chain node has signature file search access right, allow the designated blocks chain node query signature File.
8. a kind of signature file save set based on block chain is applied to server characterized by comprising
Signature request receiving unit, the signature on specified signature file for receiving the terminal transmission for being plugged with ukey are asked It asks, wherein being stored with digital certificate in the ukey;
Identity authenticating unit, the digital certificate sent for obtaining the terminal, and using in preset integrated plugin The identity of ukey signature plug-in unit terminal according to the digital certificate authentication, wherein the integrated plugin includes that ukey signature is inserted Part and digital certificate verify plug-in unit;
Specified signature file acquiring unit allows the terminal in the finger if the authentication for the terminal is errorless Determine to execute signature operation on signature file, obtains the specified signature file with signature;
Effective judging unit, for according to preset inspection rule, whether the judgement specified signature file with signature to have Effect, wherein the preset inspection rule, which is included at least, examines having for the digital certificate using digital certificate verification plug-in unit Effect property;
Specified signature file storage unit, if effective for the specified signature file, by the specified label with signature Name file is stored in all block chain nodes in the block chain network constructed in advance, wherein the server is the block One block chain node of chain.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists In the step of processor realizes any one of claims 1 to 7 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of method described in any one of claims 1 to 7 is realized when being executed by processor.
CN201910341157.3A 2019-04-25 2019-04-25 Signature file store method, device and computer equipment based on block chain Pending CN110175467A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910341157.3A CN110175467A (en) 2019-04-25 2019-04-25 Signature file store method, device and computer equipment based on block chain
PCT/CN2019/103540 WO2020215575A1 (en) 2019-04-25 2019-08-30 Blockchain-based signature file saving method and apparatus, and computer device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910341157.3A CN110175467A (en) 2019-04-25 2019-04-25 Signature file store method, device and computer equipment based on block chain

Publications (1)

Publication Number Publication Date
CN110175467A true CN110175467A (en) 2019-08-27

Family

ID=67690104

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910341157.3A Pending CN110175467A (en) 2019-04-25 2019-04-25 Signature file store method, device and computer equipment based on block chain

Country Status (2)

Country Link
CN (1) CN110175467A (en)
WO (1) WO2020215575A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110569674A (en) * 2019-09-10 2019-12-13 腾讯科技(深圳)有限公司 Block chain network-based authentication method and device
CN110795765A (en) * 2019-11-04 2020-02-14 厦门市锁链科技有限公司 Personal mobile block chain operating system based on U shield
CN110874747A (en) * 2019-10-16 2020-03-10 支付宝(杭州)信息技术有限公司 Product service data uploading method, product service data storing device, product service data storing equipment and product service data storing medium
CN111010367A (en) * 2019-11-07 2020-04-14 深圳市电子商务安全证书管理有限公司 Data storage method and device, computer equipment and storage medium
CN111209589A (en) * 2019-12-31 2020-05-29 航天信息股份有限公司 Method and system for dynamic data desensitization based on regional chain
WO2020215575A1 (en) * 2019-04-25 2020-10-29 平安科技(深圳)有限公司 Blockchain-based signature file saving method and apparatus, and computer device
CN111953490A (en) * 2020-08-31 2020-11-17 上海雷龙信息科技有限公司 Digital signature method and system based on block chain technology
WO2021042851A1 (en) * 2019-09-06 2021-03-11 平安科技(深圳)有限公司 Data signature method and device for use in blockchain, computer apparatus, and storage medium
CN112632634A (en) * 2020-12-22 2021-04-09 平安普惠企业管理有限公司 Signature data processing method and device, computer equipment and storage medium
CN113505358A (en) * 2021-09-10 2021-10-15 万加合一数字科技集团有限公司 Method for supervising information processing behaviors
CN114679311A (en) * 2022-03-22 2022-06-28 电子科技大学 Block chain-based document data security verification method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546182A (en) * 2012-02-01 2012-07-04 李智虎 Method, system and device for signing electronic contract without trusted third party
CN109472166A (en) * 2018-11-01 2019-03-15 恒生电子股份有限公司 A kind of electronic signature method, device, equipment and medium
CN109543456A (en) * 2018-11-06 2019-03-29 北京新唐思创教育科技有限公司 Block generation method and computer storage medium
CN109639651A (en) * 2018-11-22 2019-04-16 安云印(天津)大数据科技有限公司 Contract based on living body authentication and block chain technology signs authentication method and its system online

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10375057B2 (en) * 2017-01-27 2019-08-06 Visa International Service Association Systems and methods for certificate chain validation of secure elements
CN109462472A (en) * 2017-09-06 2019-03-12 阿里巴巴集团控股有限公司 The methods, devices and systems of data encryption and decryption
CN109167763B (en) * 2018-08-16 2021-05-28 国网浙江省电力有限公司电力科学研究院 Block chain-based electric power industry electronic data preservation method and system
CN109598615A (en) * 2018-11-30 2019-04-09 深圳市链联科技有限公司 A method of the transaction of block chain is participated in entity identities
CN109560939A (en) * 2019-01-29 2019-04-02 张超 A kind of block method and the device out of block chain
CN110175467A (en) * 2019-04-25 2019-08-27 平安科技(深圳)有限公司 Signature file store method, device and computer equipment based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546182A (en) * 2012-02-01 2012-07-04 李智虎 Method, system and device for signing electronic contract without trusted third party
CN109472166A (en) * 2018-11-01 2019-03-15 恒生电子股份有限公司 A kind of electronic signature method, device, equipment and medium
CN109543456A (en) * 2018-11-06 2019-03-29 北京新唐思创教育科技有限公司 Block generation method and computer storage medium
CN109639651A (en) * 2018-11-22 2019-04-16 安云印(天津)大数据科技有限公司 Contract based on living body authentication and block chain technology signs authentication method and its system online

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"网上银行身份认证技术介绍", Retrieved from the Internet <URL:《https://www.fisec.cn/700.html》> *
BOLDEAGLE: "ukey身份认证步骤", Retrieved from the Internet <URL:《http://m.blog.chinaunix.net/uid-9552208-id-4186537.html》> *
NICKNAME_OO: "基于UKey数字证书实现身份认证", Retrieved from the Internet <URL:《基于UKey数字证书实现身份认证》> *
南宁市公共资源交易中心: "电子签章时提示章有效使用日期已过期", Retrieved from the Internet <URL:《http://ggzy.nanning.gov.cn/bszn/cjwtjd/t4327987.html》> *
帅青红: "《电子支付与结算》", 沈阳:东北财经大学出版社, pages: 77 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020215575A1 (en) * 2019-04-25 2020-10-29 平安科技(深圳)有限公司 Blockchain-based signature file saving method and apparatus, and computer device
WO2021042851A1 (en) * 2019-09-06 2021-03-11 平安科技(深圳)有限公司 Data signature method and device for use in blockchain, computer apparatus, and storage medium
CN110569674A (en) * 2019-09-10 2019-12-13 腾讯科技(深圳)有限公司 Block chain network-based authentication method and device
CN110569674B (en) * 2019-09-10 2023-11-17 腾讯科技(深圳)有限公司 Authentication method and device based on block chain network
CN110874747A (en) * 2019-10-16 2020-03-10 支付宝(杭州)信息技术有限公司 Product service data uploading method, product service data storing device, product service data storing equipment and product service data storing medium
CN110795765A (en) * 2019-11-04 2020-02-14 厦门市锁链科技有限公司 Personal mobile block chain operating system based on U shield
CN110795765B (en) * 2019-11-04 2021-09-10 厦门无链之链科技有限公司 Personal mobile block chain operating system based on U shield
CN111010367B (en) * 2019-11-07 2022-11-29 深圳市电子商务安全证书管理有限公司 Data storage method and device, computer equipment and storage medium
CN111010367A (en) * 2019-11-07 2020-04-14 深圳市电子商务安全证书管理有限公司 Data storage method and device, computer equipment and storage medium
CN111209589A (en) * 2019-12-31 2020-05-29 航天信息股份有限公司 Method and system for dynamic data desensitization based on regional chain
CN111953490A (en) * 2020-08-31 2020-11-17 上海雷龙信息科技有限公司 Digital signature method and system based on block chain technology
CN111953490B (en) * 2020-08-31 2023-11-14 上海雷龙信息科技有限公司 Digital signature method and system based on block chain technology
CN112632634A (en) * 2020-12-22 2021-04-09 平安普惠企业管理有限公司 Signature data processing method and device, computer equipment and storage medium
CN112632634B (en) * 2020-12-22 2023-12-29 深圳市赫德创新科技有限公司 Signature data processing method, device, computer equipment and storage medium
CN113505358B (en) * 2021-09-10 2022-06-03 万加合一数字科技集团有限公司 Method for supervising information processing behaviors
CN113505358A (en) * 2021-09-10 2021-10-15 万加合一数字科技集团有限公司 Method for supervising information processing behaviors
CN114679311A (en) * 2022-03-22 2022-06-28 电子科技大学 Block chain-based document data security verification method
CN114679311B (en) * 2022-03-22 2023-04-07 电子科技大学 Block chain-based document data security verification method

Also Published As

Publication number Publication date
WO2020215575A1 (en) 2020-10-29

Similar Documents

Publication Publication Date Title
CN110175467A (en) Signature file store method, device and computer equipment based on block chain
AU2021206913B2 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
CN109325342B (en) Identity information management method, device, computer equipment and storage medium
US9397839B2 (en) Non-hierarchical infrastructure for managing twin-security keys of physical persons or of elements (IGCP/PKI)
CN102420690B (en) Fusion and authentication method and system of identity and authority in industrial control system
CN108564182B (en) Equipment full life cycle management system and method based on block chain technology
CN107025409A (en) A kind of data safety storaging platform
CN104662941B (en) For the method, apparatus and system supporting key to use
CN103490881B (en) Authentication service system, user authentication method, and authentication information processing method and system
US20070067835A1 (en) Remote unblocking with a security agent
CN105022966B (en) Database data encryption decryption method and system
CN109450843B (en) SSL certificate management method and system based on block chain
CN101815091A (en) Cipher providing equipment, cipher authentication system and cipher authentication method
CN110489393A (en) Promise breaking information query method, device, computer equipment and storage medium
Brunner et al. A Comparison of Blockchain-based PKI Implementations.
CN110351185A (en) A kind of distributed electronic mailbox system based on block chain technology
CN109981287A (en) A kind of code signature method and its storage medium
CN110458558A (en) Data encryption method, device and computer equipment based on block chain
CN110298152A (en) It is a kind of protection privacy of user and system safety line on identity management method
CN108334792B (en) Financial industry foreign aid information sharing method and device
CN106257859A (en) A kind of password using method
Kim et al. Can we create a cross-domain federated identity for the industrial Internet of Things without Google?
US10764260B2 (en) Distributed processing of a product on the basis of centrally encrypted stored data
KR101133183B1 (en) A Electron Vote Method for an Individual Information Protection
EP4254234A1 (en) Digital credential issuing for an entity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination