CN111062716B - Method and device for generating block chain signature data and block chain transaction initiating system - Google Patents

Method and device for generating block chain signature data and block chain transaction initiating system Download PDF

Info

Publication number
CN111062716B
CN111062716B CN201911202654.1A CN201911202654A CN111062716B CN 111062716 B CN111062716 B CN 111062716B CN 201911202654 A CN201911202654 A CN 201911202654A CN 111062716 B CN111062716 B CN 111062716B
Authority
CN
China
Prior art keywords
blockchain
signature
block chain
data
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911202654.1A
Other languages
Chinese (zh)
Other versions
CN111062716A (en
Inventor
张阳扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN201911202654.1A priority Critical patent/CN111062716B/en
Publication of CN111062716A publication Critical patent/CN111062716A/en
Application granted granted Critical
Publication of CN111062716B publication Critical patent/CN111062716B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the specification provides a method and a device for generating block chain signature data and a block chain transaction initiating system. The method comprises the following steps: receiving transaction data to be linked up from a service server, wherein the transaction data to be linked up comprises transaction data of a user and a first digital signature, the first digital signature is obtained by encrypting the transaction data by using a first private key in a key device of the user, and the transaction data comprises user identification information; encrypting the transaction data to be uplink with a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature, the blockchain public-private key pair being generated at the blockchain identity management server; and sending block chain signature data to the service server, wherein the block chain signature data comprises the block chain signature and the block chain identity identification of the user.

Description

Method and device for generating block chain signature data and block chain transaction initiating system
Technical Field
The embodiment of the specification relates to the technical field of block chains, in particular to a method and a device for generating block chain signature data and a block chain transaction initiating system.
Background
In some application scenarios of block chaining, a chain public and private key pair in a key device owned by a participant is required to be used for authenticating transaction data, and meanwhile, a public and private key pair corresponding to the identity of the participant on the chain is required to be used for signing and authorizing the transaction data. For example, in some banking-related application scenarios, it is desirable to authenticate each transaction with a key device (e.g., Ukey) issued by the bank to its user. However, the issuing bodies of the key devices owned by the parties differ, the cryptographic algorithms employed by the issuing bodies also differ, and the key algorithms corresponding to the public and private keys on the chain also differ. Therefore, a technique is needed to enable participants to participate smoothly in the blockchain.
Disclosure of Invention
In view of the above, the present specification provides a method and an apparatus for generating blockchain signature data, and a blockchain transaction initiation system.
According to an aspect of embodiments herein, there is provided a method for generating blockchain signature data, the method being performed by a blockchain identity management server, the method comprising: receiving transaction data to be linked up from a service server, wherein the transaction data to be linked up comprises transaction data of a user and a first digital signature, the first digital signature is obtained by encrypting the transaction data by using a first private key in a key device of the user, and the transaction data comprises user identification information; encrypting the transaction data to be uplink with a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature, the blockchain public-private key pair being generated at the blockchain identity management server; and sending block chain signature data to the service server, wherein the block chain signature data comprises the block chain signature and the block chain identity identification of the user.
Optionally, in an example, before encrypting the to-be-uplink transaction data with a blockchain private key of a blockchain public and private key pair corresponding to the user identification information to obtain a blockchain signature, the method may further include: determining a first public key corresponding to the first private key based on the user identification information; and verifying the first digital signature by using the first public key. Encrypting the to-be-uplink transaction data with a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature may comprise: and when the first digital signature passes verification, encrypting the transaction data to be linked by using a block chain private key in a block chain public and private key pair corresponding to the user identification information to obtain a block chain signature.
Optionally, in an example, the number of the blockchain public and private key pairs may be at least two, and encrypting the transaction data to be uplink by using a blockchain private key in the user's blockchain public and private key pair to obtain a blockchain signature may include: and encrypting the transaction data to be uplink by using at least one block chain private key in the at least two public and private key pairs to obtain a block chain signature set, wherein the block chain signature data comprises the block chain signature set.
Optionally, in an example, the blockchain signature data may further include a blockchain public key corresponding to the at least one blockchain private key.
Optionally, in an example, the blockchain signature data may further include signature algorithm information used for encrypting the to-be-uplink transaction data.
According to another aspect of embodiments herein, there is further provided an apparatus for generating blockchain signature data, the apparatus being located at a blockchain identity management server, the apparatus including: the business data receiving unit is used for receiving business data to be linked from a business server, wherein the business data to be linked comprises the business data of a user and a first digital signature, the first digital signature is obtained by encrypting the business data by using a first private key in a secret key device of the user, and the business data comprises user identification information; a blockchain signature generation unit, configured to encrypt the transaction data to be uplink by using a blockchain private key in a blockchain public and private key pair corresponding to the user identification information to obtain a blockchain signature, where the blockchain public and private key pair is generated at the blockchain identity management server; and a block chain signature data sending unit, configured to send block chain signature data to the service server, where the block chain signature data includes the block chain signature and the block chain identity identifier of the user.
Optionally, in an example, the apparatus may further include: a first public key determining unit, configured to determine, based on the user identification information, a first public key corresponding to the first private key before encrypting the to-be-uplink transaction data with a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature; and the first digital signature verification unit verifies the first digital signature by using the first public key. And when the first digital signature passes verification, the block chain signature generation unit encrypts the transaction data to be linked by using a block chain private key in a block chain public and private key pair corresponding to the user identification information to obtain a block chain signature.
Optionally, in an example, the number of the blockchain public and private key pairs may be at least two, and the blockchain signature generation unit may encrypt the to-be-uplink transaction data by using at least one blockchain private key of the at least two public and private key pairs to obtain a blockchain signature set, where the blockchain signature data includes the blockchain signature set.
According to another aspect of embodiments herein, there is also provided a blockchain transaction initiation system, including: a blockchain identity management server, the blockchain identity management device comprising the device as described above; a service server, the service server comprising: the transaction data sending unit is used for sending the transaction data of the user to a service signature authentication system so that the service signature authentication system signs the transaction data by using a first private key in a key device of the user to obtain a first digital signature; a first data signature acquisition unit which acquires the first digital signature from the service signature authentication system; the to-be-uplink transaction data sending unit is used for sending the to-be-uplink transaction data to the block chain identity management server; a block chain signature data acquisition unit that acquires block chain signature data from the block chain identity management server; and a blockchain transaction data sending unit, which sends the blockchain signature data and the transaction data to be linked to the blockchain transaction initiating server, and the blockchain transaction initiating server, wherein the blockchain transaction initiating server comprises: the block chain transaction data acquisition unit is used for acquiring the block chain signature data and the to-be-linked chain transaction data from the service server; the block chain signature data verification unit is used for verifying the block chain signature data by using a public key corresponding to the block chain identity identifier in the block chain signature data; and the block chain transaction initiating unit initiates block chain transaction based on the block chain signature data and the to-be-linked chain transaction data when the block chain signature data passes verification.
Optionally, in an example, the number of the blockchain public and private key pairs may be at least two, the blockchain signature data includes a set of blockchain signature data derived using at least one blockchain private key of the at least two blockchain public and private key pairs, and the blockchain transaction initiating server may further include: the public key acquisition unit is used for acquiring at least one block chain public key corresponding to the at least one block chain private key based on the block chain signature data set; and the public key verification unit verifies the at least one block chain public key based on a preset public key verification rule, and the block chain signature data verification unit verifies the block chain signature data by using the at least one block chain public key when the block chain public key passes verification.
Optionally, in an example, the public key obtaining unit may restore the at least one block chain public key from the block chain signature data set by using a signature algorithm for signing the to-be-uplink transaction data based on the block chain signature data set.
Optionally, in an example, the block chain signature data may further include the at least one block chain public key, and the public key obtaining unit obtains the at least one block chain public key from the block chain signature data.
Optionally, in an example, the blockchain public key of the at least two blockchain public-private key pairs may have a public key weight, and the public key verification unit may verify the at least one blockchain public key based on the public key weight of the at least one blockchain public key and a predetermined weight threshold.
Optionally, in an example, the blockchain transaction initiating server may store a set of blockchain public keys of the user, and the public key verifying unit may verify the at least one blockchain public key based on the at least one blockchain public key and the set of blockchain public keys.
According to another aspect of embodiments of the present specification, there is also provided a computing device including: at least one processor; and a memory storing instructions that, when executed by the at least one processor, cause the at least one processor to perform the method as described above.
According to another aspect of embodiments herein, there is also provided a non-transitory machine-readable storage medium storing executable instructions that, when executed, cause the machine to perform the method as described above.
By using the method, device and system of the embodiment of the specification, the public and private key pair of the blockchain of the user is generated at the blockchain identity management server, and when the transaction data to be linked is obtained, the private key generated at the blockchain identity management server is used for encrypting the transaction data to be linked to obtain the blockchain signature, so that the private key of the blockchain of the user can be independently managed, a participant can smoothly participate in the blockchain system, and the security of the generation process of the blockchain transaction data can be improved.
Drawings
A further understanding of the nature and advantages of the contents of the embodiments of the present specification may be realized by reference to the following drawings. In the drawings, similar components or features may have the same reference numerals. The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the detailed description serve to explain the embodiments of the invention. In the drawings:
fig. 1 illustrates a schematic diagram of an example of an environment that may be used to perform a method for generating blockchain signature data in accordance with embodiments of the present specification;
fig. 2 shows a schematic diagram of an example of a system architecture to perform a method for generating blockchain signature data according to an embodiment of the present specification;
FIG. 3 is a diagram illustrating a blockchain transaction initiation system according to one embodiment of the present description;
fig. 4 is a flow diagram of a method for generating blockchain signature data according to one embodiment of the present description;
fig. 5 is a flowchart of a first signature data verification process and a block chain signature generation process in a method for generating block chain signature data according to another embodiment of the present description;
fig. 6 is a block diagram of a block chain signature data generation apparatus according to an embodiment of the present specification;
FIG. 7 is a block diagram of a business server according to one embodiment of the present description;
FIG. 8 is a block diagram of a blockchain transaction initiation server according to one embodiment of the present description;
fig. 9 is a block diagram of a computing device for implementing a method for generating blockchain signature data according to one embodiment of the present description.
Detailed Description
The subject matter described herein will be discussed with reference to example embodiments. It should be understood that these embodiments are discussed only to enable those skilled in the art to better understand and thereby implement the subject matter described herein, and are not intended to limit the scope, applicability, or examples set forth in the claims. Changes may be made in the function and arrangement of elements discussed without departing from the scope of the embodiments of the disclosure. Various examples may omit, substitute, or add various procedures or components as needed. In addition, features described with respect to some examples may also be combined in other examples.
As used herein, the term "include" and its variants mean open-ended terms in the sense of "including, but not limited to. The term "based on" means "based at least in part on". The terms "one embodiment" and "an embodiment" mean "at least one embodiment". The term "another embodiment" means "at least one other embodiment". The terms "first," "second," and the like may refer to different or the same object. Other definitions, whether explicit or implicit, may be included below. The definition of a term is consistent throughout the specification unless the context clearly dictates otherwise.
The method and apparatus for generating blockchain signature data and the blockchain transaction initiation system according to the embodiments of the present disclosure will now be described with reference to the accompanying drawings.
The block chain is a chain data structure formed by connecting and combining data blocks according to a time sequence, and the data blocks are guaranteed to be not falsifiable and not forged in a cryptographic mode. A block chain includes one or more blocks. Each chunk in the chain of chunks is linked to the immediately preceding chunk in the chain of chunks by including a cryptographic hash of the preceding chunk. Each chunk also includes a timestamp, a cryptographic hash of the chunk, and one or more transactions (transactions). Transactions that have been verified by nodes of the blockchain network are hashed and form a Merkle tree. In a Merkle tree, data at leaf nodes is hashed and, for each branch of the Merkle tree, all hash values of the branch are concatenated at the root of the branch. The above process is performed for the Merkle tree up to the root node of the entire Merkle tree. The root node of the Merkle tree stores a hash value representing all the data in the Merkle tree. When a hash value claims to be a transaction stored in the Merkle tree, a quick verification can be performed by determining whether the hash value is consistent with the structure of the Merkle tree.
A blockchain is a data structure used to store transactions. A blockchain network is a network of computing nodes used to manage, update and maintain one or more blockchain structures. As described above, the blockchain network may include a public blockchain network, a private blockchain network, or a federated blockchain network.
In a public blockchain network, the consensus process is controlled by nodes of the consensus network. For example, there may be thousands of entity co-processes in a public blockchain network, each entity operating at least one node in the public blockchain network. Thus, a public blockchain network may be considered a public network of participating entities. In some examples, most entities (nodes) must sign each chunk in sequence and add the signed chunk to the blockchain of the blockchain network. An example of a public blockchain network may include a particular peer-to-peer payment network. Furthermore, the term "blockchain" does not particularly refer to any particular blockchain.
Public blockchain networks support public transactions. Public transactions are shared among all nodes within a public blockchain network and are stored in a global blockchain. A global blockchain refers to a blockchain that is replicated across all nodes. To achieve consensus (e.g., agree to add blocks to a blockchain), a consensus protocol is implemented within a public blockchain network. Examples of consensus protocols include, but are not limited to: proof of work (POW), proof of rights (POS), and proof of authority (POA). In the embodiments of the present specification, POW is taken as a non-limiting example.
A private blockchain network is provided for a particular entity. The read-write authority of each node in the private blockchain network is strictly controlled. Thus, private blockchain networks, also commonly referred to as licensed networks, limit who is allowed to participate in the network and the level of network participation (e.g., only in certain transaction scenarios). In private blockchain networks, various types of access control mechanisms may be used (e.g., existing participants voting for adding new entities, regulatory body controlled permissions, etc.).
A federation blockchain network is private between participating entities. In a federated blockchain network, the consensus process is controlled by an authorizing node. For example, a federation consisting of several (e.g., 10) entities (e.g., financial institutions, insurance companies) may operate a federated blockchain network, each entity operating at least one node in the federated blockchain network. Thus, a federated blockchain network can be considered a private network of participating entities. In some examples, each participating entity (node) must sign each chunk in sequence and add the chunk to the chain of chunks. In some examples, each tile may be signed by a subset of participating entities (nodes) (e.g., at least 7 entities) and added to the tile chain.
Embodiments of the present specification embodiments are described in detail with reference to a federated blockchain network in the present specification embodiments. However, it is contemplated that embodiments of the present specification can be implemented in any suitable blockchain network.
Blockchains are tamper-resistant shared digital ledgers that record transactions in public or private peer-to-peer networks. Ledgers are distributed to all member nodes in the network and asset transaction histories occurring in the network are permanently recorded in blocks.
The consensus mechanism ensures that all network nodes in the distributed blockchain network perform transactions in the same order and then write the same ledger. The consensus model aims at solving the byzantine problem. In the byzantine problem, components such as servers or network nodes in a distributed blockchain network may fail or intentionally propagate erroneous information to other nodes. Other network nodes have difficulty declaring the component as a failure and excluding it from the blockchain network because they need to agree first on which network node failed first.
Fig. 1 illustrates a schematic diagram of an example of an environment 100 that may be used to perform a method for generating blockchain signature data in accordance with embodiments of the present specification. In some examples, environment 100 enables entities to participate in blockchain network 102. As shown in FIG. 1, environment 100 includes a network 104, and computing devices/ systems 106, 108. In some examples, the network 104 may include a Local Area Network (LAN), a Wide Area Network (WAN), the internet, or a combination thereof, and connects websites, user devices (e.g., computing devices), and backend systems. In some examples, network 104 may be accessed through wired and/or wireless communication links. In some examples, computing devices/ systems 106, 108 communicate with each other over network 104, as well as with blockchain network 102 over network 104, and nodes (or node devices) in blockchain network 102 communicate over network 104. In general, the network 104 represents one or more communication networks. In some cases, the computing devices/ systems 106, 108 may be nodes of a cloud computing system (not shown), or each computing device/ system 106, 108 may be a separate cloud computing system that includes multiple computers interconnected by the network 104 and functions as a distributed processing system.
In the illustrated example, each of the computing devices/ systems 106, 108 may comprise any suitable computing system capable of participating as a node in the blockchain network 102. Examples of computing devices/systems include, but are not limited to, servers, desktop computers, laptops, tablet devices, smartphones, and the like. In some examples, one or more computer-implemented services may be installed on the computing devices/ systems 106, 108 for interacting with the blockchain network 102. For example, the computing device/system 106 may have installed thereon a service of a first entity (e.g., user a), such as a transaction management system used by the first entity to manage its transactions with one or more other entities (e.g., other users). The computing device/system 108 may have installed thereon a service of a second entity (e.g., user B), such as a transaction management system used by the second entity to manage its transactions with one or more other entities (e.g., other users). In the example of fig. 1, the blockchain network 102 is represented as a peer-to-peer network of nodes, and the computing devices/ systems 106, 108 act as nodes for first and second entities participating in the blockchain network 102, respectively.
Fig. 2 shows a schematic diagram of an example of a system architecture 200 that performs a method for generating blockchain signature data according to an embodiment of the present description. An example of system architecture 200 includes participant systems 202, 204, 206 corresponding to participant a, participant B, and participant C, respectively. Each participant (e.g., user, enterprise) participates in blockchain network 212, which is provided as a peer-to-peer network. The blockchain network 212 includes a plurality of nodes 214, wherein at least some of the nodes 214 record information in blockchain 216, and the recorded information is not alterable. Although a single blockchain 216 is schematically shown within blockchain network 212, multiple copies of blockchain 216 may be provided and maintained in blockchain network 212, as described in detail later.
In the illustrated example, each participant system 202, 204, 206 is provided by or as participant a, participant B, and participant C, respectively, and acts as a corresponding node 214 within the blockchain network 212. As used herein, a node generally refers to a single system (e.g., computer, server) that is connected to the blockchain network 212 and enables the respective participants to participate in the blockchain network. In the example shown in fig. 2, a participant corresponds to each node 214. However, one participant may operate multiple nodes 214 within blockchain network 212, and/or multiple participants may share a single node 214. In some examples, the participant systems 202, 204, 206 communicate with the blockchain network 212 using a protocol (e.g., hypertext transfer protocol secure (HTTPS)) and/or using Remote Procedure Calls (RPCs), or communicate over the blockchain network 212.
The node 214 may have different participation in the blockchain network 212. For example, some nodes 214 may participate in the consensus process (e.g., as miners' nodes that add tiles to the blockchain 216), while other nodes 214 do not participate in the consensus process. As another example, some nodes 214 store a full copy of blockchain 216, while other nodes 214 store only partial copies of blockchain 216. In the example of fig. 2, the participant systems 202, 204, 206 each store a complete copy 216', 216 "' of the chain of blocks 216.
A block chain (e.g., block chain 216 in fig. 2) consists of a series of blocks, each of which stores data. Examples of data may include transaction data representing transactions between two or more parties. In the present specification embodiments, transactions are used as non-limiting examples, and it is contemplated that any suitable data may be stored in the blockchain (e.g., documents, images, video, audio). Examples of transactions may include, but are not limited to, exchanging things of value (e.g., assets, products, services, and currency, etc.). Transaction data is unalterably stored in the blockchain.
The transaction data is hashed prior to storage in the block. The hash process is a process of converting transaction data (provided as character string data) into a hash value of a fixed length (also provided as character string data). After the transaction data is subjected to the hash processing, even if slight change occurs in the transaction data, completely different hash values can be obtained. The hash value is typically generated by hashing the transaction data using a hash function. Examples of hash functions include, but are not limited to, Secure Hash Algorithm (SHA) -256, which outputs a 256-bit hash value.
Transaction data for a plurality of transactions may be stored in the block after being hashed. For example, two transaction data are hashed to obtain two hash values, and then the two obtained hash values are hashed again to obtain another hash value. This process is repeated until a single hash value is obtained for all transactions to be stored in the block. This hash value is called a Merkle root hash and is stored at the head of the chunk. Any change to a transaction will cause its hash value to change, eventually causing the Merkle root hash value to change.
The blocks are added to the block chain by a consensus protocol. Multiple nodes in a blockchain network participate in a consensus protocol and add blocks to the blockchain after contention. Such nodes are referred to as miner nodes (or accounting nodes). The POW introduced above is used as a non-limiting example.
The miner node performs a consensus process to add the transaction (the corresponding tile) to the chain of tiles. Although multiple miner nodes participate in the consensus process, only one miner node may write a block into the blockchain. That is, the miners nodes compete in the consensus process to add their blocks to the blockchain. In more detail, the miner node periodically collects pending transactions from the transaction pool (e.g., until a predetermined limit, if any, on the number of transactions that may be included in the block is reached). The transaction pool includes transaction messages from participants in the blockchain network. The miner node creates a block and adds the transaction to the block. Before adding a transaction to a block, the miner node checks whether there is a transaction in the block of the blockchain in the transaction to be added. If the transaction has been added to another block, the transaction will be discarded.
The mineworker node generates a chunk header, hashes all transactions in the chunk, and combines the hash values in pairs to generate further hash values until a single hash value (Merkle root hash) is obtained for all transactions in the chunk. The Merkle root hash is then added to the chunk header. The miners also determine the hash value of the latest chunk in the blockchain (i.e., the last chunk added to the blockchain). The mineworker node may also add a random value (a noune value) and a timestamp in the block header. During the mining process, the miners' nodes attempt to find hash values that satisfy the required parameters. The mineworker node continually changes the nonce value until a hash value is found that meets the required parameters.
Each miner in the blockchain network attempts to find a hash value that satisfies the required parameters and competes with each other in this manner. Finally, one miner node finds a hash value that satisfies the required parameters and advertises the hash value to all other miner nodes in the blockchain network. Other miners nodes verify the hash value, and if determined to be correct, verify each transaction in the block, accept the block, and append the block to their blockchain copy. In this way, the global state of the blockchain is made consistent across all miner nodes within the blockchain network. The above process is a POW consensus protocol.
In the example provided in fig. 2, party a wants to send a certain amount of funds to party B. Party a generates a transaction message and sends the transaction message to the blockchain network, which is added to the transaction pool. Each mineworker node in the blockchain network creates a block and obtains transactions from the transaction pool and adds the transactions to the block. In this manner, the transaction issued by party a is added to the block of the miner node.
In some blockchain networks, cryptographic techniques are implemented to maintain privacy of transactions. For example, if two nodes want to maintain transaction privacy so that other nodes in the blockchain network cannot learn the transaction details, the nodes may encrypt the transaction data. Examples of encryption methods include, but are not limited to, symmetric encryption and asymmetric encryption. Symmetric encryption refers to an encryption process that uses a single key for both encryption (to generate ciphertext from plaintext) and decryption (to generate plaintext from ciphertext). In symmetric encryption, multiple nodes may use the same key, so each node may encrypt/decrypt transaction data.
Asymmetric encryption refers to encryption using a key pair. Each key pair comprises a private key and a public key, the private key being known only to the respective node, and the public key being known to any or all other nodes in the blockchain network. A node may encrypt data using a public key of another node and may decrypt the encrypted data using a private key of the other node. For example, refer again to fig. 1. Party a may encrypt data using party B's public key and send the encrypted data to party B. Messages encrypted using a node's public key can only be decrypted using the node's private key.
Asymmetric encryption is used to provide a digital signature that enables a party in a transaction to confirm the validity of other parties in the transaction and the transaction. For example, a node may digitally sign a message, and another node may confirm that the message was sent by the node based on the digital signature of party a. Digital signatures can also be used to ensure that messages are not tampered with during transmission. For example, refer again to fig. 1. Party a will send a message to party B. Party a generates a hash value of the message and then encrypts the hash value using its private key to generate a digital signature. Party a attaches the digital signature to the message and sends the message with the digital signature to party B. Party B decrypts the digital signature using party a's public key, thereby decrypting the corresponding hash value. Party B hashes the received message to get another hash value and then compares the two hash values. If the hash values are the same, party B can confirm that the message is indeed from party A and has not been tampered with.
Fig. 3 is a diagram for explaining a blockchain transaction initiating system according to one embodiment of the present specification.
As shown in fig. 3, the blockchain transaction initiation system 320 includes a blockchain identity management server 321, a business server 322, and a blockchain transaction initiation server.
When a user wants to initiate a transaction, the transaction data may be sent to the service server 322, for example, the user may fill the transaction data in a service platform corresponding to the service server 322, and the transaction data may include information such as a transaction amount, a transaction object, a bank account number used for settlement, and the like. When the transaction data is obtained, the transaction server 322 may send the transaction data to the transaction signature authentication system 310 at P302, so that the transaction data is authenticated by the transaction signature authentication system.
The service signature authentication system 310 may be, for example, an internet banking system corresponding to a bank account. In other application scenarios, the system can be any system for signature authentication of transaction data. As an example, after the business server 322 sends the transaction data to the online banking system, the online banking system may generate an online banking transaction work order from the transaction data, and display the transaction data on an online banking page. And then the online banking system can send the website information corresponding to the online banking page to the service server, so that the service server displays the website of the corresponding page in the service platform. The user can access the online banking page through the page address displayed by the service platform, so as to confirm whether the transaction data displayed on the online banking page is correct. When the transaction data is confirmed to be correct, the user may provide the computing device used by the user with a key device issued by the user, so that the transaction data may be encrypted with a private key in the key device to generate a first digital signature. The user's key device is a device used to authenticate the user's identity and sign transaction data. A public and private key pair corresponding to the service signature authentication system is stored in the key device. The key device may be, for example, Ukey. When the service signature authentication system is another system, the key device may also be any other form of key device.
After generating the first digital signature, at P304, service signature authentication system 310 sends the first digital signature data to service server 322. Then, the service server 322 may assemble the first signature data and the transaction data into to-be-uplink transaction data, and send the to-be-uplink transaction data to the blockchain identity management server 321 at P306.
After receiving the to-be-uplink transaction data, the blockchain identity management server 321 signs the to-be-uplink transaction data to generate a blockchain transaction signature. The process of generating blockchain transaction signatures will be described below with reference to fig. 4 and 5. Then, at P308, the blockchain identity management server 321 sends blockchain transaction signature data including the generated blockchain transaction signature and the user's blockchain identity to the business server 322.
After receiving the blockchain signature data, the service server 322 sends the blockchain signature data and the to-be-uplink transaction data to the blockchain transaction initiation server 323 in P310. After receiving the blockchain signature data and the to-be-uplink transaction data, the blockchain transaction initiation server 323 initiates a blockchain transaction based on the received blockchain transaction signature data and the to-be-uplink transaction data. Blockchain transaction initiation server 323 may be located at node 214 as shown in fig. 2. In one example, blockchain transaction initiation server 323 may include an intelligent contract element. After verifying the blockchain transaction signature data, the blockchain transaction initiation server 323 may send the transaction data in the to-be-linked transaction data to the intelligent contract unit, so that the intelligent contract unit executes the corresponding transaction.
The structure of each server in fig. 3 will be explained below with reference to the drawings. Next, a method of generating blockchain signature data executed by the blockchain identity management server 321 will be described with reference to fig. 4 and 5.
Fig. 4 is a flow diagram of a method for generating blockchain signature data according to one embodiment of the present description.
At block 420, to-be-uplink transaction data is received from the service server, the to-be-uplink transaction data including transaction data of the user and the first digital signature. The first digital signature is obtained by encrypting the transaction data using a first private key in the user's key device. The first digital signature may be generated by a traffic signature authentication server as shown in fig. 3. The first private key may be, for example, a private key in a Ukey.
The transaction data includes user identification information, which may be any information capable of uniquely identifying the user, such as transaction initiator information or a user's bank account number. In one example, the transaction data may include an identification of the user registered with the service platform.
After acquiring the to-be-uplink transaction data, at block 440, the to-be-uplink transaction data is encrypted using the blockchain private key of the blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature. A blockchain public-private key pair is generated at a blockchain identity management server.
As an example, when a user registers a blockchain identity, the traffic signature authentication system may send key device identification information to the blockchain identity management server. The key device identification information may include a first public key in the key device corresponding to the first private key, and may further include a key device serial number and the like. For example, the internet banking system may confirm the application for accessing the blockchain transaction initiating system as a transaction by the user, and the user may provide the Ukey when confirming that the transaction data is correct. And then the Ukey can send the first public key, the Ukey serial number and the like to the online banking system, and the online banking system can send the acquired identification information such as the first public key, the Ukey serial number and the like to the block chain identity management server. The blockchain identity management server may then generate a blockchain identity as an identity of a user transacting in the blockchain corresponding to the received key device identification information and generate a blockchain public-private key pair as a public-private key pair for use by the user transacting in the blockchain. In one example, the blockchain identity management server may generate a blockchain identity and blockchain public-private key pair based on the key device identification information. In another example, the blockchain identity management server may randomly generate a string and then generate a blockchain identity management server and blockchain public-private key pair based on the generated string.
The blockchain public key and the blockchain identity in the blockchain public-private key pair generated by the blockchain identity management server may be sent to the blockchain transaction initiation server. The blockchain transaction initiation server may also send the blockchain identity and the blockchain public key to other blockchain nodes in the blockchain system to complete blockchain identity registration. A blockchain private key in a blockchain public-private key pair generated by a blockchain identity management server is stored in the blockchain identity management server. Since the blockchain private key is generated at the blockchain identity management server, it is not known by any other entity, enhancing the security of the blockchain private key.
After generating the blockchain transaction signature, at block 460, blockchain signature data is sent to the traffic server, the blockchain signature data including the blockchain signature and the blockchain identity of the user. After receiving the blockchain signature data, the service server may send the blockchain signature data and the to-be-uplink transaction data to the blockchain transaction initiation server to initiate the blockchain transaction.
By the embodiment, the service server is used as a transmitting and receiving main body of the service data, and the signature authorization of the service is executed by the blockchain identity management server, so that the transmitting and receiving processes of the service data and the signature authorization of the service data are distributed to different entities to be executed. Therefore, the malicious behavior of the business server in the process of forwarding the business data can be avoided, so that the information risk can be reduced, and the safety of the generation process of the block chain transaction signature data can be improved.
In one example, the user's blockchain public-private key pair number may be at least two. At this time, the transaction data to be linked up may be encrypted by at least one blockchain private key of at least two public and private key pairs to obtain a blockchain signature set. The blockchain signature set and blockchain identity may then be sent to the traffic server as blockchain signature data. For example, at least two blockchain public-private key pairs may be generated for a user when the user applies for registration of blockchain identities. When the transaction data to be linked up is received, the transaction data to be linked up can be encrypted by using one or more block chain private keys to obtain one or more block chain signatures, and each block chain signature is assembled into a block chain signature set.
The respective blockchain public-private key pair may have a weight. The blockchain public-private key pair used for signing can be selected by the blockchain identity management server according to a preset strategy. The public key in each blockchain public-private key pair may have a public key weight corresponding to the blockchain public-private key pair. In this example, the blockchain signature data sent to the traffic server may further include a blockchain public key corresponding to at least one blockchain private key used to generate the set of blockchain signature data for the blockchain transaction initiating server to perform the blockchain signature verification.
When verifying the blockchain signature, the blockchain transaction initiation server needs to use an encryption algorithm used for generating the blockchain signature. In one example, the encryption algorithm may be agreed upon in advance and the blockchain transaction initiating server notified. In another example, the encryption algorithm used may not be fixed. At this time, the blockchain signature data may further include signature algorithm information used for encrypting the to-be-uplink transaction data, so as to be used for the blockchain transaction initiation server to perform blockchain signature verification. In another example, the encryption algorithm information may also be sent by the blockchain identity management server to the blockchain initiating server.
Fig. 5 is a flowchart of a first signature data verification process and a block chain signature generation process in a method for generating block chain signature data according to another embodiment of the present specification.
As shown in fig. 5, at block 520, a first public key corresponding to the first private key is determined based on the user identification information. When the user applies for registering the blockchain identity, the user identity and the first public key may be sent to the blockchain identity management server. The blockchain identity management server may store index information between the user identification and the first public key. When the to-be-uplink transaction data is received, the user identification information can be obtained from the transaction data in the to-be-uplink transaction data, and the first public key is obtained based on the user identification information and the index information. In another example, when the blockchain identity management server receives the transaction data, the first public key may be requested from the traffic signature authentication system based on the user identification information. In another example, the traffic signature authentication system may send the first public key with the first digital signature to the traffic server, and then the traffic server may send the first public key with the first digital signature to the blockchain identity management server.
The first digital signature is then verified using the first public key at block 540 and a determination is made as to whether the first digital signature verifies at block 560.
When the first digital signature is verified, at block 560, the transaction data to be uplinked is encrypted using a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature.
By the embodiment, the first digital signature is verified before the block chain signature is generated, so that the user identity can be verified before the block chain signature is generated, and the transaction safety is further improved.
Fig. 6 is a block diagram of a block chain signature data generation apparatus according to an embodiment of the present specification. As shown in fig. 6, the block chain signature data generating apparatus 600 includes a to-be-uplink transaction data receiving unit 610, a first public key determining unit 620, a first digital signature verifying unit 630, a block chain signature generating unit 640, and a block chain signature data transmitting unit 650.
The pending uplink transaction data receiving unit 610 receives the pending uplink transaction data from the service server. The to-be-linked transaction data comprises transaction data of a user and a first digital signature, and the transaction data comprises user identification information. The first digital signature is obtained by encrypting the transaction data using a first private key in a key device of the user. Upon receiving the to-be-uplink transaction data, the first public key determining unit 620 determines a first public key corresponding to the first private key based on the user identification information. Then, the first digital signature verification unit 630 verifies the first digital signature using the first public key.
When the first digital signature verification passes, the blockchain signature generation unit 620 encrypts the transaction data to be uplink transmitted by using a blockchain private key in a blockchain public and private key pair corresponding to the user identification information to obtain a blockchain signature. A blockchain public-private key pair is generated at a blockchain identity management server. After generating the blockchain signature, the blockchain signature data sending unit 650 sends the blockchain signature data to the service server, where the blockchain signature data includes the blockchain signature and the blockchain identity of the user.
In another example, the block chain signature data generation apparatus may not include the first public key determination unit and the first digital signature verification unit. In this example, the blockchain signature generation unit 640 may encrypt the to-be-uplink transaction data using a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature when the to-be-uplink transaction data is received.
In one example, the number of the blockchain public and private key pairs may be at least two, and the blockchain signature generation unit may encrypt the transaction data to be uplink by using at least one blockchain private key of the at least two public and private key pairs to obtain a blockchain signature set, where the blockchain signature data includes the blockchain signature set.
Fig. 7 is a block diagram of a service server according to an embodiment of the present specification. As shown in fig. 7, the service server 700 includes a transaction data sending unit 710, a first data signature obtaining unit 720, a to-be-uplink transaction data sending unit 730, a block chain signature data obtaining unit 740, and a block chain transaction data sending unit 750.
The transaction data sending unit 710 sends the transaction data of the user to the service signature authentication system, so that the service signature authentication system signs the transaction data by using a first private key in a key device of the user to obtain a first digital signature. The service signature authentication system may send the first digital signature to the service server after generating the first digital signature. Then, the first data signature acquisition unit 720 acquires a first digital signature from the service signature authentication system. After acquiring the first digital signature, the to-be-uplink transaction data sending unit 730 sends the to-be-uplink transaction data including the first digital signature and the transaction data to the blockchain identity management server.
The blockchain identity management server may include the blockchain signature data generation device as described above, so that the blockchain signature data may be generated by the blockchain signature data generation device and the generated blockchain signature data may be transmitted to the service server. Then, the blockchain signature data acquisition unit 740 acquires blockchain signature data from the blockchain identity management server. After obtaining the blockchain signature data, the blockchain transaction data sending unit 750 sends the blockchain signature data and the to-be-linked chain transaction data to the blockchain transaction initiation server, so that the blockchain transaction initiation server initiates the blockchain transaction.
Fig. 8 is a block diagram of a blockchain transaction initiation server according to one embodiment of the present description. As shown in fig. 8, the blockchain transaction initiation server 800 includes a blockchain transaction data acquisition unit 810, a public key acquisition unit 820, a public key verification unit 830, a blockchain signature data verification unit 840, and a blockchain transaction initiation unit 850.
The blockchain transaction data obtaining unit 810 obtains blockchain signature data and to-be-linked transaction data from the service server. In this example, the number of blockchain public-private key pairs may be at least two. The blockchain signature data may include a set of blockchain signature data derived using at least one blockchain private key of the at least two blockchain public and private key pairs. The public key obtaining unit 820 may obtain at least one blockchain public key corresponding to at least one blockchain private key based on the blockchain signature data set. The public key corresponding to each blockchain signature in the blockchain signature data set may be included in the blockchain signature data and sent to the service server, and then sent to the blockchain transaction initiation server by the service server. So that the public key obtaining unit 820 can obtain each public key from the blockchain signature data. In another example, public key acquisition unit 820 may recover respective blockchain public keys from respective blockchain signatures in the blockchain signature data set using a signature algorithm used to generate the blockchain signatures. The signature algorithm may be obtained from a blockchain transaction initiation server. In one example, signature algorithm information may be included in the blockchain signature data such that the blockchain transaction initiating server may recover the public key using the signature algorithm indicated by the signature algorithm information.
After obtaining the blockchain public key corresponding to each blockchain signature, the public key verification unit 830 verifies at least one blockchain public key based on a predetermined verification rule. The blockchain public keys in the respective blockchain public-private key pairs may have public key weights. The public key verifying unit 830 may determine that the public key passes verification when the sum of the public key weights of the respective public keys is not less than a predetermined threshold. In another example, individual blockchain public keys in individual blockchain public-private key pairs for a user may be stored at a blockchain transaction initiation server in the form of a set of public keys. The public key verification unit 820 may verify the at least one blockchain public key based on the obtained at least one blockchain public key and the set of blockchain public keys. For example, it may be determined that the public key verification is passed when the number of blockchain public keys corresponding to the blockchain signature set is not lower than a predetermined number and each blockchain public key is included in the locally stored public key set. When the at least one public key of the block chain passes the verification, the block chain signature data verification unit 840 verifies the block chain signature data by using the at least one public key of the block chain. When the verification of the blockchain signature data passes, the blockchain transaction initiation unit 850 initiates a blockchain transaction based on the blockchain signature data and the to-be-linked chain transaction data.
In another example, a user may have a blockchain public-private key pair, and the blockchain public key in the blockchain public-private key pair may be stored at the blockchain transaction initiating server. At this time, the blockchain transaction initiating server may not include the public key obtaining unit and the public key verifying unit. The blockchain signature data verification unit 820 may verify the blockchain signature data using a public key corresponding to the blockchain identity in the blockchain signature data.
Embodiments of a method and an apparatus for generating blockchain signature data and a blockchain transaction initiation system according to embodiments of the present disclosure are described above with reference to fig. 1 to 8. The details mentioned in the above description of the method embodiments apply equally to the embodiments of the device of the embodiments of the present description.
The apparatus for generating block chain signature data in the embodiments of the present specification may be implemented by hardware, or may be implemented by software, or a combination of hardware and software. The various embodiments in this specification are described in a progressive manner, with like reference to each other.
The apparatus for generating block chain signature data in the embodiments of the present specification may be implemented by hardware, or may be implemented by software, or a combination of hardware and software. The software implementation is taken as an example, and is formed by reading corresponding computer program instructions in the storage into the memory for operation through the processor of the device where the software implementation is located as a logical means. In the embodiments of the present specification, the apparatus for generating block chain signature data may be implemented by a computing device, for example.
Fig. 9 is a block diagram of a computing device for implementing a method for generating blockchain signature data according to one embodiment of the present description. As shown in fig. 9, computing device 900 includes a processor 910, a storage 920, a memory 930, a communication interface 940, and an internal bus 950, and the processor 910, the storage (e.g., non-volatile storage) 920, the memory 930, and the communication interface 940 are connected together via a bus 550. According to one embodiment, computing device 900 may include at least one processor 910, the at least one processor 910 executing at least one computer-readable instruction (i.e., an element described above as being implemented in software) stored or encoded in a computer-readable storage medium (i.e., memory 920).
In one embodiment, computer-executable instructions are stored in the memory 920 that, when executed, cause the at least one processor 910 to: receiving transaction data to be linked up from a service server, wherein the transaction data to be linked up comprises transaction data of a user and a first digital signature, the first digital signature is obtained by encrypting the transaction data by using a first private key in a key device of the user, and the transaction data comprises user identification information; encrypting the transaction data to be uplink with a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature, the blockchain public-private key pair being generated at the blockchain identity management server; and sending block chain signature data to the service server, wherein the block chain signature data comprises the block chain signature and the block chain identity identification of the user.
It should be appreciated that the computer-executable instructions stored in the memory 620, when executed, cause the at least one processor 910 to perform the various operations and functions described above in connection with fig. 4-6 in the various embodiments of the present specification.
According to one embodiment, a program product, such as a non-transitory machine-readable medium, is provided. A non-transitory machine-readable medium may have instructions (i.e., elements described above as being implemented in software) that, when executed by a machine, cause the machine to perform various operations and functions described above in connection with fig. 4-6 in various ones of the embodiments of the present specification.
Specifically, a system or apparatus may be provided which is provided with a readable storage medium on which software program code implementing the functions of any of the above embodiments is stored, and causes a computer or processor of the system or apparatus to read out and execute instructions stored in the readable storage medium.
In this case, the program code itself read from the readable medium can realize the functions of any of the above-described embodiments, and thus the machine-readable code and the readable storage medium storing the machine-readable code form part of the present invention.
Examples of the readable storage medium include floppy disks, hard disks, magneto-optical disks, optical disks (e.g., CD-ROMs, CD-R, CD-RWs, DVD-ROMs, DVD-RAMs, DVD-RWs), magnetic tapes, nonvolatile memory cards, and ROMs. Alternatively, the program code may be downloaded from a server computer or from the cloud via a communications network.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Not all steps and elements in the above flows and system structure diagrams are necessary, and some steps or elements may be omitted according to actual needs. The execution order of the steps is not fixed, and can be determined as required. The apparatus structures described in the above embodiments may be physical structures or logical structures, that is, some units may be implemented by the same physical entity, or some units may be implemented by a plurality of physical entities, or some units may be implemented by some components in a plurality of independent devices.
The term "exemplary" used throughout this specification means "serving as an example, instance, or illustration," and does not mean "preferred" or "advantageous" over other embodiments. The detailed description includes specific details for the purpose of providing an understanding of the described technology. However, the techniques may be practiced without these specific details. In some instances, well-known structures and devices are shown in block diagram form in order to avoid obscuring the concepts of the described embodiments.
Although the embodiments of the present disclosure have been described in detail with reference to the accompanying drawings, the embodiments of the present disclosure are not limited to the specific details of the embodiments, and various simple modifications may be made to the technical solutions of the embodiments of the present disclosure within the technical concept of the embodiments of the present disclosure, and all of them fall within the scope of the embodiments of the present disclosure.
The previous description of the contents of the embodiments of the present specification is provided to enable any person skilled in the art to make or use the contents of the embodiments of the present specification. Various modifications to the disclosure of the embodiments herein will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the scope of the embodiments herein. Thus, the present specification embodiments are not intended to be limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (16)

1. A method for generating blockchain signature data, the method being performed by a blockchain identity management server, the method comprising:
receiving transaction data to be linked up from a service server, wherein the transaction data to be linked up comprises transaction data of a user and a first digital signature, the first digital signature is obtained by encrypting the transaction data by using a first private key in a key device of the user, the transaction data comprises user identification information, and the transaction data is obtained by the service server;
encrypting the transaction data to be uplink with a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature, the blockchain public-private key pair being generated at the blockchain identity management server; and
sending the blockchain signature data to the service server so that the service server sends the blockchain signature data and the to-be-uplink transaction data to a blockchain transaction initiation server to initiate blockchain transactions, wherein the blockchain signature data comprises the blockchain signature and a blockchain identity of the user,
the blockchain public and private key pair is generated by the blockchain identity management server based on key device identification information, wherein the key device identification information comprises a first public key corresponding to the first private key in the key device and a key device serial number.
2. The method of claim 1, wherein prior to encrypting the to-be-uplink transaction data with a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature, the method further comprises:
determining a first public key corresponding to the first private key based on the user identification information;
verifying the first digital signature using the first public key,
encrypting the to-be-uplink transaction data with a blockchain private key of a blockchain public and private key pair corresponding to the user identification information to obtain a blockchain signature comprises:
and when the first digital signature passes verification, encrypting the transaction data to be linked by using a block chain private key in a block chain public and private key pair corresponding to the user identification information to obtain a block chain signature.
3. The method of claim 1, wherein the number of blockchain public-private key pairs is at least two, and encrypting the transaction data to be uplink with a blockchain private key of the user's blockchain public-private key pair to obtain a blockchain signature comprises:
and encrypting the transaction data to be uplink by using at least one block chain private key in at least two block chain public and private key pairs to obtain a block chain signature set, wherein the block chain signature data comprises the block chain signature set.
4. The method of claim 3, wherein the blockchain signature data further includes a blockchain public key to which the at least one blockchain private key corresponds.
5. The method of claim 1, wherein the blockchain signature data further comprises signature algorithm information used for encrypting the to-be-uplink transaction data.
6. An apparatus for generating blockchain signature data at a blockchain identity management server, the apparatus comprising:
the business server comprises a to-be-uplink transaction data receiving unit, a to-be-uplink transaction data receiving unit and a business server, wherein the to-be-uplink transaction data comprises transaction data of a user and a first digital signature, the first digital signature is obtained by encrypting the transaction data by using a first private key in a secret key device of the user, the transaction data comprises user identification information, and the transaction data is obtained by the business server;
a blockchain signature generation unit, configured to encrypt the transaction data to be uplink by using a blockchain private key in a blockchain public and private key pair corresponding to the user identification information to obtain a blockchain signature, where the blockchain public and private key pair is generated at the blockchain identity management server; and
a block chain signature data sending unit, configured to send block chain signature data to the service server, so that the service server sends the block chain signature data and the to-be-uplink-linked transaction data to a block chain transaction initiation server to initiate a block chain transaction, where the block chain signature data includes the block chain signature and a block chain identity of the user,
the blockchain public and private key pair is generated by the blockchain identity management server based on key device identification information, wherein the key device identification information comprises a first public key corresponding to the first private key in the key device and a key device serial number.
7. The apparatus of claim 6, further comprising:
a first public key determining unit, configured to determine, based on the user identification information, a first public key corresponding to the first private key before encrypting the to-be-uplink transaction data with a blockchain private key of a blockchain public-private key pair corresponding to the user identification information to obtain a blockchain signature;
a first digital signature verification unit that verifies the first digital signature using the first public key,
and when the first digital signature passes verification, the block chain signature generation unit encrypts the transaction data to be linked by using a block chain private key in a block chain public and private key pair corresponding to the user identification information to obtain a block chain signature.
8. The apparatus of claim 7, wherein the number of blockchain public-private key pairs is at least two, the blockchain signature generation unit:
and encrypting the transaction data to be uplink by using at least one block chain private key in at least two block chain public and private key pairs to obtain a block chain signature set, wherein the block chain signature data comprises the block chain signature set.
9. A blockchain transaction initiation system includes
A blockchain identity management server, the blockchain identity management device comprising the apparatus of any one of claims 6 to 8;
a service server, the service server comprising:
the transaction data sending unit is used for sending the transaction data of the user to a service signature authentication system so that the service signature authentication system signs the transaction data by using a first private key in a key device of the user to obtain a first digital signature;
a first data signature acquisition unit which acquires the first digital signature from the service signature authentication system;
the to-be-uplink transaction data sending unit is used for sending the to-be-uplink transaction data to the block chain identity management server;
a block chain signature data acquisition unit that acquires block chain signature data from the block chain identity management server; and
a block chain transaction data sending unit, which sends the block chain signature data and the transaction data to be linked to the block chain transaction initiating server,
and
a blockchain transaction initiation server, the blockchain transaction initiation server comprising:
the block chain transaction data acquisition unit is used for acquiring the block chain signature data and the to-be-linked chain transaction data from the service server;
the block chain signature data verification unit is used for verifying the block chain signature data by using a public key corresponding to the block chain identity identifier in the block chain signature data; and
and the block chain transaction initiating unit initiates block chain transaction based on the block chain signature data and the transaction data to be linked when the block chain signature data passes verification.
10. The system of claim 9, the number of blockchain public and private key pairs being at least two, the blockchain signature data comprising a set of blockchain signature data derived using at least one blockchain private key of the at least two blockchain public and private key pairs, the blockchain transaction initiation server further comprising:
the public key acquisition unit is used for acquiring at least one block chain public key corresponding to the at least one block chain private key based on the block chain signature data set; and
a public key verification unit verifying the at least one blockchain public key based on a predetermined public key verification rule,
and when the verification of the at least one block chain public key is passed, the block chain signature data verification unit verifies the block chain signature data by using the at least one block chain public key.
11. The system according to claim 10, wherein the public key obtaining unit recovers the at least one blockchain public key from the blockchain signature data set by using a signature algorithm for signing the transaction data to be uplink based on the blockchain signature data set.
12. The system according to claim 10, wherein the blockchain signature data further includes the at least one blockchain public key, and the public key obtaining unit obtains the at least one blockchain public key from the blockchain signature data.
13. The system of claim 10, wherein the blockchain public keys in the at least two blockchain public-private key pairs have public key weights, the public key verification unit verifying the at least one blockchain public key based on the public key weights of the at least one blockchain public key and a predetermined weight threshold.
14. The system of claim 10, wherein the blockchain transaction initiating server has stored at it a set of blockchain public keys of the user, the public key verifying unit verifying the at least one blockchain public key based on the at least one blockchain public key and the set of blockchain public keys.
15. A computing device, comprising:
at least one processor; and
a memory storing instructions that, when executed by the at least one processor, cause the at least one processor to perform the method of any one of claims 1 to 5.
16. A machine-readable storage medium storing executable instructions that, when executed, cause the machine to perform the method of any one of claims 1 to 5.
CN201911202654.1A 2019-11-29 2019-11-29 Method and device for generating block chain signature data and block chain transaction initiating system Active CN111062716B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911202654.1A CN111062716B (en) 2019-11-29 2019-11-29 Method and device for generating block chain signature data and block chain transaction initiating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911202654.1A CN111062716B (en) 2019-11-29 2019-11-29 Method and device for generating block chain signature data and block chain transaction initiating system

Publications (2)

Publication Number Publication Date
CN111062716A CN111062716A (en) 2020-04-24
CN111062716B true CN111062716B (en) 2021-06-22

Family

ID=70299380

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911202654.1A Active CN111062716B (en) 2019-11-29 2019-11-29 Method and device for generating block chain signature data and block chain transaction initiating system

Country Status (1)

Country Link
CN (1) CN111062716B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111612458A (en) * 2020-04-30 2020-09-01 深圳壹账通智能科技有限公司 Method and device for processing block chain data and readable storage medium
CN111342963A (en) * 2020-05-15 2020-06-26 支付宝(杭州)信息技术有限公司 Data uplink method, data storage method and device
CN111628871B (en) * 2020-05-28 2021-09-03 广东工业大学 Block chain transaction processing method and device, electronic equipment and storage medium
CN111783136A (en) * 2020-06-17 2020-10-16 联想(北京)有限公司 Data protection method, device, equipment and storage medium
CN111832046B (en) * 2020-07-02 2024-02-23 中通服创发科技有限责任公司 Trusted data certification method based on blockchain technology
CN112000731A (en) * 2020-07-16 2020-11-27 北京三快在线科技有限公司 Data processing method and device, electronic equipment and storage medium
CN111953490B (en) * 2020-08-31 2023-11-14 上海雷龙信息科技有限公司 Digital signature method and system based on block chain technology
CN112187466B (en) * 2020-09-01 2023-05-12 深信服科技股份有限公司 Identity management method, device, equipment and storage medium
CN112150148A (en) * 2020-09-24 2020-12-29 普华云创科技(北京)有限公司 Enterprise asset protection method and system based on block chain technology
CN112182609B (en) * 2020-09-25 2024-02-02 中国建设银行股份有限公司 Block chain-based data uplink storage method, block chain-based data uplink traceability device and block chain-based data uplink traceability device
CN112184441B (en) * 2020-09-29 2024-01-19 平安科技(深圳)有限公司 Data processing method, device, node equipment and storage medium
CN112163845B (en) * 2020-09-29 2024-03-22 深圳前海微众银行股份有限公司 Transaction identity confirmation method and device for cross-region block chain
CN112070501B (en) * 2020-11-10 2021-03-02 支付宝(杭州)信息技术有限公司 Block chain transaction initiating and verifying method and system
CN112769758B (en) * 2020-12-21 2022-04-29 浙江大学 Credible Internet of things gas meter based on block chain and credible method of local and cloud
CN113506104B (en) * 2021-05-07 2024-03-01 杭州宇链科技有限公司 Signature generation and verification modes and system combining software and hardware
CN113407958B (en) * 2021-06-03 2023-08-25 广东辰宜信息科技有限公司 Signature data processing method, device, equipment and medium
CN113610526A (en) * 2021-08-24 2021-11-05 上海点融信息科技有限责任公司 Data trust method and device, electronic equipment and storage medium
CN115499130B (en) * 2022-08-15 2024-04-12 北京航空航天大学 Block chain transaction data transmission evidence method and device
CN115459920A (en) * 2022-08-25 2022-12-09 浪潮云信息技术股份公司 Certificateless alliance chain identity authentication method and system based on intelligent contract
CN117574408A (en) * 2024-01-15 2024-02-20 杭州字节方舟科技有限公司 Production data management method and device based on block chain and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566117A (en) * 2017-07-14 2018-01-09 浙商银行股份有限公司 A kind of block chain key management system and method
CN108647964A (en) * 2018-05-02 2018-10-12 郑杰骞 A kind of block chain data processing method, device and computer readable storage medium
CN108777684A (en) * 2018-05-30 2018-11-09 招商银行股份有限公司 Identity identifying method, system and computer readable storage medium
CN109617698A (en) * 2019-01-09 2019-04-12 腾讯科技(深圳)有限公司 Provide the method for digital certificate, digital certificate issues center and medium
KR20190132120A (en) * 2018-05-18 2019-11-27 주식회사 케이티 Simple login method and system using private domain name

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566117A (en) * 2017-07-14 2018-01-09 浙商银行股份有限公司 A kind of block chain key management system and method
CN108647964A (en) * 2018-05-02 2018-10-12 郑杰骞 A kind of block chain data processing method, device and computer readable storage medium
KR20190132120A (en) * 2018-05-18 2019-11-27 주식회사 케이티 Simple login method and system using private domain name
CN108777684A (en) * 2018-05-30 2018-11-09 招商银行股份有限公司 Identity identifying method, system and computer readable storage medium
CN109617698A (en) * 2019-01-09 2019-04-12 腾讯科技(深圳)有限公司 Provide the method for digital certificate, digital certificate issues center and medium

Also Published As

Publication number Publication date
CN111062716A (en) 2020-04-24

Similar Documents

Publication Publication Date Title
CN111062716B (en) Method and device for generating block chain signature data and block chain transaction initiating system
US11818269B2 (en) Computer-implemented system and method providing a decentralised protocol for the recovery of cryptographic assets
CN110458560B (en) Method and apparatus for transaction verification
EP3685334B1 (en) Improving integrity of communications between blockchain networks and external data sources
CN111242617B (en) Method and apparatus for performing transaction correctness verification
US10785035B1 (en) Anti-replay attack authentication protocol
US20200084027A1 (en) Systems and methods for encryption of data on a blockchain
CN111047324B (en) Method and apparatus for updating a set of public keys at a blockchain node
CN111080292B (en) Method and device for acquiring block chain transaction signature data
US11240041B2 (en) Blockchain-based transaction verification
CN111212139A (en) Method and device for updating trust node information
CN110888933B (en) Information providing method, device and system and information acquisition method and device
US10756896B2 (en) Trustless account recovery
CN111241593A (en) Data synchronization method and device for block chain nodes
CN110852887B (en) Method and device for acquiring transaction processing state in decentralized application cluster
CN110827034B (en) Method and apparatus for initiating a blockchain transaction
CN110839067B (en) Information providing method and device
CN111211876B (en) Method and device for sending response message aiming at data request and block chain system
CN111143381B (en) Method and device for updating trust points in multi-layer block chain structure
CN111144894B (en) UTXO processing method and device
CN111159286B (en) Method and apparatus for generating multi-layer block chain structure
EP4231583A1 (en) Methods and arrangements for establishing digital identity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant