CN111062833A - Signature authentication method of contract data and related device - Google Patents
Signature authentication method of contract data and related device Download PDFInfo
- Publication number
- CN111062833A CN111062833A CN201911175102.6A CN201911175102A CN111062833A CN 111062833 A CN111062833 A CN 111062833A CN 201911175102 A CN201911175102 A CN 201911175102A CN 111062833 A CN111062833 A CN 111062833A
- Authority
- CN
- China
- Prior art keywords
- contract
- data
- signature
- ves
- contract data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000012795 verification Methods 0.000 claims abstract description 35
- 238000012545 processing Methods 0.000 claims abstract description 31
- 238000000586 desensitisation Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 11
- 238000000605 extraction Methods 0.000 claims description 7
- 238000013075 data extraction Methods 0.000 claims description 6
- 230000010354 integration Effects 0.000 claims description 3
- 238000003672 processing method Methods 0.000 claims 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000006399 behavior Effects 0.000 description 11
- 230000007246 mechanism Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 9
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/18—Legal services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Technology Law (AREA)
- Economics (AREA)
- General Health & Medical Sciences (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a signature authentication method of contract data, which comprises the following steps: the first equipment encrypts sensitive data of the contract data according to the generated secret key to obtain encrypted contract data; uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, sending the VES signature of the second equipment to the first equipment; and extracting the signature of the second device from the received VES signature to realize signature authentication processing of the contract data. By uploading the encrypted contract data to the block chain instead of sending the encrypted contract data to the third-party node, the safety of the contract data is improved, and the problem of contract data leakage is avoided. The application also discloses a signature authentication device, a server and a computer readable storage medium of contract data, which have the beneficial effects.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for signature authentication of contract data, a server, and a computer-readable storage medium.
Background
With the rapid development of the internet, electronic commerce activities become more and more popular. In order to maintain the rights of the two parties to the transaction from being compromised in the network transaction, the two parties to the activity will typically seek legal protection by signing a contract online.
However, some parties may perform dishonest actions during the signing process of the electronic contract, which may cause some unfairness problems, for example, after one party receives the signature of the other party, the signing party may intentionally not send the signature to the other party or directly deny receiving the signature of the other party. Thus, a fair electronic contract signing scheme would be needed to effectively ensure fairness in the contract signing process.
A fair contract signing scheme is essentially that both parties to a contract can fairly exchange their digital signatures for the contract. In the field of electronic contract signing, a Verifiable Encrypted Signature (VES) can be used as a fair exchange mechanism of digital signatures, and is usually used for electronic contract signing, but a centralized trusted third party is required as an arbitrator to ensure fairness of signature exchange. However, the introduction of third parties can present a number of security issues. For example, most third parties are highly centralized, they have some sensitive information about the contract, including the content of the contract, the digital signature of the contract, etc., and they may collude with others for their own benefit, revealing the relevant sensitive information. In addition, the third party needs to maintain and upgrade its own software and hardware facilities, the service cost is usually high, and once the equipment fails, the signature service will be terminated, which may cause significant loss to the contract signing participants.
Therefore, how to improve the security in the electronic contract signing process is a key issue of attention for those skilled in the art.
Disclosure of Invention
The application aims to provide a contract data signature authentication method, a contract data signature authentication device, a server and a computer readable storage medium, and the encrypted contract data is uploaded to a block chain instead of being sent to a third-party node, so that the safety of the contract data is improved, and the problem of contract data leakage is avoided.
In order to solve the above technical problem, the present application provides a method for authenticating a signature of contract data, including:
the first equipment encrypts sensitive data of the contract data according to the generated secret key to obtain encrypted contract data;
uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, sending the VES signature of the second equipment to the first equipment;
and extracting the signature of the second device from the received VES signature to realize signature authentication processing of the contract data.
Optionally, the method further includes:
the first equipment and the second equipment execute guarantee fund data submission operation to the block link points to obtain guarantee fund information;
and when the verification fails, executing punishment operation on the equipment to be punished according to the guarantee fund information.
Optionally, executing a penalty operation on the device to be penalized according to the guarantee fund information, including:
determining a punishment type according to the VES signature received by the block chain node;
and executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
Optionally, the first device performs sensitive data encryption processing on the contract data according to the generated secret key to obtain encrypted contract data, and the method includes:
the first equipment carries out sensitive data extraction processing on the contract data to obtain contract sensitive data and contract desensitization data;
encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
The present application further provides a signature authentication apparatus for contract data, including:
the contract data encryption module is used for carrying out sensitive data encryption processing on the contract data according to the generated secret key to obtain encrypted contract data;
the signature authentication module is used for uploading the encrypted contract data to a block chain node so that the block chain node can verify the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, the VES signature of the second equipment is sent to the first equipment;
and the signature extraction module is used for extracting the signature of the second device from the received VES signature to realize the signature authentication processing of the contract data.
Optionally, the method further includes:
the guarantee fund submitting module is used for executing guarantee fund data submitting operation to the block link points to obtain guarantee fund information;
and the punishment operation module is used for executing punishment operation on the equipment to be punished according to the guarantee fund information when the verification fails.
Optionally, the penalty operation module includes:
the penalty type determining unit is used for determining a penalty type according to the VES signature received by the block chain node;
and the punishment operation executing unit is used for executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
Optionally, the contract data encryption module includes:
the sensitive data extraction unit is used for extracting sensitive data from the contract data to obtain contract sensitive data and contract desensitization data;
the encryption unit is used for encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and the data integration unit is used for integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
The present application further provides a server, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the signature authentication method as described above when executing the computer program.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the signature authentication method as described above.
The application provides a signature authentication method of contract data, which comprises the following steps: the first equipment encrypts sensitive data of the contract data according to the generated secret key to obtain encrypted contract data; uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, sending the VES signature of the second equipment to the first equipment; and extracting the signature of the second device from the received VES signature to realize signature authentication processing of the contract data.
Sensitive data encryption processing is carried out on the contract data according to the secret key, then the encrypted contract data is uploaded to the block chain node instead of the third party node, insecurity caused by the third party node is avoided, then the VES signature created by the second equipment is verified through the block chain node, and when the verification is passed, the signature of the second equipment is extracted from the VES signature by the first equipment, signature authentication processing of the contract data is achieved, safety of the contract data is improved, and the problem of contract data leakage is avoided.
The application further provides a signature authentication device, a server and a computer readable storage medium for contract data, which have the above beneficial effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flowchart of a method for authenticating a signature of contract data according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a signature authentication apparatus for contract data according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a contract data signature authentication method, a signature authentication device, a server and a computer readable storage medium, and the encrypted contract data is uploaded to a block chain instead of being sent to a third-party node, so that the safety of the contract data is improved, and the problem of contract data leakage is avoided.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the prior art, the essence of a fair contract signing scheme is that both parties to a contract can fairly exchange their digital signatures for the contract. In the field of electronic contract signing, a Verifiable Encrypted Signature (VES) can be used as a fair exchange mechanism of digital signatures, and is usually used for electronic contract signing, but a centralized trusted third party is required as an arbitrator to ensure fairness of signature exchange. However, the introduction of third parties can present a number of security issues. For example, most third parties are highly centralized, they have some sensitive information about the contract, including the content of the contract, the digital signature of the contract, etc., and they may collude with others for their own benefit, revealing the relevant sensitive information. In addition, the third party needs to maintain and upgrade its own software and hardware facilities, the service cost is usually high, and once the equipment fails, the signature service will be terminated, which may cause significant loss to the contract signing participants.
Therefore, the application provides a signature authentication method of contract data, sensitive data encryption processing is carried out on the contract data according to a secret key, then the encrypted contract data is uploaded to a block chain node instead of the third party node, insecurity brought by the third party node is avoided, then the block chain node verifies the VES signature created by the second equipment, and when the verification is passed, the first equipment extracts the signature of the second equipment from the VES signature, so that signature authentication processing of the contract data is realized, the security of the contract data is improved, and the problem of contract data leakage is avoided.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for authenticating a signature of contract data according to an embodiment of the present disclosure.
In this embodiment, the method may include:
s101, the first equipment carries out sensitive data encryption processing on contract data according to the generated secret key to obtain encrypted contract data;
the method comprises the following steps that sensitive data are encrypted by first equipment to obtain encrypted contract data. Specifically, a cryptographic symmetric encryption algorithm may be used to encrypt sensitive information in the contract, and any data encryption method provided in the prior art may also be used to encrypt sensitive information in the contract.
It is conceivable that the present embodiment includes a first device and a second device, which are both parties of signing the electronic contract.
Wherein the secret key is key data known to both the first device and the second device. Specifically, the first device and the second device may exchange mutually agreed key data under online, that is, exchange mutually agreed key data through a Diffie-Hellman key exchange protocol, or exchange a consistent secret key through another key exchange method provided in the prior art on online.
Optionally, the process of encrypting the sensitive information of the identical data in this step may include:
firstly, sensitive data extraction processing is carried out on contract data by first equipment to obtain contract sensitive data and contract desensitization data;
step two, encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and step three, integrating the contract desensitization data and the encrypted sensitive data into encrypted contract data.
It can be seen that the alternative scheme mainly explains specifically how to perform sensitive data encryption processing. Specifically, contract sensitive data and contract desensitization data are extracted from contract data. Then, only the sensitive data therein is subjected to encryption processing. And finally, integrating all the data to obtain the encrypted contract data.
Wherein, the sensitive data refers to the sensitive information related to the specific money in the contract data. In order to avoid leakage of sensitive information of the contract data, the contract data is subjected to sensitive data encryption processing in this step.
S102, uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the verification is passed, sending the VES signature of the second equipment to the first equipment;
on the basis of S101, this step is intended to upload the encrypted contract data to the block chain node, so that the block chain node verifies the VES signature created and uploaded by the second device, that is, verifies whether the contract data in the block chain node in this time zone is modified, that is, it is ensured that the contract data is not modified in the signing process, and fairness of contract signing is improved.
For a specific VES signature verification process, reference may be made to the following embodiments, which are not described herein again.
And S103, extracting the signature of the second device from the received VES signature, and realizing the signature authentication processing of the contract data.
On the basis of S102, this step is intended to, after VES signature verification passes,
it should be noted that, in this embodiment, only the process of the first device verifying the signature of the second device is described. In a practical environment, the second device may also authenticate the signature of the first device. The specific process is substantially the same as that of the present embodiment, and only the first device and the second device need to be replaced with each other, which is not described herein again.
Optionally, this embodiment may further include:
the first equipment and the second equipment execute guarantee fund data submission operation to the block link points to obtain guarantee fund information;
and when the verification fails, executing punishment operation on the equipment to be punished according to the guarantee fund information.
It can be seen that the alternative adds a guarantee payment phase on the basis of the embodiment, so as to constrain the behaviors of both parties signing together and avoid the occurrence of improper behaviors. Specifically, when the VES signature verification fails, a data transmission error is eliminated, and a case may occur in which a device modifies the contract content, and therefore, a certain penalty operation needs to be performed.
In this alternative, the method for performing a penalty operation on a device to be penalized according to the information of the deposit may include:
determining a punishment type according to the VES signature received by the block chain node; and executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
It can be seen that in this alternative, what penalty operation is performed is determined according to the condition of the VES signature in the blockchain node in this time zone.
In summary, in this embodiment, sensitive data encryption processing is performed on the contract data according to the secret key, then the encrypted contract data is uploaded to the block chain node, instead of uploading the contract data to the third party node, so that insecurity caused by the third party node is avoided, then the block chain node verifies the VES signature created by the second device, and when the verification passes, the first device extracts the signature of the second device from the VES signature, so that signature authentication processing of the contract data is implemented, the security of the contract data is improved, and the problem of contract data leakage is avoided.
The following further describes a signature authentication method for contract data provided by the present application by an embodiment.
In this embodiment, the method may include:
s201, in the system initialization stage, some main parameters in the system are automatically generated by the system;
s202, the key generation phase is executed by both contract signing parties (a first device and a second device), a randomly selected private key is input, and a public key is output;
s203, the contract negotiation stage is executed by both contract signing parties (a first device and a second device), the contents of the plaintext contract are subjected to under-link negotiation, and then a negotiated shared encryption key is used for encrypting and uploading the plaintext contract to a block chain in combination with a symmetric cryptographic encryption algorithm, so that the encrypted contract to be signed is prevented from being tampered and sensitive information is prevented from being leaked;
s204, the guarantee fund payment stage is executed by both contract signing parties (a first device and a second device), and the full-amount guarantee fund is paid to the intelligent contract address through the intelligent contract and is used for punishing dishonest behaviors;
s205, a VES signature creation phase is executed by two contract signing parties (a first device and a second device), a VES signature is generated on an encryption contract on a chain under the chain, and then the VES signature is submitted to a block chain through an intelligent contract;
s206, the VES signature verification stage is executed by a verification node (an intelligent contract running on a local computer of the whole network node) in the Etherhouse block chain system, a VES signature submitted by a same signer is verified, and if the VES signature verification stage is correct, the VES signature extraction stage is executed, namely S207 is executed;
s207, the VES signature extraction phase is executed by both contract signing parties (a first device and a second device), and common signatures of the contracts are extracted from the verified VES signatures;
and S208, a punishment stage is executed by a verification node (an intelligent contract running on a local computer of the whole network node) in the Etherhouse block chain system, relevant operation is executed according to a VES signature verification result, if both parties are honest, a guarantee fund refund operation is executed, if a dishonest party exists, the dishonest party is punished, except that the payment guarantee fund of the dishonest party is deducted, the signed contract is recorded as invalid and is permanently stored in the block chain, and meanwhile, the block chain is used for recording the personal credit value of the dishonest party, so that certain influence is exerted on subsequent contract signing.
Specifically, the present embodiment may include:
step one, initializing system parameters. Let G1Is a cyclic addition group with a generator P, and G2Is a cyclic multiplicative group, G1And G2The order of (a) is a prime number p. The step e is G1×G1→G2Defining a bilinear mapping and defining a collision-resistant hash function
Step two, a key generation stage: random selection by contract signing parties
Calculating u as xP, v as yP as G1,z=e(P,P)∈G2. Therefore, the private key of the first equipment is (x)a,ya) The public key is (P, u)a,vaZ) the private key of the second device is (x)b,yb) The public key is (P, u)b,vb,z)。
Step three, contract negotiation stage: the first device and the second device collaborate under the chain a contract m to be signedAnd the merchant determines the final contract content, exchanges the respective public signature key and the Etheng address at the same time for identity verification, and then sets an index id for the contract. Because the contract is signed based on a public block chain, in order to protect sensitive information in the contract, the first device and the second device negotiate to share a secret key k under the chain through a Diffie-Hellman key exchange protocol, and the cryptographic symmetric encryption algorithm is combined to encrypt the sensitive information in the contract, and for the contract with part of information encrypted, the cryptographic symmetric encryption algorithm is used
And (4) showing. After the negotiation of both sides of signing a contract, calculating the hash value H (m) of the contract m before partial encryption and the hash value H (c) of the contract c after partial encryption, submitting H (m), c, H (c), the public keys of both sides of signing and the Etheng address to a block chain through an intelligent contract, packaging the block chain link points into blocks for storage after the confirmation of a common identification mechanism, then checking the correctness of uplink data by both sides of signing a contract, and entering the exchange stage of VES signatures on the chain when both sides of signing pass the verification; otherwise, the scheme terminates.
Step four, the guarantee fund payment stage: in order to realize fair signature exchange in the contract signing process, after contract negotiation and related data are uploaded to a chain, both contract signing parties need to pay a sufficient amount of guarantee money and give the guarantee money to an intelligent contract to be kept for punishing a party implementing dishonest behavior. There are generally two cases: if one party does not pay the deposit to the intelligent contract address through the intelligent contract within the specified time, the contract signing is terminated, and the deposit paid by the other party is returned to the Ethernet address of the other party. If both parties do not pay the security deposit to the intelligent contract address through the intelligent contract within the specified time, the contract signing is also terminated. Only after both parties signing the contract successfully pay the guarantee fee, the two parties enter the establishment stage of the VES signature.
Step five, a VES signature creation stage: assuming that the first device first signs contract c VES, the first device uses his private key (x)a,ya) And the public key (P, u) of the second deviceb,vbZ) generates a VES signature for contract c under the chain as follows:
first, a random number is selected
Then, calculate
The first device signs the VES of contract c as < r, σVES-AliceThen submit it to the blockchain through the intelligent contract along with the public key of the first device and the public key of the second device, waiting for the intelligent contract to verify its correctness. If the second equipment creates the VES signature on the contract c, the VES signature of the second equipment is obtained in the same way:
step six, VES signature verification stage: after the intelligent contract receives data such as the VES signature of the first device on the contract c, the block chain verification node runs the intelligent contract code in the local EtherFang virtual machine to verify the related data and verify the signature validity. Firstly, the intelligent contract code hashes the contract c, and judges whether the contract c is matched with the H (c) negotiated by the previous two parties, so as to ensure that the first equipment does not tamper the encrypted sensitive information. Then according to the public key (P, u) provided by the first devicea,vaZ) and the public key of the second device (P, u)b,vbZ) VES signature < r, σ for contract cVES-AliceVerify, check if the following equation holds:
e(σVES-Alice,ua+cP+rva)=e(ub+rvb,P)
if and only if the VES signature of the first device is accepted after the above equation verification passes, the second device may enter the extraction phase of the signature, otherwise, the VES signature of the first device is rejected. Refund and deduction of the deposit will be discussed in the penalty stage.
Step seven, VES signature extraction: after the VES signature verification of the first device by the smart contract is passed, the second device may utilize its own private key (x)b,yb) Extracting a common digital signature of the first device on the contract c:
when both sides of the contract signing successfully extract the true signature of the other side, the contract signing is successfully completed.
Step eight, punishing: in the stage, an overtime punishment mechanism based on a guarantee fund and a credit value mechanism based on identity are designed by an Etheng intelligent contract, dishonest participants are automatically judged by the intelligent contract, corresponding processing is carried out on the dishonest participants, contract signing is stopped, and fairness of signature exchange is ensured.
Guarantee fund based timeout penalty mechanism: after both sides of the contract are paid the guarantee fee by the intelligent contract, we set a deadline to ensure that the contract signing is completed within a specified time, so there are three cases:
when the specified time is exceeded, neither party submits the VES signature;
in a specified time, both sides submit respective VES signatures and pass the verification;
when the specified time is exceeded, only one party submits the correct VES signature.
For the first case, the intelligent contract can be identified as contract signing failure, the guarantee fund can return to their respective Ether house addresses as it is, the scheme is terminated, but in order to maintain normal contract signing, the intelligent contract records the behavior of both parties terminating signing to the blockchain; and the second condition represents that contract signing is successful, the first equipment and the second equipment successfully obtain the VES signature of the opposite side, and the fund can be returned to the Ethernet addresses of the two sides in the original way. The third case pertains to the act of breaking the fairness of contract signing, so that a guarantee-based timeout penalty mechanism is triggered when a specified time is exceeded and dishonest behavior occurs. That is, after the dishonest receives the signature of the other party, when the specified time arrives, the dishonest still does not send the VES signature for verification by the node or sends the wrong VES signature, the intelligent contract judges the dishonest behavior, transfers the payment security to the ether house address of the dishonest, and takes the dishonest behavior as a punishment to compensate the dishonest signing party. However, although the deposit of the dishonest party is deducted, the dishonest party still obtains the digital signature which is true of the dishonest party, and the contract is effective. In order to invalidate the contract, a block chain link point is adopted for public verification and the dishonest behavior is recorded, firstly, after an honest party receives a deposit of the dishonest party, a secret key k negotiated by the two parties and an unencrypted contract m are disclosed, then, an intelligent contract calculates a hash value H (m) of the contract m before encryption, the hash value H (m) is compared with the hash value stored on the previous chain, if the hash value H (m) is equal to the hash value stored on the previous chain, the plaintext contract is determined to be negotiated by the two parties and is published, the intelligent contract marks the plaintext contract m and a part of the encrypted contract c signed by the two parties as invalid contracts, and the invalid contracts are stored in a block chain after the joint agreement is achieved, so that subsequent inquiry is facilitated and the invalid evidence of contract signing is taken as.
Identity-based credit value mechanism: in order to increase punishment on dishonest behavior, besides the fact that the dishonest party can be deducted the security fund paid by the dishonest party, the scheme of the embodiment also introduces a credit value mechanism based on identity, utilizes the Ethengfang intelligent contract to automatically record the credit records of each contract signing participant, establishes a credit file based on identity, stores the credit file in a block chain, ensures that the credit file cannot be tampered, and can be traced for inquiry. When the participant acts dishonest, the intelligent contract is automatically identified, the credit value of the intelligent contract is reduced, and the credit value is recorded on the chain. In the future, if a party wants to sign a contract with the party, the party can inquire the credit record of the other party and then decide whether to sign the contract. This mechanism may effectively reduce the likelihood of a participant performing dishonest behavior.
As can be seen, in the embodiment, sensitive data encryption processing is performed on the contract data according to the secret key, then the encrypted contract data is uploaded to the block chain node instead of the third party node, so that insecurity caused by the third party node is avoided, then the VES signature created by the second device is verified through the block chain node, and when the verification is passed, the signature of the second device is extracted from the VES signature by the first device, so that signature authentication processing of the contract data is realized, the security of the contract data is improved, and the problem of contract data leakage is avoided.
In the following, a description is given of a signature authentication apparatus for contract data provided in an embodiment of the present application, and a signature authentication apparatus for contract data described below and a signature authentication method for contract data described above can be referred to correspondingly.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a signature authentication apparatus for contract data according to an embodiment of the present application.
In this embodiment, the apparatus may include:
a contract data encryption module 100, configured to perform sensitive data encryption processing on the contract data according to the generated secret key, so as to obtain encrypted contract data;
the signature authentication module 200 is configured to upload the encrypted contract data to a block chain node, so that the block chain node verifies the VES signature created by the second device according to the encrypted contract data, and when the VES signature passes the verification, send the VES signature of the second device to the first device;
and a signature extraction module 300, configured to extract a signature of the second device from the received VES signature, so as to implement signature authentication processing of the contract data.
Optionally, the apparatus may further include:
the system comprises a guarantee fund submitting module, a guarantee fund processing module and a guarantee fund processing module, wherein the guarantee fund submitting module is used for executing guarantee fund data submitting operation to block link points to obtain guarantee fund information;
and the punishment operation module is used for executing punishment operation on the equipment to be punished according to the guarantee fund information when the verification fails.
Optionally, the penalty operation module includes:
the penalty type determining unit is used for determining a penalty type according to the VES signature received by the block chain node;
and the punishment operation executing unit is used for executing punishment operation corresponding to the punishment type on the device to be punished according to the guarantee fund information.
Optionally, the contract data encryption module 100 may include:
the sensitive data extraction unit is used for extracting sensitive data from the contract data to obtain contract sensitive data and contract desensitization data;
the encryption unit is used for encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and the data integration unit is used for integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
An embodiment of the present application further provides a server, including:
a memory for storing a computer program;
a processor for implementing the steps of the signature authentication method as described in the above embodiments when executing the computer program.
Embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the signature authentication method according to the above embodiments.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above details the signature authentication method, the signature authentication apparatus, the server, and the computer-readable storage medium of the contract data provided by the present application. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. A method for authenticating a signature of contract data, comprising:
the first equipment encrypts sensitive data of the contract data according to the generated secret key to obtain encrypted contract data;
uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, sending the VES signature of the second equipment to the first equipment;
and extracting the signature of the second device from the received VES signature to realize signature authentication processing of the contract data.
2. The contract data processing method according to claim 1, further comprising:
the first equipment and the second equipment execute guarantee fund data submission operation to the block link points to obtain guarantee fund information;
and when the verification fails, executing punishment operation on the equipment to be punished according to the guarantee fund information.
3. The contract data processing method according to claim 2, wherein performing a penalty operation on the device to be penalized according to the deposit information comprises:
determining a punishment type according to the VES signature received by the block chain node;
and executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
4. The contract data processing method of claim 1, wherein the first device performs sensitive data encryption processing on the contract data according to the generated secret key to obtain encrypted contract data, and the method comprises:
the first equipment carries out sensitive data extraction processing on the contract data to obtain contract sensitive data and contract desensitization data;
encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
5. A signature authentication apparatus for contract data, comprising:
the contract data encryption module is used for carrying out sensitive data encryption processing on the contract data according to the generated secret key to obtain encrypted contract data;
the signature authentication module is used for uploading the encrypted contract data to a block chain node so that the block chain node can verify the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, the VES signature of the second equipment is sent to the first equipment;
and the signature extraction module is used for extracting the signature of the second device from the received VES signature to realize the signature authentication processing of the contract data.
6. The signature authentication device according to claim 5, further comprising:
the guarantee fund submitting module is used for executing guarantee fund data submitting operation to the block link points to obtain guarantee fund information;
and the punishment operation module is used for executing punishment operation on the equipment to be punished according to the guarantee fund information when the verification fails.
7. The signature authentication device of claim 6, wherein the penalty operation module comprises:
the penalty type determining unit is used for determining a penalty type according to the VES signature received by the block chain node;
and the punishment operation executing unit is used for executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
8. The signature authentication device according to claim 5, wherein the contract data encryption module includes:
the sensitive data extraction unit is used for extracting sensitive data from the contract data to obtain contract sensitive data and contract desensitization data;
the encryption unit is used for encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and the data integration unit is used for integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
9. A server, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the signature authentication method as claimed in any one of claims 1 to 4 when executing the computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the signature authentication method as claimed in any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911175102.6A CN111062833A (en) | 2019-11-26 | 2019-11-26 | Signature authentication method of contract data and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911175102.6A CN111062833A (en) | 2019-11-26 | 2019-11-26 | Signature authentication method of contract data and related device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111062833A true CN111062833A (en) | 2020-04-24 |
Family
ID=70298796
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911175102.6A Pending CN111062833A (en) | 2019-11-26 | 2019-11-26 | Signature authentication method of contract data and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111062833A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115204827A (en) * | 2022-07-13 | 2022-10-18 | 李蹊 | Human resource management system and method based on block chain technology |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107040383A (en) * | 2017-04-24 | 2017-08-11 | 中山大学 | A kind of blind Verifiable Encryptosystem endorsement method based on block chain |
| CN108600272A (en) * | 2018-05-10 | 2018-09-28 | 阿里巴巴集团控股有限公司 | A kind of block chain data processing method, device, processing equipment and system |
| CN108833115A (en) * | 2018-06-15 | 2018-11-16 | 中山大学 | A kind of multi-party Fair PDF contract signature method based on block chain |
| WO2018224943A1 (en) * | 2017-06-09 | 2018-12-13 | nChain Holdings Limited | Blockchain for general computation |
| CN109033855A (en) * | 2018-07-18 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data transmission method based on block chain, device and storage medium |
| AU2019203848A1 (en) * | 2019-03-01 | 2019-05-31 | Advanced New Technologies Co., Ltd. | Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain |
| US20190347656A1 (en) * | 2018-05-10 | 2019-11-14 | Alibaba Group Holding Limited | Blockchain member management data processing methods, apparatuses, servers, and systems |
-
2019
- 2019-11-26 CN CN201911175102.6A patent/CN111062833A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107040383A (en) * | 2017-04-24 | 2017-08-11 | 中山大学 | A kind of blind Verifiable Encryptosystem endorsement method based on block chain |
| WO2018224943A1 (en) * | 2017-06-09 | 2018-12-13 | nChain Holdings Limited | Blockchain for general computation |
| CN108600272A (en) * | 2018-05-10 | 2018-09-28 | 阿里巴巴集团控股有限公司 | A kind of block chain data processing method, device, processing equipment and system |
| US20190347656A1 (en) * | 2018-05-10 | 2019-11-14 | Alibaba Group Holding Limited | Blockchain member management data processing methods, apparatuses, servers, and systems |
| CN108833115A (en) * | 2018-06-15 | 2018-11-16 | 中山大学 | A kind of multi-party Fair PDF contract signature method based on block chain |
| CN109033855A (en) * | 2018-07-18 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data transmission method based on block chain, device and storage medium |
| AU2019203848A1 (en) * | 2019-03-01 | 2019-05-31 | Advanced New Technologies Co., Ltd. | Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain |
Non-Patent Citations (3)
| Title |
|---|
| HUI HUANG等: "A Fair Three-Party Contract Singing Protocol Based on Blockchain", 《INTERNATIONAL SYMPOSIUM ON CYBERSPACE SAFETY AND SECURITY》 * |
| 吴进喜等: "区块链的多方隐私保护公平合同签署协议", 《信息安全学报》 * |
| 田海博等: "基于公开区块链的隐私保护公平合同签署协议", 《密码学报》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115204827A (en) * | 2022-07-13 | 2022-10-18 | 李蹊 | Human resource management system and method based on block chain technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2022224799B2 (en) | Methods for secure cryptogram generation | |
| US11842317B2 (en) | Blockchain-based authentication and authorization | |
| CN108876332B (en) | Block chain safe transaction method and device based on biometric feature mark authentication | |
| CN107038578B (en) | Multi-signature transaction information processing method in data transaction platform based on block chain | |
| KR102621116B1 (en) | Elecronic device and electronic payement method using id-based public key cryptography | |
| WO2021008453A1 (en) | Method and system for offline blockchain transaction based on identifier authentication | |
| CN110781521A (en) | Intelligent contract authentication data privacy protection method and system based on zero-knowledge proof | |
| CN110612547A (en) | System and method for information protection | |
| JP2000503786A (en) | Untraceable electronic currency | |
| CN111160909B (en) | Hidden static supervision system and method for blockchain supply chain transaction | |
| CN112419021A (en) | Electronic invoice verification method, system, storage medium, computer equipment and terminal | |
| JP2009272737A (en) | Secret authentication system | |
| CN114519206A (en) | Method for anonymously signing electronic contract and signature system | |
| CN108805574A (en) | Method of commerce based on secret protection and system | |
| CN116720839B (en) | Financial information management method based on blockchain technology and supervision system thereof | |
| CN111539719B (en) | Audit coin-mixing service method and system model based on blind signature | |
| CN116664298A (en) | Implementation method and device of block chain-based decentralization data transaction system | |
| CN111062833A (en) | Signature authentication method of contract data and related device | |
| CN111369332A (en) | Data processing method and device based on block chain | |
| US9563881B2 (en) | Fair payment protocol with semi-trusted third party | |
| CN116561739B (en) | Data transaction method and device, electronic equipment and storage medium | |
| TWM579789U (en) | Electronic contract signing device | |
| CN113793149B (en) | Off-line transaction authentication system, method, central server and client | |
| CN115170132B (en) | Payment method suitable for high-speed post network member system | |
| Herath et al. | Task based Interdisciplinary E-Commerce Course with UML Sequence Diagrams, Algorithm Transformations and Spatial Circuits to Boost Learning Information Security Concepts |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200424 |