CN111552991A - Block chain transaction method and device - Google Patents
Block chain transaction method and device Download PDFInfo
- Publication number
- CN111552991A CN111552991A CN202010356265.0A CN202010356265A CN111552991A CN 111552991 A CN111552991 A CN 111552991A CN 202010356265 A CN202010356265 A CN 202010356265A CN 111552991 A CN111552991 A CN 111552991A
- Authority
- CN
- China
- Prior art keywords
- digital signature
- transaction
- target
- execution result
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The present specification provides a blockchain transaction method and apparatus, comprising: the business system sends the constructed target business transaction to the node equipment of the block chain through the bridging end, wherein the target business transaction comprises a first digital signature generated by the business system for the detailed data of the target business transaction by using a first private key; when the node equipment performs transaction verification, the first digital signature is verified at least based on a first public key corresponding to the first private key, after the verification is passed, the target business transaction is executed, and an execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain by using a second private key as the execution result are stored in a block chain database locally stored by the node equipment.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of blockchain technologies, and in particular, to a method and an apparatus for blockchain transaction.
Background
The block chain technology, also called distributed ledger technology, is an emerging technology in which several computing devices participate in "accounting" together, and a complete distributed database is maintained together. The blockchain technology has been widely used in many fields due to its characteristics of decentralization, transparency, participation of each computing device in database records, and rapid data synchronization between computing devices.
With the development of the blockchain technology, more and more service systems provide requirements for accessing a blockchain network, however, the risk of data security is brought by directly butting a service system server with the blockchain network, and particularly when the blockchain network is a public blockchain network, the blockchain network has higher hardware requirements for the service system server and has higher privacy damage risk for the service system server.
Disclosure of Invention
In view of this, one or more embodiments of the present disclosure provide a method, an apparatus, and a computer device for blockchain transaction.
According to a first aspect of one or more embodiments of the present description, it is proposed to apply to a business system; the service system is connected with the node equipment of the block chain through a bridge connection end; the method comprises the following steps:
the business system sends the constructed target business transaction to the node equipment of the block chain through the bridging end, wherein the target business transaction comprises a first digital signature generated by the business system for the detailed data of the target business transaction by using a first private key; when the node equipment performs transaction verification, verifying the first digital signature at least based on a first public key corresponding to the first private key, executing the target business transaction after the verification is passed, and storing an execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain for the execution result by using a second private key to a block chain database locally stored by the node equipment;
acquiring an execution result of the target business transaction and the second digital signature from the node equipment through the bridging end;
verifying the second digital signature based on a second public key corresponding to the second private key, and executing further business processing logic related to the transaction detail data based on the execution result after the second digital signature is verified.
According to a second aspect of one or more embodiments of the present specification, there is provided a blockchain transaction method applied to a node device of a blockchain; the service system is connected with the node equipment of the block chain through a bridge connection end; the method comprises the following steps:
the node equipment connected with the bridging end acquires a target business transaction constructed by the business system through the bridging end, wherein the target business transaction comprises a first digital signature generated by the business system for detail data of the target business transaction by using a first private key;
performing transaction verification on the target business transaction, wherein the transaction verification at least comprises verifying the first digital signature based on a first public key corresponding to the first private key;
after the verification is passed, the target business transaction is executed, and the execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain for the execution result by using a second private key are stored in a block chain database locally stored by the node equipment;
and sending the execution result and the second digital signature to the business system through the bridge terminal so that the business system verifies the second digital signature based on a second public key corresponding to the second private key, and executing further business processing logic related to the transaction detail data based on the execution result after the verification of the second digital signature is passed.
According to a third aspect of one or more embodiments of the present specification, there is provided a blockchain transaction apparatus applied to a business system; the service system is connected with the node equipment of the block chain through a bridge connection end; the device comprises:
the sending unit is used for sending the constructed target business transaction to the node equipment of the block chain through the bridging end, wherein the target business transaction comprises a first digital signature generated by the business system for detail data of the target business transaction by using a first private key; when the node equipment performs transaction verification, verifying the first digital signature at least based on a first public key corresponding to the first private key, executing the target business transaction after the verification is passed, and storing an execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain for the execution result by using a second private key to a block chain database locally stored by the node equipment;
acquiring an execution result of the target business transaction and the second digital signature from the node equipment through the bridging end;
verifying the second digital signature based on a second public key corresponding to the second private key, and executing further business processing logic related to the transaction detail data based on the execution result after the second digital signature is verified.
According to a fourth aspect of one or more embodiments of the present specification, there is provided a blockchain transaction apparatus, which is applied to a node device of a blockchain; the service system is connected with the node equipment of the block chain through a bridge connection end; the device comprises:
the acquisition unit is used for acquiring a target business transaction constructed by the business system through the bridge end by the node equipment connected with the bridge end, wherein the target business transaction comprises a first digital signature generated by the business system for detailed data of the target business transaction by using a first private key;
the verification unit is used for performing transaction verification on the target business transaction, and the transaction verification at least comprises verification of the first digital signature based on a first public key corresponding to the first private key;
the execution unit executes the target business transaction;
the storage unit is used for storing an execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain for the execution result by using a second private key to a block chain database locally stored by the node equipment;
and the sending unit is used for sending the execution result and the second digital signature to the service system through the bridging end so that the service system verifies the second digital signature based on a second public key corresponding to the second private key, and executing further service processing logic related to the transaction detail data based on the execution result after the verification of the second digital signature is passed.
According to a fifth aspect of one or more embodiments of the present specification, there is provided a computer device comprising: a memory and a processor; the memory having stored thereon a computer program executable by the processor; and when the processor runs the computer program, the block chain transaction method executed by the service system is executed.
According to a sixth aspect of one or more embodiments of the present specification, there is provided a computer apparatus comprising: a memory and a processor; the memory having stored thereon a computer program executable by the processor; and when the processor runs the computer program, the processor executes the block chain transaction method executed by the node equipment connected with the bridging terminal.
In the method, the apparatus, and the computer device for blockchain transaction provided in each embodiment of the present specification, a bridging end is disposed between a service system and a blockchain link point device, and the bridging end is responsible for forwarding a transaction constructed by the service system to a blockchain network and forwarding a transaction execution result on a blockchain to the service system. In order to prevent the bridge connection end from doing badness, the transaction constructed by the business system comprises a first digital signature made by the business system, and the block chain link point device connected with the bridge connection end comprises a second digital signature made by the node device of the block chain in the block for recording the transaction.
Drawings
FIG. 1 is a schematic diagram of a blockchain transaction implemented by a system including a business system, a bridge terminal, and a blockchain network, provided by an exemplary embodiment;
FIG. 2 is a flow diagram illustrating a blockchain transaction method according to an exemplary embodiment;
FIG. 3 is a schematic diagram of a blockchain transaction device applied to a business system according to an exemplary embodiment;
fig. 4 is a schematic diagram of a blockchain transaction apparatus applied to a blockchain node device end according to an exemplary embodiment;
fig. 5 is a hardware block diagram for operating an embodiment of the blockchain transaction apparatus provided in the present specification.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the methods may include more or less steps than those described herein. Moreover, a single step described in this specification may be divided into multiple steps for description in other embodiments; however, in other embodiments, multiple steps described in this specification may be combined into a single step for description.
As application services supported by a blockchain become mature, more and more service systems need to access a blockchain network to send a transfer transaction, a deposit transaction, or an intelligent contract call transaction to the blockchain and obtain an execution result of the transaction on the blockchain. If the service system is directly connected with the node device of the block chain network, for the safety of the service system, in addition to the service logic, complex logics such as network communication, certificate exchange, key safety, privacy protection and the like need to be deployed in the service system, and the cost of directly accessing the service system to the block chain is high.
In view of the above problems, one or more embodiments of the present specification provide a blockchain transaction method for a business system to issue transactions to a blockchain network and receive execution results of the transactions; the service system is connected with the node equipment of the block chain through the bridge terminal.
FIG. 1 is a schematic diagram of a blockchain transaction implemented by a system including a business system, a bridge terminal, and a blockchain network, provided by an exemplary embodiment;
the service system according to one or more embodiments of the present disclosure may include one or more service system servers with service processing logic deployed therein, and may further include a hardware module (e.g., HSM hardware security module) or a standalone device connected to the service system server and responsible for other functions such as network communication and key calculation.
The bridging end received in one or more embodiments of the present disclosure is an independent device that connects the service system and any node device of the block chain, or a hardware module disposed inside the service system, so that the service system is connected with the node device of the block chain through the hardware module, or a hardware module disposed inside the block chain node device, which is not limited herein.
Specifically, the service system may set a trusted block link point device, and require a bridge end to be in communication with the trusted block link point device to perform service transaction execution.
The block chain or block chain network described in one or more embodiments of the present specification may specifically refer to a P2P network system having a distributed data storage structure, where each node device achieves through a common recognition mechanism, the book data in the block chain is distributed within temporally consecutive "blocks", and the latter block may include a data digest of the former block, and according to a difference of a specific common recognition mechanism (such as POW, POS, DPOS, PBFT, or the like), a full backup of data of all or part of nodes is achieved.
As is well known to those skilled in the art, since the blockchain network system operates under a corresponding consensus mechanism, data that has been recorded in the blockchain database is difficult to be tampered with by any node, for example, a blockchain with Pow consensus is adopted, and it is possible to tamper with existing data only by an attack that requires at least 51% of effort over the entire network, so the blockchain system has characteristics of ensuring data security and preventing tampering against attacks, which are incomparable with other centralized database systems.
The real data generated by the physical world can be constructed into a standard transaction (transaction) format supported by a block chain, then the real data is issued and broadcasted to node equipment of the block chain, the node equipment in the block chain performs consensus processing on the received transaction, and after the consensus is achieved, the node equipment serving as an accounting node in the block chain packs the transaction into a block, and performs persistent evidence storage in the block chain.
Regardless of which consensus algorithm is adopted by the block chain, the accounting node can pack the received transaction to generate a latest block and send the generated latest block or a block header of the latest block to other node devices for consensus verification. If no problem is verified after other node equipment receives the latest block or the block header of the latest block, the latest block can be added to the tail of the original block chain, so that the accounting process of the block chain is completed. The transaction contained in the block may also be performed by other nodes in verifying the new block or block header sent by the accounting node.
For most blockchain models, Merkle trees are typically used; alternatively, the data is stored and maintained based on the data structure of the Merkle tree. Taking etherhouses as an example, the etherhouses use MPT tree (a Merkle tree variation) as a data organization form for organizing and managing important data such as account status, transaction information, and the like.
The Etherhouse designs three MPT trees, namely an MPT state tree, an MPT transaction tree and an MPT receipt tree, aiming at data needing to be stored and maintained in a block chain. In addition to the three MPT trees, there is actually a Storage tree constructed based on the Storage content of the contract account.
An MPT state tree, which is an MPT tree organized by account state data of all accounts in a blockchain; an MPT transaction tree, which is an MPT tree organized by transaction (transaction) data in a blockchain; the MPT receipt tree is organized into transaction (receipt) receipts corresponding to each transaction generated after the transactions in the block are executed. The hash values of the root nodes of the MPT state tree, the MPT transaction tree, and the MPT receipt tree shown above are eventually added to the block header of the corresponding block.
The MPT transaction tree and the MPT receipt tree correspond to the blocks, namely each block has the MPT transaction tree and the MPT receipt tree. The MPT state tree is a global MPT tree, which does not correspond to a specific tile, but covers account state data of all accounts in the tile chain.
For the MPT transaction tree, the MPT receipt tree and the MPT state tree which are organized, the MPT transaction tree, the MPT receipt tree and the MPT state tree are finally stored in a Key-Value type database (such as a levelDB) which adopts a multi-level data storage structure. The execution method of the transaction can be specifically set according to the type and content of the transaction. For example, when the transaction is a transfer transaction, after receiving a new block sent by the accounting node, the node device of the blockchain may transfer an amount corresponding to the transfer value from the account of the remitter of the transfer transaction in the locally stored blockchain user account status database according to the transfer value included in the transfer transaction, add the amount corresponding to the transfer to the account of the recipient user, and store the execution result of the transaction in a receipt tree (receive MPT) of the local status database of the node device in the form of a transaction log.
When the transaction is a business data deposit transaction, after receiving a new block sent by the accounting node, the node device of the block chain can store the new block containing the business data deposit transaction in a locally maintained block chain account database (block), and the execution result of the transaction can be stored in a receipt tree (receipt MPT) of a local state database of the node device in the form of a transaction log;
when the transaction is an intelligent contract calling transaction, after receiving a new block sent by an accounting node, the node device of the block chain can execute the intelligent contract logic called by the transaction on the local virtual machine, and besides the execution result of the transaction is stored in a receipt tree (receive MPT) of a local state database of the node device in the form of a transaction log, the execution result of the intelligent contract logic can also be stored in a block chain state data storage space corresponding to the intelligent contract.
It should be noted that, each time a latest block is generated in the blockchain, after a transaction in the latest block is executed, the account status of the accounts (which may be an external account or a contract account) related to the executed transaction in the blockchain is usually changed;
for example, when a "transfer transaction" is completed in a block, the balances of the transferring party account and the transferring party account associated with the "transfer transaction" (i.e., the field values of the Balance fields of these accounts) are usually changed.
After the transaction in the latest block generated by the blockchain is completed, the node device needs to construct an MPT state tree according to the current account state data of all accounts in the blockchain because the account state in the current blockchain changes, so as to maintain the latest state of all accounts in the blockchain.
That is, each time a latest block is generated in the block chain and the account status in the block chain changes after the transaction in the latest block is completed, the node device needs to reconstruct an MPT status tree based on the latest account status data of all accounts in the block chain. In other words, each block in the block chain has a corresponding MPT state tree; the MPT status tree maintains the latest account status of all accounts in the blockchain after the transaction in the block is completed.
Blockchains are generally divided into three types: public chain (Public Blockchain), private chain (PrivateBlockchain) and alliance chain (Consortium Blockchain). Furthermore, there may be a combination of the above types, such as private chain + federation chain, federation chain + public chain, and so on.
Among them, the most decentralized is the public chain. The public chain is represented by bitcoin and ether house, and participants (also called nodes in the block chain) joining the public chain can read data records on the chain, participate in transactions, compete for accounting rights of new blocks, and the like. Moreover, each node can freely join or leave the network and perform related operations.
Private chains are the opposite, with the network's write rights controlled by an organization or organization and the data read rights specified by the organization. Briefly, a private chain may be a weakly centralized system with strict restrictions on nodes and a small number of nodes. This type of blockchain is more suitable for use within a particular establishment.
A federation chain is a block chain between a public chain and a private chain, and "partial decentralization" can be achieved. Each node in a federation chain typically has a physical organization or organization corresponding to it; the nodes are authorized to join the network and form a benefit-related alliance, and block chain operation is maintained together.
It is contemplated that the embodiments provided herein can be implemented in any suitable type of blockchain network.
As shown in fig. 2, a blockchain transaction method provided in one or more embodiments of the present disclosure includes:
The business system can construct a target business transaction based on business needs, wherein the target business transaction can contain detail data related to business processing, and a first digital signature generated by the business system for the detail data by using a held first private key. Specifically, the first digital signature may be made for the original text of the detail data or derivative data such as a hash digest of the detail data.
In order to further improve the security of the key, the first private key is stored in a hardware security module HSM carried by the service system. The hardware security module HSM is a computer hardware device for protecting and managing keys used by the business system and providing related key operation operations (such as digital signature operations), for example, the business system may use an instruction including the detail data to call the HSM to execute a key operation service for generating a first digital signature on the detail data based on a first private key stored by the HSM, and directly obtain the first digital signature from the HSM. Further, the service system may package the detailed data and the first digital signature into a target service transaction according to a transaction format, and then send the target service transaction to the bridge terminal.
In this embodiment, the bridge may be connected to one or more node devices in the blockchain network, and forward the target service transaction to the one or more node devices; the node equipment which obtains the target service transaction can continue to broadcast and forward the target service transaction in the blockchain network.
One or more node devices corresponding to the bridge terminal or node devices in the block link may store a first public key corresponding to a first private key held by the service system. When the service system applies for joining the block link network, or when the service system connected with the bridge terminal is in initial connection with the one or more node devices, the service system may transmit a first public key corresponding to a first private key held by the service system to the one or more node devices, or to the node devices in the block link, by forwarding through the bridge terminal, or by means of direct communication between the service system and the one or more node devices. The present specification does not limit a specific manner in which the node device of the block chain acquires the first public key.
Moreover, in order to further ensure the security of the service system, the service system may also periodically update the first private key-first public key pair, and transmit the updated first public key to the node device of the block chain.
And step 208, the node device connected with the bridge end stores the execution result of the target service transaction and a second digital signature generated by the node device in the block chain for the execution result by using a second private key to a block chain database locally stored by the node device connected with the bridge end.
In an illustrated embodiment, the second digital signature is a digital signature generated by a node device of the block chain for an authentication root of a state database stored in a block header of a target block in which the target business transaction is recorded, using a second private key held by the node device.
After receiving the target block after the consensus verification, the node device of the block chain may execute the transaction recorded in the target block, and store the execution result of the transaction, that is, the state data after the transaction is executed, in the block chain state database. The authentication root according to this embodiment is a value derived from state data corresponding to all transactions in the target block or derived from execution result data of all transactions, and is capable of performing authentication verification on execution result data of any transaction in the target block, and the value may be stored in a block header of the target block.
For example, the Etherhouse has designed three MPT trees, an MPT status tree, an MPT transaction tree, and an MPT receipt tree, for data that needs to be stored and maintained in the blockchain. In addition to the three MPT trees, there is actually a Storage tree constructed based on the Storage content of the contract account.
An MPT state tree, which is an MPT tree organized by account state data of all accounts in a blockchain; an MPT transaction tree, which is an MPT tree organized by transaction (transaction) data in a blockchain; the MPT receipt tree is organized into an MPT tree which is generated after the execution of the transaction in the block and corresponds to a transaction log receipt (receive) corresponding to each transaction, and the transaction log receipt contains the execution result of the transaction. The hash values of the root nodes of the MPT state tree, the MPT transaction tree, and the MPT receipt tree shown above are eventually added to the block header of the corresponding block. At this time, the state database according to the above embodiment is an mercker tree (MPT state tree or MPT state tree) constructed based on state data corresponding to transactions stored in the target block; the authentication root is a root hash of the merkel tree (MPT state tree or MPT state tree).
Of course, the block chain is not limited to the ethernet frame in this embodiment, and those skilled in the art can design an authentication root obtained by a specific derivation rule at least for the execution result of the target business transaction or the state data after the execution of the target business transaction, and store the authentication root in the block header of the target block, so as to implement the verification of the target business transaction based on the authentication root.
The present embodiment does not limit the role of a node device that generates a digital signature for an authentication root in the block header of the target block, nor the storage location where the digital signature is generated for the authentication root in the block header of the target block.
In an illustrated embodiment, the second digital signature is generated by the accounting node device of the block chain using a second private key held by the accounting node device, and the second digital signature is stored in the block header of the target block stored in the block chain.
And after receiving the target service transaction, the accounting node of the block chain generates a second digital signature for an authentication root in the block header of the target block by using a second private key held by the accounting node when packaging the target service transaction into the target block, and the second digital signature is also recorded in the block header of the target block. And the accounting node broadcasts the target block containing the second digital signature to node equipment in the blockchain network for consensus verification. The selection of the accounting node of the blockchain, the inclusion of the transaction included in the new block, and the content of the consensus verification for the new block are different based on the difference of the blockchain consensus mechanism, and are not limited herein.
When the target block passes the consensus verification of the node device in the blockchain network (including the verification of the first digital signature as described in the above embodiment), the node device in the blockchain may execute the transaction included in the target blockchain, and store the target block including the second digital signature made by the accounting node in a blockchain database locally stored by the node device.
In a further illustrated embodiment, the second digital signature is generated by the node device connected to the bridge terminal using a second private key held by the node device, and the second digital signature is stored in a block header of the target block locally stored in the node device connected to the bridge terminal.
In this embodiment, after receiving the target service transaction, the accounting node of the block chain may package the target service transaction into a target block, and broadcast the target block to the node device in the block chain network for consensus verification. The selection of the accounting node of the blockchain, the inclusion of the transaction included in the new block, and the content of the consensus verification for the new block are different based on the difference of the blockchain consensus mechanism, and are not limited herein.
After receiving the target block including the target service transaction, the one or more node devices connected to the bridge terminal may store an execution result of each transaction and update state data corresponding to each transaction in a locally stored block chain state database by executing each transaction recorded by the target block; when one or more node devices connected with the bridge terminal store the target block locally, a second private key held by the node devices can be used for generating a second digital signature for an authentication root in the block header of the target block, and the second digital signature is stored in the block header of the target block stored locally by the node devices.
It should be noted that the second digital signature performed by the node device connected to the bridge terminal on the authentication root in the block header of the target block based on the second private key held by the node device in this embodiment is only to prevent the bridge terminal from doing malicious activities and to facilitate the service system to verify the execution result of the target service transaction, and the second digital signature is not included in the target block received by the other node devices in the block chain from the accounting node broadcast and stored in the block header of the target block locally by the node device connected to the bridge terminal.
In another illustrated embodiment, after the node device connected to the bridge terminal executes the target business transaction, a second digital signature may be generated for the execution result of the target business transaction by using a second private key held by the node device.
Taking an account type block chain based on an Ethernet frame as an example, when a target business transaction is a transfer transaction, after receiving a target block sent by an accounting node, a node device of the block chain can transfer an amount corresponding to a transfer value from an account of an remitter of the transfer transaction in a block chain state database stored locally according to the transfer value contained in the transfer transaction, add the amount corresponding to the transfer to a user of a receiving party, and store an execution result of the transaction in a receipt tree (receipt MPT) of the local state database of the node device in a transaction log mode.
When the target service transaction is a service data deposit transaction, after the node device of the block chain receives the target block sent by the accounting node, the execution result of the transaction can be stored in a receipt tree (receive MPT) of a block chain state database locally maintained by the node device in the form of a transaction log.
When the target business transaction is an intelligent contract calling transaction, after receiving a target block sent by the accounting node, the node device of the block chain can execute the intelligent contract logic called by the transaction on the local virtual machine, and besides storing the execution result of the transaction in a receipt tree (receipt MPT) of the local state database of the node device in the form of a transaction log, the execution result of the intelligent contract logic can also be stored in an account storage space (storageMPT) corresponding to the intelligent contract.
By executing the target service transaction, the execution result of the target service transaction is stored in a block chain state database locally stored in the node device. In this embodiment, in order to prevent the bridge terminal from being malicious when the service system is notified of the execution result of the target service transaction, one or more node devices connected to the bridge terminal may execute the target service transaction when the target service transaction is verified and a target block including the target service transaction is recorded, and may generate a second digital signature for the execution result of the target service transaction using a second private key held therein.
Specifically, the node device connected to the bridge may perform digital signature operation on the plaintext of the execution result of the target service transaction to obtain the second digital signature; or, for some target business transactions, the execution result may occupy a larger capacity, and at this time, the node device may also perform a digital signature operation on verification data of the execution result, for example, a hash digest of the execution result, to obtain the second digital signature.
Similarly, the second digital signature performed by the node device connected to the bridge terminal on the basis of the second private key held by the node device in this embodiment is just for preventing the bridge terminal from being malicious and facilitating the service system to verify the execution result of the target service transaction, and the node device connected to the bridge terminal is saved in the local block chain database, and the other node devices in the block chain do not need to perform digital signature on the execution result of the target service transaction and do not need to save the digital signature in the local block chain database because they do not have a communication requirement with the service system.
In this embodiment, the specific storage location of the second digital signature in the local blockchain database of the node device connected to the bridge terminal is not limited. Since the node device may notify the bridge terminal or the service system that the target service transaction is actually included in the target block by sending the entire target block to the bridge terminal in order to facilitate the bridge terminal or the service system to verify that the target service transaction is actually included in the target block, in order to further facilitate the notification and reduce the information interaction steps between the node device and the bridge terminal, the node device may store the execution result and the second digital signature, or the verification data (e.g., a hash digest of the execution result) and the second digital signature of the execution result in the target block, for example, in a block header of the target block, and obtain the execution result and the second digital signature by directly pulling the target block from the node device through the bridge terminal.
Alternatively, in order to facilitate the node device connected to the bridge terminal to query the execution result and the second digital signature generated for the execution result, the second digital signature may be stored in the state database by the node device in correspondence with the execution result, for example, the second digital signature and the execution result may be stored in a receipt tree corresponding to the target block, or the second digital signature and the execution result may be stored in an account storage space of the smart contract invoked by the target business transaction, and so on.
Step 210, the bridge end forwards the execution result of the target service transaction and the second digital signature sent by the node device connected with the bridge end to the service system.
The node device connected with the bridging end can obtain the execution result and the second digital signature from a block chain database stored locally, and then send the execution result and the second digital signature to the bridging end, so that the bridging end can forward the execution result and the second digital signature to a service system.
In an embodiment, when the second digital signature is generated by an accounting node of a block chain for an authentication root of a state database stored in a block header of a target block in which a target service transaction is recorded, or when the second digital signature is generated by a node device connected to a bridge terminal for the authentication root, the service system needs to verify an authentication correspondence between an execution result of the target service transaction and the authentication root included in the block header, that is, verify whether the execution result is actually recorded in the block chain state database corresponding to the target block, in addition to verifying that the second digital signature is generated by the accounting node device or the node device connected to the bridge terminal for the authentication root included in the block header.
At this time, the node device connected to the bridge end further needs to send status data corresponding to the target block to the bridge end, where the status data may include a mercker tree (such as an MPT status tree or an MPT receipt tree) constructed based on status data corresponding to transactions stored in the target block, where the mercker tree includes an execution result of the target service transaction, so that the bridge end forwards the status data to the service system, and the service system obtains the authentication root based on whether the status data including the execution result can be derived, and if so, proves that the execution result of the target service transaction is indeed recorded in a block chain status database corresponding to the target block.
It should be noted that the service system may locally store the public key corresponding to the node device in the block chain or the node device connected to the bridge end, so as to facilitate the verification of the second digital signature.
In a further illustrated embodiment, the second digital signature is made by the node device connected to the bridge using the second private key on the original text of the execution result, and the node device connected to the bridge may store the execution result and the second digital signature in the chunk header of the target chunk stored locally by the node device. The bridge end may periodically monitor the node device connected thereto to obtain a target block stored by the node device, or after storing the execution result and the second digital signature in the target block, the node device sends a notification that the target service transaction is included to the bridge end, where the notification may include a block height of the target block and a search identifier of the target service transaction, so that the bridge end may conveniently pull the target block from the node device, and check that the target service transaction is included in the target block based on the search identifier.
In another illustrated embodiment, the second digital signature is made by a node device connected to the bridge terminal using the second private key to hash the execution result, and the hash digest of the execution result and the second digital signature are stored in a chunk header of the target chunk stored locally in the node device. After saving the hash value and the second digital signature of the execution result in the block header of the target block, the node device may send a notification that the target service transaction is recorded to the bridge terminal, where the notification may include the block height of the target block and a retrieval identifier of the target service transaction (e.g., TXID or transaction serial number of the target service transaction), so as to facilitate the bridge terminal to pull the target block from the node device, and query the node device for the execution result of the target service transaction based on the retrieval identifier; the node device queries an execution result corresponding to the target service transaction from a locally maintained block chain state database based on the retrieval identifier, and returns the execution result to the bridging end, so that the bridging end forwards the execution result to a service system.
In another illustrated embodiment, the second digital signature is made by a node device connected to the bridge terminal by using the second private key to obtain a text of the execution result or a hash digest of the execution result, and the second digital signature and the execution result are stored in a blockchain state database locally stored in the node device. The node device may directly obtain the original text of the execution result and the second digital signature from a block chain state database stored locally, and forward the original text of the execution result and the second digital signature to the service system by the bridge terminal.
The service system may locally maintain a public key list of block link node devices (e.g., the billing node) trusted by the service system or node devices connected to the bridge, and after receiving the execution result and the second digital signature forwarded by the bridge, the service system may obtain a second public key corresponding to a second private key held by the node device from the public key list, and verify the second digital signature based on the second public key.
When the second digital signature is generated based on the authentication root included in the block header of the target block, in addition to verifying the second digital signature, the service system needs to verify the authentication correspondence relationship between the authentication root and the execution result based on the state database data of the block chain forwarded by the bridge terminal, for example, a merkel tree (MPT receipt tree or MPT state tree) constructed based on the state data corresponding to the transaction stored in the target block with the target block, or a state data tree stored in the account space of the intelligent contract called by the target service transaction. The business system can execute the Mercker tree root generation calculation on the values of the execution results of all the transactions in the target block containing the target business transaction so as to verify whether the tree root of the Mercker tree obtained by calculation is consistent with the authentication root in the block head; when the two values match, this means that the execution result can be authenticated by the authentication root, and the execution result is recorded in a block chain state database in which the authentication root can be generated.
When the second digital signature is made by the node device connected to the bridge terminal at least on the hash digest of the execution result using the second private key, the service system needs to verify whether the hash digest of the execution result matches the execution result in addition to verifying the second digital signature.
And executing business processing logic related to the transaction detail data after the verification of the second digital signature is passed, or the verification of the corresponding relation between the execution result and the authentication root is passed, or the verification of the consistency between the hash abstract of the execution result and the original text of the execution result is passed.
In an illustrated embodiment, the transaction detail data includes blockchain transfer data, the target service transaction is a transfer transaction, and after the transfer transaction is recorded to a target block of a blockchain, the node device may transfer an amount corresponding to a transfer value from an account of an issuer of the transfer transaction in a locally stored blockchain user account status database according to the transfer value included in the transfer transaction, and add the amount corresponding to the transfer value to a user of a receiver. It should be noted that the balance value and the transfer value of the user account of the block chain correspond to the virtual currency (Token) circulated on the block chain, and the virtual currency can be used as the currency symbol corresponding to the actual asset under the chain to store evidence of the asset circulation process on the chain.
When the transfer transaction is successfully performed on the blockchain, the service system needs to perform a remittance operation associated with the blockchain transfer data outside the chain, for example, the service system initiates an actual bank remittance operation to its user, or notifies a remitter associated with the transfer transaction to perform the remittance operation, or notifies a receiver associated with the transfer transaction to check whether the remittance is received, and so on.
When the execution result of the transfer transaction shows that the transfer is failed, the service system needs to execute refund operation related to the blockchain transfer data outside the chain, for example, the service system initiates actual bank account refund operation to the user thereof, or notifies the remitter related to the transfer transaction to execute the refund operation, or notifies the receiver related to the transfer transaction to check whether the refund is received, and the like.
In the blockchain transaction method provided by one or more embodiments, a bridge terminal is arranged between the service system and the node device of the blockchain network, and the bridge terminal is responsible for forwarding the transaction constructed by the service system to the blockchain network and forwarding the transaction execution result on the blockchain to the service server. In order to prevent the bridge connection end from doing badness, the transaction constructed by the service system comprises a first digital signature made by the service system based on service data, and the block chain link point device connected with the bridge connection end comprises a second digital signature made by the node device of the block chain based on a transaction execution result in a block for recording the transaction, so that the trust of the service system on the bridge connection end is converted into the trust on the node device in the block chain; through the digital signature verification technology, the data security risk caused by the malicious bridge connection end is effectively reduced, so that the cost of accessing the block chain of the service system is reduced, and the data security of the service system is improved.
Corresponding to the above flow implementation, the embodiments of the present disclosure also provide a blockchain transaction device 30 and 40. The means 30 and 40 can be implemented by software, hardware or a combination of software and hardware. Taking a software implementation as an example, the logical device is formed by reading a corresponding computer program instruction into a memory for running through a Central Processing Unit (CPU) of the device. In terms of hardware, the device in which the apparatus is located generally includes other hardware such as a chip for transmitting and receiving wireless signals and/or other hardware such as a board for implementing a network communication function, in addition to the CPU, the memory, and the storage shown in fig. 5.
As shown in fig. 3, the present specification further provides a blockchain transaction apparatus 30, which is applied to a business system; the service system is connected with the node equipment of the block chain through a bridge connection end; the device 30 comprises:
a sending unit 302, configured to send the constructed target service transaction to the node device of the block chain through the bridge end, where the target service transaction includes a first digital signature generated by the service system using a first private key for detailed data of the target service transaction; when the node equipment performs transaction verification, verifying the first digital signature at least based on a first public key corresponding to the first private key, executing the target business transaction after the verification is passed, and storing an execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain for the execution result by using a second private key to a block chain database locally stored by the node equipment;
an obtaining unit 304, configured to obtain, from the node device through the bridging end, an execution result of the target service transaction and the second digital signature;
a verification unit 306 for verifying the second digital signature based on a second public key corresponding to the second private key;
an execution unit 308, executing further business processing logic associated with the transaction detail data based on the execution result.
In yet another illustrated embodiment, the second digital signature is: and the node equipment of the block chain uses the held second private key to generate a digital signature for the authentication root of the state database stored in the block head of the target block for recording the target business transaction.
In yet another illustrative embodiment, the state database is a Merck tree constructed based on state data corresponding to transactions stored in the target tiles; the authentication root is a root hash of the merkel tree.
In a further illustrated embodiment, the second digital signature is generated by an accounting node device of the blockchain using a second private key held by the accounting node device, the second digital signature being stored at a blockhead of a target block stored in the blockchain.
In a further illustrated embodiment, the second digital signature is generated by the node device using a second private key held by the node device, the second digital signature being stored at a chunk header of the target chunk stored locally at the node device.
In yet another illustrated embodiment, the second digital signature includes: and the node equipment uses the held second private key to generate a digital signature for the execution result of the target business transaction.
In yet another illustrated embodiment, the second digital signature and the execution result, or a hash digest of the second digital signature and the execution result, are stored in a chunk header of the target chunk locally stored in the node device connected to the bridge terminal.
In yet another illustrated embodiment, the obtaining unit 304 is further configured to:
pulling the target block from the node device through the bridge terminal to obtain the execution result and the second digital signature; alternatively, the first and second electrodes may be,
pulling the target block from the node equipment through the bridge terminal to obtain the hash digest of the execution result and the second digital signature; and acquiring an execution result of the target service transaction from the node equipment through the bridge terminal based on the retrieval identification of the target service transaction.
In yet another illustrated embodiment, the second digital signature and the execution result are stored in a state database of the block chain stored locally at the bridge-end connected node device.
As shown in fig. 4, the present specification also provides a blockchain transaction apparatus 40, which is applied to a node device of a blockchain; the service system is connected with the node equipment of the block chain through a bridge connection end; the device 40 comprises:
an obtaining unit 402, configured to obtain, by a node device connected to the bridge end, a target service transaction constructed by the service system through the bridge end, where the target service transaction includes a first digital signature generated by the service system for detail data of the target service transaction using a first private key;
a verification unit 404, configured to perform transaction verification on the target business transaction, where the transaction verification at least includes verifying the first digital signature based on a first public key corresponding to the first private key;
an execution unit 406, which executes the target business transaction;
the storage unit 408 is configured to store the execution result of the target business transaction and a second digital signature generated by the node device in the blockchain for the execution result by using a second private key to a blockchain database locally stored by the node device;
the sending unit 410 sends the execution result and the second digital signature to the business system through the bridge end, so that the business system verifies the second digital signature based on a second public key corresponding to the second private key, and executes further business processing logic related to the transaction detail data based on the execution result after the verification of the second digital signature passes.
In yet another illustrated embodiment, the second digital signature includes: and the node equipment of the block chain uses the held second private key to generate a digital signature for the authentication root of the state database stored in the block head of the target block for recording the target business transaction.
In yet another illustrative embodiment, the state database is a Merck tree constructed based on state data corresponding to transactions stored in the target tiles; the authentication root is a root hash of the merkel tree.
In a further illustrated embodiment, the second digital signature is generated by an accounting node device of the blockchain using a second private key held by the accounting node device, the second digital signature being stored at a blockhead of a target block stored in the blockchain.
In a further illustrated embodiment, the second digital signature is generated by the node device using a second private key held by the node device, the second digital signature being stored at a chunk header of the target chunk stored locally at the node device.
In yet another illustrated embodiment, the second digital signature includes: and the node equipment uses the held second private key to generate a digital signature for the execution result of the target business transaction.
In a further illustrated embodiment, the second digital signature and the execution result, or a hash digest of the second digital signature and the execution result, are stored in a chunk header of the target chunk stored locally at the node device.
In yet another illustrated embodiment, the sending unit 410 is further configured to:
sending the target block to the bridge terminal, so that the service system obtains the execution result and the second digital signature included in the target block through the bridge terminal; alternatively, the first and second electrodes may be,
sending the target block to the bridge terminal, so that the business system obtains the hash digest and the second digital signature of the execution result included in the target block through the bridge terminal; and sending the execution result to the bridging end based on the retrieval identification of the target service transaction sent by the bridging end, so that the service system obtains the execution result through the bridging end.
In a further illustrated embodiment, the second digital signature and the execution result are stored in a state database of the block chain stored locally at the bridge-end connected node device.
The implementation process of the functions and actions of each unit in the apparatuses 30 and 40 is specifically described in the implementation process of the corresponding step in the blockchain transaction method executed by the service system and the node device side of the blockchain, and related points may be referred to part of the description of the method embodiment, which is not described herein again.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the units or modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The apparatuses, units and modules described in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
Corresponding to the above method embodiments, embodiments of the present specification also provide a computer device, as shown in fig. 5, including a memory and a processor. Wherein the memory has stored thereon a computer program executable by the processor; the processor, when executing the stored computer program, performs the steps of the blockchain transaction method performed by the business system in the embodiments of the present specification. For a detailed description of each step of the blockchain transaction method executed by the business system, please refer to the previous contents, which is not repeated.
Corresponding to the above method embodiments, embodiments of the present specification also provide a computer device, as shown in fig. 5, including a memory and a processor. Wherein the memory has stored thereon a computer program executable by the processor; the processor, when executing the stored computer program, performs the steps of the blockchain transaction method performed by the node devices of the blockchain in the embodiments of the present specification. For a detailed description of each step of the blockchain transaction method executed by the node device of the blockchain, please refer to the previous contents, and it is not repeated.
The above description is only for the purpose of illustrating the preferred embodiments of the present disclosure and is not to be construed as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure are intended to be included within the scope of the present disclosure.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data.
Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
Claims (42)
1. A block chain transaction method is applied to a business system; the service system is connected with the node equipment of the block chain through a bridge connection end; the method comprises the following steps:
the business system sends the constructed target business transaction to the node equipment of the block chain through the bridging end, wherein the target business transaction comprises a first digital signature generated by the business system for the detailed data of the target business transaction by using a first private key; when the node equipment performs transaction verification, verifying the first digital signature at least based on a first public key corresponding to the first private key, executing the target business transaction after the verification is passed, and storing an execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain for the execution result by using a second private key to a block chain database locally stored by the node equipment;
acquiring an execution result of the target business transaction and the second digital signature from the node equipment through the bridging end;
verifying the second digital signature based on a second public key corresponding to the second private key, and executing further business processing logic related to the transaction detail data based on the execution result after the second digital signature is verified.
2. The method of claim 1, the second digital signature comprising: and the node equipment of the block chain uses the held second private key to generate a digital signature for the authentication root of the state database stored in the block head of the target block for recording the target business transaction.
3. The method of claim 2, the state database being a merkel tree constructed based on state data corresponding to transactions stored in the target tile; the authentication root is a root hash of the merkel tree.
4. A method as claimed in claim 2 or 3, wherein the second digital signature is generated by an accounting node device of the blockchain using a second private key held by the accounting node device, the second digital signature being stored at a blockhead of a target block stored in the blockchain.
5. A method as claimed in claim 2 or 3, the second digital signature being generated by the node device using a second private key held by the node device, the second digital signature being held at a chunk header of the target chunk stored locally at the node device.
6. The method of claim 1, the second digital signature comprising: and the node equipment uses the held second private key to generate a digital signature for the execution result of the target business transaction.
7. The method of claim 6, wherein the second digital signature and the execution result, or a hash digest of the second digital signature and the execution result, are stored in a chunk header of the target chunk stored locally at the bridge-connected node device.
8. The method of claim 7, the obtaining, from the node device through the bridge end, the execution result of the target business transaction and the second digital signature, comprising:
pulling the target block from the node device through the bridge terminal to obtain the execution result and the second digital signature; alternatively, the first and second electrodes may be,
pulling the target block from the node equipment through the bridge terminal to obtain the hash digest of the execution result and the second digital signature; and acquiring an execution result of the target service transaction from the node equipment through the bridge terminal based on the retrieval identification of the target service transaction.
9. The method of claim 6, the second digital signature and the execution result stored in a state database of the block chain stored locally by the bridge-ended node device.
10. The method of claim 1, wherein the first private key is stored in a Hardware Security Module (HSM) hosted by the business system.
11. The method of claim 1, the targeted business transaction being a money transfer transaction; the transaction detail data is block chain transfer data;
the executing further business processing logic associated with the transaction detail data comprises:
performing a money transfer operation associated with the blockchain transfer data; alternatively, the first and second electrodes may be,
a refund operation associated with the blockchain transfer data is performed.
12. A block chain transaction method is applied to node equipment of a block chain; the service system is connected with the node equipment of the block chain through a bridge connection end; the method comprises the following steps:
the node equipment connected with the bridging end acquires a target business transaction constructed by the business system through the bridging end, wherein the target business transaction comprises a first digital signature generated by the business system for detail data of the target business transaction by using a first private key;
performing transaction verification on the target business transaction, wherein the transaction verification at least comprises verifying the first digital signature based on a first public key corresponding to the first private key;
after the verification is passed, the target business transaction is executed, and the execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain for the execution result by using a second private key are stored in a block chain database locally stored by the node equipment;
and sending the execution result and the second digital signature to the business system through the bridge terminal so that the business system verifies the second digital signature based on a second public key corresponding to the second private key, and executing further business processing logic related to the transaction detail data based on the execution result after the verification of the second digital signature is passed.
13. The method of claim 12, the second digital signature comprising: and the node equipment of the block chain uses the held second private key to generate a digital signature for the authentication root of the state database stored in the block head of the target block for recording the target business transaction.
14. The method of claim 13, the state database is a merkel tree constructed based on state data corresponding to transactions stored in the target tile; the authentication root is a root hash of the merkel tree.
15. A method as claimed in claim 13 or 14, wherein the second digital signature is generated by a billing node device of the blockchain using a second private key held by the billing node device, the second digital signature being stored at a blockhead of a target block stored in the blockchain.
16. The method of claim 13 or 14, the second digital signature being generated by the node device using a second private key held by the node device, the second digital signature being held at a chunk header of the target chunk stored locally at the node device.
17. The method of claim 12, the second digital signature comprising: and the node equipment uses the held second private key to generate a digital signature for the execution result of the target business transaction.
18. The method of claim 17, wherein the second digital signature and the execution result, or a hash digest of the second digital signature and the execution result, are stored in a chunk header of the target chunk stored locally at the node device.
19. The method of claim 18, the sending the execution result and the second digital signature to the business system through the bridge end, comprising:
sending the target block to the bridge terminal, so that the service system obtains the execution result and the second digital signature included in the target block through the bridge terminal; alternatively, the first and second electrodes may be,
sending the target block to the bridge terminal, so that the business system obtains the hash digest and the second digital signature of the execution result included in the target block through the bridge terminal; and sending the execution result to the bridging end based on the retrieval identification of the target service transaction sent by the bridging end, so that the service system obtains the execution result through the bridging end.
20. The method of claim 17, the second digital signature and the execution result being stored in a state database of the blockchain stored locally at the bridge-end connected node device.
21. The method of claim 12, wherein the first private key is stored in a Hardware Security Module (HSM) hosted by the business system.
22. The method of claim 12, wherein the targeted business transaction is a money transfer transaction; the transaction detail data is block chain transfer data;
the executing further business processing logic associated with the transaction detail data comprises:
performing a money transfer operation associated with the blockchain transfer data; alternatively, the first and second electrodes may be,
a refund operation associated with the blockchain transfer data is performed.
23. A block chain transaction device is applied to a business system; the service system is connected with the node equipment of the block chain through a bridge connection end; the device comprises:
the sending unit is used for sending the constructed target business transaction to the node equipment of the block chain through the bridging end, wherein the target business transaction comprises a first digital signature generated by the business system for detail data of the target business transaction by using a first private key; when the node equipment performs transaction verification, verifying the first digital signature at least based on a first public key corresponding to the first private key, executing the target business transaction after the verification is passed, and storing an execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain for the execution result by using a second private key to a block chain database locally stored by the node equipment;
the acquisition unit acquires the execution result of the target service transaction and the second digital signature from the node equipment through the bridging end;
a verification unit that verifies the second digital signature based on a second public key corresponding to the second private key;
an execution unit to execute further business processing logic associated with the transaction statement data based on the execution result.
24. The apparatus of claim 23, the second digital signature being: and the node equipment of the block chain uses the held second private key to generate a digital signature for the authentication root of the state database stored in the block head of the target block for recording the target business transaction.
25. The device of claim 24, the state database is a merkel tree constructed based on state data corresponding to transactions stored in the target tile; the authentication root is a root hash of the merkel tree.
26. The apparatus according to claim 24 or 25, the second digital signature being generated by a billing node device of the blockchain using a second private key held by the billing node device, the second digital signature being stored at a blockhead of a target chunk stored by the blockchain.
27. The apparatus of claim 24 or 25, the second digital signature generated by the node device using a second private key held by the node device, the second digital signature being maintained at a chunk header of the target chunk stored locally at the node device.
28. The apparatus of claim 23, the second digital signature comprising: and the node equipment uses the held second private key to generate a digital signature for the execution result of the target business transaction.
29. The apparatus of claim 28, wherein the second digital signature and the execution result, or a hash digest of the second digital signature and the execution result, are stored in a chunk header of the target chunk stored locally at the bridge-connected node device.
30. The apparatus of claim 29, the obtaining unit further configured to:
pulling the target block from the node device through the bridge terminal to obtain the execution result and the second digital signature; alternatively, the first and second electrodes may be,
pulling the target block from the node equipment through the bridge terminal to obtain the hash digest of the execution result and the second digital signature; and acquiring an execution result of the target service transaction from the node equipment through the bridge terminal based on the retrieval identification of the target service transaction.
31. The method of claim 28, the second digital signature and the execution result being stored in a state database of the block chain stored locally at the bridge-ended node device.
32. A block chain transaction device is applied to node equipment of a block chain; the service system is connected with the node equipment of the block chain through a bridge connection end; the device comprises:
the acquisition unit is used for acquiring a target business transaction constructed by the business system through the bridge end by the node equipment connected with the bridge end, wherein the target business transaction comprises a first digital signature generated by the business system for detailed data of the target business transaction by using a first private key;
the verification unit is used for performing transaction verification on the target business transaction, and the transaction verification at least comprises verification of the first digital signature based on a first public key corresponding to the first private key;
the execution unit executes the target business transaction;
the storage unit is used for storing an execution result of the target business transaction and a second digital signature generated by the node equipment in the block chain for the execution result by using a second private key to a block chain database locally stored by the node equipment;
and the sending unit is used for sending the execution result and the second digital signature to the service system through the bridging end so that the service system verifies the second digital signature based on a second public key corresponding to the second private key, and executing further service processing logic related to the transaction detail data based on the execution result after the verification of the second digital signature is passed.
33. The apparatus of claim 32, the second digital signature comprising: and the node equipment of the block chain uses the held second private key to generate a digital signature for the authentication root of the state database stored in the block head of the target block for recording the target business transaction.
34. The device of claim 33, the state database is a merkel tree constructed based on state data corresponding to transactions stored in the target block; the authentication root is a root hash of the merkel tree.
35. The apparatus according to claim 33 or 34, the second digital signature being generated by a billing node device of the blockchain using a second private key held by the billing node device, the second digital signature being stored at a blockhead of a target chunk stored by the blockchain.
36. The apparatus of claim 33 or 34, the second digital signature generated by the node device using a second private key held by the node device, the second digital signature being maintained at a chunk header of the target chunk stored locally at the node device.
37. The apparatus of claim 32, the second digital signature comprising: and the node equipment uses the held second private key to generate a digital signature for the execution result of the target business transaction.
38. The apparatus of claim 37, the second digital signature and the execution result, or a hash digest of the second digital signature and the execution result, are stored at a chunk header of the target chunk stored locally at the node device.
39. The apparatus of claim 38, the sending unit further configured to:
sending the target block to the bridge terminal, so that the service system obtains the execution result and the second digital signature included in the target block through the bridge terminal; alternatively, the first and second electrodes may be,
sending the target block to the bridge terminal, so that the business system obtains the hash digest and the second digital signature of the execution result included in the target block through the bridge terminal; and sending the execution result to the bridging end based on the retrieval identification of the target service transaction sent by the bridging end, so that the service system obtains the execution result through the bridging end.
40. The apparatus of claim 37, the second digital signature and the execution result are stored in a state database of the blockchain stored locally at the bridge-end connected node device.
41. A computer device, comprising: a memory and a processor; the memory having stored thereon a computer program executable by the processor; the processor, when executing the computer program, performs the method of any of claims 1 to 11.
42. A computer device, comprising: a memory and a processor; the memory having stored thereon a computer program executable by the processor; the processor, when executing the computer program, performs the method of any of claims 12 to 22.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010356265.0A CN111552991A (en) | 2020-04-29 | 2020-04-29 | Block chain transaction method and device |
| PCT/IB2021/000334 WO2021220062A1 (en) | 2020-04-29 | 2021-04-23 | Blockchain transaction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010356265.0A CN111552991A (en) | 2020-04-29 | 2020-04-29 | Block chain transaction method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111552991A true CN111552991A (en) | 2020-08-18 |
Family
ID=72006014
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010356265.0A Pending CN111552991A (en) | 2020-04-29 | 2020-04-29 | Block chain transaction method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN111552991A (en) |
| WO (1) | WO2021220062A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112286643A (en) * | 2020-12-24 | 2021-01-29 | 北京百度网讯科技有限公司 | Transaction processing method, device, equipment, program and medium of Etheng virtual machine |
| CN112560005A (en) * | 2020-12-01 | 2021-03-26 | 杭州趣链科技有限公司 | Identity trusted service system, method, electronic device and computer readable medium |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116781269A (en) * | 2022-03-07 | 2023-09-19 | 腾讯科技(深圳)有限公司 | Block chain-based data processing method, device, equipment, medium and product |
| CN115580431A (en) * | 2022-09-01 | 2023-01-06 | 广州大学 | Private data access control method based on alliance chain intelligent contract |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170352027A1 (en) * | 2016-06-07 | 2017-12-07 | Cornell University | Authenticated data feed for blockchains |
| CN110009337A (en) * | 2018-12-21 | 2019-07-12 | 阿里巴巴集团控股有限公司 | A kind of data processing method and device based on block chain |
| CN110535647A (en) * | 2018-05-25 | 2019-12-03 | 上海诚频信息科技合伙企业(有限合伙) | Believable data transmission method, system, electronic equipment, storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108876572A (en) * | 2018-05-29 | 2018-11-23 | 阿里巴巴集团控股有限公司 | The account checking method and device, electronic equipment of block chain transaction |
| CN110266655B (en) * | 2019-05-30 | 2021-11-12 | 中国工商银行股份有限公司 | Cross-chain interconnection method, device and system based on block chain |
| CN110602096B (en) * | 2019-09-12 | 2021-07-13 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment in block chain network |
| CN110650189B (en) * | 2019-09-20 | 2022-01-18 | 深圳供电局有限公司 | Relay-based block chain interaction system and method |
-
2020
- 2020-04-29 CN CN202010356265.0A patent/CN111552991A/en active Pending
-
2021
- 2021-04-23 WO PCT/IB2021/000334 patent/WO2021220062A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170352027A1 (en) * | 2016-06-07 | 2017-12-07 | Cornell University | Authenticated data feed for blockchains |
| CN110535647A (en) * | 2018-05-25 | 2019-12-03 | 上海诚频信息科技合伙企业(有限合伙) | Believable data transmission method, system, electronic equipment, storage medium |
| CN110009337A (en) * | 2018-12-21 | 2019-07-12 | 阿里巴巴集团控股有限公司 | A kind of data processing method and device based on block chain |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112560005A (en) * | 2020-12-01 | 2021-03-26 | 杭州趣链科技有限公司 | Identity trusted service system, method, electronic device and computer readable medium |
| CN112286643A (en) * | 2020-12-24 | 2021-01-29 | 北京百度网讯科技有限公司 | Transaction processing method, device, equipment, program and medium of Etheng virtual machine |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021220062A1 (en) | 2021-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3812992B1 (en) | Block chain transaction method and apparatus | |
| US11188874B2 (en) | Block chain-based claim settlement method and apparatus | |
| US11461773B2 (en) | Blockchain-based node management methods and apparatuses | |
| US20220239470A1 (en) | Cross-blockchain data processing method and apparatus, device, and computer storage medium | |
| CN110766550B (en) | Asset query method and device based on block chain and electronic equipment | |
| US11321783B2 (en) | Method and device for data processing based on blockchain | |
| CN111026789B (en) | Block chain-based electronic bill query method and device and electronic equipment | |
| CN111461723B (en) | Data processing system, method and device based on block chain | |
| CN111552991A (en) | Block chain transaction method and device | |
| US20200175487A1 (en) | Obtaining a blockchain-based, real-name, electronic bill | |
| CN110009338B (en) | Accounting method and device based on block chain and electronic equipment | |
| CN111539731A (en) | Block chain-based federal learning method and device and electronic equipment | |
| US20200175583A1 (en) | Blockchain-based leasing | |
| US11144926B2 (en) | Blockchain-based recordkeeping method and apparatus | |
| US11861612B2 (en) | Blockchain-based offline resource transfer method and apparatus | |
| CN111192146B (en) | Correction method and device for block chain data | |
| CN112766854B (en) | Block chain-based digital commodity transaction method and device | |
| CN112883109B (en) | Block chain-based digital commodity transaction method and device | |
| CN110930152A (en) | Data processing method based on block chain and related equipment | |
| CN111726318A (en) | Sensitive data transaction method and system based on block chain | |
| Garcia Bringas et al. | BlockChain platforms in financial services: current perspective | |
| US20230259930A1 (en) | Cross-chain transaction processing method and apparatus, electronic device, and storage medium | |
| CN113536384B (en) | Block chain-based private data mapping method, block chain-based private data mapping device, block chain-based private data mapping medium and electronic equipment | |
| CN111555870B (en) | Key operation method and device | |
| CN113095821A (en) | Method and device for interaction of property rights |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40035883 Country of ref document: HK |
|
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200818 |
|
| RJ01 | Rejection of invention patent application after publication |