CN111798224A - SGX-based digital currency payment method - Google Patents
SGX-based digital currency payment method Download PDFInfo
- Publication number
- CN111798224A CN111798224A CN202010495521.4A CN202010495521A CN111798224A CN 111798224 A CN111798224 A CN 111798224A CN 202010495521 A CN202010495521 A CN 202010495521A CN 111798224 A CN111798224 A CN 111798224A
- Authority
- CN
- China
- Prior art keywords
- account
- digital currency
- information
- payment
- sgx
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000005540 biological transmission Effects 0.000 claims abstract description 19
- 238000005516 engineering process Methods 0.000 claims abstract description 15
- 230000002452 interceptive effect Effects 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims description 36
- 230000003993 interaction Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 5
- 238000012546 transfer Methods 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 2
- 239000000284 extract Substances 0.000 claims 1
- 238000007726 management method Methods 0.000 description 11
- 230000008901 benefit Effects 0.000 description 5
- 238000011161 development Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 229910002056 binary alloy Inorganic materials 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
Abstract
The invention discloses a digital currency payment method based on SGX, comprising the following steps: generating a trusted space at a service end for issuing digital currency and a user PC (personal computer) of the digital currency by using SGX (secure gateway X) software, and providing a safe and trusted storage space and an operation space for digital currency account data information and interactive operation functions of a digital currency service end and a digital currency user; the digital currency user side and the server side encrypt and sign interactive operation information and transmission data of the user side and the server side by using an asymmetric encryption technology, and a safe and reliable data transmission channel is established in an untrusted space for a digital currency payment method based on SGX; the digital currency user side and the server side are combined with the SGX software extended trusted space by utilizing the security transmission constructed by the asymmetric encryption technology to complete digital currency account application, digital currency payment, account inquiry, account management and account updating. The invention provides a brand new idea and mode for the safe payment of the digital currency.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a digital currency payment method based on SGX.
Background
Digital currency (digitai currency) refers to the generation currency in the form of electronic currency, which is used for digitizing currency. The digital currency market scale has rapidly increased in recent years due to the rapid development of the blockchain industry, and the lack of highly reliable universal currency due to the lack of corresponding regulatory policies. Meanwhile, with the development of digitization becoming more and more widespread, the research on central bank digital currencies (centrbank digital currency) is gradually developed by each central bank, and the digital currencies of the central bank are planned to be pushed out. Digital currency must be issued by the central authorities as legal digital currency and as legal currency, which is itself not just a payment instrument. Based on the characteristics of digital money, the direct benefit of bringing digital money to the central bank is not only to save money issuing, circulating, and settlement costs, but also to enhance the ability of the central bank to host funds. While CBDC has numerous advantages over current banknotes, the issue of new currencies simultaneously also presents problems. Among them, the current payment method and payment security for digital currency are the hot issue of the current digital currency issue.
The Intel introduced SGX (software guard extensions) instruction set extension aims to provide a trusted execution environment of a user space by taking hardware security as mandatory guarantee and not relying on the security state of firmware and software, realizes isolated operation among different programs by a group of new instruction set extension and access control mechanisms, and guarantees that confidentiality and integrity of user key codes and data are not damaged by malicious software. Different from other security technologies, a trusted computing base (TCB for short) of the SGX only includes hardware, so that the defects of software security loopholes and threats existing in the TCB based on software are overcome, and system security guarantee is greatly improved; in addition, the SGX can guarantee a trusted execution environment during operation, malicious codes cannot access and tamper the protection content during operation of other programs, the safety of the system is further enhanced, and the application program can flexibly call the safety function and verify the safety function based on the extension of an instruction set and an independent authentication mode.
The invention provides a safer digital currency payment method and device by means of an SGX technology, solves the potential problems of interception, modification, access to payment application and the like of lawbreakers in payment transaction of digital currency, and provides a safe and reliable operation environment for digital currency payment.
Disclosure of Invention
The present invention is based on the above background and the development of the prior art, and proposes to design a digital currency payment method based on SGX, which is capable of serving digital currency payment requirements. Still another object of the present invention is to secure a trusted execution environment at runtime by SGX, thereby improving security and currency of digital currency payment for secure currency circulation.
To achieve these objects and other advantages and in accordance with the purpose of the invention, as embodied and broadly described herein, there is provided an SGX-based digital money payment method, the digital money being central bank digital money issued by a central bank in each country, the central bank facing a commercial bank facing a user, assuming that legal digital money is merged and uses an existing "central bank-commercial bank" binary system and infrastructure, a service end in the SGX-based digital money payment method being a commercial bank service end, the SGX-based digital money payment method, comprising:
generating a trusted space at a service end for issuing digital currency and a user PC (personal computer) of the digital currency by using SGX (secure gateway X) software, and providing a safe and trusted storage space and an operation space for digital currency account data information and interactive operation functions of a digital currency service end and a digital currency user;
the digital currency user side and the server side encrypt and sign interactive operation information and transmission data of the user side and the server side by using an asymmetric encryption technology, and a safe and reliable data transmission channel is established in an untrusted space for a digital currency payment method based on SGX;
the digital currency user side and the server side complete digital currency account application, digital currency payment, account inquiry, account management and account updating by combining the security transmission constructed by the asymmetric encryption technology with the trusted space of SGX software extension.
As an implementable manner, the SGX software generates a trusted space, that is, the SGX software implements an envelope secure container, and each access of the trusted space requires acquiring a key credential of an access right of the trusted space, and authenticating identity information of a visitor; and the SGX software measures all codes, functions and information stored in the trusted space and allocates the storage space of the Enclave security container.
As an implementable embodiment, the account data information includes: the method comprises the following steps that a public key corresponding to a digital currency user account, bank account information under a digital currency account, an address of digital currency stored in an SGX trusted space of the digital currency account, and the balance and the currency value of the digital currency account form a condition;
as an implementable embodiment, the server-side digital currency related operation function comprises: the server side encryption and decryption function, the account verification function, the account management function and the data updating function; the sending/receiving function of the information interaction between the server side and the user side does not belong to the SGX trusted space.
As an implementation manner, the digital currency user terminal and the digital currency server terminal interoperate functions, including: encrypting and decrypting functions and command editing functions at a user side; the sending/receiving function of information interaction between the user side and the server side does not belong to the SGX trusted space.
As an implementation manner, the user side encryption and decryption function is mainly used for encryption and decryption processing of information transmitted by the user side, the user side and the server side; the method specifically comprises the following steps: on one hand, the method is used for encrypting and signing the sent command information and the account related data by the user side by utilizing a public key of an information receiving end and a private key of the user side; and on the other hand, the method is used for verifying the signature and decrypting the information and the data received by the user side by using the public key of the information sending end and the user private key.
The server side encryption and decryption function is mainly used for encryption and decryption processing of information transmitted by the server side, the user side and the server side, and specifically comprises the following steps: on one hand, the method is used for the server side to encrypt and sign the sent command information and the account related data by utilizing a public key of an information receiving end and a private key of the server side; and on the other hand, the server side is used for verifying the signature by using the public key of the information sending end and the private key of the server side and decrypting the information and the data received by the server side.
The information receiving end refers to a server end for receiving information or a user end for receiving information;
the information sending end refers to a service end for sending information or a user end for sending information;
the sending/receiving function is used for sending and receiving information data interaction between the server side and the user side, accessing the SGX trusted space and transmitting encryption and decryption function information with the SGX trusted space;
the account verification function is used for verifying digital currency account information, and the digital currency account information comprises account holder personal credit information and verification digital currency account fund conditions;
the account management function is used for opening, changing, exchanging and canceling the digital currency account;
the data updating function is used for updating personal information and account information of the digital currency account;
the account inquiry function is used for inquiring accounts, bills and balance.
As an implementable manner, the secure transmission constructed by the asymmetric encryption technology is combined with the trusted space of the SGX software extension by the digital currency user side and the server side to complete digital currency account application, digital currency payment, account inquiry, account management and account update, wherein the digital currency account application specifically includes:
firstly, a digital currency account application user side acquires an access key access user side SGX trusted space, and calls a command editing function in the SGX trusted space to edit account application information; secondly, calling a user side add-subtract function, and encrypting the digital currency account application command information by using a server side public key to obtain a command ciphertext; then, sending the encrypted command ciphertext to a server by calling the client sending/receiving function;
the server side sending/receiving function receives a command ciphertext of a user side, acquires an access key to access the SGX trusted space of the server side, transmits the ciphertext to the server side encryption and decryption function, and the server side encryption and decryption function decrypts the command ciphertext by using the server side private key to extract application information of the digital currency account. Further, the server side calls an account verification function to verify the application information of the digital currency account, if the application information passes the verification, the server side calls an account management function to allocate an SGX trusted space to open a new digital currency account, and meanwhile, the success of the digital currency account applied by the user side, the name of the account and the connection of a key generation tool are fed back.
And the user side successfully receives the applied digital currency account, generates a pair of public and private keys of the applied digital currency account under the state that the internet is locally interrupted according to account information and feedback information, and publishes the public key to the server side.
As an implementation manner, the verifying the digital currency account application specifically includes: the application account owner already owns the digital currency account; the condition of the bank account for exchanging digital currency under the name of the application account owner; the application account owner personal information authenticity; the application account owner financial reputation status.
As an implementable embodiment, the digital monetary payment includes:
firstly, a payment user side acquires an access key access user side SGX, edits a payment application command by using a payment user side command editing function, and calls a payment user side encryption and decryption function to encrypt and sign the payment application command to obtain an application payment information ciphertext; the payment user side calls a sending/receiving function to send the payment application information ciphertext to the server side;
the server side sends/receives the function and receives the application payment information ciphertext of the payment user side, the access key is obtained to access the server side SGX, the application payment information ciphertext is transmitted to the server side encryption and decryption function, the encryption and decryption function decrypts the application payment information ciphertext and verifies the signature, and the application payment information plaintext is obtained. And if the verification signature fails, feeding back the verification signature failure to the application user side, and ending the operation. And then, calling an account verification function to verify whether the two payment parties meet the payment condition, and if the two payment parties pass the verification, transferring the digital money with the corresponding payment amount to the account of the payee by the server. Finally, calling a data updating function to update account and bill information, and sending payment digital currency information to both payment parties to finish payment; if the verification fails, the server side feeds back account information to the payer, the verification fails, and the payment fails.
As an implementation manner, the verifying whether both payment parties meet the payment condition specifically includes: the payment account and the collection account exist, the transaction of the payment account and the collection account is good, the balance of the payment account meets the payment, and the transaction amount meets the maximum amount less than one transaction.
As an implementable manner, the account query specifically includes:
the method comprises the steps that a user side obtains an access key to access an SGX trusted space of the user side, a calling side command editing function edits a query application command, and a calling side encryption and decryption function encrypts and signs the query application command to obtain a query application command ciphertext; the user side calls a sending/receiving function to send the query application command ciphertext to the server side;
the server side sending/receiving function receives an inquiry application command ciphertext of the payment client side, an access key access server side SGX is obtained, the inquiry application command ciphertext is transmitted to the server side encryption and decryption function, and the encryption and decryption function decrypts the inquiry application command ciphertext and verifies a signature to obtain an inquiry application command plaintext; then, calling an account query function, feeding back the query content of the user side according to the application requirement, and finishing the account query operation; if the verification signature fails, feeding back the verification signature failure to the application user side, and ending the operation;
the account management and the account updating are specifically that the server calls an account management function to open, change, exchange and cancel the digital currency account according to the updating requirement of the user side or the management requirement of the server side, and calls a data updating function to update the personal information and the account information of the digital currency account.
The invention at least comprises the following beneficial effects:
(1) the asymmetric encryption technology provides high security guarantee for data information transmission in operations such as application, payment and inquiry of a digital currency account;
(2) the SGX software provides a chip-level safe operating environment for data storage and function operation in operations such as application and payment of a digital currency account;
(3) a digital currency payment method is provided in which payment authority and operation are separated from digital currency storage, which is centrally stored at a server.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.
Drawings
FIG. 1 is a schematic diagram of an embodiment of a digital currency payment method based on SGX;
FIG. 2 is a flow chart of a digital money account application for a SGX-based digital money payment method;
FIG. 3 is a digital currency payment flow diagram of a SGX-based digital currency payment method;
FIG. 4 is a flow chart of digital currency account inquiry for SGX-based digital currency payment method.
Detailed Description
In order to clearly illustrate the present invention and make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, so that those skilled in the art can implement the technical solutions in reference to the description text. The technology of the present invention will be described in detail below with reference to the accompanying drawings in conjunction with specific embodiments.
1. Fig. 1 shows an implementation form according to the invention, showing a simple embodiment of the invention. Based on the SGX digital currency payment mode, a server side issuing digital currency generates a trusted space by using SGX software, and stores digital currency account data information and a server side digital currency related operation function into the SGX trusted space; and a user PC of the digital currency generates a trusted space by using SGX software, and stores an interactive operation function of the digital currency user side and the digital currency server side into the trusted space of the SGX. The digital currency user side and the server side complete digital currency account application, digital currency payment, account inquiry, account management and account updating by combining the security transmission constructed by the asymmetric encryption technology with the trusted space of SGX software extension.
The SGX software generates a trusted space, namely the SGX software realizes an Enclave security container, and each access of the trusted space needs to acquire a key certificate of the access authority of the trusted space and authenticate identity information of a visitor;
and the SGX software measures all codes, functions and information stored in the trusted space and allocates the storage space of the Enclave security container.
The server-side digital currency related operation function comprises the following steps: encryption and decryption functions, sending/receiving functions, account verification functions, account management functions and data updating functions.
The digital currency user side and the digital currency server side interactive operation function comprises the following steps: encryption and decryption functions, transmission/reception functions, command editing functions.
2. The premise of using digital currency by a user is to have a legal and normal digital currency account, and the requirements of applying for the digital currency account need to be satisfied: the condition that an application account owner owns the digital currency account is normal, and illegal and lost credit situations do not exist; the bank account which applies for the exchange of digital currency under the name of the account owner is normal and has no bad record; the personal information of the application account owner is real and credible; the financial credit of the application account owner is good. Specifically, the digital money account application flow is as shown in fig. 2, a user end requiring digital money account application acquires an access key for accessing an SGX of the user end, accesses an interactive operation function of the digital money user end and a server end in an SGX trusted space, first, the user end calls an encryption and decryption function in the SGX trusted space of the user end, and encrypts application account information by using a server end public key; secondly, calling a sending/receiving function to send the encrypted application account information to a server; the server side sending/receiving function receives the ciphertext sent by the client side and transmits the ciphertext into the SGX trusted space, and the server side SGX encryption and decryption function decrypts the ciphertext by using the server side private key to obtain digital currency account application information; and then calling an account verification function to verify the application information of the digital currency account. If the verification is passed, the server side calls an account management function to allocate an SGX trusted space to open a new digital currency account, and feeds back the success of the digital currency account applied by the user side, the account name and the connection of a key generation tool. If the verification fails, the server side feeds back the digital currency account to apply for the user side to apply for the verification failure, and the account cannot be established.
3. Fig. 3 shows an SGX-based digital currency payment implementation, and in conjunction with fig. 1, it is assumed that user a is a payer of digital currency and user B is a payee of digital currency. Firstly, a user side A acquires an access key to access a trusted space of an SGX, and a command editing function is called to edit a payment application command according to a payment requirement; secondly, calling an encryption and decryption function to encrypt and sign the payment application command to obtain a payment application information ciphertext; then the user A calls a sending/receiving function to send the payment application information ciphertext to the server; a sending/receiving function of the server receives ciphertext information from the user side A, acquires an access key to access the server side SGX, and calls an SGX encryption and decryption function to decrypt and verify a signature of the received ciphertext to obtain payment application information; then, the server side calls an account verification function to verify whether the two payment sides meet the payment conditions, namely whether the payment account and the collection account exist, whether the transaction information of the payment account and the collection account is good, whether the balance of the payment account meets the payment and whether the transaction amount meets the highest amount of the transaction, if the verification is passed, the server side transfers the corresponding amount digital money from the digital money of the account of the server side of the payment side to the account of the server side of the collection side to finish the transfer of the money in the digital money payment, and finally, the server side calls a data updating function to update the account and the bill information and simultaneously sends the payment digital money information to the user A and the user B to finish the payment; if the verification fails, the server side feeds back account information to the payer, the verification fails, and the payment fails.
In the application of the digital currency account and the digital currency payment, all transmission information is encrypted, and the safety of data transmission is improved. For the operation of digital currency and data information, the code is carried out in a trusted space of an SGX software extension, and the environmental security index of code operation and data processing is improved. Specifically, the following description is provided: digital currency in all digital currency accounts is stored in the SGX trusted space of the server, and all conversion and transfer of the digital currency are carried out at the server, so that security threats brought to the digital currency by huge user side operation are reduced.
As described above, according to the implementation principle and scheme of the present invention, since the encryption transmission, signature authentication and SGX software are effectively combined to monitor and protect the whole digital currency operation in real time, the SGX-based digital currency payment method has the application effects of high confidentiality and high security.
The embodiments described above are presented to enable a person having ordinary skill in the art to make and use the invention. It will be readily apparent to those skilled in the art that various modifications to the above-described embodiments may be made, and the generic principles defined herein may be applied to other embodiments without the use of inventive faculty. Therefore, the present invention is not limited to the above embodiments, and those skilled in the art should make improvements and modifications to the present invention based on the disclosure of the present invention within the protection scope of the present invention.
Claims (10)
1. An SGX-based digital currency payment method for secure payment of digital currency, the method comprising:
generating a trusted space at a service end for issuing digital currency and a user PC (personal computer) of the digital currency by using SGX (secure gateway X) software, and providing a safe and trusted storage space and an operation space for digital currency account data information and interactive operation functions of a digital currency service end and a digital currency user;
the digital currency user side and the server side encrypt and sign interactive operation information and transmission data of the user side and the server side by using an asymmetric encryption technology, and a safe and reliable data transmission channel is established in an untrusted space for a digital currency payment method based on SGX;
the application of the digital currency account, the payment of the digital currency, the inquiry of the account, the management of the account and the update of the account are completed in a safe state by the combination of the trusted space of the SGX software extension and the safe transmission constructed by the asymmetric encryption technology.
2. The SGX-based digital currency payment method according to claim 1, wherein the generating a trusted space using SGX software specifically comprises:
the SGX software generates a trusted space, namely the SGX software realizes an Enclave security container, and each access of the trusted space needs to acquire a key certificate of the access authority of the trusted space and authenticate identity information of a visitor;
and the SGX software measures all codes, functions and information stored in the trusted space and allocates the storage space of the Enclave security container.
3. The SGX-based digital currency payment method according to claim 1, wherein: generating a trusted space at a service terminal issuing digital currency by using SGX software, and storing digital currency account data information and a service terminal digital currency related operation function into the trusted space of the SGX;
wherein the account data information includes: the method comprises the following steps that a public key corresponding to a digital currency user account, bank account information under a digital currency account, an address of digital currency stored in an SGX trusted space of the digital currency account, and the balance and the currency value of the digital currency account form a condition;
the server-side digital currency related operation function comprises the following steps: the server side encryption and decryption function, the account verification function, the account management function and the data updating function;
the sending/receiving function of the information interaction between the server side and the user side does not belong to the SGX trusted space.
4. The SGX-based digital currency payment method according to claim 1, wherein the user PC of the digital currency generates a trusted space using SGX software, and deposits a digital currency user-side and digital currency server interoperation function into the trusted space of SGX, wherein the digital currency user-side and digital currency server interoperation function comprises: encrypting and decrypting functions and command editing functions at a user side;
the sending/receiving function of information interaction between the user side and the server side does not belong to the SGX trusted space.
5. The SGX based digital currency payment method according to claim 3, wherein:
the user side encryption and decryption function is mainly used for encryption and decryption processing of information transmitted by the user side, the user side and the server side; the method specifically comprises the following steps: on one hand, the method is used for encrypting and signing the sent command information and the account related data by the user side by utilizing a public key of an information receiving end and a private key of the user side; on the other hand, the method is used for verifying the signature and decrypting the information and the data received by the user side by utilizing the public key of the information sending end and the user private key;
the server side encryption and decryption function is mainly used for encryption and decryption processing of information transmitted by the server side, the client side and the server side; the method specifically comprises the following steps: on one hand, the method is used for the server side to encrypt and sign the sent command information and the account related data by utilizing a public key of an information receiving end and a private key of the server side; on the other hand, the server side is used for verifying the signature by using the public key of the information sending end and the private key of the server side and decrypting the information and the data received by the server side;
the information receiving end refers to a server end for receiving information or a user end for receiving information;
the information sending end refers to a service end for sending information or a user end for sending information;
the sending/receiving function is used for sending and receiving information data interaction between the server side and the user side, accessing the SGX trusted space and transmitting encryption and decryption function information with the SGX trusted space;
the account verification function is used for verifying the digital currency account information, and the digital currency account information comprises account holder personal credit information and verification digital currency account fund conditions;
the account management function is used for opening, changing, exchanging and canceling the digital currency account;
the data updating function is used for updating personal information and account information of the digital currency account;
and the account inquiry function is used for inquiring the account, the bill and the balance.
6. The SGX-based digital currency payment method according to claim 1, wherein: the method comprises the following steps of completing digital currency account application, digital currency payment, account inquiry, account management and account updating in a safe state by combining a trusted space of SGX software extension and safe transmission constructed by an asymmetric encryption technology, wherein the digital currency account application specifically comprises the following steps:
firstly, a digital currency account application user side acquires an access key access user side SGX trusted space, and calls a command editing function in the SGX trusted space to edit account application information; secondly, calling a user side add-subtract function, and encrypting the digital currency account application command information by using a server side public key to obtain a command ciphertext; then, sending the encrypted command ciphertext to a server by calling a client sending/receiving function;
the server side sending/receiving function receives a command ciphertext of a user side, acquires an access key to access an SGX trusted space of the server side, transmits the ciphertext to the server side encryption and decryption function, decrypts the command ciphertext by using a server side private key through the server side encryption and decryption function, and extracts application information of the digital currency account; further, the server side calls an account verification function to verify the application information of the digital currency account, if the application information passes the verification, the server side calls an account management function to allocate an SGX trusted space to open a new digital currency account, and meanwhile, the success of the digital currency account applied by the user side, the name of the account and the connection of a key generation tool are fed back;
and the user side successfully receives the applied digital currency account, generates a pair of public and private keys of the applied digital currency account under the state of locally interrupting the Internet according to account information and feedback information, and publishes the public key.
7. The SGX based digital currency payment method according to claim 6, wherein: the verification of the digital currency account application specifically comprises the following steps: the application account owner already owns the digital currency account; the condition of the bank account for exchanging digital currency under the name of the application account owner; the application account owner personal information authenticity; the application account owner financial reputation status.
8. The SGX-based digital currency payment method according to claim 1, wherein: the application of the digital currency account, the payment of the digital currency, the inquiry of the account, the management of the account and the update of the account are completed in a safe state through the combination of the trusted space of the SGX software extension and the safe transmission constructed by the asymmetric encryption technology; wherein the digital currency payment comprises:
firstly, a payment user side acquires an access key access user side SGX trusted space, a payment user side command editing function is used for editing a payment application command, and a payment user side encryption and decryption function is called to encrypt and sign the payment application command to obtain an application payment information ciphertext; the payment user side calls a sending/receiving function to send the payment application information ciphertext to the server side;
the server side sends/receives a function to receive a payment application information ciphertext of a payment user side, an access key is obtained to access a server side SGX trusted space, the payment application information ciphertext is transmitted to a server side encryption and decryption function, and the encryption and decryption function decrypts the payment application information ciphertext and verifies a signature to obtain a payment application information plaintext; if the verification signature fails, feeding back the verification signature failure to the application user side, and ending the operation; then, calling an account verification function to verify whether the payment parties meet the payment conditions; if the verification is passed, the server transfers the digital money with the corresponding amount to the account of the payee; finally, calling a data updating function to update account and bill information, and sending payment digital currency information to both payment parties to finish payment; if the verification fails, the server side feeds back account information to the payer, the verification fails, and the payment fails.
9. The SGX-based digital currency payment method according to claim 8, wherein: and verifying whether the two payment parties meet the payment conditions, wherein the specific payment conditions comprise: the payment account and the collection account exist, the transaction of the payment account and the collection account is good, the balance of the payment account meets the payment, and the transaction amount meets the maximum amount less than one transaction.
10. The SGX-based digital currency payment method according to claim 1, wherein: the application of the digital currency account, the payment of the digital currency, the inquiry of the account, the management of the account and the update of the account are completed in a safe state through the combination of the trusted space of the SGX software extension and the safe transmission constructed by the asymmetric encryption technology; the account query specifically includes:
the method comprises the steps that a user side obtains an access key to access an SGX trusted space of the user side, a calling side command editing function edits a query application command, and a calling side encryption and decryption function encrypts and signs the query application command to obtain a query application command ciphertext; the user side calls a sending/receiving function to send the query application command ciphertext to the server side;
the server side sending/receiving function receives an inquiry application command ciphertext of the payment client side, an access key is obtained to access the SGX trusted space of the server side, the inquiry application command ciphertext is transmitted to the server side encryption and decryption function, and the encryption and decryption function decrypts the inquiry application command ciphertext and verifies a signature to obtain an inquiry application command plaintext; then, calling an account query function, feeding back the query content of the user side according to the application requirement, and finishing the account query operation; if the verification signature fails, feeding back the verification signature failure to the application user side, and ending the operation;
the account management and the account updating are specifically that the server calls an account management function to open, change, exchange and cancel the digital currency account according to the updating requirement of the user side or the management requirement of the server side, and calls a data updating function to update the personal information and the account information of the digital currency account.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010495521.4A CN111798224A (en) | 2020-06-03 | 2020-06-03 | SGX-based digital currency payment method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010495521.4A CN111798224A (en) | 2020-06-03 | 2020-06-03 | SGX-based digital currency payment method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111798224A true CN111798224A (en) | 2020-10-20 |
Family
ID=72806230
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010495521.4A Pending CN111798224A (en) | 2020-06-03 | 2020-06-03 | SGX-based digital currency payment method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111798224A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112560104A (en) * | 2021-01-17 | 2021-03-26 | 梁志彬 | Data storage method and safety information platform based on cloud computing and block chain |
| CN112767145A (en) * | 2020-11-23 | 2021-05-07 | 中国联合网络通信集团有限公司 | Parameter determining method, digital currency information encrypting method, server and medium |
| CN113065134A (en) * | 2020-12-28 | 2021-07-02 | 上海能链众合科技有限公司 | Block chain code and data security calculation method |
| CN113393225A (en) * | 2021-06-30 | 2021-09-14 | 杭州链网科技有限公司 | Digital currency encryption payment method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108256866A (en) * | 2016-12-29 | 2018-07-06 | 陈新 | Digital asset wallet |
| CN108615154A (en) * | 2018-05-01 | 2018-10-02 | 王锐 | A kind of block chain digital signature system and process for using based on hardware encipherment protection |
| US20190095879A1 (en) * | 2017-09-26 | 2019-03-28 | Cornell University | Blockchain payment channels with trusted execution environments |
| CN110766550A (en) * | 2019-09-05 | 2020-02-07 | 阿里巴巴集团控股有限公司 | Asset query method and device based on block chain and electronic equipment |
-
2020
- 2020-06-03 CN CN202010495521.4A patent/CN111798224A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108256866A (en) * | 2016-12-29 | 2018-07-06 | 陈新 | Digital asset wallet |
| US20190095879A1 (en) * | 2017-09-26 | 2019-03-28 | Cornell University | Blockchain payment channels with trusted execution environments |
| CN108615154A (en) * | 2018-05-01 | 2018-10-02 | 王锐 | A kind of block chain digital signature system and process for using based on hardware encipherment protection |
| CN110766550A (en) * | 2019-09-05 | 2020-02-07 | 阿里巴巴集团控股有限公司 | Asset query method and device based on block chain and electronic equipment |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112767145A (en) * | 2020-11-23 | 2021-05-07 | 中国联合网络通信集团有限公司 | Parameter determining method, digital currency information encrypting method, server and medium |
| CN112767145B (en) * | 2020-11-23 | 2023-07-07 | 中国联合网络通信集团有限公司 | Parameter determination method, digital money information encryption method, server, and medium |
| CN113065134A (en) * | 2020-12-28 | 2021-07-02 | 上海能链众合科技有限公司 | Block chain code and data security calculation method |
| CN113065134B (en) * | 2020-12-28 | 2024-03-12 | 上海零数众合信息科技有限公司 | Block chain code and data security calculation method |
| CN112560104A (en) * | 2021-01-17 | 2021-03-26 | 梁志彬 | Data storage method and safety information platform based on cloud computing and block chain |
| CN113393225A (en) * | 2021-06-30 | 2021-09-14 | 杭州链网科技有限公司 | Digital currency encryption payment method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10666428B2 (en) | Efficient methods for protecting identity in authenticated transmissions | |
| CN108292330B (en) | Secure token distribution | |
| US10885501B2 (en) | Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same | |
| CN101662469B (en) | Method and system based on USBKey online banking trade information authentication | |
| CN103714639B (en) | A kind of method and system that realize the operation of POS terminal security | |
| US7352867B2 (en) | Method of preventing unauthorized distribution and use of electronic keys using a key seed | |
| US8601260B2 (en) | Creation of user digital certificate for portable consumer payment device | |
| US9948624B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| WO2021008453A1 (en) | Method and system for offline blockchain transaction based on identifier authentication | |
| CN111798224A (en) | SGX-based digital currency payment method | |
| US20060123465A1 (en) | Method and system of authentication on an open network | |
| US20070033136A1 (en) | Secured financial transaction device | |
| CA2914956C (en) | System and method for encryption | |
| WO2018133674A1 (en) | Method of verifying and feeding back bank payment permission authentication information | |
| CN101216923A (en) | A system and method to enhance the data security of e-bank dealings | |
| CN102195932A (en) | Method and system for realizing network identity authentication based on two pieces of isolation equipment | |
| Hwang et al. | Securing on-line credit card payments without disclosing privacy information | |
| KR100926153B1 (en) | System For Wireless Public Certification Service Using Electronic Signature With Mobile Terminal and Method For Providing said Service | |
| CN102521777B (en) | A kind of method and system realizing remote credit | |
| KR101941625B1 (en) | System for SNS finetech using authentication based selecting and method for operating the same | |
| CN111539032B (en) | Electronic signature application system resistant to quantum computing disruption and implementation method thereof | |
| TWI766171B (en) | Account data processing method and account data processing system | |
| JP2007298985A (en) | Method for implementing pki application of bank card on computer | |
| KR20020020134A (en) | PKI system for and method of using micro explorer on mobile terminals | |
| KR20020020135A (en) | End-to-end security system and method for wireless internet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |