CN111815321A - Transaction proposal processing method, device, system, storage medium and electronic device - Google Patents
Transaction proposal processing method, device, system, storage medium and electronic device Download PDFInfo
- Publication number
- CN111815321A CN111815321A CN202010436876.6A CN202010436876A CN111815321A CN 111815321 A CN111815321 A CN 111815321A CN 202010436876 A CN202010436876 A CN 202010436876A CN 111815321 A CN111815321 A CN 111815321A
- Authority
- CN
- China
- Prior art keywords
- client
- information
- signature
- signature information
- target transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title abstract description 15
- 238000012795 verification Methods 0.000 claims abstract description 164
- 238000000034 method Methods 0.000 claims abstract description 87
- 230000008569 process Effects 0.000 claims abstract description 42
- 230000008520 organization Effects 0.000 claims description 67
- 238000012545 processing Methods 0.000 claims description 47
- 230000015654 memory Effects 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012163 sequencing technique Methods 0.000 claims description 9
- 230000000977 initiatory effect Effects 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 5
- 230000007246 mechanism Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 13
- 238000004422 calculation algorithm Methods 0.000 description 24
- 238000010586 diagram Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000011144 upstream manufacturing Methods 0.000 description 3
- 238000005034 decoration Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/389—Keeping log of transactions for guaranteeing non-repudiation of a transaction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application relates to a processing method, a device, a system, a storage medium and an electronic device of a transaction proposal, wherein the method comprises the following steps: acquiring target transaction information of a client; signing the target transaction information by using a client private key of the client to obtain first signature information; and sending an initial transaction proposal carrying the target transaction information and the first signature information to the block chain node, wherein the initial transaction proposal is used for indicating the block chain node to acquire the target transaction proposal carrying the target transaction information, the first signature information and the second signature information, and the second signature information is obtained by signing the target transaction information by the block chain node. The method and the device solve the technical problem that the safety of the verification process of the transaction proposal in the related technology is low.
Description
Technical Field
The present application relates to the field of computers, and in particular, to a method, an apparatus, a system, a storage medium, and an electronic apparatus for processing a transaction proposal.
Background
With the continuous development of the block chain technology in the financial field, especially on a BaaS (block chain as a service) platform, how to ensure the authenticity and traceability of transaction data becomes an important problem faced by the BaaS platform.
In the related art, a block chain transaction verification scheme based on BaaS mainly includes: when a user initiates a transaction calling request through a BaaS platform, the SDK signs transaction information once by using an organization private key, and initiates a transaction Proposal (promosal) to a block chain network, wherein the transaction Proposal sends information such as contract marks, parameter information, signatures and the like of transaction calling to an endorsement (Endorser) node; after the endorsement node receives the transaction proposal, the signature is verified and whether the submitter is authorized to operate or not is determined.
In block chain transaction verification of a BaaS platform based on a current alliance chain, the processes of endorsement, transaction sequencing, signature, verification and the like of block chain link points are performed, so that at present, information such as an organization identity certificate, a private key and the like in a block chain network is hosted in a node server, and when a BaaS user initiates a transaction request, the following problems exist: first, once the organization's identity certificate, private key are stolen or compromised, a lawbreaker can easily forge a transaction or steal digital currency. In addition, there are situations where multiple transactions correspond to the same identity certificate, private key, etc., and it is difficult to accurately track the initiator user information of the transaction. Therefore, there is a certain risk in the block chain transaction verification of the existing BaaS.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The application provides a processing method, a device, a system, a storage medium and an electronic device of a transaction proposal, which at least solve the technical problem of lower security of the verification process of the transaction proposal in the related technology.
According to an aspect of an embodiment of the present application, there is provided a method for processing a transaction proposal, including:
acquiring target transaction information of a client;
signing the target transaction information by using a client private key of the client to obtain first signature information;
and sending an initial transaction proposal carrying the target transaction information and the first signature information to a block chain node, wherein the initial transaction proposal is used for indicating the block chain node to acquire the target transaction proposal carrying the target transaction information, the first signature information and second signature information, and the second signature information is obtained by signing the target transaction information by the block chain node.
According to another aspect of the embodiments of the present application, there is provided another method for processing a transaction proposal, including:
acquiring a target transaction proposal carrying target transaction information, first signature information and second signature information, wherein the target transaction information is initiated by a client, the first signature information is obtained by using a client private key of the client to sign the target transaction information, and the second signature information is obtained by signing the target transaction information by using a block link node;
performing signature verification on the first signature information and the second signature information;
and under the condition that the first signature information and the second signature information are verified, performing endorsement processing on the target transaction proposal.
According to another aspect of the embodiments of the present application, there is also provided a system for processing a transaction proposal, including: a client, a blockchain node, and an endorsement node, wherein,
the client is used for initiating target transaction information, signing the target transaction information by using a client private key of the client to obtain first signature information, and sending an initial transaction proposal carrying the target transaction information and the first signature information to the block chain node;
the block chain node is configured to sign the target transaction information by using an organization private key to obtain second signature information, and send a target transaction proposal carrying the target transaction information, the first signature information and the second signature information to the endorsement node, where the organization private key is a private key of a target block chain organization in which the block chain node is located;
the endorsement node is configured to acquire the target transaction proposal, perform signature verification on the first signature information and the second signature information, and perform endorsement processing on the target transaction proposal when both the first signature information and the second signature information are successfully verified.
According to another aspect of the embodiments of the present application, there is also provided a processing apparatus for a transaction proposal, including:
the first acquisition module is used for acquiring target transaction information of the client;
the first signature module is used for signing the target transaction information by using a client private key of the client to obtain first signature information;
a first sending module, configured to send an initial transaction proposal carrying the target transaction information and the first signature information to a block chain node, where the initial transaction proposal is used to instruct the block chain node to obtain the target transaction proposal carrying the target transaction information, the first signature information, and second signature information, and the second signature information is obtained by signing the target transaction information at the block chain node.
According to another aspect of the embodiments of the present application, there is provided another transaction proposal processing apparatus, including:
a third obtaining module, configured to obtain a target transaction proposal carrying target transaction information, first signature information, and second signature information, where the target transaction information is initiated by a client, the first signature information is obtained by using a client private key of the client to sign the target transaction information, and the second signature information is obtained by signing the target transaction information at a block link node;
the verification module is used for performing signature verification on the first signature information and the second signature information;
and the processing module is used for carrying out endorsement processing on the target transaction proposal under the condition that the first signature information and the second signature information are verified to pass.
According to another aspect of the embodiments of the present application, there is also provided a storage medium including a stored program which, when executed, performs the above-described method.
According to another aspect of the embodiments of the present application, there is also provided an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the above method through the computer program.
In the embodiment of the application, target transaction information of a client is acquired; signing the target transaction information by using a client private key of the client to obtain first signature information; sending an initial transaction proposal carrying target transaction information and first signature information to a block chain node, wherein the initial transaction proposal is used for indicating a block chain node to obtain the target transaction proposal carrying the target transaction information, the first signature information and second signature information, the second signature information is obtained by signing the target transaction information through the block chain node, a client side has a pair of public and private keys belonging to the client side, a check certificate issued to the client side can be uniformly managed by BaaS, the private key of the client side is stored by the client side, when the client side initiates a transaction request, the client side firstly uses the private key of the client side to carry out first signature encryption on the transaction information, when the transaction information is sent to a block chain network, the block chain node carries out second signature encryption on the transaction information, when a subsequent transaction proposal is sent to an endorsement node, the endorsement node needs to verify the signatures twice, the two signature verifications pass, the transaction data party can link the chain, and the problems of counterfeit transaction, digital asset stealing and the like caused by the leakage of an identity certificate and a private key are solved, so that the technical effect of improving the safety of the verification process of the transaction proposal is realized, and the technical problem of lower safety of the verification process of the transaction proposal in the related technology is solved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a schematic diagram of a hardware environment of a transaction proposal processing system according to an embodiment of the application;
FIG. 2 is a flow chart of an alternative transaction proposal processing method according to an embodiment of the present application;
FIG. 3 is a flow diagram of another alternative transaction proposal processing method according to an embodiment of the application;
FIG. 4 is a schematic diagram of a method for secondary verification of a blockchain transaction according to an alternative embodiment of the present application;
FIG. 5 is a schematic diagram of an alternative transaction proposal processing device according to an embodiment of the application;
FIG. 6 is a schematic diagram of an alternative transaction proposal processing device according to an embodiment of the application;
fig. 7 is a block diagram of a terminal according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
With the updating of information technology, a blockchain is gradually becoming popular as a new storage technology, and a blockchain system is a data network system which utilizes cryptography to ensure the security of data transmission and access and generates a non-falsifiable and non-counterfeitable distributed account book. One of the most important features of the block chain is to ensure the realization of safe transactions, and in order to achieve data consistency without centralized processing by a centralized organization, a network center is required to participate in management and achieve consensus in some way.
BaaS (Blockchain as a Service) is a Service that is used to help users create, manage, and maintain enterprise-level Blockchain networks and applications in conjunction with Blockchain technology. The main uses of BaaS are: the method can quickly establish the required block chain application environment and provide a series of operation services such as search query, transaction, operation and maintenance, data analysis and the like based on the block chain network.
In order to solve the problems of counterfeit transactions, digital asset stealing and the like caused by identity certificate and private key leakage in the prior block chain technology, the embodiment of the application provides a system embodiment for processing transaction proposals.
Alternatively, in this embodiment, fig. 1 is a schematic diagram of a hardware environment of a processing system of a transaction proposal according to an embodiment of the present application, and as shown in fig. 1, the processing system of the transaction proposal can be applied to a hardware environment including a client 101, a block link point 103 and an endorsement node 105. The client 101 is configured to initiate target transaction information, sign the target transaction information by using a client private key of the client 101 to obtain first signature information, and send an initial transaction proposal carrying the target transaction information and the first signature information to the block chain node 103;
the block chain node 103 is configured to sign the target transaction information by using an organization private key to obtain second signature information, and send a target transaction proposal carrying the target transaction information, the first signature information, and the second signature information to the endorsement node 105, where the organization private key is a private key of a target block chain organization where the block chain node 103 is located;
the endorsement node 105 is configured to acquire the target transaction proposal, perform signature verification on the first signature information and the second signature information, and perform endorsement processing on the target transaction proposal when both the first signature information and the second signature information are successfully verified.
Optionally, in this embodiment, the client 101 may be, but is not limited to, a client comprising any type of application developed on the blockchain platform, such as: e-government applications, gaming applications, financial applications, shopping applications, insurance applications, multimedia applications, live applications, and the like.
Optionally, in this embodiment, the block link point 103 is any one of the service nodes in the target block chain organization. The block link points are used to provide services to clients. Ordering (Orderers) nodes, commit (commit) nodes, and the like may also be included in the target blockchain organization.
As an alternative embodiment, the client is configured to: generating a public and private key pair of the client, wherein the public and private key of the client comprises a client private key and a client public key which have a corresponding relationship; acquiring a client verification certificate corresponding to the client by using the client public key, wherein the client verification certificate is used for performing signature verification on signature information obtained by signature by using the client private key;
the endorsement node is configured to: performing signature verification on the first signature information by using the client verification certificate; and under the condition that the first signature information passes the verification, performing signature verification on the second signature information by using the organization identity certificate corresponding to the block link point.
As an optional embodiment, the client is further configured to: after an initial transaction proposal carrying the target transaction information and the first signature information is sent to the block chain node, sending query information, wherein the query information is used for querying a verification process of the first signature information and the second signature information; receiving the verification process returned in response to the query message; the verification process is exposed on the client.
As an alternative embodiment, the endorsement node is configured to: determining that the target transaction proposal fails if the first signature information verification fails or the second signature information verification fails.
According to an aspect of an embodiment of the present application, there is provided a method embodiment of processing a transaction proposal.
Fig. 2 is a flow chart of an alternative transaction proposal processing method according to an embodiment of the present application, which may include the following steps, as shown in fig. 2:
step S202, acquiring target transaction information of a client;
step S204, a client private key of the client is used for signing the target transaction information to obtain first signature information;
step S206, sending an initial transaction proposal carrying the target transaction information and the first signature information to a block chain node, where the initial transaction proposal is used to instruct the block chain node to obtain the target transaction proposal carrying the target transaction information, the first signature information, and second signature information, and the second signature information is obtained by signing the target transaction information at the block chain node.
Through the steps S202 to S206, the client has a pair of public and private keys belonging to the client, the check certificate issued to the client can be uniformly managed by BaaS, the client side private key is stored by the client side, when the client side initiates a transaction request, the client side private key is firstly used for carrying out first signature encryption on transaction information, when the transaction information is sent to the block chain network, the block chain link points carry out second signature encryption on the transaction information, when a subsequent transaction proposal is sent to the endorsement node, the endorsement node needs to verify the signatures twice, the two signature verifications pass, the transaction data party can link the chain, the problems of counterfeit transaction, digital asset stealing and the like caused by the leakage of an identity certificate and a private key are solved, and the technical effect of improving the safety of the verification process of the transaction proposal is realized, and the technical problem of lower safety in the verification process of the transaction proposal in the related technology is solved.
Alternatively, in the present embodiment, the processing method of the transaction proposal may be applied to, but not limited to, a client side or a BaaS platform side.
In the technical solution provided in step S202, the target transaction information may be, but is not limited to, information of a transaction that needs uplink initiated by the ue.
In the technical solution provided in step S204, the form of the first signature information may include, but is not limited to, a digital signature.
Alternatively, in the present embodiment, the digital signature (also called public key digital signature, electronic signature) is a common physical signature similar to that written on paper, but is implemented by using the technology in the field of public key encryption, and is used as a method for authenticating digital information. A set of digital signatures typically defines two complementary operations, one for signing and the other for verification. The sending node information data is encrypted through Hash to generate an abstract, then the abstract is digitally signed by using a private key of the sending node, the sending node broadcasts the information data, the digital signature and a public key of the sending node to a receiving node through the whole network, namely, a section of digital string which can not be forged by others and can be generated only by a sender of the information, and the section of digital string is also an effective proof of the authenticity of the sent information of the sender of the information.
Optionally, in this embodiment, the digital signature manner may include, but is not limited to, RSA algorithm, DSA algorithm, ECDSA elliptic curve digital signature algorithm, and the like.
Among them, the RSA algorithm is the most classical algorithm in computer cryptography at present, and is also the most widely used digital signature algorithm so far. Because the length (modular length) of the public key and the private key of the RSA algorithm can be guaranteed only by 1024 bits or even 2048 bits, the selection of the parameter P, Q, E, the generation of the public key and the private key, and the encryption and decryption modular exponential operation all have certain calculation programs and need to be completed by means of high-speed operation of a computer. The DSA Algorithm is known as Digital Signature Algorithm, DSA is just one Algorithm and differs from RSA in that it cannot be used for encryption and decryption, nor for key exchange, but only for signatures, so it is much faster than RSA and is much less secure than RSA.
An important feature of DSA is that two prime numbers are disclosed so that when someone else's p and q are used, they can be confirmed whether they were randomly generated or not, even if the private key is not known, or they are still in hand and foot. The RSA algorithm does not.
The ECDSA elliptic curve digital signature algorithm is used for digital signature, is the combination of ECC and DSA, the whole signature process is similar to that of DSA, the difference is that the algorithm adopted in the signature is ECC, and the value obtained by final signature is also divided into r and s. While ECC (fully known as Elliptic Curves Cryptography) is an Elliptic curve Cryptography.
Optionally, in this embodiment, the client private key is generated and stored by the client.
In the technical solution provided in step S206, the client sends the first signature information and the target transaction information signed for the first time to the corresponding block link point, and the block link point signs the target transaction information for the second time to obtain the second signature information.
Optionally, in this embodiment, the blockchain node may send, but is not limited to, the target transaction information, the first signature information, and the second signature information as the target transaction proposal to the blockchain network for uplink transaction.
As an optional embodiment, before signing the initial transaction proposal by using a client private key of the client to obtain first signature information, the method further includes:
s11, generating a public and private key pair of the client for the client, wherein the public and private key of the client comprises the client private key and a client public key which have a corresponding relationship;
and S12, obtaining a client verification certificate corresponding to the client by using the client public key, wherein the client verification certificate is used for performing signature verification on signature information obtained by using the client private key for signature.
Optionally, in this embodiment, in order to implement the above-mentioned twice signature encryption process, the BaaS platform may provide functions of signing transaction information by the client, managing a client verification certificate (including uploading, downloading, and deleting a verification certificate), and the like.
Optionally, in this embodiment, the client generates its own public and private key pair, that is, the client private key and the client public key. The client side private key is kept by the client side, and the client side public key is used for obtaining a client side verification certificate from the BaaS platform.
Optionally, in this embodiment, the client verification certificate is used to perform signature verification on signature information obtained by using a client private key to perform signature. The client verification certificate may include, but is not limited to, a digital certificate.
Optionally, in this embodiment, a Digital Certificate (also called a public key Certificate) is also called a public key Certificate, and is used for identity authentication and secure communication between network communication parties. A digital certificate is in fact an electronic document containing the owner's identity and public key information, as well as the certificate authority's signature on the document.
As an optional embodiment, the obtaining, by using the client public key, a client verification certificate corresponding to the client includes:
and S21, initiating a call request carrying the client public key to a certificate authority corresponding to a target blockchain organization, wherein the call request is used for requesting the certificate authority to issue the client verification certificate for the client according to the client public key, and the target blockchain organization is the blockchain organization in which the blockchain link points are located.
Optionally, in this embodiment, a client (e.g., a BaaS user) has a pair of private and public keys belonging to the client, a Certificate Authority (CA) issues a check certificate according to a public key of the user, the certificate can be uniformly managed by the BaaS, and a client private key is kept by the client.
Optionally, in this embodiment, Public Key Infrastructure (PKI) performs Public Key management using a digital certificate (or CA certificate), and issues a certificate including user information and Public Key information thereof through a CA (certificate authority) alliance chain, so that two communication parties in a network perform identity authentication and secure communication.
Optionally, in this embodiment, the invocation request may be, but is not limited to, initiated through the SDK. A user initiates a calling request to the SDK through an application program client (BaaS), calls a certificate service (CA) to obtain a verification certificate of the user, and then the verification certificate is managed by the BaaS.
As an optional embodiment, after sending the initial transaction proposal carrying the target transaction information and the first signature information to the block link point, the method further includes:
s31, the block chain node uses an organization private key to sign the target transaction information to obtain the second signature information, wherein the organization private key is a private key of a target block chain organization where the block chain node is located;
and S32, the block link node sends the target transaction proposal carrying the target transaction information, the first signature information and the second signature information to an endorsement node, wherein the target transaction proposal is used for requesting the endorsement node to perform endorsement processing on the target transaction proposal.
Optionally, in this embodiment, after receiving the initial transaction proposal of the client, the block link node performs secondary signature on the target transaction information by using an organization private key organized by the block link, sends the transaction proposal including the twice signature information to the endorsement node, and the endorsement node verifies the twice signatures one by one.
As an optional embodiment, after sending the initial transaction proposal carrying the target transaction information and the first signature information to the block link point, the method further includes:
s41, sending inquiry information, wherein the inquiry information is used for inquiring the verification process of the first signature information and the second signature information;
s42, receiving the verification process returned in response to the query information;
s43, presenting the verification process on the client.
Optionally, in this embodiment, a query function and a presentation function of the verification process may be provided, so as to realize visualization of the verification process.
According to an aspect of an embodiment of the present application, there is provided a method embodiment of processing a transaction proposal.
Fig. 3 is a flow chart of another alternative transaction proposal processing method according to an embodiment of the present application, which may include the following steps, as shown in fig. 3:
step S302, a target transaction proposal carrying target transaction information, first signature information and second signature information is obtained, wherein the target transaction information is initiated by a client, the first signature information is obtained by using a client private key of the client to sign the target transaction information, and the second signature information is obtained by signing the target transaction information by using a block link node;
step S304, carrying out signature verification on the first signature information and the second signature information;
step S306, in case that both the first signature information and the second signature information pass verification, performing endorsement processing on the target transaction proposal.
Through the steps S302 to S306, the client side has a pair of public and private keys belonging to the client side, the check certificate issued to the client side can be uniformly managed by BaaS, the client side private key is stored by the client side, when the client side initiates a transaction request, the client side private key is firstly used for carrying out first signature encryption on transaction information, when the transaction information is sent to the block chain network, the block chain link points carry out second signature encryption on the transaction information, when a subsequent transaction proposal is sent to the endorsement node, the endorsement node needs to verify the signatures twice, the two signature verifications pass, the transaction data party can link the chain, the problems of counterfeit transaction, digital asset stealing and the like caused by the leakage of an identity certificate and a private key are solved, and the technical effect of improving the safety of the verification process of the transaction proposal is realized, and the technical problem of lower safety in the verification process of the transaction proposal in the related technology is solved.
Optionally, in this embodiment, the processing method of the transaction proposal may be applied to, but is not limited to, endorsement nodes in a block chain organization.
In the technical solution provided in step S302, the first signature information is obtained by signing the target transaction information using a client private key of the client, and the second signature information is obtained by signing the target transaction information using the block link node. The blockchain node may, but is not limited to, sign the target transaction information using an organization private key of a target blockchain organization where the blockchain node is located to obtain second signature information.
In the technical solution provided in step S304, the manner of performing signature verification on the first signature information and the second signature information may include, but is not limited to, block chain signature verification. Blockchain signature verification uses the public key to verify the authenticity of the signature. And the receiving node carries out hash encryption on the received data information to obtain a hash value. And verifying the hash value obtained by decrypting the digital signature sent by the sending node by using the public key of the signer, wherein if the hash value is the same, the signature is valid.
Alternatively, in the present embodiment, a Hash algorithm, also often referred to as a fingerprint (fingerprint) or digest (digest) algorithm, is a very basic and very important class of algorithms. Binary plaintext strings of arbitrary length can be mapped to shorter (usually fixed length) binary strings (Hash values), and different plaintext is difficult to map to the same Hash value.
Alternatively, in the present embodiment, the Hash Algorithm used may include, but is not limited to, the international mesh digest (md) series and the Secure Hash Algorithm (SHA) series, and the domestic SM3 Algorithm, etc. MD algorithms may include, but are not limited to, MD4 and MD5 algorithms, among others. The SHA algorithm may include, but is not limited to, the SHA256 algorithm, the SHA-3 correlation algorithm, and the like.
In the technical solution provided in step S306, the first signature information and the second signature information are determined to be valid only when verification passes, and the endorsement processing is performed on the target transaction proposal.
As an alternative embodiment, the signature verification of the first signature information and the second signature information includes one of:
s51, using the client verification certificate corresponding to the client to perform signature verification on the first signature information; under the condition that the first signature information passes the verification, performing signature verification on the second signature information by using an organization identity certificate corresponding to the block chain node, wherein the organization identity certificate is a verification certificate of a target block chain organization in which the block chain node is located;
s52, signature verification is carried out on the second signature information by using an organization identity certificate corresponding to the block chain node, wherein the organization identity certificate is a verification certificate of a target block chain organization where the block chain node is located; and under the condition that the second signature information passes the verification, performing signature verification on the first signature information by using a client verification certificate corresponding to the client.
Optionally, in this embodiment, the client verification certificate and the organization identity certificate may be, but are not limited to being, stored in a database of BaaS. And the endorsement node reads the client verification certificate and the organization identity certificate from the database of the BaaS to respectively carry out signature verification on the first signature information and the second signature information.
Optionally, in this embodiment, but not limited to, the identity of the client may be verified first, that is, the first signature information is subjected to signature verification. And if the identity verification of the client passes, verifying the block chain organization identity, namely performing signature verification on the second signature information.
Optionally, in this embodiment, but not limited to, the identity of the blockchain organization may also be verified first, that is, the signature of the second signature information is verified. And if the identity verification of the blockchain organization passes, verifying the identity of the client, namely performing signature verification on the first signature information.
As an alternative embodiment, endorsing the target transaction proposal comprises:
s61, simulating the transaction process indicated by the target transaction information to obtain an endorsement result;
and S62, sending the endorsement result to the client, wherein the endorsement result is used for indicating the client to send the target transaction information to a sequencing node for consensus sequencing.
Optionally, in this embodiment, after the endorsement node verifies the signature successfully, the transaction process is simulated and executed, and information such as the read-write set and the endorsement result of the simulated execution is sent to the client, and after a certain number of endorsement results are collected by the client, the transaction proposal is sent to the ordering node (Orderers node) for consensus ordering.
Optionally, in this embodiment, the nodes of Orderers perform consensus sorting on the received transactions, and then pack a batch of transactions together according to the block generation policy to generate a new block, and send the new block to the commit (commit) node. After receiving the block, the commit (commit) node checks each transaction in the block, checks whether the input/output that the transaction depends on conforms to the state of the current blockchain, adds the block to the local blockchain after completion, and modifies the world state.
As an optional embodiment, after performing signature verification on the first signature information and the second signature information, the method further includes:
s71, determining that the target transaction proposal failed if the first signature information fails to verify or the second signature information fails to verify.
Alternatively, in the present embodiment, it is determined that the transaction proposal has failed as long as one signature verification fails.
The application also provides an optional embodiment, and in order to solve the problems of counterfeit transactions, digital asset stealing and the like caused by the leakage of identity certificates and private keys in the prior art, the optional embodiment provides a block chain transaction secondary verification method based on BaaS. The BaaS user (corresponding to the client) has a pair of public and private keys belonging to the user, and the certificate service (CA) issues a verification certificate according to the public key of the user (i.e., the client public key), and the certificate can be managed by the BaaS in a unified manner, while the user private key (i.e., the client private key) is kept by the user.
When a BaaS user initiates a transaction request, firstly, a private key of the BaaS user is used for carrying out first signature encryption on transaction information, when the transaction information is sent to a block chain network through an SDK, a block chain node uses an organization private key to carry out second signature encryption on the transaction information to generate a transaction proposal, after the transaction proposal is sent to an endorsement node, the endorsement node verifies two signatures, the two signature verifications are both passed, and a transaction data party can link the transaction data.
In order to realize the above-mentioned twice signature encryption, the BaaS platform provides functions of signing transaction information by a user, managing a user verification certificate (including uploading, downloading and deleting the verification certificate), and the like. Before a user initiates a transaction proposal, the user can call a certificate service (CA) to obtain a check certificate, the user initiates a call request to the SDK through an application program client (BaaS), calls the certificate service (CA) to obtain the check certificate of the user, and the check certificate is managed by the BaaS.
With the fact that the application of the block chain in various fields is more extensive, the transaction safety is ensured to be urgent, and therefore the optional embodiment can well reduce risks caused by leakage of the identity certificate and the private key, improves the transaction safety, and has positive significance.
Fig. 4 is a schematic diagram of a secondary verification method for blockchain transactions according to an alternative embodiment of the present application, and as shown in fig. 4, a client-initiated transaction invocation request is to perform the following signature process: when a user initiates a transaction Proposal (promosal), the user firstly uses a private key of the user to carry out first signature encryption on transaction information by a signature method provided by BaaS, then the SDK carries out second signature encryption on the transaction information by using an organization private key of a block chain organization, and after the two times of encryption, the SDK sends the transaction Proposal with contract identification, contract method, parameter information, signature and other information to be called by the transaction to an endorsement (Endorser) node.
When the endorsement node verifies the signature information, the following verification process is executed: after receiving a transaction Proposal (Proposal), an endorsement (Endorser) node firstly utilizes a check certificate of a user to carry out first verification on transaction information, if the verification is passed, the second verification is carried out, and if the first verification is not passed, the transaction is failed; and after the first transaction is passed, performing second verification on the transaction information by using the organization identity certificate, if the verification is also passed, performing chain operation on the transaction information, and if the verification is not passed, failing the transaction.
And after the endorsement node verifies that both the two signatures pass, the transaction process is simulated and executed, the read-write set and the endorsement result of the simulation execution are sent to the client, and after a certain number of endorsement results are collected by the client, the transaction proposal is sent to the Orderers node for consensus sequencing. The Orderers nodes perform consensus sequencing on the received transactions, then pack a batch of transactions together according to a block generation strategy to generate a new block, and send the new block to a commit (Committer) node. After receiving the block, the commit (commit) node checks each transaction in the block, checks whether the input/output that the transaction depends on conforms to the state of the current blockchain, adds the block to the local blockchain after completion, and modifies the world state.
Compared with the prior art, under the condition that the block chain organization identity certificate and the private key are leaked, if the phenomena of counterfeiting transaction, stealing digital assets and the like occur, the transaction cannot be carried out as long as one of the two verifications is not passed.
In the alliance chain taking HyperLegendre Fabric as an example, the secondary verification method of the optional embodiment has wide application value. For example, in the field of the lottery, in order to prevent illegal behaviors such as dark box operation and the like, the optional embodiment can verify the identity of a lottery buyer, and verify the identity authentication (which can be understood as a certificate of the lottery buyer) and the purchase record (namely the transaction calling request information) of the lottery buyer one by using the private key of the lottery buyer, so that comprehensive supervision is achieved, and the defects of centralization, opaqueness and the like of the traditional lottery are overcome; for another example, in the supply chain financial field, in order to prevent the upstream and downstream enterprises from mutually hooking up and making a false account, the optional embodiment may verify the identities of the upstream and downstream enterprises, and verify the identities of both parties in the transaction process by using the private keys of the upstream and downstream enterprises, so as to avoid the phenomena of identity counterfeiting and the like.
Therefore, as the application of the block chain in each field is more extensive, the transaction security is ensured to be urgent, the optional embodiment can well reduce the risk caused by the leakage of the identity certificate and the private key, improve the security of the transaction, and has positive significance.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
According to another aspect of the embodiments of the present application, there is also provided a transaction proposal processing apparatus for implementing the above transaction proposal processing method. Fig. 5 is a schematic diagram of an alternative transaction proposal processing device according to an embodiment of the present application, which may include, as shown in fig. 5:
a first obtaining module 52, configured to obtain target transaction information of the client;
the first signature module 54 is configured to sign the target transaction information by using a client private key of the client, so as to obtain first signature information;
a first sending module 56, configured to send an initial transaction proposal carrying the target transaction information and the first signature information to a block chain node, where the initial transaction proposal is used to instruct the block chain node to obtain the target transaction proposal carrying the target transaction information, the first signature information, and second signature information, and the second signature information is obtained by signing the target transaction information at the block chain node.
It should be noted that the first obtaining module 52 in this embodiment may be configured to execute step S202 in this embodiment, the first signing module 54 in this embodiment may be configured to execute step S204 in this embodiment, and the first sending module 56 in this embodiment may be configured to execute step S206 in this embodiment.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules described above as a part of the apparatus may operate in a hardware environment as shown in fig. 1, and may be implemented by software or hardware.
Through the modules, the client side has a pair of public and private keys belonging to the client side, the check certificate issued to the client side can be uniformly managed by the BaaS, the client side private key is stored by the client side, when the client side initiates a transaction request, the client side private key is firstly used for carrying out first signature encryption on transaction information, when the transaction information is sent to the block chain network, the block chain link points carry out second signature encryption on the transaction information, when a subsequent transaction proposal is sent to the endorsement node, the endorsement node needs to verify the signatures twice, the two signature verifications pass, the transaction data party can link the chain, the problems of counterfeit transaction, digital asset stealing and the like caused by the leakage of an identity certificate and a private key are solved, and the technical effect of improving the safety of the verification process of the transaction proposal is realized, and the technical problem of lower safety in the verification process of the transaction proposal in the related technology is solved.
As an alternative embodiment, the apparatus further comprises:
a generating module, configured to generate a public and private key pair of the client for the client before signing the initial transaction proposal with a client private key of the client to obtain first signature information, where the client public and private key includes a client private key and a client public key that have a corresponding relationship;
and the second obtaining module is used for obtaining a client verification certificate corresponding to the client by using the client public key, wherein the client verification certificate is used for performing signature verification on signature information obtained by using the client private key for signature.
As an alternative embodiment, the second obtaining module is configured to:
and initiating a calling request carrying the client public key to a certificate issuing mechanism corresponding to a target block chain organization, wherein the calling request is used for requesting the certificate issuing mechanism to issue the client verification certificate for the client according to the client public key, and the target block chain organization is the block chain organization in which the block chain nodes are located.
As an alternative embodiment, the apparatus further comprises:
the second signature module is used for signing the target transaction information by using an organization private key through the block chain node after an initial transaction proposal carrying the target transaction information and the first signature information is sent to the block chain node, so as to obtain second signature information, wherein the organization private key is a private key of a target block chain organization in which the block chain node is located;
and the second sending module is used for sending the target transaction proposal carrying the target transaction information, the first signature information and the second signature information to an endorsement node through the block link node, wherein the target transaction proposal is used for requesting the endorsement node to perform endorsement processing on the target transaction proposal.
As an alternative embodiment, the apparatus is further configured to:
after an initial transaction proposal carrying the target transaction information and the first signature information is sent to the block chain node, sending query information, wherein the query information is used for querying a verification process of the first signature information and the second signature information;
receiving the verification process returned in response to the query message;
the verification process is exposed on the client.
According to another aspect of the embodiments of the present application, there is also provided another transaction proposal processing apparatus for implementing the above transaction proposal processing method. Fig. 6 is a schematic diagram of another alternative transaction proposal processing device according to an embodiment of the present application, which may include, as shown in fig. 6:
a third obtaining module 62, configured to obtain a target transaction proposal carrying target transaction information, first signature information, and second signature information, where the target transaction information is initiated by a client, the first signature information is obtained by using a client private key of the client to sign the target transaction information, and the second signature information is obtained by signing the target transaction information at a block link node;
a verification module 64, configured to perform signature verification on the first signature information and the second signature information;
and the processing module 66 is configured to, if both the first signature information and the second signature information pass verification, perform endorsement processing on the target transaction proposal.
It should be noted that the third obtaining module 62 in this embodiment may be configured to execute step S302 in this embodiment, the verifying module 64 in this embodiment may be configured to execute step S304 in this embodiment, and the processing module 66 in this embodiment may be configured to execute step S306 in this embodiment.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules described above as a part of the apparatus may operate in a hardware environment as shown in fig. 1, and may be implemented by software or hardware.
Through the modules, the client side has a pair of public and private keys belonging to the client side, the check certificate issued to the client side can be uniformly managed by the BaaS, the client side private key is stored by the client side, when the client side initiates a transaction request, the client side private key is firstly used for carrying out first signature encryption on transaction information, when the transaction information is sent to the block chain network, the block chain link points carry out second signature encryption on the transaction information, when a subsequent transaction proposal is sent to the endorsement node, the endorsement node needs to verify the signatures twice, the two signature verifications pass, the transaction data party can link the chain, the problems of counterfeit transaction, digital asset stealing and the like caused by the leakage of an identity certificate and a private key are solved, and the technical effect of improving the safety of the verification process of the transaction proposal is realized, and the technical problem of lower safety in the verification process of the transaction proposal in the related technology is solved.
As an alternative embodiment, the verification module comprises:
the first verification unit is used for performing signature verification on the first signature information by using a client verification certificate corresponding to the client; under the condition that the first signature information passes the verification, performing signature verification on the second signature information by using an organization identity certificate corresponding to the block chain node, wherein the organization identity certificate is a verification certificate of a target block chain organization in which the block chain node is located;
a second verification unit, configured to perform signature verification on the second signature information by using an organization identity certificate corresponding to the block chain node, where the organization identity certificate is a verification certificate of a target block chain organization in which the block chain node is located; and under the condition that the second signature information passes the verification, performing signature verification on the first signature information by using a client verification certificate corresponding to the client.
As an alternative embodiment, the processing module comprises:
the simulation unit is used for simulating the transaction process indicated by the target transaction information to obtain an endorsement result;
and the sending unit is used for sending the endorsement result to the client, wherein the endorsement result is used for indicating the client to send the target transaction information to a sequencing node for consensus sequencing.
As an alternative embodiment, the apparatus further comprises:
a determining module, configured to determine that the target transaction proposal fails when the first signature information fails to be verified or the second signature information fails to be verified after the first signature information and the second signature information are subjected to signature verification.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules described above as a part of the apparatus may be operated in a hardware environment as shown in fig. 1, and may be implemented by software, or may be implemented by hardware, where the hardware environment includes a network environment.
According to a further aspect of an embodiment of the present invention, there is also provided an electronic device for implementing the processing method of the transaction proposal, as shown in fig. 7, the electronic device includes a memory 702 and a processor 704, the memory 702 stores a computer program therein, and the processor 704 is configured to execute the steps of any one of the method embodiments by the computer program.
Optionally, in this embodiment, the electronic apparatus may be located in at least one network device of a plurality of network devices of a computer network.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, acquiring target transaction information of the client;
s2, signing the target transaction information by using the client private key of the client to obtain first signature information;
s3, sending an initial transaction proposal carrying the target transaction information and the first signature information to a block chain node, where the initial transaction proposal is used to instruct the block chain node to obtain the target transaction proposal carrying the target transaction information, the first signature information, and second signature information, and the second signature information is obtained by signing the target transaction information by the block chain node.
Optionally, in this embodiment, the processor may be further configured to execute, by the computer program, the following steps:
s1, acquiring a target transaction proposal carrying target transaction information, first signature information and second signature information, wherein the target transaction information is initiated by a client, the first signature information is obtained by using a client private key of the client to sign the target transaction information, and the second signature information is obtained by signing the target transaction information by using a block link node;
s2, performing signature verification on the first signature information and the second signature information;
and S3, when the first signature information and the second signature information are verified, the target transaction proposal is endorsed.
Alternatively, it can be understood by those skilled in the art that the structure shown in fig. 7 is only an illustration, and the electronic device may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, and a Mobile Internet Device (MID), a PAD, and the like. Fig. 7 is a diagram illustrating a structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 7, or have a different configuration than shown in FIG. 7.
The memory 702 may be used to store software programs and modules, such as program instructions/modules corresponding to the transaction proposal processing method and apparatus in the embodiment of the present invention, and the processor 704 executes various functional applications and data processing by running the software programs and modules stored in the memory 702, that is, implements the above-mentioned transaction proposal processing method. The memory 702 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 702 can further include memory located remotely from the processor 704, which can be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 702 may be specifically, but not limited to, used to store information such as feature information and probability result of the account to be processed. As an example, as shown in fig. 7, the memory 702 may include, but is not limited to, a first obtaining unit 7022, a processing unit 7024, and an output unit 7026 of the processing apparatus for the transaction proposal. In addition, other module units in the processing device of the transaction proposal may also be included, but are not limited to, and are not described in detail in this example.
Optionally, the transmitting device 706 is used for receiving or sending data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 706 includes a network adapter (NIC) that can be connected to a router via a network cable and other network devices to communicate with the internet or a local area network. In one example, the transmission device 706 is a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
In addition, the electronic device further includes: a display 708, configured to display the characteristic information and the probability result of the account to be processed; and a connection bus 710 for connecting the respective module parts in the above-described electronic apparatus.
According to a further aspect of embodiments of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above-mentioned method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, acquiring target transaction information of the client;
s2, signing the target transaction information by using the client private key of the client to obtain first signature information;
s3, sending an initial transaction proposal carrying the target transaction information and the first signature information to a block chain node, where the initial transaction proposal is used to instruct the block chain node to obtain the target transaction proposal carrying the target transaction information, the first signature information, and second signature information, and the second signature information is obtained by signing the target transaction information by the block chain node.
Optionally, in this embodiment, the storage medium may be further configured to store a computer program for executing the following steps:
s1, acquiring a target transaction proposal carrying target transaction information, first signature information and second signature information, wherein the target transaction information is initiated by a client, the first signature information is obtained by using a client private key of the client to sign the target transaction information, and the second signature information is obtained by signing the target transaction information by using a block link node;
s2, performing signature verification on the first signature information and the second signature information;
and S3, when the first signature information and the second signature information are verified, the target transaction proposal is endorsed.
Alternatively, in this embodiment, a person skilled in the art may understand that all or part of the steps in the methods of the foregoing embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing one or more computer devices (which may be personal computers, servers, network devices, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (17)
1. A method of processing a transaction proposal, comprising:
acquiring target transaction information of a client;
signing the target transaction information by using a client private key of the client to obtain first signature information;
and sending an initial transaction proposal carrying the target transaction information and the first signature information to a block chain node, wherein the initial transaction proposal is used for indicating the block chain node to acquire the target transaction proposal carrying the target transaction information, the first signature information and second signature information, and the second signature information is obtained by signing the target transaction information by the block chain node.
2. The method of claim 1, wherein prior to signing the initial transaction proposal using a client private key of the client to obtain first signing information, the method further comprises:
generating a public and private key pair of the client for the client, wherein the public and private key of the client comprises a client private key and a client public key which have a corresponding relationship;
and acquiring a client verification certificate corresponding to the client by using the client public key, wherein the client verification certificate is used for performing signature verification on signature information obtained by signature by using the client private key.
3. The method of claim 2, wherein obtaining the client verification certificate corresponding to the client by using the client public key comprises:
and initiating a calling request carrying the client public key to a certificate issuing mechanism corresponding to a target block chain organization, wherein the calling request is used for requesting the certificate issuing mechanism to issue the client verification certificate for the client according to the client public key, and the target block chain organization is the block chain organization in which the block chain nodes are located.
4. The method of claim 1, wherein after sending an initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, the method further comprises:
sending query information, wherein the query information is used for querying a verification process of the first signature information and the second signature information;
receiving the verification process returned in response to the query message;
the verification process is exposed on the client.
5. The method of claim 1, wherein after sending an initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, the method further comprises:
the block chain node signs the target transaction information by using an organization private key to obtain second signature information, wherein the organization private key is a private key of a target block chain organization in which the block chain node is located;
and the block link node sends the target transaction proposal carrying the target transaction information, the first signature information and the second signature information to an endorsement node, wherein the target transaction proposal is used for requesting the endorsement node to perform endorsement processing on the target transaction proposal.
6. A method of processing a transaction proposal, comprising:
acquiring a target transaction proposal carrying target transaction information, first signature information and second signature information, wherein the target transaction information is initiated by a client, the first signature information is obtained by using a client private key of the client to sign the target transaction information, and the second signature information is obtained by signing the target transaction information by using a block link node;
performing signature verification on the first signature information and the second signature information;
and under the condition that the first signature information and the second signature information are verified, performing endorsement processing on the target transaction proposal.
7. The method of claim 6, wherein signature verifying the first signature information and the second signature information comprises one of:
performing signature verification on the first signature information by using a client verification certificate corresponding to the client; under the condition that the first signature information passes the verification, performing signature verification on the second signature information by using an organization identity certificate corresponding to the block chain node, wherein the organization identity certificate is a verification certificate of a target block chain organization in which the block chain node is located;
performing signature verification on the second signature information by using an organization identity certificate corresponding to the block chain node, wherein the organization identity certificate is a verification certificate of a target block chain organization in which the block chain node is located; and under the condition that the second signature information passes the verification, performing signature verification on the first signature information by using a client verification certificate corresponding to the client.
8. The method of claim 6, wherein endorsing the target transaction proposal comprises:
simulating the transaction process indicated by the target transaction information to obtain an endorsement result;
and sending the endorsement result to the client, wherein the endorsement result is used for indicating the client to send the target transaction information to a sequencing node for consensus sequencing.
9. The method of claim 6, wherein after signature verification of the first signature information and the second signature information, the method further comprises:
determining that the target transaction proposal fails if the first signature information verification fails or the second signature information verification fails.
10. A system for processing a transaction proposal, comprising: a client, a blockchain node, and an endorsement node, wherein,
the client is used for initiating target transaction information, signing the target transaction information by using a client private key of the client to obtain first signature information, and sending an initial transaction proposal carrying the target transaction information and the first signature information to the block chain node;
the block chain node is configured to sign the target transaction information by using an organization private key to obtain second signature information, and send a target transaction proposal carrying the target transaction information, the first signature information and the second signature information to the endorsement node, where the organization private key is a private key of a target block chain organization in which the block chain node is located;
the endorsement node is configured to acquire the target transaction proposal, perform signature verification on the first signature information and the second signature information, and perform endorsement processing on the target transaction proposal when both the first signature information and the second signature information are successfully verified.
11. The system of claim 10,
the client is used for: generating a public and private key pair of the client, wherein the public and private key of the client comprises a client private key and a client public key which have a corresponding relationship; acquiring a client verification certificate corresponding to the client by using the client public key, wherein the client verification certificate is used for performing signature verification on signature information obtained by signature by using the client private key;
the endorsement node is configured to: performing signature verification on the first signature information by using the client verification certificate; and under the condition that the first signature information passes the verification, performing signature verification on the second signature information by using the organization identity certificate corresponding to the block link point.
12. The system of claim 10, wherein the client is further configured to:
after an initial transaction proposal carrying the target transaction information and the first signature information is sent to the block chain node, sending query information, wherein the query information is used for querying a verification process of the first signature information and the second signature information;
receiving the verification process returned in response to the query message;
the verification process is exposed on the client.
13. The system of claim 10, wherein the endorsement node is configured to:
determining that the target transaction proposal fails if the first signature information verification fails or the second signature information verification fails.
14. A transaction proposal processing apparatus, comprising:
the first acquisition module is used for acquiring target transaction information of the client;
the first signature module is used for signing the target transaction information by using a client private key of the client to obtain first signature information;
a first sending module, configured to send an initial transaction proposal carrying the target transaction information and the first signature information to a block chain node, where the initial transaction proposal is used to instruct the block chain node to obtain the target transaction proposal carrying the target transaction information, the first signature information, and second signature information, and the second signature information is obtained by signing the target transaction information at the block chain node.
15. A transaction proposal processing apparatus, comprising:
a third obtaining module, configured to obtain a target transaction proposal carrying target transaction information, first signature information, and second signature information, where the target transaction information is initiated by a client, the first signature information is obtained by using a client private key of the client to sign the target transaction information, and the second signature information is obtained by signing the target transaction information at a block link node;
the verification module is used for performing signature verification on the first signature information and the second signature information;
and the processing module is used for carrying out endorsement processing on the target transaction proposal under the condition that the first signature information and the second signature information are verified to pass.
16. A storage medium, characterized in that the storage medium comprises a stored program, wherein the program when executed performs the method of any of the preceding claims 1 to 9.
17. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the method of any of the preceding claims 1 to 9 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010436876.6A CN111815321A (en) | 2020-05-21 | 2020-05-21 | Transaction proposal processing method, device, system, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010436876.6A CN111815321A (en) | 2020-05-21 | 2020-05-21 | Transaction proposal processing method, device, system, storage medium and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111815321A true CN111815321A (en) | 2020-10-23 |
Family
ID=72848591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010436876.6A Pending CN111815321A (en) | 2020-05-21 | 2020-05-21 | Transaction proposal processing method, device, system, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111815321A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112446771A (en) * | 2020-12-17 | 2021-03-05 | 北京金山云网络技术有限公司 | Online auction system, method, device and electronic equipment |
| CN113379421A (en) * | 2021-07-13 | 2021-09-10 | 北京京东乾石科技有限公司 | Block chain based information processing and block chain network composition method and device |
| CN113643032A (en) * | 2021-09-01 | 2021-11-12 | 中国银行股份有限公司 | Information processing method and device based on block chain and data management system |
| CN114092093A (en) * | 2022-01-20 | 2022-02-25 | 腾讯科技(深圳)有限公司 | Block chain transaction processing method and device, electronic equipment and readable medium |
| CN114338795A (en) * | 2021-12-23 | 2022-04-12 | 杭州趣链科技有限公司 | Data communication method and device for block chain client |
| CN114389819A (en) * | 2021-12-31 | 2022-04-22 | 航天信息股份有限公司 | Signature verification method and device |
| CN114629901A (en) * | 2020-12-14 | 2022-06-14 | 北京金山云网络技术有限公司 | BaaS-based block chain data sharing method, device and equipment |
| CN116866092A (en) * | 2023-09-05 | 2023-10-10 | 中国民航信息网络股份有限公司 | Data processing method, device and system based on blockchain gateway |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108573016A (en) * | 2017-12-25 | 2018-09-25 | 北京金山云网络技术有限公司 | A kind of data consistent check method, apparatus, equipment and storage medium |
| WO2019011179A1 (en) * | 2017-07-10 | 2019-01-17 | 腾讯科技(深圳)有限公司 | Certificate management method, system, network device and computer readable storage medium |
| US20190229927A1 (en) * | 2017-02-28 | 2019-07-25 | Tencent Technology (Shenzhen) Company Ltd | Method and apparatus for processing account information in block chain, storage medium, and electronic apparatus |
| CN110533429A (en) * | 2019-08-30 | 2019-12-03 | 北京金山云网络技术有限公司 | Transaction endorsement method, apparatus and block chain network in block chain |
| CN111010282A (en) * | 2019-12-12 | 2020-04-14 | 腾讯科技(深圳)有限公司 | Information processing method based on block chain and related device |
| CN111130795A (en) * | 2019-12-13 | 2020-05-08 | 浙商银行股份有限公司 | Multistage signature method based on block chain technology |
| CN111161056A (en) * | 2018-11-07 | 2020-05-15 | 新明华区块链技术(深圳)有限公司 | Method, system and equipment for improving transaction security of digital assets |
-
2020
- 2020-05-21 CN CN202010436876.6A patent/CN111815321A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190229927A1 (en) * | 2017-02-28 | 2019-07-25 | Tencent Technology (Shenzhen) Company Ltd | Method and apparatus for processing account information in block chain, storage medium, and electronic apparatus |
| WO2019011179A1 (en) * | 2017-07-10 | 2019-01-17 | 腾讯科技(深圳)有限公司 | Certificate management method, system, network device and computer readable storage medium |
| CN108573016A (en) * | 2017-12-25 | 2018-09-25 | 北京金山云网络技术有限公司 | A kind of data consistent check method, apparatus, equipment and storage medium |
| CN111161056A (en) * | 2018-11-07 | 2020-05-15 | 新明华区块链技术(深圳)有限公司 | Method, system and equipment for improving transaction security of digital assets |
| CN110533429A (en) * | 2019-08-30 | 2019-12-03 | 北京金山云网络技术有限公司 | Transaction endorsement method, apparatus and block chain network in block chain |
| CN111010282A (en) * | 2019-12-12 | 2020-04-14 | 腾讯科技(深圳)有限公司 | Information processing method based on block chain and related device |
| CN111130795A (en) * | 2019-12-13 | 2020-05-08 | 浙商银行股份有限公司 | Multistage signature method based on block chain technology |
Non-Patent Citations (1)
| Title |
|---|
| 马小峰等: "区块链技术原理与实践", 29 February 2020, 北京:机械工业出版社, pages: 38 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114629901A (en) * | 2020-12-14 | 2022-06-14 | 北京金山云网络技术有限公司 | BaaS-based block chain data sharing method, device and equipment |
| CN112446771A (en) * | 2020-12-17 | 2021-03-05 | 北京金山云网络技术有限公司 | Online auction system, method, device and electronic equipment |
| CN112446771B (en) * | 2020-12-17 | 2024-04-05 | 北京金山云网络技术有限公司 | Online auction system, online auction method, online auction device and electronic equipment |
| CN113379421A (en) * | 2021-07-13 | 2021-09-10 | 北京京东乾石科技有限公司 | Block chain based information processing and block chain network composition method and device |
| CN113379421B (en) * | 2021-07-13 | 2023-09-26 | 北京京东振世信息技术有限公司 | Information processing and block chain network composition method and device based on block chain |
| CN113643032A (en) * | 2021-09-01 | 2021-11-12 | 中国银行股份有限公司 | Information processing method and device based on block chain and data management system |
| CN113643032B (en) * | 2021-09-01 | 2024-02-20 | 中国银行股份有限公司 | Information processing method, device and data management system based on block chain |
| CN114338795A (en) * | 2021-12-23 | 2022-04-12 | 杭州趣链科技有限公司 | Data communication method and device for block chain client |
| CN114389819A (en) * | 2021-12-31 | 2022-04-22 | 航天信息股份有限公司 | Signature verification method and device |
| CN114092093A (en) * | 2022-01-20 | 2022-02-25 | 腾讯科技(深圳)有限公司 | Block chain transaction processing method and device, electronic equipment and readable medium |
| CN116866092A (en) * | 2023-09-05 | 2023-10-10 | 中国民航信息网络股份有限公司 | Data processing method, device and system based on blockchain gateway |
| CN116866092B (en) * | 2023-09-05 | 2024-01-05 | 中国民航信息网络股份有限公司 | Data processing method, device and system based on blockchain gateway |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112446785B (en) | Cross-chain transaction method, system, device, equipment and storage medium | |
| US10790976B1 (en) | System and method of blockchain wallet recovery | |
| CN109756485B (en) | Electronic contract signing method, electronic contract signing device, computer equipment and storage medium | |
| CN111737724B (en) | Data processing method and device, intelligent equipment and storage medium | |
| CN111914027B (en) | Block chain transaction keyword searchable encryption method and system | |
| CN111815321A (en) | Transaction proposal processing method, device, system, storage medium and electronic device | |
| CN107396360B (en) | Block verification method and device | |
| CN107342867B (en) | Signature verification method and device | |
| CN110096903B (en) | Asset verification method based on block chain and block chain network system | |
| Feng et al. | An efficient privacy-preserving authentication model based on blockchain for VANETs | |
| CN112215608A (en) | Data processing method and device | |
| WO2016202952A1 (en) | Digital token exchange system | |
| CN112583596B (en) | Complete cross-domain identity authentication method based on block chain technology | |
| CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
| CN112069550B (en) | Electronic contract evidence-storing system based on intelligent contract mode | |
| CN112380584B (en) | Block chain data updating method and device, electronic equipment and storage medium | |
| CN113743939A (en) | Identity authentication method, device and system based on block chain | |
| CN113301022A (en) | Internet of things equipment identity security authentication method based on block chain and fog calculation | |
| CN111737715A (en) | Decentralized electronic contract online signing method and system | |
| CN112446039A (en) | Block chain transaction processing method, device, equipment and storage medium | |
| CN111461720A (en) | Identity verification method and device based on block chain, storage medium and electronic equipment | |
| CN112769548B (en) | Block chain numerical information transmission method, system, device and computer medium | |
| CN111314066B (en) | Block chain-based data transfer method, terminal and computer-readable storage medium | |
| CN112035896A (en) | Electronic contract deposit certificate system based on transaction mode | |
| KR20120091618A (en) | Digital signing system and method using chained hash |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |