CN112202734B - Service processing method, electronic device and readable storage medium - Google Patents
Service processing method, electronic device and readable storage medium Download PDFInfo
- Publication number
- CN112202734B CN112202734B CN202010962849.2A CN202010962849A CN112202734B CN 112202734 B CN112202734 B CN 112202734B CN 202010962849 A CN202010962849 A CN 202010962849A CN 112202734 B CN112202734 B CN 112202734B
- Authority
- CN
- China
- Prior art keywords
- transaction
- service
- request message
- parameters
- encrypted data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The embodiment of the invention provides a service processing method, electronic equipment and a readable storage medium, aiming at reducing the complexity of service development. The service processing method is applied to a message analysis system, and comprises the following steps: receiving a service request message, wherein the service request message carries service parameters and encrypted data corresponding to the service parameters; analyzing the service request message into a transaction which can be executed by a blockchain network, wherein the transaction carries the encrypted data and part or all of the service parameters; and sending the transaction to a key management system, enabling the key management system to decrypt the encrypted data to obtain decrypted service parameters, judging whether the transaction is legal or not according to the decrypted service parameters and the service parameters carried by the transaction, signing the transaction if the transaction is legal, and refusing to sign the transaction if the transaction is illegal.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a service processing method, an electronic device, and a readable storage medium.
Background
The block chain technology is built on a transmission network (also called as a block chain network), distributed node equipment (hereinafter referred to as nodes) in the transmission network realizes generation, verification and uplink storage of block data by operating a block chain program, finally realizes a data tamper-proof mechanism, and provides a safe and reliable technical new idea for business development.
The block chain technology can be applied to various service scenes, such as the financial field, the electronic commerce field, the commodity or raw material tracing field, the electronic evidence storage field and the like.
In the related art, when a user performs a service via a blockchain network, the user needs to construct a transaction that can be executed by the blockchain network through a client, and then submit the transaction to the blockchain network for execution. However, the construction process of the transaction is time consuming due to the complex format of the transaction. Users typically need to master certain blockchain techniques in advance in order to build transactions. Therefore, for the user, when the service is developed by using the block chain network, the service development process is complicated, and the service development efficiency is affected.
Disclosure of Invention
Embodiments of the present invention provide a service processing method, an electronic device, and a readable storage medium, which are intended to reduce complexity of service development. The specific technical scheme is as follows:
in a first aspect of an embodiment of the present invention, a service processing method is provided, where the method is applied to a packet parsing system, and the method includes:
receiving a service request message, wherein the service request message carries service parameters and encrypted data corresponding to the service parameters;
analyzing the service request message into a transaction which can be executed by a blockchain network, wherein the transaction carries the encrypted data and part or all of the service parameters;
and sending the transaction to a key management system, enabling the key management system to decrypt the encrypted data to obtain decrypted service parameters, judging whether the transaction is legal or not according to the decrypted service parameters and the service parameters carried by the transaction, signing the transaction if the transaction is legal, and refusing to sign the transaction if the transaction is illegal.
In a second aspect of the embodiments of the present invention, another service processing method is provided, which is applied to a key management system, and the method includes:
receiving a transaction which is sent by a message analysis system and can be executed by a block chain network, wherein the transaction is obtained after the message analysis system analyzes a service request message, the service request message carries service parameters and encrypted data corresponding to the service parameters, and the transaction carries the encrypted data and part or all of the service parameters;
decrypting the encrypted data carried by the transaction to obtain decrypted service parameters;
and judging whether the transaction is legal or not according to the decrypted service parameters and the service parameters carried by the transaction, signing the transaction under the condition that the transaction is legal, and refusing to sign the transaction under the condition that the transaction is illegal.
In a third aspect of the embodiments of the present invention, an electronic device is provided, which includes a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
the memory is used for storing a computer program;
the processor is configured to implement the service processing method provided in any embodiment of the present invention when executing the program stored in the memory.
In a fourth aspect of the embodiments of the present invention, a computer-readable storage medium is provided, on which a computer program is stored, and the computer program, when executed by a processor, implements the service processing method provided in any embodiment of the present invention.
In the invention, a service request party (i.e. a user) can send a service request message to a message analysis system without compiling a transaction for a service to be developed during the development of the service, and the service request message is analyzed into the transaction which can be executed by a blockchain network through the message analysis system. Therefore, the difficulty of the user in developing the service can be effectively reduced, and the technical threshold of the user for using the block chain network is reduced.
In addition, the message analysis system sends the transaction to the key management system for signature after analyzing the transaction, which is beneficial to preventing the transaction from being tampered during network transmission.
In addition, before signing the transaction, the key management system needs to decrypt the encrypted data carried by the transaction to obtain the decrypted service parameter, and judges whether the transaction is legal or not according to the consistency between the decrypted service parameter and the service parameter carried by the transaction. The transaction is signed if the transaction is legitimate and is denied if the transaction is not legitimate. Therefore, the message analysis system can be effectively prevented from tampering the service parameters, or counterfeiting transactions by the message analysis system can be effectively prevented, so that the safety of service development is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic diagram of a service processing system according to an embodiment of the present invention;
fig. 2 is a flowchart of a service processing method according to an embodiment of the present invention;
fig. 3 is a flowchart of a service processing method according to another embodiment of the present invention;
fig. 4 is a schematic diagram of an electronic device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It should be apparent that the described embodiments are only some of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
The block chain technology is built on a transmission network (also called a block chain network), distributed node equipment (hereinafter referred to as nodes) in the transmission network realizes generation, verification and uplink storage of block data by operating a block chain program, and finally realizes a data tamper-proof mechanism, thereby providing a safe and reliable new technical idea for business development.
In the related art, when a user performs a service via a blockchain network, the user needs to construct a transaction that can be executed by the blockchain network through a client, and then submit the transaction to the blockchain network for execution. However, the construction process of the transaction is time consuming due to the complex format of the transaction. Users typically need to master certain blockchain techniques in advance in order to build transactions. Therefore, for the user, when the service is developed by using the block chain network, the service development process is complicated, and the service development efficiency is affected.
In view of this, the embodiments of the present invention provide one or more service processing systems, service processing methods, electronic devices and readable storage media, so as to reduce the complexity of service development.
Referring to fig. 1, fig. 1 is a schematic diagram of a service processing system according to an embodiment of the present invention. As shown in fig. 1, the service processing system includes: a message parsing system, a key management system and a block chain network. The blockchain network includes a plurality of distributed node devices (hereinafter, referred to as nodes) that implement a blockchain technique by running a blockchain program.
When a service is developed based on the service processing system shown in fig. 1, as shown in fig. 1, the message parsing system receives a service request message sent by a service requester, where the service request message at least carries: the service parameter, the encrypted data corresponding to the service parameter, the service type identifier and the identity identifier of the service requester. In fig. 1, the content indicated by the dashed oval circles is a schematic message structure.
The business parameters refer to data related to actual business, such as asset type (e.g. bond type, digital currency type, digital certificate type, etc.), asset transaction amount, unit of transaction amount, asset transferor address, asset receiver address, etc.
The encrypted data corresponding to the service parameters are as follows: and encrypting the service parameters to obtain encrypted data. Optionally, in some specific embodiments, the terminal device of the service requester may encrypt the service parameter by using the first key of the service requester, so as to obtain encrypted data corresponding to the service parameter. The first key of the service requester may be a private key of the service requester or a symmetric key of the service requester.
The service type identification is used for representing: the type of service requested by the service requestor. In the invention, different types of services respectively correspond to different service type identifications. For convenience of understanding, for example, the service type identifier corresponding to the bond issuance class service is SMTA, and the service type identifier corresponding to the bond subscription class service is SMTT. It should be noted that the service type identifiers such as SMTA and SMTT are only used as examples and are not intended to limit the present invention. In practical implementation, the invention can select service type identifiers in other character string modes to represent bond issuing services and bond subscription services.
The identity of the service request party is a unique identity of the service request party, and different service request parties respectively correspond to different identity identities.
As shown in fig. 1, after receiving a service request message, the message parsing system parses the service request message into one or more transactions that can be executed by the blockchain network. Wherein each transaction carries at least: the encrypted data carried by the service request message, part or all of the service parameters carried by the service request message, and the identity carried by the service request message.
The transaction that can be executed by the blockchain network refers to that the format, data type, and the like of the transaction conform to the requirements of the nodes of the blockchain network, so that the nodes of the blockchain network can execute the transaction by running a blockchain program.
In the specific implementation, the message analysis system is configured with multiple analysis strategies in advance, and each analysis strategy is respectively used for analyzing the service request message of one service type. After receiving the service request message, the message analysis system determines a corresponding analysis strategy from the multiple analysis strategies according to the service type corresponding to the service request message, and analyzes the service request message according to the determined analysis strategy.
Optionally, in some specific embodiments, the parsing policy is mainly used to make the following restrictions on the parsing operation: (1) Analyzing the transaction quantity and the transaction type of the transaction from the service request message; (2) If the plurality of transactions are analyzed, further defining the sequence relation among the plurality of transactions; (3) And for each transaction, defining the service parameters required to be carried by the transaction, and defining the specific field of the service request message from which the service parameters are acquired.
For the sake of understanding, it is assumed that, for example, a service type identifier included in a service request message received by the message parsing system is SMTT. The message analysis system responds to the service request message, and firstly inquires a service type identifier (SMTT) from the request message. And then determining an analysis strategy a corresponding to the service type identifier SMTT from a plurality of preset analysis strategies by taking the service type identifier SMTT as an index.
Further assume that the resolution policy a defines: (1) The transaction quantity of the transaction analyzed from the service request message is 3, and the transaction types of 3 transactions are transaction e, transaction f and transaction g respectively; (2) The sequence relation of the 3 transactions is transaction e, transaction f and transaction g in sequence; (3) The transaction e carries contract address parameters and asset transfer party address parameters, wherein the contract address parameters need to be obtained from the 5 th and 6 th fields of the service request message, and the asset transfer party address parameters need to be obtained from the 7 th and 8 th fields of the service request message; the transaction f carries an asset type parameter and an asset transaction quantity parameter, wherein the asset type parameter needs to be obtained from the 2 nd field of the service request message, and the transaction quantity parameter needs to be obtained from the 3 rd field and the 4 th field of the service request message; transaction g carries asset receiver address parameters, which need to be obtained from fields 9 and 10 of the service request message.
And after the message analysis system determines the analysis strategy a, analyzing the service request message according to the determined analysis strategy a.
It should be noted that the various data (e.g., service type identifier, transaction amount, transaction type, service parameter, field number, etc.) referred to in the above examples are only illustrative examples. During actual implementation of the present invention, the actual data used may be the same as or different from the various data in the above examples.
As shown in fig. 1, after the message parsing system parses out the transaction, the transaction is sent to the key management system, so as to sign the transaction through the key management system.
Optionally, in some specific embodiments, if the message parsing system parses out a plurality of transactions, when the message parsing system sends the transactions to the key management system, the parsed transactions may be sent to the key management system at one time, or the transactions may be sent to the key management system one by one. To simplify the drawing, the message parsing system sending a transaction to the key management system is only schematically shown in fig. 1.
As shown in fig. 1, after receiving a transaction sent by a message parsing system, a key management system, in response to the received transaction, first decrypts encrypted data carried in the transaction to obtain decrypted service parameters.
In specific implementation, the key management system stores a plurality of second keys in advance, and each second key corresponds to the first key of one service requester. As described above, if the first key of the service requester is a symmetric key, the second key corresponding to the first key is also a symmetric key, and the corresponding first key and second key are two same symmetric keys. Or, if the first key of the service requester is a private key in the asymmetric key, the second key corresponding to the first key is a public key in the asymmetric key, and the corresponding first key and second key are a pair of mutually matched public and private keys.
And after receiving the service request message, the key management system reads the identity identifier from the service request message, and determines a target second key corresponding to the identity identifier from a plurality of preset second keys according to the read identity identifier. And then, the key management system decrypts the encrypted data carried by the transaction by using the determined target second key to obtain the decrypted service parameters.
In addition, if the key management system fails to determine the target second key corresponding to the identity, it indicates that the identity is tampered, or the service request message is initiated by an illegal user (i.e., a user who does not register the second key in the key management system). In this way, the key management system can directly refuse to sign the transaction, so that the processing process of the transaction is interrupted to ensure the safety of business processing.
As shown in fig. 1, after obtaining the decrypted service parameter, the key management system determines whether the transaction is legal according to the consistency between the decrypted service parameter and the service parameter carried in the transaction.
Optionally, in some specific embodiments, in order to determine whether the transaction is legal, it may be determined, for each service parameter carried in the transaction, whether the decrypted service parameter includes the service parameter. And if each service parameter carried by the transaction is contained in the decrypted service parameters, determining that the transaction is legal, otherwise, determining that the transaction is illegal.
For convenience of understanding, it is assumed that, for example, after encrypted data carried in a certain transaction is decrypted, the obtained decrypted service parameters include: a contract address parameter A1, an asset transferor address parameter B1, an asset type parameter C1, an asset transaction quantity parameter D1, and an asset recipient address parameter E1. And the service parameters carried by the transaction include: contract address parameter A2 and asset forwarder address parameter B2. The key management system needs to decide: whether the contract address parameter A2 is consistent with the contract address parameter A1, and whether the asset roll-out address parameter B2 is consistent with the asset roll-out address parameter B1.
If the contract address parameter A1 and the asset roll-out address parameter B1 are consistent, the contract address parameter A1 and the asset roll-out address parameter B1 are not tampered by a message analysis system, and are not tampered by a network attacker during network transmission, so that the transaction is determined to be legal. If not, the contract address parameter A1 and the asset forwarder address parameter B1 are indicated to be tampered by a message analysis system or a network attacker during network transmission, so that the transaction is determined to be illegal.
Optionally, in other specific embodiments, multiple regrouping policies are preconfigured in the key management system, and each regrouping policy is used for regrouping transactions of one service type, so that the transactions are regrouped into a service request packet. The group returning strategy is mainly used for limiting the group returning operation as follows: (1) returning the message format of the formed service request message; (2) For each message field in the service request message, the content of the message field is defined from which position of which transaction should be acquired.
After the message parsing system sends the parsed transaction or transactions (each transaction carries a service type identifier) to the key management system, the key management system may first read the service type identifier from any transaction in order to determine whether the transaction is legal. And then determining a group returning strategy corresponding to the service type identifier according to the read service type identifier. And finally, based on the determined grouping returning strategy, returning the one or more transactions to form a service request message.
In addition, the encrypted data is specifically data obtained by encrypting the entire service request message. In other words, the whole service request message is encrypted to obtain encrypted data. Therefore, after the key management system decrypts the encrypted data, a decrypted service request message can be obtained, and the decrypted service request message also carries the service parameters.
When the key management system returns the grouped service request message and obtains the decrypted service request message, the hash value of the returned grouped service request message can be calculated, the hash value of the decrypted service request message can be calculated, and then the two hash values are compared. If the two hash values are consistent, it is indicated that each service parameter in the transaction is not tampered by the message analysis system, the message analysis system does not analyze the service request message into an illegal transaction, and the transaction is not tampered by a network attacker during network transmission, so that the transaction is determined to be legal. If the two hash values are inconsistent, the service parameters in the transaction are falsified by the message analysis system, or the message analysis system analyzes the service request message into an illegal transaction, or the transaction is falsified by a network attacker during network transmission, so that the transaction is determined to be illegal.
As shown in fig. 1, the key management system signs the transaction if the transaction is legitimate, and denies signing the transaction if the transaction is not legitimate. To simplify the drawing, only the case where the transaction is legal is shown in fig. 1.
In specific implementation, the private keys of a plurality of service requesters are stored in the key management system, after the key management system determines that a transaction is legal, the identity identification is read from the transaction, a target private key corresponding to the identity identification is determined from a plurality of preset private keys according to the read identity identification, and the transaction is signed by using the target private key. That is, the key management system uses the private key of the service requester to sign the transaction parsed from the service request message of the service requester. The signed transaction can be effectively prevented from being tampered when being transmitted in the network.
As shown in fig. 1, after signing the transaction, the key management system may return the signed transaction to the message parsing system, and the message parsing system then submits the signed transaction to the blockchain network for execution. Specifically, the message parsing system submits the signed transaction to any node or designated node in the block chain network, so that the transaction reaches the block chain network.
Or, after signing the transaction, the key management system can also directly submit the signed transaction to the blockchain network for execution. Specifically, the key management system submits the signed transaction to any node or a designated node within the blockchain network, so that the transaction reaches the blockchain network.
In the invention, because a service request party (i.e. a user) does not need to write a transaction for a service to be developed during the development of the service, the service request message can be sent to the message analysis system, and the service request message is analyzed into the transaction which can be executed by the blockchain network through the message analysis system. Therefore, the difficulty of the user in developing the service can be effectively reduced, and the technical threshold of the user in using the block chain network is reduced.
In addition, the message analysis system sends the transaction to the key management system for signature after analyzing the transaction, which is beneficial to preventing the transaction from being tampered during network transmission.
In addition, before signing the transaction, the key management system needs to decrypt the encrypted data carried by the transaction to obtain the decrypted service parameter, and judges whether the transaction is legal or not according to the consistency between the decrypted service parameter and the service parameter carried by the transaction. The transaction is signed if the transaction is legitimate and is denied if the transaction is not legitimate. Therefore, the message analysis system can be effectively prevented from tampering the service parameters, or counterfeiting transactions by the message analysis system can be effectively prevented, so that the safety of service development is improved.
In the above, the present invention provides a service processing system and a service processing method through a preferred embodiment, and achieves the purpose of reducing the complexity of service development. Hereinafter, the present invention proposes other service processing methods through other embodiments, and the following embodiments may be referred to above with reference to the preferred embodiments.
Referring to fig. 2, fig. 2 is a flowchart of a service processing method according to an embodiment of the present invention, where the service processing method is applied to a message parsing system. As shown in fig. 2, the service processing method includes the following steps:
step S21: and receiving a service request message, wherein the service request message carries service parameters and encrypted data corresponding to the service parameters.
The business parameters refer to data related to actual business, such as asset type (e.g. bond type, digital currency type, digital certificate type, etc.), asset transaction amount, unit of transaction amount, asset transferor address, asset receiver address, etc.
The encrypted data corresponding to the service parameters are as follows: and encrypting the service parameters to obtain encrypted data. Or, the encrypted data corresponding to the service parameter refers to: and encrypting the whole service request message to obtain encrypted data, wherein the whole service request message comprises service parameters.
Optionally, in some specific embodiments, the service request packet is sent to the packet parsing system by the terminal device of the service requester. Specifically, the terminal device of the service requester may encrypt the service parameter by using the first key of the service requester, so as to obtain encrypted data corresponding to the service parameter, then fill the encrypted data into the service request message, and finally send the service request message to the message parsing system.
Step S22: and analyzing the service request message into a transaction which can be executed by a blockchain network, wherein the transaction carries the encrypted data and part or all of the service parameters.
Optionally, in some specific embodiments, the service request packet further carries a service type identifier, and the service type identifier is used to characterize: the type of service requested by the service requestor. In the invention, different types of services respectively correspond to different service type identifications.
When step S22 is executed, specifically, the following substeps are included:
substep S22-1: and determining a target analysis strategy corresponding to the service type identifier from a plurality of preset analysis strategies according to the service type identifier carried by the service request message.
Substep S22-2: and analyzing the service request message into one or more transactions which can be executed by a blockchain network according to the target analysis strategy, wherein the number and the type of the analyzed transactions correspond to the target analysis strategy.
For the specific description of the substep S22-1 and the substep S22-2, reference may be made to the above preferred embodiment, and details are not repeated herein to avoid redundancy.
Step S23: and sending the transaction to a key management system, enabling the key management system to decrypt the encrypted data to obtain decrypted service parameters, judging whether the transaction is legal or not according to the consistency between the decrypted service parameters and the service parameters carried by the transaction, signing the transaction if the transaction is legal, and refusing to sign the transaction if the transaction is illegal.
Optionally, in some specific embodiments, after sending the transaction to the key management system for signature, the message parsing system also receives the signed transaction returned by the key management system; and then submitting the signed transaction to the blockchain network for execution.
In the invention, a service request party (i.e. a user) can send a service request message to a message analysis system without compiling a transaction for a service to be developed during the development of the service, and the service request message is analyzed into the transaction which can be executed by a blockchain network through the message analysis system. Therefore, the difficulty of the user in developing the service can be effectively reduced, and the technical threshold of the user for using the block chain network is reduced.
In addition, the message analysis system sends the transaction to the key management system for signature after analyzing the transaction, which is beneficial to preventing the transaction from being tampered during network transmission.
In addition, before signing the transaction, the key management system needs to decrypt the encrypted data carried by the transaction to obtain the decrypted service parameter, and judges whether the transaction is legal or not according to the consistency between the decrypted service parameter and the service parameter carried by the transaction. The transaction is signed if the transaction is legitimate and is denied if the transaction is not legitimate. Therefore, the message analysis system can be effectively prevented from tampering the service parameters, or counterfeiting the transaction by the message analysis system, thereby being beneficial to improving the safety of service development.
Referring to fig. 3, fig. 3 is a flowchart of a service processing method according to another embodiment of the present invention, where the service processing method is applied to a key management system. As shown in fig. 3, the service processing method includes the following steps:
step S31: receiving a transaction which is sent by a message analysis system and can be executed by a block chain network, wherein the transaction is obtained after the message analysis system analyzes a service request message, the service request message carries service parameters and encrypted data corresponding to the service parameters, and the transaction carries the encrypted data and part or all of the service parameters.
The business parameters refer to data related to actual business, such as asset type (e.g. bond type, digital currency type, digital certificate type, etc.), asset transaction amount, unit of transaction amount, asset transferor address, asset receiver address, etc.
The encrypted data corresponding to the service parameters are as follows: and encrypting the service parameters to obtain encrypted data. Or, the encrypted data corresponding to the service parameter refers to: and encrypting the whole service request message to obtain encrypted data, wherein the whole service request message comprises service parameters.
Step S32: and decrypting the encrypted data carried by the transaction to obtain the decrypted service parameters.
Optionally, in some specific embodiments, the encrypted data carried in the service request packet is data obtained by encrypting the service parameter with the first key of the service requester. In addition, the service request message also carries the identity of the service requester, and each transaction analyzed by the service request message also carries the identity of the service requester.
When step S32 is performed, specifically, the following sub-steps are included:
substep S32-1: and reading the identity carried by the transaction, and determining a target second key corresponding to the identity from a plurality of preset second keys according to the identity.
Substep S32-2: and decrypting the encrypted data carried by the transaction by using the target second key to obtain the decrypted service parameters.
For the specific description of the substep S32-1 and the substep S32-2, reference may be made to the above preferred embodiment, and details are not repeated herein to avoid redundancy.
In addition, under the condition that the target second key corresponding to the identity cannot be determined, the key management system can refuse to sign the transaction, so that the processing process of the transaction is interrupted, and the safety of business processing is ensured.
Step S33: and judging whether the transaction is legal or not according to the consistency between the decrypted service parameters and the service parameters carried by the transaction, signing the transaction under the condition that the transaction is legal, and refusing to sign the transaction under the condition that the transaction is illegal.
Optionally, in some specific embodiments, when determining whether the transaction is legal according to the consistency between the decrypted service parameter and the service parameter carried in the transaction, specifically, the method includes the following sub-steps:
substep S33-1: and judging whether the decrypted service parameters contain the service parameters or not aiming at each service parameter carried by the transaction.
Substep S33-2: and if each service parameter carried by the transaction is contained in the decrypted service parameters, determining that the transaction is legal, otherwise, determining that the transaction is illegal.
For the specific description of the substep S33-1 and the substep S33-2, reference may be made to the above preferred embodiment, and details are not repeated herein to avoid redundancy.
Optionally, in some specific embodiments, when the transaction is legal, the transaction is signed, specifically, when the transaction is legal, according to an identity carried in the transaction, a target private key corresponding to the identity is determined from a plurality of preset private keys, and the transaction is signed by using the target private key.
Optionally, in some specific embodiments, after signing the transaction, the key management system further returns the signed transaction to the message parsing system, so that the message parsing system submits the signed transaction to the blockchain network for execution. Or the key management system directly submits the signed transaction to the blockchain network for execution.
In the invention, a service request party (i.e. a user) can send a service request message to a message analysis system without compiling a transaction for a service to be developed during the development of the service, and the service request message is analyzed into the transaction which can be executed by a blockchain network through the message analysis system. Therefore, the difficulty of the user in developing the service can be effectively reduced, and the technical threshold of the user in using the block chain network is reduced.
In addition, the message analysis system sends the transaction to the key management system for signature after analyzing the transaction, which is beneficial to preventing the transaction from being tampered during network transmission.
In addition, before signing the transaction, the key management system needs to decrypt the encrypted data carried by the transaction to obtain the decrypted service parameter, and judges whether the transaction is legal or not according to the consistency between the decrypted service parameter and the service parameter carried by the transaction. The transaction is signed if the transaction is legitimate and denied if the transaction is not legitimate. Therefore, the message analysis system can be effectively prevented from tampering the service parameters, or counterfeiting the transaction by the message analysis system, thereby being beneficial to improving the safety of service development.
Based on the same inventive concept, an electronic device according to an embodiment of the present invention is further provided, as shown in fig. 4, and includes a processor 401, a communication interface 402, a memory 403, and a communication bus 404, where the processor 401, the communication interface 402, and the memory 403 complete mutual communication through the communication bus 404.
The memory 403 is used for storing computer programs;
the processor 401 is configured to implement the following steps when executing the program stored in the memory 403:
receiving a service request message, wherein the service request message carries service parameters and encrypted data corresponding to the service parameters;
analyzing the service request message into a transaction which can be executed by a blockchain network, wherein the transaction carries the encrypted data and part or all of the service parameters;
and sending the transaction to a key management system, enabling the key management system to decrypt the encrypted data to obtain decrypted service parameters, judging whether the transaction is legal or not according to the consistency between the decrypted service parameters and the service parameters carried by the transaction, signing the transaction if the transaction is legal, and refusing to sign the transaction if the transaction is illegal.
Alternatively, the processor 401 is configured to implement the following steps when executing the program stored in the memory 403:
receiving a transaction which is sent by a message analysis system and can be executed by a block chain network, wherein the transaction is obtained after the message analysis system analyzes a service request message, the service request message carries service parameters and encrypted data corresponding to the service parameters, and the transaction carries the encrypted data and part or all of the service parameters;
decrypting the encrypted data carried by the transaction to obtain decrypted service parameters;
and judging whether the transaction is legal or not according to the consistency between the decrypted service parameters and the service parameters carried by the transaction, signing the transaction under the condition that the transaction is legal, and refusing to sign the transaction under the condition that the transaction is illegal.
Alternatively, the processor 401 is configured to implement the service processing method steps provided by the above other method embodiments of the present invention when executing the program stored in the memory 403.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM), and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In another embodiment of the present invention, a computer-readable storage medium is further provided, in which instructions are stored, and when the instructions are executed on a computer, the computer is enabled to execute the service processing method described in any one of the above embodiments.
In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the system embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The above description is only a part of the embodiments of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. A service processing method is characterized in that the method is applied to a message analysis system, and the method comprises the following steps:
receiving a service request message, wherein the service request message carries service parameters and encrypted data corresponding to the service parameters;
analyzing the service request message into a transaction which can be executed by a blockchain network, wherein the transaction carries the encrypted data and part or all of the service parameters;
sending the transaction to a key management system, enabling the key management system to decrypt the encrypted data to obtain decrypted service parameters, judging whether the transaction is legal or not according to the consistency between the decrypted service parameters and the service parameters carried by the transaction, signing the transaction if the transaction is legal, and refusing to sign the transaction if the transaction is illegal;
and submitting the signed transaction to a block chain network for execution.
2. The method of claim 1, further comprising:
receiving a signed transaction returned by the key management system;
submitting the signed transaction to the blockchain network for execution.
3. The method according to claim 1 or 2, wherein the service request message further carries a service type identifier;
the parsing the service request message into a transaction executable by a blockchain network includes:
determining a target analysis strategy corresponding to the service type identifier from a plurality of preset analysis strategies according to the service type identifier carried by the service request message;
and analyzing the service request message into one or more transactions which can be executed by a blockchain network according to the target analysis strategy, wherein the number and the type of the analyzed transactions correspond to the target analysis strategy.
4. A service processing method is applied to a key management system, and the method comprises the following steps:
receiving a transaction which is sent by a message analysis system and can be executed by a block chain network, wherein the transaction is obtained after the message analysis system analyzes a service request message, the service request message carries service parameters and encrypted data corresponding to the service parameters, and the transaction carries the encrypted data and part or all of the service parameters;
decrypting the encrypted data carried by the transaction to obtain decrypted service parameters;
judging whether the transaction is legal or not according to the consistency between the decrypted service parameters and the service parameters carried by the transaction, signing the transaction under the condition that the transaction is legal, and refusing to sign the transaction under the condition that the transaction is illegal;
and submitting the signed transaction to a block chain network for execution.
5. The method of claim 4, further comprising:
returning the signed transaction to the message analysis system, and submitting the signed transaction to the block chain network for execution by the message analysis system;
alternatively, the first and second liquid crystal display panels may be,
and submitting the signed transaction to the blockchain network for execution.
6. The method according to claim 4, wherein the encrypted data is obtained by encrypting the service parameter with a first key of a service requester, the service request message further carries an identity of the service requester, and the transaction also carries the identity of the service requester;
the decrypting the encrypted data carried by the transaction to obtain the decrypted service parameters includes:
reading an identity carried by the transaction, and determining a target second secret key corresponding to the identity from a plurality of preset second secret keys according to the identity;
decrypting the encrypted data carried by the transaction by using the target second key to obtain decrypted service parameters;
said signing said transaction if said transaction is legitimate, comprising:
and under the condition that the transaction is legal, determining a target private key corresponding to the identity from a plurality of preset private keys according to the identity, and signing the transaction by using the target private key.
7. The method of claim 6, further comprising:
refusing to sign the transaction if a target second key corresponding to the identity cannot be determined.
8. The method according to any one of claims 4 to 7, wherein said determining whether the transaction is legal according to the consistency between the decrypted service parameter and the service parameter carried in the transaction comprises:
judging whether the decrypted service parameters contain the service parameters or not aiming at each service parameter carried by the transaction;
and if each service parameter carried by the transaction is contained in the decrypted service parameters, determining that the transaction is legal, otherwise, determining that the transaction is illegal.
9. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
the memory is used for storing a computer program;
the processor, when executing a program stored in the memory, is adapted to carry out the method steps of any of claims 1 to 3 or to carry out the method steps of any of claims 4 to 8.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 3 or carries out the method steps of any one of claims 4 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010962849.2A CN112202734B (en) | 2020-09-14 | 2020-09-14 | Service processing method, electronic device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010962849.2A CN112202734B (en) | 2020-09-14 | 2020-09-14 | Service processing method, electronic device and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112202734A CN112202734A (en) | 2021-01-08 |
| CN112202734B true CN112202734B (en) | 2023-04-07 |
Family
ID=74016315
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010962849.2A Active CN112202734B (en) | 2020-09-14 | 2020-09-14 | Service processing method, electronic device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112202734B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107066893A (en) * | 2017-02-28 | 2017-08-18 | 腾讯科技(深圳)有限公司 | The treating method and apparatus of accounts information in block chain |
| CN109903052A (en) * | 2019-02-13 | 2019-06-18 | 杭州秘猿科技有限公司 | A kind of block chain endorsement method and mobile device |
| CN111127159A (en) * | 2019-12-24 | 2020-05-08 | 北京海益同展信息科技有限公司 | Lottery management method, lottery management system, computing device, and medium |
| CN111213147A (en) * | 2019-07-02 | 2020-05-29 | 阿里巴巴集团控股有限公司 | System and method for block chain based cross entity authentication |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11238447B2 (en) * | 2019-06-26 | 2022-02-01 | Advanced New Technologies Co., Ltd. | Blockchain transactions with ring signatures |
| CN111316303B (en) * | 2019-07-02 | 2023-11-10 | 创新先进技术有限公司 | Systems and methods for blockchain-based cross-entity authentication |
-
2020
- 2020-09-14 CN CN202010962849.2A patent/CN112202734B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107066893A (en) * | 2017-02-28 | 2017-08-18 | 腾讯科技(深圳)有限公司 | The treating method and apparatus of accounts information in block chain |
| CN109903052A (en) * | 2019-02-13 | 2019-06-18 | 杭州秘猿科技有限公司 | A kind of block chain endorsement method and mobile device |
| CN111213147A (en) * | 2019-07-02 | 2020-05-29 | 阿里巴巴集团控股有限公司 | System and method for block chain based cross entity authentication |
| CN111127159A (en) * | 2019-12-24 | 2020-05-08 | 北京海益同展信息科技有限公司 | Lottery management method, lottery management system, computing device, and medium |
Non-Patent Citations (1)
| Title |
|---|
| 基于区块链的物联网身份认证系统;宋文斌;《中国优秀硕士学位论文全文数据库(电子期刊)》;20190215;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112202734A (en) | 2021-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111737724B (en) | Data processing method and device, intelligent equipment and storage medium | |
| CN111164948B (en) | Managing network security vulnerabilities using blockchain networks | |
| CN111046352B (en) | Identity information security authorization system and method based on block chain | |
| US20200067907A1 (en) | Federated identity management with decentralized computing platforms | |
| EP1698993B1 (en) | Method and system for integrating multiple identities, identity mechanisms and identity providers in a single user paradigm | |
| US20220191212A1 (en) | Dynamic management of consent and premissioning between executed applications and programmatic interfaces | |
| WO2021169107A1 (en) | Internet identity protection method and apparatus, electronic device, and storage medium | |
| CN110020543B (en) | Data processing method and device based on block chain | |
| CN109388957B (en) | Block chain-based information transfer method, device, medium and electronic equipment | |
| CN113169866A (en) | Techniques to prevent collusion using simultaneous key distribution | |
| CN111292174A (en) | Tax payment information processing method and device and computer readable storage medium | |
| CN110908786A (en) | Intelligent contract calling method, device and medium | |
| CN111429191A (en) | Block chain-based electronic invoice flow management method, device and system | |
| CN110619222A (en) | Authorization processing method, device, system and medium based on block chain | |
| US20220407729A1 (en) | Data processing method and apparatus, device, and medium | |
| CN113486122A (en) | Data sharing method and electronic equipment | |
| CN114117264A (en) | Illegal website identification method, device, equipment and storage medium based on block chain | |
| CN114978635A (en) | Cross-domain authentication method and device, and user registration method and device | |
| CN113328854B (en) | Service processing method and system based on block chain | |
| Saleem et al. | ProofChain: An X. 509-compatible blockchain-based PKI framework with decentralized trust | |
| EP3839791B1 (en) | Identification and authorization of transactions via smart contracts | |
| CN112202564B (en) | Transaction transfer method and device, electronic equipment and readable storage medium | |
| CN111444416A (en) | Method, system and device for popularizing financial business | |
| CN112202734B (en) | Service processing method, electronic device and readable storage medium | |
| Alsunaidi et al. | A strong smartphone authentication model to control cellular network access using blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |