CN112364384B - Business record time service method based on credible account book database - Google Patents

Business record time service method based on credible account book database Download PDF

Info

Publication number
CN112364384B
CN112364384B CN202110033650.6A CN202110033650A CN112364384B CN 112364384 B CN112364384 B CN 112364384B CN 202110033650 A CN202110033650 A CN 202110033650A CN 112364384 B CN112364384 B CN 112364384B
Authority
CN
China
Prior art keywords
time service
record
time
certificate
authoritative
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110033650.6A
Other languages
Chinese (zh)
Other versions
CN112364384A (en
Inventor
杨新颖
张渊
李亿泽
管亚阳
闫文远
俞本权
高群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd, Ant Blockchain Technology Shanghai Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202110033650.6A priority Critical patent/CN112364384B/en
Publication of CN112364384A publication Critical patent/CN112364384A/en
Application granted granted Critical
Publication of CN112364384B publication Critical patent/CN112364384B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A service record time service method based on a credible account book database is disclosed. For the received service record, the database server obtains an authoritative Time service certificate for the service record from a Time Stamp Authority (TSA) server and associates the authoritative Time service certificate with the service record, and obtains a common Time service certificate for the service record from a common Time service and associates the common Time service certificate with the service record.

Description

Business record time service method based on credible account book database
Technical Field
The embodiment of the specification relates to the technical field of information, in particular to a business record time service method based on a trusted account book database.
Background
The credible account book database is a novel storage scheme obtained by improvement on the basis of a block chain storage scheme, can overcome the problems of low throughput, long response time and the like of decentralized block chain storage, and can meet the credible storage requirement of a user on data.
The credible account book database is maintained locally by a centralized database server, the service object of the credible account book database is usually an enterprise-level user, the user registers an account at the database server, the business data generated by the self business is encapsulated into business records through the registered account, the business records are submitted to the database server, and after the database server receives the business records, the received business records are written into the local credible account book database for storage.
On the basis of the prior art, the credibility of the credible ledger database for a third party needs to be considered.
Disclosure of Invention
The technical scheme of the application aims to solve the technical problem that the existing credible account book database is low in credibility for a third party.
In order to solve the technical problem, the technical scheme of the application is realized as follows:
according to the 1 st aspect of the embodiments of the present specification, there is provided a method for service record timing of a trusted account book database, which is applied to a database server, where the database server locally maintains the trusted account book database, and the method includes:
when receiving the business record, executing: the business record is stored into the credible account book database, the business record hash is submitted to an authoritative time service provider (TSA) server through a public network line, and the business record hash is submitted to a common time service provider server through a private network line;
obtaining an authoritative time service certificate generated by the TSA server based on the time of receiving the business record hash; obtaining a common time service certificate generated by the common time service side of the common time service party based on the time of receiving the business record hash;
and establishing an association relationship between the business record and the authoritative time service certificate, and establishing an association relationship between the business record and the common time service certificate.
According to the 2 nd aspect of the embodiments of the present specification, there is provided a service record authenticity verification method based on the method of the 1 st aspect, including:
acquiring a common time service certificate and an authoritative time service certificate associated with a service record to be verified from the database server;
verifying a common timestamp in the obtained common time service certificate, and verifying an authority timestamp in the obtained authority time service certificate;
and if the two time stamp verifications are passed, taking the common time as the latest certificate storing time corresponding to the business record, and verifying the authenticity of the business record based on the latest certificate storing time.
According to the 3 rd aspect of the embodiments of the present specification, there is provided a device for service record timing of a trusted account book database, which is applied to a database server, where the database server locally maintains the trusted account book database, and the device includes:
and the execution module is used for executing the following steps when receiving the service record: the business record is stored into the credible account book database, the business record hash is submitted to an authoritative time service provider (TSA) server through a public network line, and the business record hash is submitted to a common time service provider server through a private network line;
the obtaining module is used for obtaining an authoritative time service certificate generated by the TSA server based on the time of receiving the business record hash; obtaining a common time service certificate generated by the common time service side of the common time service party based on the time of receiving the business record hash;
and the establishing module is used for establishing an association relationship between the business record and the authoritative time service certificate and establishing an association relationship between the business record and the common time service certificate.
According to the 4 th aspect of the embodiments of the present specification, there is provided a service record authenticity verification apparatus based on the method of the 1 st aspect, including:
the acquisition module is used for acquiring a common time service certificate and an authoritative time service certificate which are associated with the service record to be verified from the database server;
the verification module is used for verifying the common time stamp in the obtained common time service certificate and verifying the authority time stamp in the obtained authority time service certificate;
and the judging and processing module is used for taking the common time as the latest certificate storing time corresponding to the business record if the two time stamp verifications are passed, and verifying the authenticity of the business record based on the latest certificate storing time.
According to the scheme provided in the embodiment of the present specification, for a received service record, on one hand, an authoritative Time service certificate for the service record is obtained from a Time Stamp Authority (TSA) server and is associated with the service record, and on the other hand, a common Time service certificate for the service record is obtained from a common Time service terminal and is associated with the service record. Under the condition that the authenticity of the business record needs to be verified for a third party, time stamp verification is respectively carried out on an authoritative time service certificate and a common time service certificate which are associated with the business record, if the two time stamp verifications are passed, the common time corresponding to the common time stamp in the common time service certificate can be used as the latest evidence storing time of the business record, and the authenticity of the business record can be verified according to the latest evidence storing time of the business record.
Through the embodiment of the specification, the third party can regard the common time corresponding to the common timestamp associated with the business record in the credible account book database as the latest credible evidence storage time, and then verify the authenticity of the business record based on the latest evidence storage time.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of embodiments of the invention.
In addition, any one of the embodiments in the present specification is not required to achieve all of the effects described above.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present specification, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a schematic diagram of a trusted ledger database-based data storage system provided herein;
fig. 2 is a schematic flow chart of a method for service record timing of a trusted account book database provided in the present specification;
FIG. 3 is a schematic diagram of a time service method provided in the present specification;
FIG. 4 is a flow diagram of a business record authenticity verification method;
fig. 5 is a schematic structural diagram of a business record timing device of a trusted account book database provided in the present specification;
fig. 6 is a schematic structural diagram of a service record authenticity verification apparatus provided in the present specification;
fig. 7 is a schematic diagram of a device for configuring the method of the embodiments of the present description.
Detailed Description
Fig. 1 is a schematic diagram of a data storage system based on a trusted ledger database provided in the present specification. As shown in fig. 1, the data storage system includes a centralized database server and a plurality of clients. The database server is responsible for maintaining a trusted account book database, each client corresponds to an enterprise-level user (organization), and each enterprise-level user further interfaces with one or more individual users.
For example, the takeout platform and the e-commerce platform are respectively used as users to register on the database server to obtain user accounts, and install clients provided by the database server on own equipment to log in the user accounts in the clients, so that the takeout platform and the e-commerce platform have the capability of performing data interaction with the database server.
The take-out platform and the electronic commodity platform are respectively connected with a large number of individual users. After a certain individual user purchases a takeout food by using a takeout client installed on a mobile phone of the individual user, equipment of the takeout platform generates a takeout order record (namely business data generated by the takeout platform based on business), the takeout platform encapsulates the order record into a record through a user account registered at a database server by the individual user (similar to transactions in the field of block chains, the record is a special data structure suitable for storage of a credible account book database), and submits the record to the database server so that the database server encapsulates the record into the record and writes the record into the credible account book database for storage. Similarly, the e-commerce platform encapsulates each e-commerce order generated based on the e-commerce business into a record and submits the record to the database server.
For convenience of description, the user described hereinafter refers to an enterprise-level user served by the database server, and the user account described hereinafter refers to an account registered by the enterprise-level user at the database server.
Generally, the sequence of business records submitted to a database server by a user reflects the sequence of business data generated by recording the encapsulated business data, and the database server can store all the business records into a credible account book database in sequence according to the sequence of the business records submitted by the same user.
For the way of storing business records in the trusted account book database, a block chain may be similar, that is, according to a certain blocking condition, received business records are packed into individual data blocks in batches, each data block calculates a root hash of a tacle tree based on all the business records encapsulated in the block, the root hash is written into a block header of the data block, and the block header of the next data block includes a hash value of the previous data block (that is, a hash value obtained by performing hash calculation on the block header). In this case, the trusted account book database actually belongs to a block chain type account book, and it can be ensured that it is difficult to tamper with part of business records in the trusted account book database.
In addition, the credible account book database can store all business records according to a certain sequence (usually, a receiving sequence), all business records in the credible account book database form a global merkel tree, and the root hash of the global merkel tree can ensure that part of business records in the credible account book database are difficult to be tampered.
Due to the storage mode, the existing credible account book database is credible for users, the users usually store the root hash of the Mercker tree returned by the database server, and whether the business records in the credible account book database are tampered or not can be verified by using the root hash.
However, the current trusted account book database is not necessarily trusted for the user and a third party other than the database server, because there may be a case that the user and the database server are in series communication to tamper with the trusted account book database. The third party may be, for example, an auditor, the public, etc.
For example, assuming that a user is a certain enterprise to be listed, at the beginning of enterprise creation, the enterprise opens an account at a database server, and the enterprise forms financial records of financial data generated in the current month according to the month and submits the financial records to the database server to store the trusted account book data. Enterprises worry that financial data generated before have some problems of non-compliance, so that the enterprises communicate with the database server end, all financial records stored before the auditing time point in the trusted account book database are deleted and replaced by temporarily forged financial records, and in this case, the financial records acquired by an auditor from the trusted account book database are not trusted.
By analyzing the technical problems, the technical obstacle for solving the technical problems is found that an auditor cannot know the actual evidence storage time of each business record in the credible account book database. If the auditor obtains the actual time of the transaction record, it is easier to determine whether the financial record is the original true version or a temporarily forged version.
In order to solve the above technical problem, in one or more embodiments of the present specification, for a received service record, a database server obtains an authoritative time service certificate for the service record from a TSA server and associates the authoritative time service certificate with the service record, and obtains a common time service certificate for the service record from a common time provider server and associates the common time service certificate with the service record. Under the condition that the authenticity of the business record needs to be verified for a third party, time stamp verification is respectively carried out on an authoritative time service certificate and a common time service certificate which are associated with the business record, if the two time stamp verifications are passed, the common time corresponding to the common time stamp in the common time service certificate can be used as the latest evidence storing time of the business record, and the authenticity of the business record can be verified according to the latest evidence storing time of the business record.
Through one or more embodiments of this specification, it is possible to realize:
1. the authority time granted by the TSA to the business record is absolutely trusted, and the actual credentialing time of the business record can be proved to be absolutely trusted not to be later than the authority time. And the ordinary time granted to the service record by the ordinary prompter independent of the database server is relatively credible, and the relatively credible certificate storage time for proving that the service record is not later than the ordinary time.
Moreover, because the database server communicates with the ordinary time service end through a private network line, and the data transmission speed is much higher than that of a public network line, the time for the ordinary time service end to receive the hash of the service record is significantly earlier than the time (authority time) for the TSA to receive the hash of the service record. This means that with endorsements of authoritative times, the trustworthiness of ordinary times earlier than authoritative times can be further enhanced, the ordinary times being closer to the actual credentialing times of the service record. It should be noted here that in practice, due to the fact that the database server communicates with the ordinary time service server through a private network line, the data transmission time is usually very short, and can usually reach millisecond level, which means that the ordinary time associated with the service record is very close to the actual evidence storage time of the database server for the service record.
In other words, with the embodiments of the present specification, the common time associated with the business record can be determined as the latest evidence storage time at which the credibility of the business record is higher and closer to the actual evidence storage time (the actual evidence storage time is not later than the latest evidence storage time).
2. Based on the technical effect of point 1, if a user (a producer and an owner of a business record) colludes with the database server to tamper with the business record in the trusted account book data (for example, the user colludes with the database server to deal with financial auditing, deletes all financial records before the auditing time from the trusted account book data, and replaces the financial records with a forged batch of financial records), then the forged business record can still be granted with authority time and ordinary time according to the time service flow provided by the embodiment of the present specification.
The common time associated with the forged business record is regarded as the latest certificate storing time of the forged business record, the latest certificate storing time is closer to the actual certificate storing time of the forged business record, and the latest certificate storing time is compared with the certificate storing time declared by the user and the database server, so that the declared certificate storing time is obviously later than the latest certificate storing time, and therefore the later forged business record can be shown, and the initial real business record is not shown (along the above example, an auditing party can find that the audited financial record is forged by the user and the database server for auditing and is not the initial real financial record).
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present specification, the technical solutions in the embodiments of the present specification will be described in detail below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of protection.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
Fig. 2 is a schematic flow chart of a method for service record timing of a trusted account book database provided in this specification, including the following steps:
s200: and storing the business record into the credible account book database.
The execution subject of the method shown in fig. 2 is a database server. When receiving the service record, the database server executes steps S200-S204, respectively. The execution sequence of S200-S204 is not limited. Of course, these 3 steps may be executed simultaneously, in this case, the time service certificate of the TSA server and the ordinary time service side may be obtained as soon as possible.
S202: and submitting the service record hash to the TSA server through the public network line.
S204: and submitting the service record hash to a common time service side through a private network line.
Fig. 3 is a schematic diagram of a time service method provided in the present specification. As shown in fig. 3, on one hand, since the TSA server usually faces the public, and various organizations or individuals can apply for the time service certificate to the TSA server, the hash of the data to be time-serviced needs to be submitted to the TSA server through the public network line (specifically, in this scheme, the hash of the data to be time-serviced may be a hash of a business record). The public network line often has a plurality of unstable factors, which causes the communication delay to be high (usually in the order of seconds), which means that a certain time interval exists between the credentialing time of the service record at the database server side and the authority time granted to the service record by the TSA, and the time interval is large.
On the other hand, the ordinary time-giving party does not need a time-giving mechanism facing the public, and specifically, the ordinary time-giving party may be a certain time-giving mechanism independent from the database server, the ordinary time-giving party server communicates with the database server through a private network line, the private network line is very stable, and the communication delay is very low (usually in milliseconds), which means that although a certain time interval exists between the evidence storage time of the service record at the database server and the authority time granted to the service record by the ordinary time-giving party server, the time interval is very small.
For the TSA server, time service is generally performed in the following manner:
for the received record hash, signing the record hash and the authoritative time by adopting a private key of the record hash to obtain an authoritative time stamp, wherein the authoritative time is the time when the TSA server receives the record hash; and then, returning the authority time certificate containing the authority time stamp and the authority time to the database server side.
For a common time service end, time service is generally performed in the following manner:
for the received record hash, signing the record hash and common time by adopting a private key of the record hash to obtain a common timestamp, wherein the common time is the time when the common time service end receives the record hash; and then, returning the common time service certificate containing the common timestamp and the common time to the database server side.
S206: and obtaining an authoritative time service certificate.
S208: and acquiring a common time service certificate.
S210: and establishing an association relationship between the business record and the authoritative time service certificate, and establishing an association relationship between the business record and the common time service certificate.
In some embodiments of the present specification, the database server may store the received authoritative time service certificate and the ordinary time service certificate in a local regular database (untrusted ledger database), and store the association relationship established in step S210.
In some embodiments of the present description, the database server may selectively store the authoritative time service certificate (and the corresponding relationship with the business records) and/or the ordinary time service certificate (and the corresponding relationship with the business records) in the trusted ledger database.
Specifically, a common time service record including a hash of the common time service certificate and the business record may be written into the trusted account book database. Or writing an authority time service record containing the authority time service certificate and the service record hash into the trusted account book database. And writing a time service record comprising the common time service certificate, the authoritative time service certificate and the service record Hash into the trusted account book database.
Through the method flow shown in fig. 2, two time service certificates (an authoritative time service certificate and a common time service certificate) are associated with each business record stored in the trusted account book database. The authority time in the authority time service certificate is longer than the actual evidence storing time delay of the service record. The common time in the common time service certificate is very close to the actual evidence storage time of the service record, the common time service certificate is not absolutely trusted but is issued by a common time service party independent of a database server side, so the credibility is higher, and particularly, the common time granted for the same service record cannot be later than the authority time, so the authority time service certificate can provide a certain endorsement effect for the common time service certificate, and for a third party, the common time in the common time service certificate related to the service record is regarded as the latest evidence storage time of the service record and is more trusted.
On the basis of time service of each business record stored in the trusted account book database by adopting the method flow shown in fig. 2, the description also provides a method for verifying the authenticity of the business record. Fig. 4 is a schematic flow chart of a method for verifying authenticity of a service record, which includes the following steps:
s400: and acquiring a common time service certificate and an authoritative time service certificate associated with the service record to be verified from the database server.
In the case that a third party needs to verify one or more business records in the trusted ledger database, the method flow shown in fig. 4 may be adopted for verification.
S402: and verifying the common timestamp in the obtained common time service certificate.
In step S402, signature verification is performed on the common timestamp by using the public key of the common time grantor, specifically, the common timestamp is calculated by using the public key of the common time grantor to obtain a signature object (hash character string), then the common time + service record hash is compared with the signature object, and if the common time + service record hash is consistent with the signature object, the signature verification is determined to be passed.
S404: and verifying the authority time stamp in the obtained authority time service certificate.
In step S404, performing signature verification on the authoritative timestamp by using the public key of the authoritative time provider, specifically, calculating the authoritative timestamp by using the public key of the authoritative time provider to obtain a signature object (hash character string), then comparing the authoritative time + service record hash with the signature object, and if the authoritative time + service record hash is consistent with the signature object, determining that the signature verification is passed.
S406: determining the time stamp verification results in step S402 and step S404, if both are passed, performing step S408, if the verification of the ordinary time stamp is not passed and the verification of the authoritative time stamp is passed, performing step S410, and if the verification of the authoritative time stamp is not passed, performing step S412.
S408: and taking the common time as the latest evidence storage time corresponding to the service record.
If the timestamp verification results in step S402 and step S404 both pass, it means that the authority time is indeed granted by the TSA, and the common time is indeed granted by the common sponsor, in this case, the common time may be the latest credentialing time corresponding to the service record.
It should furthermore be mentioned that in general the ordinary licensor is trusted, which means that the ordinary time must be earlier than the authoritative time for the same service record.
However, if the general time is found not to be earlier than the authoritative time, it may indicate that the general party is disliked, so in this particular case, the authoritative time may be considered the latest credentialing time.
S410: and taking the authoritative time as the latest evidence storage time corresponding to the service record.
If the verification of the common timestamp is not passed and the verification of the authority timestamp is passed, the common timestamp is not generated by a common time service party and can be forged by a database server side. In this case, the authority time may be the latest certification time.
S412: refusing to determine the latest time for storing the certificate.
If the authoritative timestamp is not validated (in which case the validation of the ordinary timestamp is no longer important), the service record is declared to not have an absolutely trusted authoritative timestamp, and the proof of the ordinary timestamp is therefore impaired. In this case, the determination of the latest time of deposit may be denied.
Furthermore, if the third party has a high level of trust in the ordinary transferee, the ordinary time may be taken as the latest credentialing time in this case.
S414: and verifying the authenticity of the business record based on the latest certificate storage time.
In step S414, the third party may specifically compare the trusted latest certification time with the certification time declared by all parties (users) of the business record. If the user declares the credentialing time not later than the latest credentialing time, the business record can be considered to be authentic. If the user declares the evidence storing time to be later than the latest evidence storing time, the business record can be determined to be not real and is a subsequently tampered business record.
Fig. 5 is a schematic structural diagram of a service record timing device of a trusted account book database provided in this specification, which is applied to a database server, where the database server locally maintains the trusted account book database, and the device includes:
the executing module 501, when receiving the service record, executes: the business record is stored into the credible account book database, the business record hash is submitted to an authoritative time service provider (TSA) server through a public network line, and the business record hash is submitted to a common time service provider server through a private network line;
an obtaining module 502, configured to obtain an authoritative time service certificate generated by the TSA server based on the time when the service record hash is received; obtaining a common time service certificate generated by the common time service side of the common time service party based on the time of receiving the business record hash;
the establishing module 503 is configured to establish an association relationship between the service record and the authoritative time service certificate, and establish an association relationship between the service record and the ordinary time service certificate.
The establishing module 503 writes the common time service record containing the common time service certificate and the hash of the business record into the trusted account book database.
The establishing module 503 writes the authority time service record containing the authority time service certificate and the service record hash into the trusted account book database.
The establishing module 503 writes the time service record including the common time service certificate, the authoritative time service certificate and the service record hash into the trusted account book database.
Fig. 6 is a schematic structural diagram of a service record authenticity verification apparatus provided in this specification, including:
an obtaining module 601, configured to obtain, from the database server, a common time service certificate and an authoritative time service certificate associated with a service record to be verified;
the verification module 602 is used for verifying the common timestamp in the obtained common time service certificate and verifying the authority timestamp in the obtained authority time service certificate;
and the judgment processing module 603 is configured to, if the two time stamp verifications are passed, take the common time as the latest certificate storage time corresponding to the service record, and verify the authenticity of the service record based on the latest certificate storage time.
The determining and processing module 603, if the verification of the common timestamp fails and the verification of the authoritative timestamp passes, takes the authoritative time corresponding to the authoritative timestamp as the latest evidence storing time corresponding to the service record.
The judgment processing module 603, if the verification of the authority timestamp is not passed, refuses to determine the latest time for storing the certificate.
The present specification also provides a computer device comprising at least a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method shown in fig. 2 or fig. 4 when executing the program.
Fig. 7 is a more specific hardware structure diagram of a computing device provided in an embodiment of the present specification, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 1050 includes a path that transfers information between various components of the device, such as processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
Embodiments of the present description also provide a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the method shown in fig. 2 or 4.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
From the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present disclosure can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The systems, methods, modules or units described in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the method embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to the partial description of the method embodiment for relevant points. The above-described method embodiments are merely illustrative, wherein the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present specification. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is only a specific embodiment of the embodiments of the present disclosure, and it should be noted that, for those skilled in the art, a plurality of modifications and decorations can be made without departing from the principle of the embodiments of the present disclosure, and these modifications and decorations should also be regarded as the protection scope of the embodiments of the present disclosure.

Claims (16)

1. A business record time service method of a credible account book database is applied to a database server side, the database server side maintains the credible account book database locally, and the method comprises the following steps:
when receiving the business record, executing: the business record is stored into the credible account book database, the business record hash is submitted to an authoritative time service provider (TSA) server through a public network line, and the business record hash is submitted to a common time service provider server through a private network line; the data transmission speed of the private network line is higher than that of the public network line;
obtaining an authoritative time service certificate generated by the TSA server based on the time of receiving the business record hash; obtaining a common time service certificate generated by the common time service side of the common time service party based on the time of receiving the business record hash; the authority time service certificate is absolutely credible to a third party except the database server and the database server, and the common time service certificate is not absolutely credible to the third party;
and establishing an association relationship between the business record and the authoritative time service certificate, and establishing an association relationship between the business record and the common time service certificate.
2. The method of claim 1, wherein establishing the association between the business record and the common time service certificate comprises:
and writing the common time service record containing the common time service certificate and the service record Hash into the trusted account book database.
3. The method of claim 1, establishing an association between the business record and the authoritative time service certificate, comprising:
and writing an authoritative time service record containing the authoritative time service certificate and the business record Hash into the trusted account book database.
4. The method according to claim 1, wherein the establishing of the association between the business record and the authoritative time service certificate and the establishing of the association between the business record and the ordinary time service certificate comprise:
and writing the time service record comprising the common time service certificate, the authoritative time service certificate and the service record Hash into the trusted account book database.
5. A transaction record authenticity verification method based on the method of any of claims 1-4, comprising:
acquiring a common time service certificate and an authoritative time service certificate associated with a service record to be verified from the database server;
verifying a common timestamp in the obtained common time service certificate, and verifying an authority timestamp in the obtained authority time service certificate;
if the two time stamp verifications are passed, taking the common time corresponding to the common time stamp as the latest evidence storage time corresponding to the service record;
and verifying the authenticity of the business record based on the latest certificate storage time.
6. The method of claim 5, further comprising:
and if the verification of the common timestamp is not passed and the verification of the authority timestamp is passed, taking the authority time corresponding to the authority timestamp as the latest evidence storage time corresponding to the service record.
7. The method of claim 5, further comprising:
and if the authority timestamp is not verified, refusing to determine the latest evidence storage time.
8. A business record time service device of a credible account book database is applied to a database server side, the database server side maintains the credible account book database locally, and the device comprises:
and the execution module is used for executing the following steps when receiving the service record: the business record is stored into the credible account book database, the business record hash is submitted to an authoritative time service provider (TSA) server through a public network line, and the business record hash is submitted to a common time service provider server through a private network line; the data transmission speed of the private network line is higher than that of the public network line;
the obtaining module is used for obtaining an authoritative time service certificate generated by the TSA server based on the time of receiving the business record hash; obtaining a common time service certificate generated by the common time service side of the common time service party based on the time of receiving the business record hash; the authority time service certificate is absolutely credible to a third party except the database server and the database server, and the common time service certificate is not absolutely credible to the third party;
and the establishing module is used for establishing an association relationship between the business record and the authoritative time service certificate and establishing an association relationship between the business record and the common time service certificate.
9. The apparatus of claim 8, wherein the establishing module is configured to write a common time service record comprising a hash of the common time service certificate and the transaction record into the trusted ledger database.
10. The apparatus of claim 8, the establishing module to write an authoritative timing record comprising a hash of the authoritative timing certificate and the business record to the trusted ledger database.
11. The apparatus of claim 8, wherein the establishing module is configured to write a time service record comprising a hash of the general time service certificate, the authoritative time service certificate, and the transaction record into the trusted ledger database.
12. A transaction record authenticity verification device based on the method of any of claims 1-4, comprising:
the acquisition module is used for acquiring a common time service certificate and an authoritative time service certificate which are associated with the service record to be verified from the database server;
the verification module is used for verifying the common time stamp in the obtained common time service certificate and verifying the authority time stamp in the obtained authority time service certificate;
and the judging and processing module is used for taking the common time corresponding to the common timestamp as the latest certificate storing time corresponding to the business record if the two timestamps pass the verification, and verifying the authenticity of the business record based on the latest certificate storing time.
13. The apparatus according to claim 12, wherein the determining and processing module determines, if the verification of the common timestamp fails and the verification of the authoritative timestamp passes, the authoritative time corresponding to the authoritative timestamp as the latest evidence storage time corresponding to the service record.
14. The apparatus of claim 12, the determination processing module to deny a determination of a latest time of credentialing if the validation of the authoritative timestamp fails.
15. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1-4 when executing the program.
16. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method according to any of claims 5-7 when executing the program.
CN202110033650.6A 2021-01-12 2021-01-12 Business record time service method based on credible account book database Active CN112364384B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110033650.6A CN112364384B (en) 2021-01-12 2021-01-12 Business record time service method based on credible account book database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110033650.6A CN112364384B (en) 2021-01-12 2021-01-12 Business record time service method based on credible account book database

Publications (2)

Publication Number Publication Date
CN112364384A CN112364384A (en) 2021-02-12
CN112364384B true CN112364384B (en) 2021-04-23

Family

ID=74534785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110033650.6A Active CN112364384B (en) 2021-01-12 2021-01-12 Business record time service method based on credible account book database

Country Status (1)

Country Link
CN (1) CN112364384B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202455370U (en) * 2012-02-24 2012-09-26 云南电网公司普洱供电局 Intelligent transformer substation main/standby double-clock automatic switching time service system
CN105335667B (en) * 2015-10-16 2017-03-15 北京源创云网络科技有限公司 Innovate creative data processing method, device, system and deposit card equipment
CN109508984B (en) * 2018-11-26 2021-09-07 中国科学院软件研究所 Block chain electronic evidence storing method based on deterministic consensus and trusted timestamp
CN110163602A (en) * 2019-04-04 2019-08-23 阿里巴巴集团控股有限公司 A kind of verification method of account book, device and equipment
CN110601849B (en) * 2019-08-21 2021-05-11 腾讯科技(深圳)有限公司 Trusted timestamp adding method and device and storage medium
EP3679534B1 (en) * 2019-09-02 2021-06-23 Advanced New Technologies Co., Ltd. Managing blockchain-based centralized ledger systems

Also Published As

Publication number Publication date
CN112364384A (en) 2021-02-12

Similar Documents

Publication Publication Date Title
CN108876380B (en) Transaction method and system based on centralized settlement and block chain deposit certificate
CN109377216B (en) Transaction method and system based on centralized settlement and block chain deposit certificate
CN109242453B (en) Transaction method and system based on centralized settlement and block chain deposit certificate
TWI727594B (en) Signature verification method, system, device and equipment in block chain ledger
CN111382168B (en) Node group creating method and node group-based transaction method in alliance chain network
CN110162662B (en) Verification method, device and equipment for data records in block chain type account book
CN110245518B (en) Data storage method, device and equipment
WO2020199710A1 (en) Account book verification method, apparatus, and device
CN111461852A (en) Data processing method and device based on block chain and readable storage medium
CN110190963B (en) Monitoring method, device and equipment for time service certificate generation request
CN110266494B (en) Time service authentication method, device and equipment in block chain type account book
CN110334542B (en) Network evidence preservation and network evidence preservation verification method and device
CN110046994B (en) Method and system for accepting block link deposit certificate transaction
CN109951475A (en) Multi-platform user account information synchronous method and system, server
CN112966311A (en) Intelligent contract checking method and device and electronic equipment
CN110347678B (en) Financial data storage method, system, device and equipment
CN111459948A (en) Data block deleting method based on centralized block chain type account book
CN111506580A (en) Transaction storage method based on centralized block chain type account book
CN113220640B (en) Arbitration method and device based on block chain
CN111464319B (en) Transaction storage and signature verification method based on centralized block chain type account book
CN112364382B (en) Credible time domain determination method of business record based on credible account book database
CN112364384B (en) Business record time service method based on credible account book database
CN112364383B (en) Method for verifying authenticity of business record
CN112364389B (en) Business record time service method based on credible account book database
CN111275550A (en) Information processing method and device, readable storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40045957

Country of ref document: HK