CN112446039A

CN112446039A - Block chain transaction processing method, device, equipment and storage medium

Info

Publication number: CN112446039A
Application number: CN202011303560.6A
Authority: CN
Inventors: 邱炜伟; 胡麦芳; 黄方蕾; 张珂杰; 匡立中
Original assignee: Hangzhou Qulian Technology Co Ltd
Current assignee: Hangzhou Qulian Technology Co Ltd
Priority date: 2020-11-19
Filing date: 2020-11-19
Publication date: 2021-03-05

Abstract

The application discloses a block chain transaction processing method, a block chain transaction processing device, block chain transaction processing equipment and a storage medium, and belongs to the technical field of block chains. The block chain system comprises: receiving an account registration request carrying an account address and n public keys, wherein the n public keys are public keys in n public and private key pairs generated by user equipment; determining the type of each public key in the n public keys, wherein the type of each public key is used for indicating the use authority of a public and private key pair in which each public key is positioned, the use authority of one part of the n public and private key pairs is an account management authority, and the use authority of the other part of the n public and private key pairs is a common operation authority; generating an account address, n public keys and a mapping relation among the types of each public key in the n public keys; and processing the transaction initiated by the user equipment by using the account address according to the mapping relation, wherein the transaction is signed by using a private key in the n public and private key pairs. According to the method and the device, the hierarchical authority management of the account can be realized, so that the safety and the transaction convenience of the account can be improved.

Description

Block chain transaction processing method, device, equipment and storage medium

Technical Field

The present application relates to the field of blockchain technologies, and in particular, to a method, an apparatus, a device, and a storage medium for processing blockchain transactions.

Background

In a blockchain system, a public-private key system is typically employed to operate and manage accounts. The public key corresponds to the private key, the public key being a public part and the private key being a non-public part. When a transaction is initiated, the transaction needs to be signed by using a private key, and the transaction is executed after the transaction is verified by using a public key.

Currently, an account has only one public key and one private key. The private key is kept by the user himself, and is the only proof of account verification. Once the private key is lost or revealed, a great risk is brought to the security of the account.

Disclosure of Invention

The embodiment of the application provides a block chain transaction processing method, a block chain transaction processing device and a block chain transaction processing storage medium, and can achieve hierarchical authority management of an account, so that account security and transaction convenience can be improved. The technical scheme is as follows:

in a first aspect, a blockchain transaction processing method is provided, which is applied to a blockchain system, and the method includes:

receiving an account registration request sent by user equipment, wherein the account registration request carries an account address and n public keys, the n public keys are public keys in n public and private key pairs generated by the user equipment, and n is an integer greater than or equal to 2;

determining the type of each public key in the n public keys, wherein the type of each public key is used for indicating the use authority of a public and private key pair in which each public key is located, the use authority of one part of the n public and private key pairs is an account management authority, and the use authority of the other part of the n public and private key pairs is a common operation authority;

generating a mapping relation among the account address, the n public keys and the type of each public key in the n public keys;

and processing the transaction initiated by the user equipment by using the account address according to the mapping relation, wherein the transaction is signed by using a private key in the n public and private key pairs.

In the application, after receiving an account registration request carrying an account address and n public keys and sent by user equipment, a blockchain system can determine the type of each public key in the n public keys, and public and private key pairs where the public keys of different types are located have different use permissions, and can be used when different transactions are processed. The blockchain system may generate a mapping relationship between the account address, the n public keys, and a type of each of the n public keys, and then process a transaction initiated by a user device using the account address according to the mapping relationship. Therefore, hierarchical authority management of the account can be realized, and the safety and the transaction convenience of the account can be improved.

Optionally, the determining the type of each public key of the n public keys includes:

determining the type of each public key according to a public key generation rule adopted when each public key in the n public keys is generated; or

Determining the type of each public key according to a private key generation rule adopted when a private key corresponding to each public key in the n public keys is generated; or

And determining the type of each public key according to the bit number of each public key in the n public keys.

Optionally, the generating a mapping relationship between the account address, the n public keys, and the type of each of the n public keys includes:

determining the account address, the n public keys and the type of each public key in the n public keys as an identity;

generating a digital certificate for verifying the identity;

the method further comprises the following steps:

sending the digital certificate to the user equipment so that the user equipment carries the digital certificate when initiating a transaction by using the account address; or

Storing the digital certificate into a block chain to obtain a storage address of the digital certificate; and sending the storage address of the digital certificate to the user equipment so that the user equipment carries the storage address of the digital certificate when initiating a transaction by using the account address.

and correspondingly storing the account address, the n public keys and the type of each public key in the n public keys into a database.

Optionally, the processing, according to the mapping relationship, a transaction initiated by the user equipment using the account address includes:

after receiving a transaction initiated by the user equipment by using the account address, determining a target type according to calling information in the transaction, wherein the target type is a type of a public key corresponding to a private key used in the transaction signature;

obtaining a public key of which the type is the target type from the mapping relation;

using the obtained public key to check the transaction;

and in the case of passing the verification, executing the transaction.

Optionally, before obtaining the public key of which the type is the target type from the mapping relationship, the method further includes:

acquiring a state variable in account data corresponding to the account address;

and if the freezing type in the state variable does not comprise the target type, executing the step of obtaining the public key of which the type is the target type from the mapping relation.

Optionally, the account management authority includes one or more of a key freezing authority, a key unfreezing authority, a key resetting authority, a key logout authority, and an account freezing authority;

the common operation authority comprises one or more of transfer authority, contract data inquiry authority and contract configuration authority.

In a second aspect, there is provided a blockchain transaction processing apparatus applied to a blockchain system, the apparatus including:

a receiving module, configured to receive an account registration request sent by user equipment, where the account registration request carries an account address and n public keys, where the n public keys are public keys in n public and private key pairs generated by the user equipment, and n is an integer greater than or equal to 2;

the determining module is used for determining the type of each public key in the n public keys, wherein the type of each public key is used for indicating the use authority of a public and private key pair in which each public key is positioned, the use authority of one part of the n public and private key pairs is the account management authority, and the use authority of the other part of the n public and private key pairs is the common operation authority;

a generating module, configured to generate a mapping relationship among the account address, the n public keys, and a type of each public key in the n public keys;

and the processing module is used for processing the transaction initiated by the user equipment by using the account address according to the mapping relation, wherein the transaction is signed by using a private key in the n public and private key pairs.

Optionally, the determining module is configured to:

Optionally, the generating module is configured to:

generating a digital certificate for verifying the identity;

the apparatus further comprises a sending module configured to:

Optionally, the generating module is configured to:

Optionally, the processing module is configured to:

using the obtained public key to check the transaction;

and in the case of passing the verification, executing the transaction.

Optionally, the processing module is further configured to:

In a third aspect, a computer device is provided, the computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the computer program, when executed by the processor, implementing the blockchain transaction processing method described above.

In a fourth aspect, a computer-readable storage medium is provided, which stores a computer program that, when executed by a processor, implements the blockchain transaction processing method described above.

In a fifth aspect, a computer program product is provided comprising instructions which, when run on a computer, cause the computer to perform the steps of the blockchain transaction processing method described above.

It is to be understood that, for the beneficial effects of the second aspect, the third aspect, the fourth aspect and the fifth aspect, reference may be made to the description of the first aspect, and details are not described herein again.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic structural diagram of a blockchain system according to an embodiment of the present disclosure;

fig. 2 is a schematic diagram of a block chain according to an embodiment of the present disclosure;

fig. 3 is a schematic diagram of a blockchain transaction processing system according to an embodiment of the present disclosure;

fig. 4 is a flowchart of a method for processing blockchain transactions according to an embodiment of the present disclosure;

fig. 5 is a flowchart of another blockchain transaction processing method according to an embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of a blockchain transaction processing apparatus according to an embodiment of the present disclosure;

fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

It should be understood that reference to "a plurality" in this application means two or more. In addition, for the convenience of clearly describing the technical solutions of the present application, the terms "first", "second", and the like are used to distinguish the same items or similar items having substantially the same functions and actions. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.

Before explaining the embodiments of the present application, the related contents of the block chain will be described.

Fig. 1 is a schematic structural diagram of a blockchain system according to an embodiment of the present disclosure.

Referring to fig. 1, a blockchain system 100 refers to a system for performing data sharing between nodes, a plurality of nodes 101 may be included in the blockchain system 100, and the plurality of nodes 101 may refer to respective clients in the blockchain system 100. Each node 101 may receive input information and maintain shared data within the blockchain system 100 based on the received input information while operating normally. In order to ensure information intercommunication in the blockchain system 100, there may be an information connection between each node 101 in the blockchain system 100, and information transmission between the nodes 101 may be performed through the information connection. For example, when an input message is received by any node 101 in the blockchain system 100, other nodes 101 in the blockchain system 100 acquire the input message according to the consensus algorithm, and store the input message as data in the shared data, so that the data stored in all nodes 101 in the blockchain system 100 are consistent.

Each node 101 in the blockchain system 100 stores one identical blockchain. Referring to fig. 2, a block chain is composed of a plurality of blocks, a starting block includes a block header and a block main body, the block header stores an input information characteristic value, a version number, a timestamp and a difficulty value, and the block main body stores input information; the next block of the starting block takes the starting block as a parent block, the next block also comprises a block head and a block main body, the block head stores the input information characteristic value of the current block, the block head characteristic value of the parent block, the version number, the timestamp and the difficulty value, and the like, so that the block data stored in each block in the block chain is associated with the block data stored in the parent block, and the safety of the input information in the block is ensured.

The blockchain system 100 has computer technologies such as distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, etc. The blockchain system 100 is a distributed shared ledger and database, and has the characteristics of decentralization, non-tampering, whole-course trace-keeping, traceability, collective maintenance, public transparency and the like. The characteristics ensure that the block chain is shared openly, real and complete, safe and reliable.

The system architecture according to the embodiments of the present application is described below.

Fig. 3 is a schematic diagram of a blockchain transaction processing system according to an embodiment of the present disclosure. Referring to fig. 3, the blockchain transaction processing system includes a user device 301 and a blockchain system 302.

The user device 301 may be a desktop computer, a laptop computer, a web server, a palmtop computer, a mobile phone, a tablet computer, a wireless terminal device, a communication device, an embedded device, or the like, which can be used to store user data. The blockchain system 302 may be the blockchain system 100 described above in the embodiments of fig. 1-2. The user equipment 301 and the blockchain system 302 may communicate over a wired network or a wireless network.

User device 301 can generate a public-private key pair, and the user device can sign a transaction using a private key of the public-private key pair when initiating the transaction. After receiving the transaction initiated by the user device 301, the blockchain system 302 may use the public key in the public-private key pair to check the transaction, and in case the check passes, execute the transaction.

User device 301 and blockchain system 302 may perform a blockchain transaction processing method described in the embodiment of fig. 4 below to implement processing of a transaction initiated by user device 301 to blockchain system 302.

The following explains the blockchain transaction processing method provided in the embodiment of the present application in detail.

Fig. 4 is a flowchart of a method for processing blockchain transactions according to an embodiment of the present disclosure. Referring to fig. 4, the method includes the following steps.

Step 401: and the user equipment generates an account address and n public and private key pairs, wherein n is an integer greater than or equal to 2.

The account address is used to uniquely identify an account used by the user device.

Each of the n public-private key pairs includes a public key and a private key. A public key of a public-private key pair corresponds to a private key, i.e., data encrypted with the public key can be decrypted using the private key, and data encrypted with the private key can be decrypted using the public key.

When the user equipment generates any one of the n public and private key pairs, a private key can be generated according to a private key generation rule, and then a public key corresponding to the private key can be generated according to the private key and a public key generation rule; the private key and the public key are used as a public-private key pair.

The private key generation rule may be set in advance. For example, the private key generation rule may be a random number generation algorithm, and the random number generation algorithm may be used to generate a random number as the private key. Of course, the private key generation rule may also be other rules, which is not limited in this embodiment of the present application.

The public key generation rule may be set in advance. The public key generation rule may be an elliptic curve public key cryptographic algorithm (including but not limited to SM2 elliptic curve algorithm, Secp256k1 elliptic curve algorithm, etc.), and the public key may be generated by using the elliptic curve public key cryptographic algorithm according to a private key. Of course, the public key generation rule may be other rules, which is not limited in the embodiment of the present application.

It should be noted that the user equipment may determine in advance a type of a public key in a public-private key pair to be generated, and generate the public-private key pair according to a key generation rule (which may include at least one of a private key generation rule and a public key generation rule) corresponding to the type.

The type of public key may indicate the usage right of the public-private key pair in which the public key is located, and the usage right may be divided into an account management right and one or more other general operation rights besides the account management right.

The user equipment may set different key generation rules in advance for different public key types.

In one possible approach, different types of public keys may be generated using different public key generation rules. In this way, the key generation rule corresponding to each public key type is a public key generation rule, that is, the public key types can be distinguished according to the public key generation rule.

In another possible approach, private keys corresponding to different types of public keys may be generated using different private key generation rules. In this way, the key generation rule corresponding to each public key type is a private key generation rule, i.e., the public key types can be distinguished according to the private key generation rule.

In yet another possible approach, the number of bits of different types of public keys is different. In this way, the key generation rule corresponding to each public key type is a public key generation rule, but the public key types can be directly distinguished according to the public key digits.

Of course, the user equipment may also set other key generation rules, which is not limited in this embodiment.

When the user device generates the account address, the account address may be generated according to a public key with account management authority, for example, the public key may be Base58 encoded to obtain the account address. Of course, the user device may generate the account address in other manners as long as it is ensured that the account address can uniquely identify the account used by the user device.

Step 402: the user device sends an account registration request to the blockchain system.

The account registration request carries the account address and n public keys, which are public keys of n public and private key pairs generated by the user equipment.

Further, if the user device is a public key type distinguished according to the public key generation rule, the account registration request may further carry an identifier (including, but not limited to, a name of the public key generation rule, etc.) of the public key generation rule adopted when each public key of the n public keys is generated. If the user device is a public key type distinguished according to the private key generation rule, the account registration request may also carry an identifier (including, but not limited to, a name of the private key generation rule, etc.) of the private key generation rule adopted when the private key corresponding to each public key in the n public keys is generated. If the user device is of a public key type distinguished according to the attributes of the public key itself (e.g., public key digits, etc.), the account registration request may not carry a public key generation rule and a private key generation rule.

Step 403: and after receiving the account registration request sent by the user equipment, the blockchain system determines the type of each public key in the n public keys.

The way in which the blockchain system determines the type of each of the n public keys depends on how the user equipment distinguishes the different public key types in step 401.

For example, the blockchain system may determine the type of each public key according to a public key generation rule adopted when each public key of the n public keys is generated. Or, the blockchain system may determine the type of each public key according to a private key generation rule adopted when the private key corresponding to each public key in the n public keys is generated. Or, the blockchain system determines the type of each public key according to the number of bits of each public key in the n public keys.

When the blockchain system determines the type of each public key according to the public key generation rule adopted when each public key in the n public keys is generated, for any one public key in the n public keys, the blockchain system can acquire the corresponding public key type as the type of the public key from the corresponding relation between the stored public key generation rule identification and the public key type according to the identification of the public key generation rule adopted when the public key is generated.

For example, for any one of the n public keys, if the identifier of the public key generation rule adopted when the public key is generated is "SM 2 elliptic curve algorithm", a public key type corresponding to "SM 2 elliptic curve algorithm" may be obtained as an account management type from the correspondence between the public key generation rule identifier and the public key type shown in table 1 below, where the public key type is used to indicate that the usage right of the public and private key pair in which the public key is located is an account management right. That is, the public-private key pair on which the public key generated using the SM2 elliptic curve algorithm is located has account management authority.

For another example, if the identifier of the public key generation rule adopted when generating the n public keys is "Secp 256k1 elliptic curve algorithm", the public key type corresponding to "Secp 256k1 elliptic curve algorithm" may be obtained as a normal operation type from the correspondence between the identifier of the public key generation rule and the public key type shown in table 1 below, where the public key type is used to indicate that the usage right of the public and private key pair in which the public key is located is a normal operation right. That is, the public-private key pair in which the public key generated using the Secp256k1 elliptic curve algorithm is located has normal operation authority.

TABLE 1

Public key generation rule identification	Public key type
		SM2 elliptic curve algorithm	Type of account management
Secp256k1 elliptic curve algorithm	Type of common operation
		……	……

In the embodiment of the present application, the correspondence between the public key generation rule identifier and the public key type is described by taking table 1 as an example, and table 1 does not limit the embodiment of the present application.

When the blockchain system determines the type of each public key according to the private key generation rule adopted when the private key corresponding to each public key in the n public keys is generated, for any one public key in the n public keys, the blockchain system can obtain the corresponding public key type as the type of the public key from the corresponding relationship between the stored private key generation rule identification and the public key type according to the identification of the private key generation rule adopted when the private key corresponding to the public key is generated.

For example, for any one of the n public keys, if the identifier of the private key generation rule adopted when the private key corresponding to the public key is generated is "random number generation algorithm 1", the public key type corresponding to "random number generation algorithm 1" may be obtained as an account management type from the correspondence between the private key generation rule identifier and the public key type shown in table 2 below, where the public key type is used to indicate that the usage right of the public and private key pair in which the public key is located is an account management right. That is, the pair of public and private keys on which the private key generated using the random number generation algorithm 1 is located has an account management authority.

For another example, if the identifier of the private key generation rule adopted when the private key corresponding to the public key is generated is "random number generation algorithm 2" for any one of the n public keys, the public key type corresponding to "random number generation algorithm 2" may be obtained as a normal operation type from the correspondence between the private key generation rule identifier and the public key type shown in table 2 below, where the public key type is used to indicate that the usage right of the public-private key pair in which the public key is located is a normal operation right. That is, the pair of public and private keys in which the private key generated using the random number generation algorithm 2 is located has a normal operation authority.

TABLE 2

Private key generation rule identification	Public key type
		Random number generation algorithm 1	Type of account management
Random number generation algorithm 2	Type of common operation
		……	……

In the embodiment of the present application, only table 2 above is taken as an example to describe the correspondence between the private key generation rule identifier and the public key type, and table 2 above does not limit the embodiment of the present application.

When the blockchain system determines the type of each public key according to the bit number of each public key in the n public keys, for any one public key in the n public keys, the blockchain system can acquire a corresponding public key type as the type of the public key from the stored corresponding relation between the bit number of the public key and the public key type according to the bit number of the public key.

For example, if the bit number of any one of the n public keys is 6, then the public key type corresponding to 6 bits may be obtained from the correspondence between the bit number of the public key and the public key type shown in table 3 below, where the public key type is used to indicate that the usage right of the public-private key pair in which the public key is located is the account management right. That is, a public-private key pair in which a public key with 6 bits is located has account management authority.

For another example, if the bit number of any one of the n public keys is 8 bits, then the public key type corresponding to the 8 bits may be obtained from the correspondence between the bit number of the public key and the public key type shown in table 3 below, where the public key type is used to indicate that the usage right of the public-private key pair in which the public key is located is a normal operation right. That is, a public-private key pair in which a public key with 8 bits is located has ordinary operation authority.

TABLE 3

Number of public key bits	Public key type
		6 bit	Type of account management
8 bit	Type of common operation
		……	……

In the embodiment of the present application, the correspondence between the public key digits and the public key types is described by taking table 3 as an example, and table 3 does not limit the embodiment of the present application.

It should be noted that, if the user equipment does not adopt different key generation rules according to the difference of the types of the public keys when generating n public-private key pairs, that is, the types of the public keys are not distinguished, after receiving the account registration request sent by the user equipment, the blockchain system may set the type of each public key in the n public keys by an administrator of the blockchain system.

Specifically, for any one of the n public keys, the blockchain system may take the type carried in the setting instruction as the type of the public key when receiving a setting instruction for setting the type of the public key, which is triggered by the administrator account.

The use authority of one part of the n public and private key pairs is the account management authority, and the use authority of the other part of the public and private key pairs is the common operation authority.

The account management authority is used for implementing management operations related to the account, for example, the account management authority may include one or more of a key freezing authority, a key unfreezing authority, a key resetting authority, a key logout authority, an account freezing authority, and the like.

The key freeze authority may be used to freeze a public-private key pair having ordinary operational authority that will no longer be available for transaction initiation and verification once frozen. The key unfreezing authority is used for unfreezing a previously frozen public and private key pair with common operation authority, and the public and private key pair can be reused for initiating and verifying transactions after being unfrozen. The key resetting authority is used for resetting a public and private key pair with common operation authority, namely resetting the public and private key pair into a new public and private key pair. The key logout authority is used for logging out the public and private key pair with the common operation authority, namely deleting the public and private key pair. The account freezing authority is used for freezing all public and private key pairs corresponding to the account address, and all the public and private key pairs can not be used any more at this time.

The common operation authority is used for realizing other common operations besides account management, for example, the common operation authority can comprise one or more of transfer authority, contract data query authority, contract configuration authority and the like.

Transfer privileges are used to transfer tokens (tokens) in that account to other accounts.

The contract data refers to input parameters when the intelligent contract is called and output data obtained after the intelligent contract is executed, and the contract data query authority is used for querying the contract data.

The contract configuration authority is used for deploying contracts, changing contract source codes and modifying contract states. If a contract is deployed by using a public and private key pair, the change of the contract source code and the change of the contract state of the subsequent contract are both carried out by using the public and private key pair. That is, if a certain public-private key pair has a deployment right of a certain contract, the public-private key pair has both a contract source code change right and a contract state modification right of the public-private key pair.

For any one of the n public keys, if the type of the public key indicates that the usage right of the public-private key pair in which the public key is located is an account management right, it indicates that the public-private key pair can be used for performing management operations related to an account. That is, for a transaction to perform an administrative operation with respect to an account, initiation of the transaction may be accomplished using the private key of the public-private key pair, and verification of the transaction may be accomplished using the private key of the public-private key pair.

For any one of the n public keys, if the type of the public key indicates that the usage right of the public-private key pair in which the public key is located is a normal operation right, it indicates that the public-private key pair can be used for performing other normal operations besides account management. That is, for a transaction that is used to perform normal operations, the initiation of the transaction may be accomplished using the private key of the public-private key pair, and the verification of the transaction may be accomplished using the private key of the public-private key pair.

Further, after receiving the account registration request, the blockchain system may determine a type of each public key of the n public keys, and may set account data related to the account address, where the account data may include data such as the account address, a balance, a state variable, and a state.

Step 404: the blockchain system generates a mapping relation among the account address, the n public keys and the type of each public key in the n public keys.

Specifically, step 404 can be implemented in two possible ways:

in a first possible approach, the blockchain system may determine the account address, the n public keys, and a type of each of the n public keys as an id, and generate a digital certificate for verifying the id.

In this manner, the digital certificate may embody a mapping between the account address, the n public keys, and the type of each of the n public keys.

When the blockchain system generates the digital certificate for verifying the identity, the blockchain system can perform hash operation on the identity according to a hash algorithm to obtain the abstract of the identity, and then encrypt the abstract by using a private key of the blockchain system according to an encryption algorithm to obtain encrypted information. The blockchain system may determine the hash algorithm, the encryption algorithm, the identity, and the encryption information as a digital certificate.

Further, after the blockchain system generates the digital certificate, the digital certificate may also be sent to the user equipment, so that the user equipment carries the digital certificate when initiating a transaction using the account address, and thus, a subsequent blockchain system may learn the mapping relationship from the digital certificate carried when initiating a transaction by the user equipment. In this case, the blockchain system may or may not store the digital certificate.

Or, the blockchain system may store the digital certificate into the blockchain to obtain a storage address of the digital certificate; and sending the storage address of the digital certificate to the user equipment so that the user equipment carries the storage address of the digital certificate when initiating a transaction by using the account address, so that a subsequent blockchain system can acquire the digital certificate according to the storage address of the digital certificate carried when initiating the transaction by the user equipment and then acquire the mapping relation from the digital certificate.

In a second possible manner, the blockchain system stores the account address, the n public keys, and the type of each public key in the n public keys into a database.

In this way, the corresponding storage relationship in the database may represent a mapping relationship between the account address, the n public keys, and the type of each public key in the n public keys. The subsequent blockchain system can directly learn the mapping relationship from the database.

Step 405: and processing a transaction initiated by the user equipment by using the account address by the blockchain system according to the mapping relation, wherein the transaction is signed by using a private key in the n public and private key pairs.

It is worth noting that in the embodiment of the application, the hierarchical authority management of the account is realized by utilizing a mode that one account corresponds to a plurality of public and private key pairs with different use authorities. The method is divided into two types of account management authority and common operation authority according to the use authority. Public and private key pairs with account management authority are used for signature initiation of related transactions such as account state change, key reset, key logout and the like, and public and private key pairs with common operation authority are used for signature initiation of conventional transactions such as transfer, contract data inquiry, contract configuration and the like. As long as the user normally uses the public and private key pair with the account management authority, the operations of account state change, key resetting and key cancellation can be automatically initiated and completed by the account.

In addition, in the embodiment of the application, the hierarchical authority management of the account can be completed only by maintaining one account address. When the public and private key pair with the common operation authority is reset, the account address does not need to be changed, and the practicability is better.

A transaction initiated by the user device using the account address means that the transaction initiator in the transaction is the account address.

When a user device initiates a transaction to the blockchain system using the account address, the user device may sign the transaction using a private key of one of the n public-private key pairs. Depending on the usage rights required for the transaction, the user device may sign the transaction using a private key of a different public-private key pair. When the user equipment signs the transaction by using a certain private key, the user equipment can calculate the hash value of the transaction first and then encrypt the hash value by using the private key to obtain the signature of the transaction.

Specifically, the operation of step 405 may be: after receiving a transaction initiated by user equipment by using the account address, the blockchain system determines a target type according to call information in the transaction, wherein the target type is a type of a public key corresponding to a private key used in transaction signature; obtaining a public key of which the type is the target type from the mapping relation; using the obtained public key to check the transaction; in the case of passing the signature verification, executing the transaction; and if the signature verification fails, rejecting the transaction and finishing the operation.

The invocation information in the transaction may indicate the usage rights required for the transaction. For example, the call information in the transaction may specify the number of tokens to be transferred, and the usage right required for the transaction is the transfer right. Or, the calling information in the transaction may specify a function to be called and a calling parameter, where the usage right required for the transaction may be different according to the called function, some functions may require an account management right (including but not limited to a key freezing right, a key unfreezing right, a key resetting right, a key deregistration right, an account freezing right, etc.), and some functions may require a normal operation right (including but not limited to a contract data query right, etc.). Alternatively, the invocation information in the transaction may specify a binary code of the contract, where the usage rights required for the transaction are contract configuration rights.

Therefore, the blockchain system can determine the use authority required by the transaction according to the calling information in the transaction, and also can determine the type of the public key corresponding to the private key used in the transaction signature, namely can determine the target type.

When the blockchain system uses the obtained public key to check the signature of the transaction, the blockchain system can use the obtained public key to decrypt the signature of the transaction to obtain a first hash value; calculating the hash value of the transaction as a second hash value; if the first hash value is the same as the second hash value, determining that the transaction signature passes the verification; and if the first hash value is different from the second hash value, determining that the transaction verification fails.

Further, before the blockchain system obtains the public key of which the type is the target type from the mapping relationship, whether a public and private key pair where the public key of the target type is located is frozen or not can be determined; when the public and private key pair is not frozen, obtaining a public key with the type being the target type from the mapping relation to check the transaction; and when the public and private key pair is frozen, refusing the transaction and ending the operation.

When the blockchain system determines whether a public-private key pair where a public key of a target type is located is frozen, a state variable in account data corresponding to an account address can be acquired first; if the freezing type in the state variable does not comprise the target type, determining that a public and private key pair where a public key of the target type is located is not frozen; and if the freezing type in the state variable comprises the target type, determining that a public and private key pair where a public key of the target type is located is frozen.

The state variable in the account data corresponding to the account address may include a freeze type, which is a type of a public key in a frozen public-private key pair. That is, if a public-private key pair corresponding to the account is frozen, the type of the public key in the public-private key pair is added as a frozen type to the state variable of the account data. And if the public and private key pair is unfrozen subsequently, deleting the frozen type from the state variable.

For ease of understanding, step 405 is described below in connection with several specific examples.

The following describes a process of a transaction initiated by a user equipment and requiring the use of a key to freeze a right, and the process may include the following steps (1) to (5):

(1) the user device initiates a transaction using a private key signature with account management authority, and sends a digital certificate. The transaction initiator in the transaction is the account address, and the function called in the call information in the transaction is the key freeze contract. The key freeze contract is used to indicate that a public key of a first type is frozen, the first type being of a normal operation type.

(2) And after receiving the transaction sent by the user equipment, the blockchain system determines the type of the public key corresponding to the private key used for signing the transaction as an account management type according to the calling information in the transaction.

(3) The block chain system inquires whether the frozen type in the state variable in the account data corresponding to the account address comprises an account management type; if not, continuing to execute the following step (4); if yes, the transaction is rejected, and the operation is ended.

(4) And the blockchain system checks the validity of the digital certificate, and acquires a public key corresponding to the account address and the account management type from the identity contained in the digital certificate when the validity check of the digital certificate passes.

The operation of the blockchain system to check the validity of the digital certificate may be: the blockchain system decrypts the encrypted information contained in the digital certificate by using a public key of the blockchain system according to an encryption algorithm contained in the digital certificate to obtain first information; performing hash operation on the identity identifier contained in the digital certificate according to a hash algorithm contained in the digital certificate to obtain second information; if the first information is the same as the second information, the validity check of the digital certificate can be determined to be passed; if the first information is different from the second information, it may be determined that the validity check of the digital certificate failed.

(5) And the blockchain system checks the transaction by using the public key acquired from the digital certificate, and executes the transaction after the check passes so as to freeze the first type of public key.

When the public key of the first type is frozen, the blockchain system can add the first type as the frozen type to the state variable in the account data corresponding to the account address.

In this case, if the user equipment initiates a transaction using a private key signature corresponding to the public key of the first type, the blockchain system determines, after receiving the transaction, that the type of the public key corresponding to the private key used in the transaction signature is the first type according to the call information in the transaction. And querying a freezing type in the state variables in the account data corresponding to the account address by the blockchain system, and rejecting the transaction by the blockchain system if the freezing type in the state variables comprises a first type, and ending the operation. As such, the first type of public-private key pair cannot be used.

The following describes a process of a transaction initiated by a user equipment and requiring the use of a key unfreezing right, and the process may include the following steps (1) to (5):

(1) the user device initiates a transaction using a private key signature with account management authority, and sends a digital certificate. The transaction initiator in the transaction is the account address, and the function called in the calling information in the transaction is the key unfreezing contract. The key unfreezing contract is used to indicate to unfreeze a public key of a first type.

(5) And the blockchain system checks the transaction by using the public key acquired from the digital certificate, and executes the transaction after the check passes so as to unfreeze the public key of the first type.

When the public key of the first type is unfrozen, the block chain system can delete the first type in the frozen types in the state variables in the account data corresponding to the account address.

In this case, if the user equipment initiates a transaction using a private key signature corresponding to the public key of the first type, the blockchain system determines, after receiving the transaction, that the type of the public key corresponding to the private key used in the transaction signature is the first type according to the call information in the transaction. And the blockchain system inquires the frozen type in the state variable in the account data corresponding to the account address, if the frozen type in the state variable does not comprise the first type, the blockchain system checks the legality of the digital certificate, and under the condition that the legality check of the digital certificate passes, a public key corresponding to the account address and the first type is obtained from the identity contained in the digital certificate. And the blockchain system checks the transaction by using the public key acquired from the digital certificate, and executes the transaction after the check passes.

The following describes a process of a transaction initiated by a user equipment and requiring the use of rekeying authority, and the process may include the following steps (1) to (5):

(1) and if the user equipment needs to reset the public and private key pair where the public key of the second type is located, generating a new public and private key pair according to the key generation rule corresponding to the second type, and updating the private key corresponding to the locally stored public key of the second type into a new private key in the new public and private key pair by the user equipment. The second type is of a normal operation type.

(2) The user device initiates a transaction using a private key signature with account management authority, and sends a digital certificate. The transaction initiator in the transaction is an account address, the function called in the calling information in the transaction is a rekeying contract, and the calling parameter is a new public key in the new public-private key pair. The rekey contract is used to indicate that the second type of public key is reset.

(5) And the blockchain system checks the transaction by using the public key acquired from the digital certificate, and executes the transaction after the check passes so as to reset the public key of the second type.

When the block chain system resets the public key of the second type, the identity may be obtained from the digital certificate, and the public key corresponding to the account address and the second type in the identity is updated to the new public key in the invocation parameter. Then, the blockchain system regenerates the digital certificate for verifying the identity, and sends the digital certificate to the user equipment.

In this case, when the user equipment initiates a transaction that requires the use right corresponding to the second type, the user equipment signs the transaction using the new reset private key and carries the digital certificate newly issued by the blockchain system.

The following describes a process of a transaction initiated by a user device and requiring deregistration of rights using a key, and the process may include the following steps (1) to (5):

(1) and if the user equipment needs to log out the public and private key pair where the public key of the third type is located, the user equipment deletes the locally stored public and private key pair where the public key of the third type is located. The third type is of a normal operation type.

(2) The user device initiates a transaction using a private key signature with account management authority, and sends a digital certificate. The transaction initiator in the transaction is an account address, the function called in the calling information in the transaction is a key logout contract, and the calling parameter is a third type public key. The rekey contract is used to indicate to deregister a third type of public key.

(5) And the blockchain system checks the signature of the transaction by using the public key acquired from the digital certificate, and executes the transaction after the signature passes so as to log off the third type of public key.

When the block chain system deregisters the public key of the third type, the identity identifier can be obtained from the digital certificate, and the public key corresponding to the account address and the third type in the identity identifier is deleted. Then, the blockchain system regenerates the digital certificate for verifying the identity, and sends the digital certificate to the user equipment.

In this case, when the user equipment initiates a transaction, the user equipment needs to carry a digital certificate newly issued by the blockchain system.

The following describes a process of a transaction initiated by a user device and requiring the use of account freeze authority, and the process may include the following steps (1) to (5):

(1) the user device initiates a transaction using a private key signature with account management authority, and sends a digital certificate. The transaction initiator in the transaction is the account address, and the function called in the call information in the transaction is the account freeze contract. The account freeze contract is used to indicate that all public keys corresponding to the account address are frozen.

(5) And the blockchain system checks the transaction by using the public key acquired from the digital certificate, and executes the transaction after the check passes so as to freeze all the public keys corresponding to the account address.

When the block chain system freezes all the public keys corresponding to the account address, all the public key types corresponding to the account address can be added to the state variable in the account data corresponding to the account address as frozen types.

In this case, all transactions initiated by the user device using the private key corresponding to the account address are rejected by the blockchain system.

It should be noted that after the user equipment performs the account freeze operation using the public and private key pair with account management authority, if the account is to be defrosted, the user equipment may perform the account defrosted operation using the public and private key pair with account management authority, or an administrator of the blockchain system may perform the account defrosted operation. In this case, all transactions initiated by the user device using the private key corresponding to the account address are processed normally by the blockchain system.

When an administrator of the blockchain system executes account unfreezing operation, the administrator can use an administrator private key signature to initiate a transaction, a transaction initiator in the transaction is an administrator account address, a function called in calling information in the transaction is an account unfreezing contract, and calling parameters are the account address. The account unfreezing contract is used for indicating to unfreeze all public keys corresponding to the account address. And after receiving the transaction, the blockchain system checks the transaction by using the public key of the administrator, and executes the transaction after the check passes so as to unfreeze all the public keys corresponding to the account address. When the block chain system unfreezes all public keys corresponding to the account address, all frozen types in the state variables in the account data corresponding to the account address can be deleted.

Another point to be noted is that, if the user equipment resets the public-private key pair in which the public key corresponding to the account management type is located, the user equipment may generate a new public-private key pair according to the key generation rule corresponding to the account management type, and the user equipment updates the private key corresponding to the locally stored public key of the account management type to a new private key in the new public-private key pair. The user device may then give the new public key in the new public-private key pair to an administrator of the blockchain system, who resets the account management type public key.

When the administrator of the blockchain system resets the public key of the account management type, the administrator can use the private key signature of the administrator to initiate a transaction, the transaction initiator in the transaction is the account address of the administrator, the function called in the calling information in the transaction is a secret key resetting contract, and the calling parameter is the account address and the new public key. The rekey contract is used to reset a public key of the account management type. And after receiving the transaction, the blockchain system checks the transaction by using the public key of the administrator, and executes the transaction after the check passes so as to reset the public key of the account management type.

In the embodiment of the application, after receiving an account registration request carrying an account address and n public keys and sent by user equipment, a blockchain system can determine the type of each public key in the n public keys, and public and private key pairs where the public keys of different types are located have different use permissions, and can be used when different transactions are processed. The blockchain system may generate a mapping relationship between the account address, the n public keys, and a type of each of the n public keys, and then process a transaction initiated by a user device using the account address according to the mapping relationship. Therefore, hierarchical authority management of the account can be realized, and the safety and the transaction convenience of the account can be improved.

Fig. 5 is a flowchart of a method for processing blockchain transactions according to an embodiment of the present disclosure. The method is applied to a blockchain system, which may be the blockchain system described in the embodiments of fig. 1-2 above. Referring to fig. 5, the method may include the steps of:

step 501: and receiving an account registration request sent by the user equipment.

The account registration request carries an account address and n public keys, the n public keys are public keys in n public and private key pairs generated by user equipment, and n is an integer greater than or equal to 2.

The relevant content of step 501 has already been explained in step 401 and step 402, and this is not described again in this embodiment of the present application.

Step 502: the type of each of the n public keys is determined.

The type of each public key is used for indicating the use authority of a public and private key pair where each public key is located, the use authority of one part of the n public and private key pairs is the account management authority, and the use authority of the other part of the n public and private key pairs is the common operation authority.

The relevant content of step 502 is already explained in step 403, and this is not described again in this embodiment of the present application.

Step 503: and generating a mapping relation among the account address, the n public keys and the type of each public key in the n public keys.

The related content of step 503 has already been explained in step 404, and this embodiment of the present application is not described again.

Step 504: and processing a transaction initiated by the user equipment by using the account address according to the mapping relation, wherein the transaction is signed by using a private key in the n public and private key pairs.

The relevant content of step 504 is already explained in step 405 above, and this embodiment of the present application is not described again.

Fig. 6 is a schematic structural diagram of a blockchain transaction processing apparatus according to an embodiment of the present disclosure, which may be applied to a blockchain system, such as the blockchain system 100 of the embodiments of fig. 1-2. Referring to fig. 6, the apparatus includes: a receiving module 601, a determining module 602, a generating module 603 and a processing module 604.

A receiving module 601, configured to receive an account registration request sent by user equipment, where the account registration request carries an account address and n public keys, where the n public keys are public keys in n public and private key pairs generated by the user equipment, and n is an integer greater than or equal to 2;

a determining module 602, configured to determine a type of each public key in the n public keys, where the type of each public key is used to indicate a usage right of a public-private key pair where each public key is located, the usage right of one part of the n public-private key pairs is an account management right, and the usage right of the other part of the n public-private key pairs is a common operation right;

a generating module 603, configured to generate an account address, n public keys, and a mapping relationship between types of each public key in the n public keys;

and the processing module 604 is configured to process a transaction initiated by the user equipment using the account address according to the mapping relationship, where the transaction is signed by a private key of the n public and private key pairs.

Optionally, the determining module 602 is configured to:

The type of each public key is determined according to the number of bits of each public key in the n public keys.

Optionally, the generating module 603 is configured to:

determining an account address, n public keys and the type of each public key in the n public keys as an identity;

generating a digital certificate for verifying the identity;

the device also comprises a sending module, wherein the sending module is used for:

sending the digital certificate to user equipment so that the user equipment carries the digital certificate when initiating a transaction by using an account address; or

Optionally, the generating module 603 is configured to:

Optionally, the processing module 604 is configured to:

after receiving a transaction initiated by user equipment by using an account address, determining a target type according to calling information in the transaction, wherein the target type is a type of a public key corresponding to a private key used in transaction signature;

acquiring a public key of which the type is the target type from the mapping relation;

using the obtained public key to check the transaction;

and in the case of passing the verification, executing the transaction.

Optionally, the processing module 604 is further configured to:

acquiring a state variable in account data corresponding to an account address;

and if the freezing type in the state variable does not comprise the target type, executing a step of acquiring a public key of which the type is the target type from the mapping relation.

the common operation authority comprises one or more of a transfer authority, a contract data query authority and a contract configuration authority.

It should be noted that: in the blockchain transaction processing apparatus provided in the above embodiment, when processing blockchain transactions, only the division of the functional modules is exemplified, and in practical applications, the function distribution may be completed by different functional modules according to needs, that is, the internal structure of the apparatus is divided into different functional modules to complete all or part of the functions described above.

Each functional unit and module in the above embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used to limit the protection scope of the embodiments of the present application.

The embodiments of the blockchain transaction processing apparatus and the blockchain transaction processing method provided in the embodiments described above belong to the same concept, and for specific working processes of units and modules and technical effects brought by the working processes in the embodiments described above, reference may be made to the portions of the embodiments of the methods, and details are not described here.

Fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 7, the computer device 7 includes: a processor 70, a memory 71 and a computer program 72 stored in the memory 71 and operable on the processor 70, the steps in the blockchain transaction processing method in the above embodiments being implemented when the processor 70 executes the computer program 72.

The computer device 7 may be a general purpose computer device or a special purpose computer device. In a particular implementation, the computer device 7 may be a server cluster consisting of a plurality of servers. Those skilled in the art will appreciate that fig. 7 is only an example of the computer device 7, and does not constitute a limitation to the computer device 7, and may include more or less components than those shown, or combine some components, or different components, such as input and output devices, network access devices, etc.

The Processor 70 may be a Central Processing Unit (CPU), and the Processor 70 may also be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor.

The storage 71 may in some embodiments be an internal storage unit of the computer device 7, such as a hard disk or a memory of the computer device 7. The memory 71 may also be an external storage device of the computer device 7 in other embodiments, such as a plug-in hard disk provided on the computer device 7, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 71 may also include both an internal storage unit of the computer device 7 and an external storage device. The memory 71 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of a computer program. The memory 71 may also be used to temporarily store data that has been output or is to be output.

An embodiment of the present application further provides a computer device, where the computer device includes: at least one processor, a memory, and a computer program stored in the memory and executable on the at least one processor, the processor implementing the steps of any of the various method embodiments described above when executing the computer program.

The embodiments of the present application also provide a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps in the above-mentioned method embodiments.

The embodiments of the present application provide a computer program product, which when run on a computer causes the computer to perform the steps of the above-described method embodiments.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method of the embodiments described above can be implemented by a computer program, which can be stored in a computer readable storage medium and can implement the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing apparatus/terminal apparatus, a recording medium, computer Memory, ROM (Read-Only Memory), RAM (Random Access Memory), electrical carrier wave signal, telecommunication signal, and software distribution medium. Such as a usb-disk, a removable hard disk, a magnetic or optical disk, etc. In certain jurisdictions, computer-readable media may not be an electrical carrier signal or a telecommunications signal in accordance with legislative and patent practice.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus/computer device and method may be implemented in other ways. For example, the above-described apparatus/computer device embodiments are merely illustrative, and for example, a module or a unit may be divided into only one logical function, and may be implemented in other ways, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims

1. A blockchain transaction processing method is applied to a blockchain system, and comprises the following steps:

2. The method of claim 1, wherein the determining the type of each of the n public keys comprises:

3. The method of claim 1, wherein the generating a mapping relationship between the account address, the n public keys, and the type of each of the n public keys comprises:

generating a digital certificate for verifying the identity;

the method further comprises the following steps:

4. The method of claim 1, wherein the generating a mapping relationship between the account address, the n public keys, and the type of each of the n public keys comprises:

5. The method of claim 1, wherein said processing a transaction initiated by the user device using the account address according to the mapping comprises:

using the obtained public key to check the transaction;

and in the case of passing the verification, executing the transaction.

6. The method of claim 5, wherein prior to obtaining the public key of which the type is the target type from the mapping relationship, further comprising:

7. The method of any of claims 1-6, wherein the account management rights include one or more of a key freeze right, a key unfreeze right, a rekey right, a key logout right, an account freeze right;

8. A blockchain transaction processing apparatus, applied to a blockchain system, the apparatus comprising:

9. A computer device, characterized in that the computer device comprises a memory, a processor and a computer program stored in the memory and executable on the processor, which computer program, when executed by the processor, implements the method according to any of claims 1 to 7.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 7.