CN112446050B - Business data processing method and device applied to block chain system - Google Patents
Business data processing method and device applied to block chain system Download PDFInfo
- Publication number
- CN112446050B CN112446050B CN202110134020.8A CN202110134020A CN112446050B CN 112446050 B CN112446050 B CN 112446050B CN 202110134020 A CN202110134020 A CN 202110134020A CN 112446050 B CN112446050 B CN 112446050B
- Authority
- CN
- China
- Prior art keywords
- service
- data
- execution environment
- consensus
- trusted execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The embodiment of the application discloses a business data processing method applied to a block chain system, which comprises the following steps: acquiring a service request initiated by a service access terminal; the service request is sent to a trusted execution environment configured by the routing device, the trusted execution environment is used for verifying service data contained in the service request, and after the verification is passed, the service data is encrypted to obtain service encrypted data, and the trusted execution environment is used for encrypting the service data and decrypting the service encrypted data; signing the encrypted service data to obtain service signature data; and sending the service encryption data and the service signature data to target node equipment which is communicated with the routing equipment in the consensus node network so as to execute uplink processing of the service encryption data and the service signature data through the target node equipment. The embodiment of the application can realize encryption and isolation of the service data.
Description
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a method and an apparatus for processing service data applied to a blockchain system, an electronic device, and a computer-readable storage medium.
Background
The method comprises the steps that a routing node and a common node can be deployed in a current block chain system, a user submits a service request to the block chain system through a service access terminal, the routing node in the block chain system conducts preliminary verification such as request validity on the received service request, if the verification is passed, the service request is forwarded to the common node, the common node conducts verification before uplink on the service request, and service data are stored in a block chain in the block chain system after the verification is passed. However, the existing blockchain system cannot meet an application scenario with high requirements on the security of service data.
Disclosure of Invention
In order to solve the foregoing technical problem, embodiments of the present application provide a service data processing method and apparatus, an electronic device, and a computer-readable storage medium applied to a blockchain system.
According to an aspect of the embodiments of the present application, there is provided a service data processing method applied to a blockchain system, where the blockchain system includes a routing device and a network of consensus nodes, and the method is performed by the routing device, and the method includes: acquiring a service request initiated by a service access terminal; verifying the service data contained in the service request under a trusted execution environment configured by the routing device, and encrypting the service data after the verification is passed to obtain service encrypted data, wherein the trusted execution environment is used for encrypting the service data and decrypting the service encrypted data; signing the encrypted service data to obtain service signature data; and sending the service encryption data and the service signature data to target node equipment which is communicated with the routing equipment in the consensus node network so as to execute uplink processing of the service encryption data and the service signature data through the target node equipment.
According to another aspect of the embodiments of the present application, there is provided a service data processing method applied to a blockchain system, where the blockchain system includes a routing device and a consensus node network, and the method is performed by a node device in the consensus node network, where the method includes: receiving service encryption data and service signature data sent by the routing equipment, wherein the service encryption data are obtained by encrypting the service data under a trusted execution environment configured by the routing equipment, and the trusted execution environment is used for encrypting the service data and decrypting the service encryption data; verifying the service encryption data and the service signature data; and after the verification is passed, initiating the consensus processing of the service encryption data and the service signature data in the consensus node network, so as to store the service encryption data and the service signature data on a block chain after the consensus is passed.
According to another aspect of the embodiments of the present application, there is provided a service data processing method applied to a blockchain system, where the blockchain system includes a routing device and a consensus node network, and the method is performed by a node device included in the consensus node network, and the method includes: acquiring service encryption data and service signature data, wherein the service encryption data is obtained by encrypting service data under a trusted execution environment configured by routing equipment, and the trusted execution environment is used for encrypting the service data and decrypting the service encryption data; according to the locally stored information of the trusted execution environment, initiating a call request for the trusted execution environment to target node equipment in the consensus node network, wherein the target node equipment is communicated with the routing equipment, and the call request is used for acquiring plaintext data corresponding to the service data; and receiving the plaintext data returned by the target node equipment aiming at the calling request, and performing content verification on the plaintext data to perform consensus processing on the service encryption data and the service signature data.
According to an aspect of the embodiments of the present application, there is provided a service data processing apparatus applied to a blockchain system, including: the service request acquisition module is configured to acquire a service request initiated by a service access terminal; the service data verification and encryption module is configured to verify service data contained in the service request under a trusted execution environment configured by the routing device, and encrypt the service data after the verification is passed to obtain service encrypted data, wherein the trusted execution environment is used for encrypting the service data and decrypting the service encrypted data; the encrypted data signature module is configured to sign the encrypted service data to obtain service signature data; and the data sending module is configured to send the service encryption data and the service signature data to target node equipment in a consensus node network, wherein the target node equipment is communicated with the routing equipment, so that uplink processing of the service encryption data and the service signature data is executed through the target node equipment.
According to another aspect of the embodiments of the present application, there is provided a service data processing apparatus applied to a blockchain system, including: the data receiving module is configured to receive service encryption data and service signature data sent by a routing device, wherein the service encryption data is obtained by encrypting the service data in a trusted execution environment configured by the routing device, and the trusted execution environment is used for encrypting the service data and decrypting the service encryption data; the data verification module is configured to verify the service encryption data and the service signature data; and the consensus processing module is configured to initiate consensus processing of the service encryption data and the service signature data in a consensus node network after the verification is passed, so as to store the service encryption data and the service signature data on a block chain after the consensus is passed.
According to another aspect of the embodiments of the present application, there is provided a service data processing apparatus applied to a blockchain system, including: the data acquisition module is configured to acquire service encryption data and service signature data, wherein the service encryption data are obtained by encrypting the service data in a trusted execution environment configured by the routing equipment, and the trusted execution environment is used for encrypting the service data and decrypting the service encryption data; the calling request module is configured to initiate a calling request for the trusted execution environment to target node equipment in a consensus node network, wherein the target node equipment is communicated with the routing equipment, and the calling request is used for acquiring plaintext data corresponding to the service data; and the plaintext data receiving and checking module is configured to receive the plaintext data returned by the target node device in response to the call request, and perform content checking on the plaintext data to perform consensus processing on the service encryption data and the service signature data.
According to an aspect of the embodiments of the present application, there is provided an electronic device, including a processor and a memory, where the memory stores computer-readable instructions, and the computer-readable instructions, when executed by the processor, implement the business data processing method applied to the blockchain system as described above.
According to an aspect of embodiments of the present application, there is provided a computer-readable storage medium having stored thereon computer-readable instructions, which, when executed by a processor of a computer, cause the computer to execute a traffic data processing method applied to a blockchain system as described above.
According to an aspect of embodiments herein, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the business data processing method applied to the blockchain system provided in the various optional embodiments.
In the technical solution provided in the embodiment of the present application, a routing device and a common node network are deployed in a blockchain system, and a trusted execution environment is configured in the routing device, so as to encrypt service data included in an obtained service request through the trusted execution environment to obtain service encrypted data, and decrypt the service encrypted data through the trusted execution environment to obtain plaintext data corresponding to the service encrypted data. It can be seen that, for the service data acquired by each routing device in the block chain system, the encryption processing is performed on the basis of the trusted execution environment configured by each routing device to obtain the corresponding service encrypted data, and the data sent to the consensus node network for consensus processing are also all the service encrypted data, so that the encryption of the service data in the routing device is realized, and meanwhile, the decryption processing needs to be performed on the service encrypted data in the corresponding trusted execution environment, so that the encryption isolation can be performed on the service data acquired by different routing devices, and the block chain system is very suitable for application scenarios with higher requirements on the security of the service data.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic diagram of a service access system to which the present application relates.
Fig. 2 is a flowchart illustrating a business data processing method applied to a blockchain system according to an embodiment of the present application.
Fig. 3 is a schematic diagram of another service access system to which the present application relates.
Fig. 4 is a schematic diagram illustrating an interaction flow among a routing device, a target node device, and a designated node device included in a blockchain system according to an embodiment of the present application.
Fig. 5 is a schematic diagram illustrating an interaction flow among a routing device, a target node device, and a designated node device included in a blockchain system according to another embodiment of the present application.
Fig. 6 is a schematic diagram illustrating an interaction flow among a routing device, a target node device, and a designated node device included in a blockchain system according to another embodiment of the present application.
Fig. 7 is a block diagram illustrating a service data processing apparatus applied to a blockchain system according to an embodiment of the present application.
Fig. 8 is a block diagram of a service data processing apparatus applied to a blockchain system according to another embodiment of the present application.
Fig. 9 is a block diagram of a service data processing apparatus applied to a blockchain system according to another embodiment of the present application.
FIG. 10 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It should also be noted that: reference to "a plurality" in this application means two or more. "and/or" describe the association relationship of the associated objects, meaning that there may be three relationships, e.g., A and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Referring to fig. 1, fig. 1 is a schematic diagram of an implementation environment related to the present application. The implementation environment is specifically a service access system, which includes a blockchain system 10 and a service access terminal 20, wherein the service access terminal 20 is configured to initiate a service request to the blockchain system 10 to request the blockchain system 10 to perform uplink processing on service data included in the service request.
The blockchain system 10 refers to a system for sharing data between nodes, and in order to ensure information intercommunication in the blockchain system 10, there may be an information connection between nodes in the blockchain system 10, and the nodes may transmit information through the information connection. The nodes participating in the information consensus process in the blockchain system 10 are called consensus nodes, and a consensus node network in the blockchain system 10 is formed through information connection among a plurality of consensus nodes.
Each node in the Blockchain system 10 stores an identical Blockchain (Blockchain), which is essentially a decentralized database, a string of blocks that are generated using cryptographic methods. Each block on the block chain comprises a block head and a block body, the block head stores information such as the block height and the time stamp of the current block, and the block head characteristic value of the parent block, so that the block data stored in each block on the block chain is associated with the block data stored in the parent block, and the safety of the information in the block is guaranteed. The information stored in each block of the block chain is also commonly known through the common node network.
As shown in fig. 1, the blockchain system 10 further includes a plurality of routing devices, and the routing devices are configured with trusted execution environments, and the trusted execution environments configured in the routing devices are different from each other. The trusted execution environment is used for encrypting the service data acquired by the routing equipment to obtain service encrypted data, and is also used for decrypting the service encrypted data encrypted under the trusted execution environment of the trusted execution environment to obtain plaintext data corresponding to the service encrypted data. The routing equipment encrypts the service data needing to be linked, sends the corresponding service encrypted data to the consensus node network for consensus, and if the consensus node in the consensus node network needs to perform consensus on the content of the service encrypted data, the routing equipment needs to request decryption under a corresponding trusted execution environment to obtain plaintext data. Therefore, the service data acquired by the routing equipment are processed in an encryption mode in the uplink process, and the safety of the service data is ensured. Meanwhile, the service data acquired by different routing devices are isolated from each other, so that the safety of the service data is further improved.
It should be noted that the service access terminal 20 shown in fig. 1 may be a terminal device such as a smart phone, a tablet, a notebook computer, a computer, and the like, the common node may be an independent physical server, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and an artificial intelligence platform, and the like, which is not limited herein.
Referring to fig. 2, fig. 2 is a flowchart illustrating a service data processing method applied to a blockchain system according to an embodiment of the present application. The blockchain system may be the blockchain system 10 in the context of the embodiment shown in fig. 1, which includes a routing device and a network of common nodes, and the method is specifically executed by the routing device in the blockchain system 10.
As shown in fig. 2, in an exemplary embodiment, the service data processing method applied to the blockchain system at least includes steps S110 to S170, which are described in detail as follows:
step S110, a service request initiated by the service access terminal is obtained.
It should be noted that, in this embodiment, the routing device is configured to obtain a service request initiated by a service access terminal, where the service request generally includes specific service data, for example, when the service request indicates to uplink an electronic ticket, the service request includes an electronic ticket to be uplink, or when the service request indicates to uplink a transaction, the service request includes transaction data to be uplink.
After the intelligent device obtains the service request, it can perform preliminary verification on the service request, and after the preliminary verification is completed, the service request or the service data contained in the service request is forwarded to the consensus node network to execute the consensus authentication and other processing, so as to complete the service requested by the service access terminal.
The service request acquired by the routing device may be that the service access terminal directly sends the service request to the routing device, for example, an IP Address (Internet Protocol Address) of the routing device is stored in the service access terminal in advance, and the service access terminal may send the service request to the routing device according to the IP Address.
Or, a basic routing device communicating with the service access terminal may also be deployed in the blockchain system, and the service request acquired by the routing device is forwarded to the intelligent device after the basic routing device receives the service request sent by the service access terminal. For example, the blockchain system shown in fig. 3 includes a plurality of basic routing devices, each of which is capable of communicating with all of the routing devices, thereby providing routing functions to the routing devices. Illustratively, after a service request sent by a service access terminal is received by a basic routing device, according to receiver information contained in the service request, a routing device matched with the receiver information is determined in a plurality of routing devices, and then the service request is forwarded to the determined routing device matched with the receiver information. It should be noted that the receiver information included in the service request may include a receiver identifier, or may include information associated with the receiver identifier, so as to determine the receiver identifier based on the information.
Step S130, the service data included in the service request is verified under the trusted execution environment configured by the routing device, and after the verification is passed, the service data is encrypted to obtain service encrypted data.
In this embodiment, the trusted Execution environment configured in the routing device refers to a trusted computing manner provided by hardware, and may be, for example, a tee (trusted Execution environment) trusted Execution environment, or an sgx (software Guard extensions) trusted Execution environment, where a specific type of the trusted Execution environment is not limited herein. The TEE trusted execution environment is a safe area in a Central Processing Unit (CPU), the TEE trusted execution environment runs in an independent environment and runs in parallel with an operating system, the CPU simultaneously uses hardware and software to ensure that confidentiality and integrity of codes and data in the TEE trusted execution environment are protected, the SGX trusted execution environment aims to ensure that hardware safety is taken as mandatory guarantee and does not depend on the safety state of firmware and software, a trusted execution environment of a user space is provided, and confidentiality and integrity of the codes and the data are not damaged by malicious software through a group of new instruction set extension and access control mechanisms. Thus, code and data running in a trusted execution environment are secure and non-tamperable.
The trusted execution environment configured in the routing device may be configured to perform encryption processing on service data included in the service request received by the routing device, so as to obtain corresponding service encrypted data. Therefore, the security of the service data is ensured based on the encryption processing of the service data by the trusted execution environment configured in the routing device.
The trusted execution environment configured in the routing device may also be configured to decrypt service encryption data encrypted under the trusted execution environment of the routing device, so as to obtain plaintext data corresponding to the service encryption data. For the service encrypted data encrypted under the trusted execution environment configured by other routing devices except the current routing device, the service encrypted data cannot be decrypted under the trusted execution environment configured by the current routing device. Therefore, based on the trusted execution environment configured in the routing device, isolation between service data acquired by different routing devices in the block chain system can be realized, and the security of the service data is further improved.
After the routing device obtains the service request initiated by the service access terminal, the verifying the service data included in the service request may include verifying the service data according to a verification policy deployed in the trusted execution environment. The verification strategy refers to a software program deployed in a trusted execution environment and used for performing verification processing on the service data. The verification policy may include at least one of a policy of decrypting the service data, a policy of decoding the service data, a policy of verifying the validity of the service data, and the like, where the decryption of the service data may refer to that the service data included in the service request is obtained by encrypting the service access terminal, and the routing device needs to decrypt the service data. Verifying the validity of the service data may refer to verifying whether the service data includes a service parameter, for example, when the service data is an electronic bill, whether the bill parameter such as an invoice code and a bill format included in the electronic bill is valid may be checked.
After the service data passes the verification, the routing equipment encrypts the service data through the trusted execution environment to obtain corresponding service encrypted data. The encryption processing of the service data is performed through the trusted execution environment, that is, the trusted calculation process of the service data is performed, and the obtained service encrypted data needs to be decrypted in the trusted execution environment to obtain plaintext data.
And step S150, signing the encrypted service data to obtain service signature data.
After obtaining the service encrypted data corresponding to the service data, the routing device further needs to sign the encrypted service data, for example, using a private key generated by the routing device to sign the encrypted service data, so as to obtain service signature data.
Step S170, sending the service encrypted data and the service signature data to a target node device in the consensus node network, which is in communication with the routing device, so as to perform uplink processing on the service encrypted data and the service signature data through the target node device.
In this embodiment, the target node device communicating with the routing device is a common node in a common node network, and the target node device may participate in a common process of to-be-uplink data, so that the routing device needs to send the service encryption data and the service signature data to the target node device communicating with the routing device in the common node network, so as to perform uplink processing on the service encryption data and the service signature data through the target node device.
After receiving the service encryption data and the service signature data, the target node equipment verifies the service encryption data and the service signature data, and initiates consensus processing of the service encryption data and the service signature data in a consensus node network after the verification is passed, so that the service encryption data and the service signature data are stored in a block chain after the consensus is passed, and processing of a service requested by a service access terminal is completed.
For example, after the routing device generates the paired private key and public key, the routing device synchronizes the generated public key to the target node device for storage, so that the target node device can verify the service encryption data and the service signature data through the public key of the routing device after receiving the service encryption data and the service signature data sent by the routing device. And if the verification is passed, the identity of the routing equipment is legal, and the service encryption data and the service signature data sent by the routing equipment are sent to all the consensus nodes in the consensus node network to execute consensus processing.
It should be noted that, the target node device sends the service encrypted data and the service signature data that pass the verification to the consensus node network for consensus processing, that is, in the consensus process, the verified information is an encrypted result generated by the trusted execution environment, which ensures that the consensus node participating in the consensus process cannot snoop and leak the service data. Moreover, the data stored in the blockchain after passing the consensus is the content encrypted by the hash algorithm and the trusted execution environment, and the content needs to be decrypted in the trusted execution environment configured by the trusted routing device, for example, by a key burned in a trusted chip in the routing device.
Because the trusted computing and the block chain are two independent technical systems, the method provided by the embodiment extends the decentralized and non-repudiation of the block chain to the lower part of the chain by combining the two technologies, utilizes the trusted computing provided by trusted hardware as the extension of the block chain trust, and then, by finishing the processing of the service request, ensures that the service can be executed in a trusted manner on the upper part of the chain and on the lower part of the chain through the block chain and the trusted execution environment, thereby fully ensuring the security of the service data.
In the embodiment, the security of the service data requested to be processed by the service access terminal is ensured from the aspects described above, and the method is very suitable for application scenarios with high security requirements on the service data. For example, in an application scenario of performing uplink storage on electronic tickets in different regions, each routing device in the blockchain system may be deployed as a routing device corresponding to each region, and is configured to execute uplink operation on electronic tickets belonging to its own region, and different trusted execution environments are configured in different routing devices, so that encryption and isolation of the electronic tickets in each region are realized, and privacy and security of the electronic tickets in each region are fully guaranteed.
For example, in an enterprise scenario, since different departments or sub-companies have higher independence, and sensitive data and non-public information generated by the department or the sub-company are not expected to be known by other departments or sub-companies, an enterprise data management platform may be deployed according to the method provided by this embodiment, where the enterprise data management platform is specifically the blockchain system provided by this embodiment, so that data stored on the enterprise data management platform by each department or sub-company has privacy and isolation at the same time.
It should be understood that the application scenario to which the method provided by the present embodiment is applied is only an example, and the method provided by the present embodiment may also be applied to other application scenarios with high security requirements on service data, so as to implement encryption and isolation processing of data at the same time, which is not limited herein.
In another embodiment, considering that the identity of the target node device initiating the consensus processing of the service encryption data and the service signature data is verified by the consensus node network, which may result in low reliability of data stored on the blockchain after the consensus passes, it is necessary for the consensus node to check the content of the service data to be uplinked in the consensus process.
The consensus node network includes a plurality of consensus nodes for checking the content of the service data, and the plurality of consensus nodes can be used as designated node devices. After the designated node device receives the service encryption data and the service signature data sent by the target node device, on one hand, the identity of the target node device is verified according to the service encryption data and the service signature data, on the other hand, plaintext data corresponding to the service encryption data needs to be obtained, and content verification of the service data is carried out through the obtained plaintext data.
Or in some embodiments, after receiving the service encrypted data and the service signature data sent by the target node device, the designated node device only needs to perform content verification of the service data, which is not limited herein.
Trusted execution environments configured by all routing devices in the blockchain system are registered in the designated node device in advance, that is, information of all trusted execution environments is stored in the designated node device. Identity information (such as public keys, node identifications and the like) of all the consensus nodes in the consensus node network is stored on the block chain, so that the identity of the consensus nodes can be verified mutually. Identity information and attribute information for a given node device may be stored in the starting block, where the attribute information for the given node device is used to indicate the privilege of the given node device in the blockchain system, e.g., to limit which trusted execution environments the given node device may request decryption of traffic encrypted data from. In different application scenarios, the attribute information of a specific node device may also be different.
Since the service encrypted data can only be decrypted in the trusted execution environment that generates the service encrypted data of the node itself, in order to obtain the plaintext data corresponding to the service encrypted data, as shown in fig. 4, the designated node device initiates a call request for the corresponding trusted execution environment to the target node device according to the locally stored information of the trusted execution environment, so as to request to call the trusted execution environment configured in the routing device that communicates with the target node device to decrypt the service encrypted data, and obtain the plaintext data corresponding to the service encrypted data.
After receiving the calling request, the target node device forwards the calling request to the routing device communicated with the target node device, so that the routing device decrypts the service encryption data contained in the calling request through the trusted execution environment configured by the routing device, and obtains plaintext data corresponding to the service encryption data. After receiving the plaintext data returned by the routing device, forwarding the plaintext data to the designated node device.
After the appointed node equipment receives the plaintext data returned by the target node equipment, the content of the plaintext data can be verified, so that the content of the service data requested by the service access terminal is verified, the service encryption data and the service signature data sent by the target node equipment are subjected to consensus processing, and the reliability of the data stored in the block chain is improved.
In other embodiments, a blockchain intelligent contract is deployed on the blockchain, and the trusted execution environment registers with the blockchain by registering with the blockchain intelligent contract to authenticate the functionality and validity of the trusted execution environment. That is, the information of the trusted execution environment, for example, parameters of the trusted execution environment, is pre-registered in the blockchain smart contract.
As shown in fig. 5, the designated node device calls the trusted execution environment not in a direct trusted hardware calling manner, but first obtains information of the trusted execution environment through a blockchain intelligent contract configured on a blockchain, and initiates a remote verification request to the target node device to request the target node device to verify the identity of the designated node device.
And the target node equipment responds to the verification request initiated by the specified node equipment, acquires the identity information of the specified node equipment from the block chain, and performs identity verification on the specified node equipment according to the acquired identity information. As previously mentioned, identity information of a given node device is pre-stored on the blockchain, e.g., may be stored in the starting block. The authentication of the designated node device may be, for example, verifying whether the designated node device has the right to invoke the trusted execution environment in the routing device, and if so, indicating that the identity of the designated node is authenticated and returning authentication passing information to the designated node device.
And after receiving the verification passing information sent by the target node equipment, the appointed node equipment initiates a call request for a trusted execution environment in the routing equipment. And after receiving the plaintext data returned by the target node equipment, the appointed node equipment calls the block chain execution contract again so as to synchronize the calling result of this time to the block chain for storage.
Therefore, according to the embodiment, the identity authentication of the calling requester is set before the trusted execution environment is called, and only the designated node device having the legal calling authority for the current trusted execution environment can successfully call the current trusted execution environment, so that the data security of the blockchain system is further improved. In this embodiment, a block chain intelligent contract is further set to perform synchronous processing on data on the block chain, so that accuracy and reliability of data stored on the block chain are fully ensured.
Similarly, in another embodiment, an information sharing intelligent contract may be further deployed on the block chain, and between the consensus nodes respectively communicated with the routing devices in the consensus node network, the information sharing intelligent contract may be used to obtain, from the block chain, an acquisition right of the other side consensus node for plaintext data corresponding to some specified encrypted data.
For example, if the consensus node a wants to obtain a certain service parameter in the service data uplink processed by the consensus node B, the information sharing intelligent contract deployed on the blockchain is invoked to request to obtain the service parameter stored on the blockchain. But since the data stored on the blockchain is encrypted data obtained through hash calculation and trusted calculation, the information sharing intelligent contract returns the encrypted data corresponding to the service parameters to the consensus node a, and also returns a token to the consensus node a. The consensus node A initiates remote authentication to the consensus node B according to the token, and sends a call request for a trusted execution environment in routing equipment communicated with the consensus node B to the consensus node B after the remote authentication is passed so as to request to acquire plaintext data obtained by decrypting the encrypted data through the trusted execution environment, namely to acquire specific service parameters.
Therefore, other common identification nodes except the designated node equipment in the common identification node network can also acquire the plaintext corresponding to the data stored on the blockchain under the encryption condition, and the data sharing among the nodes in the blockchain system is promoted.
In other embodiments, as shown in fig. 6, after the target node device passes the authentication of the designated node device, the target node device maintains the communication connection with the designated node device until plaintext data corresponding to the service encryption data is returned to the designated node.
The target node device maintains the communication connection with the designated node device means that the target node device determines to accept the communication connection with the current designated node device according to the identity information of the designated node device stored in the block chain, and rejects the communication connection of other common nodes except the current designated node device in the common node network, so that a channel for data transmission between the target node device and the designated node device is further guaranteed to be credible, and plaintext data decrypted in a credible execution environment can be safely transmitted to the designated node device, so that the data security of the block chain system is further improved.
And after receiving the plaintext data returned by the routing equipment, the target node equipment signs the plaintext data through the public key of the appointed node equipment to obtain plaintext signature data so as to send the plaintext signature data to the appointed node equipment. As described above, the block chain stores the public key of each common node in the common node network, so that the target node device obtains the public key corresponding to the designated node device from the block chain, and signs the plaintext data according to the obtained public key to obtain the plaintext signature data. After the appointed node equipment receives the plaintext encrypted data, the plaintext encrypted data can be decrypted by using a private key of the appointed node equipment, so that corresponding plaintext data can be obtained. Therefore, the plaintext data obtained by decryption through the trusted execution environment is transmitted between the target node device and the appointed node device in an encrypted form, and the transmission security of the plaintext data is further ensured.
In other embodiments, during the process of performing consensus processing, each consensus node in the consensus node network further obtains the number of designated node devices that perform consensus on the service encryption data and the service signature data, and the number of other consensus nodes that perform consensus on the service encryption data and the service signature data, where the other consensus nodes are node devices in the consensus node network other than the designated node devices.
As described above, since the node devices in the consensus node network except the designated node device cannot invoke the trusted execution environment to decrypt the service encrypted data sent by the target node device, the passing of the consensus on the service encrypted data and the service signature data by the other consensus nodes means that the other consensus nodes verify that the identity of the target node device is legal. If the designated node device recognizes the service encrypted data and the service signature data together, the designated node device passes the content verification of the plaintext data decrypted by the trusted execution environment.
And if the consensus node determines that the sum of the number of the appointed node equipment and the number of other consensus nodes and the number of the appointed node equipment meet the number threshold required by the consensus algorithm, determining that the service encryption data and the service signature data pass consensus in the consensus node network.
Specifically, the consensus algorithm refers to a consensus algorithm configured in the blockchain system, and may be, for example, a byzantine consensus algorithm or other consensus algorithms, which is not limited herein. If the Byzantine consensus algorithm is taken as an example for explanation, the number of the specified node equipment is represented as m, the number of other consensus nodes is represented as n, and if m + n >2F +1 is met (wherein the total number of the consensus nodes contained in the consensus node network is 3F), the sum of the number of the specified node equipment and the number of the other consensus nodes is represented as a number threshold value meeting the requirement of the consensus algorithm; and if m >2H +1 is satisfied (wherein the total number of the specified node devices contained in the consensus node network is 3H), the number of the specified node devices is represented to meet the number threshold value required by the consensus algorithm.
Therefore, in the embodiment, the consensus algorithm is set to be participated in by target node devices which need to be communicated by a plurality of routing devices and designated node devices used for verifying the content of the service data, and after the number of the target node devices which pass the consensus and the number of the designated node devices which pass the consensus both meet the number threshold required by the consensus algorithm, it is determined that the service encryption data and the service signature data pass the consensus in the consensus node network, so that the service data stored to the block chain has high reliability on the content.
Fig. 7 is a block diagram illustrating a service data processing apparatus applied to a blockchain system according to an embodiment of the present application. As shown in fig. 7, the apparatus includes:
a service request obtaining module 210 configured to obtain a service request initiated by a service access terminal; the service data verifying and encrypting module 230 is configured to verify service data included in the service request in a trusted execution environment configured by the routing device, and encrypt the service data after the verification is passed to obtain service encrypted data, where the trusted execution environment is used to encrypt the service data and decrypt the service encrypted data; the encrypted data signature module 250 is configured to sign the encrypted service data to obtain service signature data; the data sending module 270 is configured to send the service encrypted data and the service signature data to a target node device in the identified node network, where the target node device communicates with the routing device, so as to perform uplink processing on the service encrypted data and the service signature data through the target node device.
In another exemplary embodiment, the apparatus further comprises:
the transfer request receiving module is configured to receive a transfer request for a trusted execution environment, which is initiated by a designated node device in the consensus node network, wherein the transfer request is forwarded to the routing device after the target node device verifies the identity of the designated node device, and the designated node device stores information of the executable environment; and the service encrypted data decryption module is configured to decrypt the service encrypted data contained in the call request under the trusted execution environment to obtain plaintext data corresponding to the service encrypted data, and return the plaintext data to the target node device.
In another exemplary embodiment, the blockchain system further includes a basic routing device in communication with the service access terminal, and the service request obtaining module 210 includes:
and the service request forwarding and receiving unit is configured to receive the service request forwarded by the basic routing device, and the service request is that after the basic routing device receives the service request sent by the service access terminal, the routing device matched with the receiver information is determined in the plurality of routing devices according to the receiver information contained in the service request, and the service request is forwarded to the routing device matched with the receiver information.
In another exemplary embodiment, the service data verification and encryption module 230 includes:
and the verification strategy execution unit is configured to verify the service data contained in the service request according to a verification strategy deployed in the trusted execution environment, wherein the verification strategy comprises at least one of decryption of the service data, decoding of the service data and verification of the validity of the service data.
Fig. 8 is a block diagram of a service data processing apparatus applied to a blockchain system according to another embodiment of the present application. As shown in fig. 8, the apparatus includes:
the data receiving module 310 is configured to receive service encryption data and service signature data sent by the routing device, where the service encryption data is obtained by encrypting the service data in a trusted execution environment configured by the routing device, and the trusted execution environment is used for encrypting the service data and decrypting the service encryption data; the data verification module 330 is configured to verify the service encryption data and the service signature data; and the consensus processing module 350 is configured to initiate consensus processing of the service encryption data and the service signature data in the consensus node network after the verification is passed, so as to store the service encryption data and the service signature data onto the block chain after the consensus is passed.
In another exemplary embodiment, the apparatus further comprises:
the call request forwarding module is configured to forward a call request for the trusted execution environment, which is initiated by a designated node device in the consensus node network, to the routing device, so that the routing device decrypts the service encryption data contained in the call request under the trusted execution environment, and plaintext data corresponding to the service encryption data is obtained; and the plaintext data forwarding module is configured to forward the plaintext data returned by the routing device to the specified node device.
In another exemplary embodiment, the call request forwarding module includes:
the remote verification request response unit is configured to respond to a remote verification request initiated by the designated node equipment, acquire the identity information of the designated node equipment from the block chain, and verify the identity of the designated node equipment according to the acquired identity information; and the execution unit after passing the verification is configured to forward the call request initiated by the specified node equipment to the routing equipment after passing the identity verification.
In another exemplary embodiment, the call request forwarding module further includes:
and the communication connection maintaining unit is configured to maintain the communication connection with the specified node equipment after the specified node equipment passes the identity verification until plaintext data is returned to the specified node equipment.
In another exemplary embodiment, the plaintext data forwarding module comprises:
the public key acquisition unit is configured to acquire a public key corresponding to the specified node equipment from the block chain; and the public key signature unit is configured to sign the plaintext data according to the public key to obtain plaintext signature data so as to send the plaintext signature data to the specified node equipment.
Fig. 9 is a block diagram of a service data processing apparatus applied to a blockchain system according to another embodiment of the present application. As shown in fig. 9, the apparatus includes:
the data obtaining module 410 is configured to obtain service encryption data and service signature data, where the service encryption data is obtained by encrypting the service data in a trusted execution environment configured by the routing device, and the trusted execution environment is used to encrypt the service data and decrypt the service encryption data; the invoking request module 430 is configured to initiate an invoking request for the trusted execution environment to a target node device in the consensus node network, which communicates with the routing device, according to the locally stored information of the trusted execution environment, where the invoking request is used to obtain plaintext data corresponding to the service data; the plaintext data receiving and checking module 450 is configured to receive plaintext data returned by the target node device in response to the invocation request, and perform consensus processing on the service encryption data and the service signature data by performing content checking on the plaintext data.
In another exemplary embodiment, the call request module 430 includes:
the intelligent contract calling unit is configured to initiate a remote verification request to the target node equipment by calling a block chain intelligent contract configured on a block chain, and information of a trusted execution environment is registered in the block chain intelligent contract in advance; and the call request initiating unit is configured to initiate a call request to the trusted execution environment if verification passing information returned by the target node device for the remote verification request is received.
In another exemplary embodiment, the apparatus includes:
the node number acquisition module is configured to acquire the number of designated node devices which perform consensus on the service encryption data and the service signature data and the number of other consensus nodes which perform consensus on the service encryption data and the service signature data, wherein the designated node devices are used for performing content verification on plaintext data, and the other consensus nodes are node devices in a consensus node network except the designated node devices; and the consensus passing determination module is configured to determine that the service encryption data and the service signature data pass consensus in the consensus node network if the sum of the number of the specified node devices and the number of other consensus nodes is determined and the number of the specified node devices meets the number threshold required by the consensus algorithm.
It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which each module and unit execute operations has been described in detail in the method embodiment, and is not described again here.
Embodiments of the present application further provide an electronic device, which includes a processor and a memory, where the memory stores computer readable instructions, and the computer readable instructions, when executed by the processor, implement the business data processing method applied to the blockchain system as described above.
FIG. 10 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
It should be noted that the computer system 1600 of the electronic device shown in fig. 10 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 10, computer system 1600 includes a Central Processing Unit (CPU) 1601, which can perform various appropriate actions and processes, such as executing the methods described in the above embodiments, according to a program stored in a Read-Only Memory (ROM) 1602 or a program loaded from a storage portion 1608 into a Random Access Memory (RAM) 1603. In the RAM 1603, various programs and data necessary for system operation are also stored. The CPU 1601, ROM 1602, and RAM 1603 are connected to each other via a bus 1604. An Input/Output (I/O) interface 1605 is also connected to the bus 1604.
The following components are connected to the I/O interface 1605: an input portion 1606 including a keyboard, a mouse, and the like; an output section 1607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage portion 1608 including a hard disk and the like; and a communication section 1609 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 1609 performs communication processing via a network such as the internet. The driver 1610 is also connected to the I/O interface 1605 as needed. A removable medium 1611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1610 as necessary, so that a computer program read out therefrom is mounted in the storage portion 1608 as necessary.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method illustrated by the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via the communication portion 1609, and/or installed from the removable media 1611. When the computer program is executed by a Central Processing Unit (CPU) 1601, various functions defined in the system of the present application are executed.
It should be noted that the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with a computer program embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. The computer program embodied on the computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
Another aspect of the present application also provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the business data processing method applied to the blockchain system as described above. The computer-readable storage medium may be included in the electronic device described in the above embodiment, or may exist separately without being incorporated in the electronic device.
Another aspect of the application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the business data processing method applied to the blockchain system provided in the above embodiments.
The above description is only a preferred exemplary embodiment of the present application, and is not intended to limit the embodiments of the present application, and those skilled in the art can easily make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (15)
1. A service data processing method applied to a blockchain system, wherein the blockchain system comprises a routing device and a consensus node network, and the method is executed by the routing device, and the method comprises the following steps:
acquiring a service request initiated by a service access terminal;
verifying the service data contained in the service request under a trusted execution environment configured by the routing device, and encrypting the service data after the verification is passed to obtain service encrypted data, wherein the trusted execution environment is used for encrypting the service data and decrypting the service encrypted data;
signing the service encrypted data to obtain service signature data;
sending the service encryption data and the service signature data to target node equipment in the consensus node network, wherein the target node equipment is communicated with the routing equipment, so that uplink processing of the service encryption data and the service signature data is executed through the target node equipment;
receiving a call request for the trusted execution environment, which is initiated by a designated node device in the consensus node network, wherein the call request is forwarded to the routing device after the target node device verifies the identity of the designated node device, and the designated node device stores information of the trusted execution environment;
and decrypting the service encryption data contained in the calling request under the trusted execution environment to obtain plaintext data corresponding to the service encryption data, and returning the plaintext data to the target node equipment.
2. The method of claim 1, wherein the blockchain system further comprises a base routing device in communication with the service access terminal; the acquiring the service request initiated by the service access terminal includes:
and receiving a service request forwarded by the basic routing device, wherein the service request is that after the basic routing device receives the service request sent by the service access terminal, routing devices matched with the receiver information are determined in a plurality of routing devices according to the receiver information contained in the service request, and the service request is forwarded to the routing devices matched with the receiver information.
3. The method according to claim 1, wherein the verifying, in a trusted execution environment configured by the routing device, service data included in the service request, and after the verification is passed, performing encryption processing on the service data to obtain service encrypted data includes:
and verifying the service data contained in the service request according to a verification strategy deployed in the trusted execution environment, wherein the verification strategy comprises at least one of decryption of the service data, decoding of the service data and verification of the validity of the service data.
4. A service processing method applied to a blockchain system, wherein the blockchain system comprises a routing device and a consensus node network, and the method is executed by a node device in the consensus node network, and the method comprises:
receiving service encryption data and service signature data sent by the routing equipment, wherein the service encryption data are obtained by encrypting the service data under a trusted execution environment configured by the routing equipment, and the trusted execution environment is used for encrypting the service data and decrypting the service encryption data;
verifying the service encryption data and the service signature data;
after the verification is passed, initiating the consensus processing of the service encryption data and the service signature data in the consensus node network, so as to store the service encryption data and the service signature data on a block chain after the consensus is passed;
forwarding a call request initiated by a designated node device in the consensus node network to the trusted execution environment to the routing device, so that the routing device decrypts service encryption data contained in the call request under the trusted execution environment to obtain plaintext data corresponding to the service encryption data;
and forwarding the plaintext data returned by the routing equipment to the specified node equipment.
5. The method of claim 4, wherein forwarding, to the routing device, a call request for the trusted execution environment initiated by a specified node device in the network of consensus nodes comprises:
responding to a remote authentication request initiated by the appointed node equipment, acquiring the identity information of the appointed node equipment from a block chain, and authenticating the identity of the appointed node equipment according to the acquired identity information;
and after the identity authentication is passed, forwarding the call request initiated by the specified node equipment to the routing equipment.
6. The method of claim 5, further comprising:
and after the identity authentication of the appointed node equipment is passed, maintaining the communication connection with the appointed node equipment until the plaintext data is returned to the appointed node equipment.
7. The method according to claim 4, wherein forwarding the plaintext data returned by the routing device to the designated node device comprises:
acquiring a public key corresponding to the designated node equipment from a block chain;
and signing the plaintext data according to the public key to obtain plaintext signature data so as to send the plaintext signature data to the appointed node equipment.
8. A service processing method applied to a blockchain system, wherein the blockchain system comprises a routing device and a consensus node network, and the method is executed by a node device included in the consensus node network, and the method comprises:
acquiring service encryption data and service signature data, wherein the service encryption data is obtained by encrypting service data under a trusted execution environment configured by routing equipment, and the trusted execution environment is used for encrypting the service data and decrypting the service encryption data;
according to the locally stored information of the trusted execution environment, initiating a call request for the trusted execution environment to target node equipment in the consensus node network, wherein the target node equipment is communicated with the routing equipment, and the call request is used for acquiring plaintext data corresponding to the service data;
and receiving the plaintext data returned by the target node equipment aiming at the calling request, and performing content verification on the plaintext data to perform consensus processing on the service encryption data and the service signature data.
9. The method of claim 8, wherein initiating a call request for the trusted execution environment to a target node device in the network of consensus nodes in communication with the routing device based on the locally stored information of the trusted execution environment comprises:
initiating a remote verification request to the target node equipment by calling a block chain intelligent contract configured on a block chain, wherein the block chain intelligent contract is pre-registered with information of the trusted execution environment;
and if verification passing information returned by the target node equipment for the remote verification request is received, initiating a call request for the trusted execution environment.
10. The method of claim 8, further comprising:
acquiring the number of appointed node devices which carry out consensus on the service encryption data and the service signature data and the number of other consensus nodes which carry out consensus on the service encryption data and the service signature data, wherein the appointed node devices are used for carrying out content verification on the plaintext data, and the other consensus nodes are node devices in the consensus node network except the appointed node devices;
and if the sum of the number of the appointed node equipment and the number of the other consensus nodes is determined, and the number of the appointed node equipment meets the number threshold required by a consensus algorithm, determining that the service encryption data and the service signature data pass consensus in the consensus node network.
11. A service data processing apparatus applied to a blockchain system, comprising:
the service request acquisition module is configured to acquire a service request initiated by a service access terminal;
the service data verification and encryption module is configured to verify service data contained in the service request under a trusted execution environment configured by the routing device, and encrypt the service data after the verification is passed to obtain service encrypted data, wherein the trusted execution environment is used for encrypting the service data and decrypting the service encrypted data;
the encrypted data signature module is configured to sign the service encrypted data to obtain service signature data;
a data sending module configured to send the service encrypted data and the service signature data to a target node device in a consensus node network, which is in communication with the routing device, so as to execute uplink processing of the service encrypted data and the service signature data by the target node device;
a calling request receiving module configured to receive a calling request for the trusted execution environment, which is initiated by a designated node device in the consensus node network, where the calling request is forwarded to the routing device after the target node device performs identity verification on the designated node device, and information of the trusted execution environment is stored in the designated node device;
and the service encrypted data decryption module is configured to decrypt the service encrypted data contained in the calling request under the trusted execution environment to obtain plaintext data corresponding to the service encrypted data, and return the plaintext data to the target node device.
12. A service processing apparatus applied to a blockchain system, comprising:
the data receiving module is configured to receive service encryption data and service signature data sent by a routing device, wherein the service encryption data is obtained by encrypting the service data in a trusted execution environment configured by the routing device, and the trusted execution environment is used for encrypting the service data and decrypting the service encryption data;
the data verification module is configured to verify the service encryption data and the service signature data;
the consensus processing module is configured to initiate consensus processing of the service encryption data and the service signature data in a consensus node network after verification is passed, so that the service encryption data and the service signature data are stored in a block chain after the consensus is passed;
a call request forwarding module configured to forward a call request to the trusted execution environment, which is initiated by a designated node device in the consensus node network, to the routing device, so that the routing device decrypts service encrypted data included in the call request in the trusted execution environment, and plaintext data corresponding to the service encrypted data is obtained;
and the plaintext data forwarding module is configured to forward the plaintext data returned by the routing device to the specified node device.
13. A service processing apparatus applied to a blockchain system, comprising:
the data acquisition module is configured to acquire service encryption data and service signature data, wherein the service encryption data are obtained by encrypting the service data in a trusted execution environment configured by the routing equipment, and the trusted execution environment is used for encrypting the service data and decrypting the service encryption data;
the calling request module is configured to initiate a calling request for the trusted execution environment to target node equipment in a consensus node network, wherein the target node equipment is communicated with the routing equipment, and the calling request is used for acquiring plaintext data corresponding to the service data;
and the plaintext data receiving and checking module is configured to receive the plaintext data returned by the target node device in response to the call request, and perform content checking on the plaintext data to perform consensus processing on the service encryption data and the service signature data.
14. An electronic device, comprising:
a processor;
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the method of any one of claims 1 to 10 via execution of the executable instructions.
15. A computer-readable medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110134020.8A CN112446050B (en) | 2021-02-01 | 2021-02-01 | Business data processing method and device applied to block chain system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110134020.8A CN112446050B (en) | 2021-02-01 | 2021-02-01 | Business data processing method and device applied to block chain system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112446050A CN112446050A (en) | 2021-03-05 |
| CN112446050B true CN112446050B (en) | 2021-05-18 |
Family
ID=74739511
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110134020.8A Active CN112446050B (en) | 2021-02-01 | 2021-02-01 | Business data processing method and device applied to block chain system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112446050B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113468517A (en) * | 2021-09-02 | 2021-10-01 | 北京交研智慧科技有限公司 | Data sharing method, system and storage medium based on block chain |
| CN113852469B (en) * | 2021-09-24 | 2024-03-22 | 成都质数斯达克科技有限公司 | Method, device, equipment and readable storage medium for transmitting data between block chain nodes |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110851870A (en) * | 2019-11-14 | 2020-02-28 | 中国人民解放军国防科技大学 | Block chain privacy protection method, system and medium based on trusted execution environment |
| CN111460458A (en) * | 2020-03-31 | 2020-07-28 | 腾讯科技(深圳)有限公司 | Data processing method, related device and computer storage medium |
| CN111741028B (en) * | 2020-08-24 | 2020-11-24 | 支付宝(杭州)信息技术有限公司 | Service processing method, device, equipment and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110619520B (en) * | 2018-06-20 | 2023-05-02 | 深圳市红砖坊技术有限公司 | Block chain system and routing method applied to routing nodes of block chain system |
| US11528258B2 (en) * | 2018-11-02 | 2022-12-13 | Intel Corporation | System and apparatus for data confidentiality in distributed ledger |
| CN110365695A (en) * | 2019-07-24 | 2019-10-22 | 中国工商银行股份有限公司 | The block chain data interactive method and device of changeable common recognition algorithm |
| CN113326532A (en) * | 2020-09-11 | 2021-08-31 | 支付宝(杭州)信息技术有限公司 | Block chain-based user privacy data providing method and device |
-
2021
- 2021-02-01 CN CN202110134020.8A patent/CN112446050B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110851870A (en) * | 2019-11-14 | 2020-02-28 | 中国人民解放军国防科技大学 | Block chain privacy protection method, system and medium based on trusted execution environment |
| CN111460458A (en) * | 2020-03-31 | 2020-07-28 | 腾讯科技(深圳)有限公司 | Data processing method, related device and computer storage medium |
| CN111741028B (en) * | 2020-08-24 | 2020-11-24 | 支付宝(杭州)信息技术有限公司 | Service processing method, device, equipment and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112446050A (en) | 2021-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109862041B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| US10554420B2 (en) | Wireless connections to a wireless access point | |
| US11870769B2 (en) | System and method for identifying a browser instance in a browser session with a server | |
| US9830447B2 (en) | Method and system for verifying an access request | |
| JP2023502346A (en) | Quantum secure networking | |
| US20190251561A1 (en) | Verifying an association between a communication device and a user | |
| KR102177794B1 (en) | Distributed device authentication protocol in internet of things blockchain environment | |
| US10536271B1 (en) | Silicon key attestation | |
| CN111542820A (en) | Method and apparatus for trusted computing | |
| CN110020869B (en) | Method, device and system for generating block chain authorization information | |
| CN112910660B (en) | Certificate issuing method, adding method and transaction processing method of blockchain system | |
| CN112311779B (en) | Data access control method and device applied to block chain system | |
| CN112446050B (en) | Business data processing method and device applied to block chain system | |
| CN113259123B (en) | Block chain data writing and accessing method and device | |
| US20220005039A1 (en) | Delegation method and delegation request managing method | |
| CN114239072B (en) | Block chain node management method and block chain network | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| KR20200016506A (en) | Method for Establishing Anonymous Digital Identity | |
| US11469905B2 (en) | Device and method for processing public key of user in communication system that includes a plurality of nodes | |
| CN113259124A (en) | Block chain data writing and accessing method and device | |
| CN115001714B (en) | Resource access method and device, electronic equipment and storage medium | |
| CN114172923B (en) | Data transmission method, communication system and communication device | |
| CN114553570B (en) | Method, device, electronic equipment and storage medium for generating token | |
| CN113556365B (en) | Authentication result data transmission system, method and device | |
| EP4047871A1 (en) | Advanced security control implementation of proxied cryptographic keys |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40041001 Country of ref document: HK |