CN113328854B - Service processing method and system based on block chain - Google Patents

Service processing method and system based on block chain Download PDF

Info

Publication number
CN113328854B
CN113328854B CN202110566475.7A CN202110566475A CN113328854B CN 113328854 B CN113328854 B CN 113328854B CN 202110566475 A CN202110566475 A CN 202110566475A CN 113328854 B CN113328854 B CN 113328854B
Authority
CN
China
Prior art keywords
service
party
certificate
identity
business
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110566475.7A
Other languages
Chinese (zh)
Other versions
CN113328854A (en
Inventor
王晓亮
俞之贝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Rivtower Technology Co Ltd
Original Assignee
Hangzhou Rivtower Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Rivtower Technology Co Ltd filed Critical Hangzhou Rivtower Technology Co Ltd
Priority to CN202110566475.7A priority Critical patent/CN113328854B/en
Publication of CN113328854A publication Critical patent/CN113328854A/en
Application granted granted Critical
Publication of CN113328854B publication Critical patent/CN113328854B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

The application discloses a service processing method and system based on a block chain, and belongs to the technical field of block chains. The method is used in a business processing system comprising at least two participants, and comprises the following steps: at least two participants negotiate to generate a service identity and a service rule certificate, wherein the service rule certificate comprises a distributed identity and a transaction address of each participant of the service, and the transaction addresses of the participants in different services are different; generating an intelligent contract according to the business identity and the business rule certificate; and performing service processing according to the intelligent contract. In the method, business cooperation can be carried out according to a uniform rule, and identity mutual authentication is carried out; the privacy protection of identity and service data can be realized; the method can ensure that the business operation can be traced, the data right is clear, the repeated auditing of the identity and the business data is reduced, the identity of the participant and the business rule certificate can be subjected to uplink maintenance, and the purposes of storing the certificate, verifying and managing are realized.

Description

Service processing method and system based on block chain
Technical Field
The embodiment of the application relates to the technical field of block chains, in particular to a service processing method and system based on a block chain.
Background
In the era of digital economy, service interaction is increasingly complex, and more services are executed in a digital manner. That is, individual business participants can transact on the blockchain to effectuate business processing.
Traditional business processing can require each business participant to provide a real identity, which may reveal the identity of the business participant and is not beneficial to privacy protection.
Disclosure of Invention
The embodiment of the application provides a service processing method and system based on a block chain, which are used for solving the problem that each service participant is required to provide a real identity during service processing, and privacy protection is not facilitated. The technical scheme is as follows:
in one aspect, a service processing method based on a block chain is provided, which is used in a service processing system including at least two participants, and the method includes:
the at least two participants negotiate to generate a service identity and a service rule certificate, wherein the service rule certificate comprises a distributed identity and a transaction address of each participant of the service, and the transaction addresses of the participants in different services are different;
the at least two parties generate an intelligent contract according to the business identity and the business rule certificate;
and the at least two participants carry out business processing according to the intelligent contract.
In one possible implementation, when the at least two parties include a first party and at least one second party, the at least two parties negotiate to generate a business identity and a business rule credential, including:
the first party generates a business identity and an initial rule certificate, wherein the initial rule certificate comprises distributed identity identifications of all parties of the business and a first transaction address of the first party;
the first party sends the service identity and the initial rule certificate to the at least one second party, signs the initial rule certificate and links the service identity together;
the second party checks the initial rule certificate according to the service identity, and after the check is successful, address related information is sent to the first party, wherein the address related information is used for representing a second transaction address of the second party;
and the first party adds a second transaction address of the at least one second party to the initial rule certificate to obtain the business rule certificate.
In a possible implementation manner, the sending address-related information to the first party after the successful signature verification includes:
after the signature verification is successful, the second participant sends a second public key of the second participant to the first participant, so that the first participant generates the second transaction address according to the second public key; alternatively, the first and second electrodes may be,
after the successful signature verification, the second participant sends a second public key and a second transaction address of the second participant to the first participant.
In a possible implementation manner, the initial rule credential further includes a first public key of the first participant;
the signing the initial rule certificate and then chaining together with the service identity comprises: the first party signs the initial rule certificate according to a first private key of the first party, and the signature of the initial rule certificate and the service identity are linked together;
the second party checks the initial rule certificate according to the service identity, and the method comprises the following steps: and the second party reads the first public key from the received initial rule certificate, acquires the signature of the initial rule certificate from the chain according to the service identity, and verifies the signature of the initial rule certificate according to the first public key.
In one possible implementation, the generating, by the at least two parties, an intelligent contract according to the business rule credentials includes:
the first party sends the business identity and the business rule certificate to the at least one second party;
the first participant and the at least one second participant generate the smart contract.
In one possible implementation, the method further includes:
and the first party signs the service rule certificate and then links the service rule certificate and the service identity together, and links the authority group consisting of the first transaction address and the second transaction address.
In one possible implementation, the at least two parties perform business processing according to the intelligent contract, including:
the first party acquires a second transaction address of the second party and detects whether the second transaction address is in the permission group;
if the second transaction address is in the permission group, the first participant sends the service identity, first service data and a first public key of the first participant to the second transaction address, generates a first service data certificate according to the first service data, signs the first service data certificate according to a first private key of the first participant, and then links the first service data certificate and the service identity together;
and the second party acquires the signature of the first service data certificate from the chain according to the service identity, and determines to receive the first service data after successfully verifying the signature of the first service data certificate according to the first public key.
In one possible implementation, the at least two parties perform business processing according to the intelligent contract, including:
the second party acquires a first transaction address of the first party and detects whether the first transaction address is in the permission group;
if the first transaction address is in the permission group, the second party sends the service identity, second service data and a second public key of the second party to the first transaction address, generates a second service data certificate according to the second service data, signs the second service data certificate according to a second private key of the second party and then links the second service data certificate and the service identity together;
and the first participant acquires the signature of the second service data certificate from the chain according to the service identity, and determines to receive the second service data after successfully verifying the signature of the second service data certificate according to the second public key.
In one possible implementation, the at least two parties perform business processing according to the intelligent contract, including:
the second participant acquires second transaction addresses of other second participants and detects whether the second transaction addresses are in the permission group;
if the second transaction address is in the permission group, the second participant sends the service identity, third service data and a second public key of the second participant to the second transaction address, generates a third service data certificate according to the third service data, signs the third service data certificate according to a second private key of the second participant, and then links the third service data certificate and the service identity together;
and the other second participants acquire the signature of the third service data certificate from the chain according to the service identity, and determine to receive the third service data after successfully verifying the signature of the third service data certificate according to the second public key.
In one aspect, a service processing system based on a block chain is provided, where the service processing system includes at least two participants:
the at least two parties are used for negotiating and generating a service identity and a service rule certificate, the service rule certificate comprises distributed identity identifications and transaction addresses of the parties participating in the service, and the transaction addresses of the parties in different services are different;
the at least two parties are used for generating an intelligent contract according to the business identity and the business rule certificate;
and the at least two participants are used for carrying out service processing according to the intelligent contract.
The technical scheme provided by the embodiment of the application has the beneficial effects that at least:
at least two participators in the business processing system can negotiate to generate a business identity and a business rule voucher, and the business rule voucher comprises a distributed identity and a transaction address of each participator of the business, so an intelligent contract can be generated according to the business identity and the business rule voucher, and then business processing is carried out according to the intelligent contract. Firstly, the business rule voucher is generated by negotiation of each participant, so that various heterogeneous systems can follow a uniform rule to carry out business cooperation and carry out identity mutual authentication. Secondly, the transaction addresses of the participators in different services are different, so the identities of the participators and the service rule certificates only flow in the range of specific services, and the participators can realize the privacy protection of the identities and the service data in the service processing process. Finally, based on the characteristics that the block chain cannot be tampered, multiple parties are consistent and historical data can be traced, the service operation in the service processing process can be traced, the data right is clear, repeated verification of identity and service data is reduced, uplink maintenance can be performed on identities of participants and service rule certificates, and the purposes of storing, verifying and managing are achieved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for processing a service based on a block chain according to an embodiment of the present application;
fig. 2 is a flowchart of a method for processing a service based on a block chain according to an embodiment of the present application;
FIG. 3 is a flow diagram of a method for a first party to transact with a second party according to one embodiment of the present application;
FIG. 4 is a flow diagram of a method for a second party to trade with a first party, as provided by one embodiment of the present application;
FIG. 5 is a flow diagram of a method for a second party to transact with another second party provided by one embodiment of the present application;
fig. 6 is a block diagram of a service processing system based on a block chain according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present application more clear, the embodiments of the present application will be further described in detail with reference to the accompanying drawings.
Referring to fig. 1, a flowchart of a method for processing a service based on a blockchain according to an embodiment of the present application is shown, where the method for processing a service based on a blockchain can be applied to a service processing system, and the service processing system includes at least two participants. The service processing method based on the block chain can comprise the following steps:
step 101, at least two parties negotiate to generate a service identity and a service rule certificate, where the service rule certificate includes a distributed identity and a transaction address of each party of the service, and the transaction addresses of the parties in different services are different.
Wherein, the participant may be a computer device used by the participating user, including but not limited to a smart phone, a personal computer, a tablet computer, a server.
In this embodiment, each service may be given a service identity and a service credential based on the distributed digital identity. The service identity can be represented by a service identifier (service ID), which is a service-unique identity tag and can be used for chaining credit. The business certificate comprises a business rule certificate and a business data certificate, and can link a chain deposit certificate. The business rule certificate is used for packaging participant information and can also be used for packaging rule authority to realize identity verification and transaction management in the transaction process; the business data certificate is used for packaging data related information of business data of transactions among different parties and is used for realizing data verification in the transaction process. A business may have one business rule credential and multiple business data credentials.
It should be noted that, the participant information in the service rule credential may include Distributed Identities (DID) of the participants and transaction addresses of the participants, and the rule authority at least includes the transaction rule and the operation authority of each participant, and may also include other information, which is not limited in this embodiment.
The transaction addresses of the participants are randomly generated, and the transaction addresses generated in different services are different, so that the identities of the participants cannot be deduced according to the transaction addresses, and the identities of the participants can be guaranteed not to be leaked.
And 102, generating an intelligent contract by at least two parties according to the business identity and the business rule certificate.
Smart contracts are computer protocols that propagate, verify, or execute contracts in an informational manner, and smart contracts allow for trusted transactions that are traceable and irreversible without third parties.
And 103, at least two parties carry out service processing according to the intelligent contract.
The participator can send the transaction to the transaction address of another participator according to the transaction rule and the operation authority and the like specified by the intelligent contract, thereby realizing the service processing.
In summary, in the service processing method based on the block chain provided in the embodiment of the present application, at least two parties in the service processing system may negotiate to generate a service identity and a service rule voucher, and since the service rule voucher includes the distributed identity and the transaction address of each party of the service, an intelligent contract may be generated according to the service identity and the service rule voucher, and then service processing may be performed according to the intelligent contract. Firstly, the business rule voucher is generated by negotiation of each participant, so that various heterogeneous systems can follow a uniform rule to carry out business cooperation and carry out identity mutual authentication. Secondly, the transaction addresses of the participants in different services are different, so that the identities of the participants and the service rule certificates only flow in the range of specific services, and the participants can realize the privacy protection of the identities and service data in the service processing process. Finally, based on the characteristics that the block chain cannot be tampered, multiple parties are consistent and historical data can be traced, the service operation in the service processing process can be traced, the data right is clear, repeated verification of identity and service data is reduced, uplink maintenance can be performed on identities of participants and service rule certificates, and the purposes of storing, verifying and managing are achieved.
Referring to fig. 2, a flowchart of a method for processing a service based on a blockchain according to an embodiment of the present application is shown, where the method for processing a service based on a blockchain can be applied to a service processing system, and the service processing system includes a first participant and at least one second participant. The service processing method based on the block chain can comprise the following steps:
in step 201, a first party generates a service identity and an initial rule credential, where the initial rule credential includes distributed identities of the respective parties of the service and a first transaction address of the first party.
In this embodiment, the party initiating the service is referred to as a first party, and the party participating in the service is referred to as a second party.
The first party can acquire the distributed identity of the first party and each second party; randomly generating a first public and private key pair, and generating a first transaction address according to a first public key in the first public and private key pair; and generating a service identity and an initial rule certificate according to a standard protocol of W3C (World Wide Web Consortium), wherein the initial rule certificate comprises distributed identities of all the participants and a first transaction address of the first participant.
Optionally, the first party may also negotiate with each second party offline to obtain a transaction rule and an operation right, and add the transaction rule and the operation right as rule rights to the initial rule credential.
Step 202, the first party sends the service identity and the initial rule certificate to at least one second party, and the initial rule certificate is signed and then linked up together with the service identity.
The signing of the initial rule certificate and the common chaining of the service identity may include: the first party signs the initial rule certificate according to a first private key of the first party, and the signature of the initial rule certificate and the service identity are linked together.
Specifically, the first participant may generate a digest according to the initial rule credential, sign the digest according to the first private key, and send the obtained signature and the service identity of the initial rule credential to the blockchain network.
And 203, the second party checks the initial rule certificate according to the service identity, and after the check is successful, address related information is sent to the first party, wherein the address related information is used for expressing a second transaction address of the second party.
The initial rule certificate further includes a first public key of a first participant, so that a second participant checks the initial rule certificate according to the service identity, and the method may include: and the second party reads the first public key from the received initial rule certificate, acquires the signature of the initial rule certificate from the chain according to the service identity, and verifies the signature of the initial rule certificate according to the first public key.
The second party can receive the service identity and the initial rule certificate sent by the first party, obtain the signature of the initial rule certificate from the block chain network according to the service identity, decrypt the signature according to the first public key to obtain an abstract, compare whether the abstract is the same as the abstract generated according to the received initial rule certificate, if so, consider that the initial rule certificate is not tampered, and determine that the signature verification is successful; and if the two rules are different, the initial rule certificate is considered to be tampered, and the signature verification failure is determined.
If the signature verification is successful, the second party can confirm the transaction rule and the operation authority, and after the confirmation is correct, the second party needs to provide the second transaction address to the first party.
In the first sending method, after the signature verification is successful, the second party sends the second public key of the second party to the first party, so that the first party generates the second transaction address according to the second public key. That is, the first party, upon receiving the second public key, may generate the second transaction address based on the second public key.
In a second sending method, after the signature verification is successful, the second party sends the second public key and the second transaction address of the second party to the first party. In this way, the first party may receive the second transaction address directly.
Step 204, the first party adds a second transaction address of at least one second party in the initial rule certificate to obtain a business rule certificate.
The first party may collect all the second transaction addresses sent by the second party, and add all the second transaction addresses to the initial rule credential to obtain the business rule credential. At this point, the business rule credential includes distributed identities and transaction addresses of the various parties to the business. Optionally, the business rule certificate may further include a rule authority.
Optionally, the first party may further aggregate all the second public keys sent by the second party, and add all the second public keys to the business rule credential.
Step 205, the first party sends the business identity and the business rule certificate to at least one second party.
In step 206, the first party signs the business rule certificate and links the business rule certificate with the business identity together, and links the authority group consisting of the first transaction address and the second transaction address.
The first participant can generate a summary according to the business rule certificate, sign the summary according to the first private key, and send the obtained signature and the business identity of the business rule certificate to the blockchain network.
It should be noted that the first party may also maintain the status of the service identity and the service rule credential, for example, stop the service.
The first participant can also form the first transaction address and all the second transaction addresses into an authority group, and the authority group is sent to the blockchain network for verifying the data operation authority of each transaction.
In step 207, the first party and the at least one second party generate an intelligent contract.
The first participant may trigger the generation of an intelligent contract that takes effect upon confirmation by all second participants.
And step 208, at least two parties carry out business processing according to the intelligent contract.
The participator can send the transaction to the transaction address of another participator according to the transaction rule and the operation authority and the like specified by the intelligent contract, thereby realizing the service processing.
In summary, in the service processing method based on the block chain provided in the embodiment of the present application, at least two parties in the service processing system may negotiate to generate a service identity and a service rule voucher, and since the service rule voucher includes the distributed identity and the transaction address of each party of the service, an intelligent contract may be generated according to the service identity and the service rule voucher, and then service processing may be performed according to the intelligent contract. Firstly, the business rule voucher is generated by negotiation of each participant, so that various heterogeneous systems can follow a uniform rule to carry out business cooperation and carry out identity mutual authentication. Secondly, the transaction addresses of the participants in different services are different, so that the identities of the participants and the service rule certificates only flow in the range of specific services, and the participants can realize the privacy protection of the identities and service data in the service processing process. Finally, based on the characteristics that the block chain cannot be tampered, multiple parties are consistent and historical data can be traced, the service operation in the service processing process can be traced, the data right is clear, repeated verification of identity and service data is reduced, uplink maintenance can be performed on identities of participants and service rule certificates, and the purposes of storing, verifying and managing are achieved.
The embodiments shown in fig. 1 and 2 describe the process of service creation, and after the service creation is completed, each participant in the service processing system can perform service processing according to an intelligent contract. The business processing may include three transaction manners, the first transaction manner is that a first party sends a transaction to a second party, the second transaction manner is that the second party sends a transaction to the first party, and the third transaction manner is that the second party sends a transaction to other second parties.
Referring to fig. 3, a flow chart of a method for a first party to send a transaction to a second party is shown, in which case, a business process flow may include the following steps:
step 301, the first party obtains a second transaction address of the second party, and detects whether the second transaction address is in the permission group.
The first party may verify the identity of the second party by detecting whether the second transaction address is in the set of permissions.
Step 302, if the second transaction address is in the permission group, the first party sends the service identity, the first service data and the first public key of the first party to the second transaction address, generates a first service data certificate according to the first service data, and links together with the service identity after signing the first service data certificate according to the first private key of the first party.
When the business only comprises one transaction, the first participant sends the business identity, the first business data and the first public key of the first participant to the second transaction address, generates a first business data certificate according to the first business data, signs the first business data certificate according to the first private key of the first participant, and then links the business identity together.
When the business comprises multiple transactions, the first participant can also generate a transaction identifier for the current transaction, and the transaction identifier is used for identifying one transaction. At this time, step 302 may be specifically implemented as: the first participant sends a service identity, a transaction identifier, first service data and a first public key of the first participant to a second transaction address, generates a first service data certificate according to the first service data, signs the first service data certificate according to a first private key of the first participant, and links the first service data certificate with the service identity and the transaction identifier together.
Specifically, the first participant may generate an abstract according to the first service data to obtain a first service data certificate, sign the first service data certificate according to the first private key, and send the signature, the service identity, and the transaction identifier of the obtained first service data certificate to the blockchain network.
Step 303, the second party obtains the signature of the first service data certificate from the chain according to the service identity, and determines to receive the first service data after successfully verifying the signature of the first service data certificate according to the first public key.
The second party may verify the authenticity of the first business data by signing the signature of the first business data credential.
Specifically, when the second party only receives the service identity, the signature of the first service data certificate can be obtained from the chain according to the service identity; when the second party receives the service identity and the transaction identifier, the signature of the first service data certificate may be obtained from the chain according to the service identity and the transaction identifier. The second party decrypts the signature according to the first public key to obtain an abstract, compares whether the abstract is the same as the abstract generated according to the received first service data, if so, considers that the first service data is not tampered, determines that the signature verification is successful, and receives the first service data; and if the first service data are different from the second service data, the first service data are considered to be tampered, the label checking failure is determined, and the first service data are discarded.
Referring to fig. 4, a flowchart of a method for the second party to send a transaction to the first party is shown, in which case, the business process flow may include the following steps:
step 401, the second party acquires the first transaction address of the first party, and detects whether the first transaction address is in the permission group.
The second party may verify the identity of the first party by detecting whether the first transaction address is in the set of permissions.
Step 402, if the first transaction address is in the permission group, the second party sends the service identity, the second service data and a second public key of the second party to the first transaction address, generates a second service data certificate according to the second service data, signs the second service data certificate according to a second private key of the second party, and links the second service data certificate and the service identity together.
When the business only comprises one transaction, the second participant sends the business identity, the second business data and a second public key of the second participant to the first transaction address, generates a second business data certificate according to the second business data, signs the second business data certificate according to a second private key of the second participant, and then links the second business data certificate and the business identity together.
When the business comprises multiple transactions, the second participant can also generate a transaction identifier for the current transaction, and the transaction identifier is used for identifying one transaction. At this time, step 402 may be specifically implemented as: the second party sends the business identity, the transaction identifier, the second business data and a second public key of the second party to the first transaction address, generates a second business data certificate according to the second business data, signs the second business data certificate according to a second private key of the second party, and links the second business data certificate with the business identity and the transaction identifier together.
Specifically, the second party may generate an abstract according to the second service data to obtain a second service data certificate, sign the second service data certificate according to a second private key, and send the obtained signature, the service identity, and the transaction identifier of the second service data certificate to the blockchain network.
And step 403, the first participant acquires the signature of the second service data certificate from the chain according to the service identity, and determines to receive the second service data after successfully verifying the signature of the second service data certificate according to the second public key.
The first party may verify the authenticity of the second transaction data by signing the signature of the second transaction data credential.
Specifically, when the first party receives only the service identity, the signature of the second service data certificate may be obtained from the chain according to the service identity; when the first party receives the service identity and the transaction identifier, the signature of the second service data certificate may be obtained from the chain according to the service identity and the transaction identifier. The first participant decrypts the signature according to the second public key to obtain an abstract, compares whether the abstract is the same as the abstract generated according to the received second service data, if so, considers that the second service data is not falsified, determines that the signature verification is successful, and receives the second service data; and if the two service data are different, the second service data are considered to be tampered, the label verification failure is determined, and the second service data are discarded.
Referring to fig. 5, a flowchart of a method for a second party to send a transaction to other second parties is shown, in which case, a business process flow may include the following steps:
step 501, the second party acquires the second transaction addresses of other second parties, and detects whether the second transaction addresses are in the permission group.
The second party may verify the identity of the other second parties by detecting whether the second transaction address is in the set of permissions.
Step 502, if the second transaction address is in the permission group, the second party sends the service identity, the third service data and the second public key of the second party to the second transaction address, generates a third service data certificate according to the third service data, and links together with the service identity after signing the third service data certificate according to the second private key of the second party.
When the business only comprises one transaction, the second participant sends the business identity, the third business data and the second public key of the second participant to the second transaction address, generates a third business data certificate according to the third business data, signs the third business data certificate according to the second private key of the second participant, and then links the business identity together.
When the business comprises multiple transactions, the second participant can also generate a transaction identifier for the current transaction, and the transaction identifier is used for identifying one transaction. In this case, step 502 may be implemented as: and the second participant sends the service identity, the transaction identifier, the third service data and a second public key of the second participant to a second transaction address, generates a third service data certificate according to the third service data, signs the third service data certificate according to a second private key of the second participant, and links the third service data certificate with the service identity and the transaction identifier together.
Specifically, the second party may generate an abstract according to the third service data to obtain a third service data certificate, sign the third service data certificate according to the second private key, and send the signature, the service identity, and the transaction identifier of the obtained third service data certificate to the blockchain network.
Step 503, the other second party obtains the signature of the third service data certificate from the chain according to the service identity, and determines to receive the third service data after successfully verifying the signature of the third service data certificate according to the second public key.
The other second party can verify the authenticity of the third service data by checking the signature of the third service data certificate.
Specifically, when the other second party only receives the service identity, the signature of the third service data certificate can be obtained from the chain according to the service identity; when the other second party receives the service identity and the transaction identifier, the signature of the third service data certificate can be obtained from the chain according to the service identity and the transaction identifier. The other second participants decrypt the signature according to the received second public key to obtain an abstract, then whether the abstract is the same as the abstract generated according to the received third service data is compared, if the abstract is the same as the abstract, the third service data is considered not to be falsified, the signature verification is determined to be successful, and the third service data is received; and if the third service data are different, the third service data are considered to be tampered, the label verification is determined to be failed, and the third service data are discarded.
Referring to fig. 6, a block diagram of a service processing system based on a block chain according to an embodiment of the present application is shown, where the service processing system based on a block chain may include at least two parties:
the business rule certificate comprises distributed identity marks and transaction addresses of all the participants of the business, and the transaction addresses of the participants in different businesses are different;
the at least two parties are used for generating an intelligent contract according to the business identity and the business rule certificate;
and the at least two participants are used for carrying out service processing according to the intelligent contract.
In an alternative embodiment, when the at least two parties include a first party 610 and at least one second party 620, the first party 610 is configured to generate a business identity and an initial rule credential, the initial rule credential including a distributed identity of the respective parties 610 to the business and a first transaction address of the first party 610;
the first participant 610 is further configured to send a service identity and an initial rule credential to at least one second participant 620, and uplink is jointly performed with the service identity after the initial rule credential is signed;
the second party 620 is configured to check and sign the initial rule credential according to the service identity, and send address-related information to the first party 610 after the check and sign are successful, where the address-related information is used to indicate a second transaction address of the second party 620;
the first party 610 is further configured to add a second transaction address of at least one second party 620 to the initial rule certificate to obtain a business rule certificate.
In an optional embodiment, after the signature verification is successful, the second party 620 is further configured to send the second public key of the second party 620 to the first party 610, so that the first party generates a second transaction address according to the second public key; alternatively, after the successful verification, the second party 620 is further configured to send the second public key and the second transaction address of the second party 620 to the first party 610.
In an alternative embodiment, the initial rule credential further includes a first public key of the first party 610; the first participant 610 is further configured to sign the initial rule credential according to a first private key of the first participant 610, and chain up the signature of the initial rule credential and the service identity together;
the second party 620 is further configured to read the first public key from the received initial rule credential, obtain the signature of the initial rule credential from the chain according to the service identity, and verify the signature of the initial rule credential according to the first public key.
In an alternative embodiment, the first participant 610 is further configured to send the business identity and the business rule credential to at least one second participant 620;
the first participant 610 and the at least one second participant 620 are also used to generate an intelligent contract.
In an optional embodiment, the first participant 610 is further configured to chain together the service rule certificate after signing the service rule certificate and the service identity, and to chain up a permission set composed of the first transaction address and the second transaction address.
In an optional embodiment, the first participant 610 is further configured to obtain a second transaction address of the second participant 620, and detect whether the second transaction address is in the permission group;
if the second transaction address is in the permission group, the first participant 610 is further configured to send the service identity, the first service data, and the first public key of the first participant 610 to the second transaction address, generate a first service data certificate according to the first service data, sign the first service data certificate according to the first private key of the first participant 610, and then link the first service data certificate together with the service identity;
the second party 620 is further configured to obtain the signature of the first service data credential from the chain according to the service identity, and determine to receive the first service data after the signature of the first service data credential is successfully verified according to the first public key.
In an optional embodiment, the second party 620 is further configured to obtain the first transaction address of the first party 610, and detect whether the first transaction address is in the permission group;
if the first transaction address is in the permission group, the second party 620 is further configured to send the service identity, the second service data and a second public key of the second party 620 to the first transaction address, generate a second service data certificate according to the second service data, sign the second service data certificate according to a second private key of the second party 620, and then link the second service data certificate together with the service identity;
the first participant 610 is further configured to obtain a signature of the second service data credential from the chain according to the service identity, and determine to receive the second service data after successfully verifying the signature of the second service data credential according to the second public key.
In an optional embodiment, the second party 620 is further configured to obtain a second transaction address of the other second party 620, and detect whether the second transaction address is in the permission group;
if the second transaction address is in the permission group, the second party 620 is further configured to send the service identity, the third service data and a second public key of the second party 620 to the second transaction address, generate a third service data certificate according to the third service data, sign the third service data certificate according to a second private key of the second party 620, and then link the third service data certificate together with the service identity;
the other second participants 620 are further configured to obtain a signature of the third service data credential from the chain according to the service identity, and determine to receive the third service data after successfully verifying the signature of the third service data credential according to the second public key.
In summary, in the service processing apparatus based on the block chain provided in this embodiment of the present application, at least two parties in the service processing system may negotiate to generate a service identity and a service rule voucher, and since the service rule voucher includes the distributed identity and the transaction address of each party of the service, an intelligent contract may be generated according to the service identity and the service rule voucher, and then service processing may be performed according to the intelligent contract. Firstly, the business rule voucher is generated by negotiation of each participant, so that various heterogeneous systems can follow a uniform rule to carry out business cooperation and carry out identity mutual authentication. Secondly, the transaction addresses of the participants in different services are different, so that the identities of the participants and the service rule certificates only flow in the range of specific services, and the participants can realize the privacy protection of the identities and service data in the service processing process. Finally, based on the characteristics that the block chain cannot be tampered, multiple parties are consistent and historical data can be traced, the service operation in the service processing process can be traced, the data right is clear, repeated verification of identity and service data is reduced, uplink maintenance can be performed on identities of participants and service rule certificates, and the purposes of storing, verifying and managing are achieved.
One embodiment of the present application provides a computer-readable storage medium, where at least one instruction is stored in the storage medium, and the at least one instruction is loaded and executed by a processor to implement the service processing method based on a block chain as described above.
One embodiment of the present application provides a participant, where the participant includes a processor and a memory, where the memory stores at least one instruction, and the instruction is loaded and executed by the processor to implement the service processing method based on the blockchain as described above.
It should be noted that: in the service processing system based on the block chain provided in the foregoing embodiment, when performing service processing based on the block chain, only the division of the functional modules is illustrated, and in practical applications, the function distribution may be completed by different functional modules according to needs, that is, the internal structure of the service processing system based on the block chain is divided into different functional modules to complete all or part of the functions described above. In addition, the block chain based service processing system provided in the foregoing embodiment and the block chain based service processing method embodiment belong to the same concept, and specific implementation processes thereof are detailed in the method embodiment and are not described herein again.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is not intended to limit the embodiments of the present application, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the embodiments of the present application should be included in the scope of the embodiments of the present application.

Claims (10)

1. A blockchain-based service processing method, for use in a service processing system including at least two participants, the method comprising:
the at least two participants negotiate to generate a service identity and a service rule certificate, wherein the service rule certificate comprises a distributed identity and a transaction address of each participant of the service, and the transaction addresses of the participants in different services are different;
the at least two parties generate an intelligent contract according to the business identity and the business rule certificate;
and the at least two participants carry out business processing according to the intelligent contract.
2. The method of claim 1, wherein when the at least two parties comprise a first party and at least one second party, the at least two parties negotiate to generate a business identity and a business rule credential, comprising:
the first party generates a business identity and an initial rule certificate, wherein the initial rule certificate comprises distributed identity identifications of all parties of the business and a first transaction address of the first party;
the first party sends the service identity and the initial rule certificate to the at least one second party, signs the initial rule certificate and links up the service identity together;
the second party checks the initial rule certificate according to the service identity, and after the check is successful, address related information is sent to the first party, wherein the address related information is used for representing a second transaction address of the second party;
and the first party adds a second transaction address of the at least one second party to the initial rule certificate to obtain the business rule certificate.
3. The method of claim 2, wherein sending address-related information to the first party after the successful signing check comprises:
after the signature verification is successful, the second participant sends a second public key of the second participant to the first participant, so that the first participant generates the second transaction address according to the second public key; alternatively, the first and second liquid crystal display panels may be,
after the successful signature verification, the second participant sends a second public key and a second transaction address of the second participant to the first participant.
4. The method of claim 2, wherein the initial rule credential further includes a first public key of the first party;
the signing the initial rule certificate and then chaining together with the service identity comprises: the first party signs the initial rule certificate according to a first private key of the first party, and the signature of the initial rule certificate and the service identity are linked together;
the second participant checks the initial rule certificate according to the service identity, and the method comprises the following steps: and the second party reads the first public key from the received initial rule certificate, acquires the signature of the initial rule certificate from the chain according to the service identity, and verifies the signature of the initial rule certificate according to the first public key.
5. The method of claim 2, wherein generating an intelligent contract by the at least two parties according to the business rule credentials comprises:
the first party sends the business identity and the business rule certificate to the at least one second party;
the first participant and the at least one second participant generate the smart contract.
6. The method of claim 2, further comprising:
and the first party signs the business rule certificate and links the business rule certificate and the business identity together, and links the authority group consisting of the first transaction address and the second transaction address.
7. The method of claim 6, wherein the at least two parties conduct business processes according to the intelligent contract, comprising:
the first party acquires a second transaction address of the second party and detects whether the second transaction address is in the permission group;
if the second transaction address is in the permission group, the first party sends the service identity, first service data and a first public key of the first party to the second transaction address, generates a first service data certificate according to the first service data, signs the first service data certificate according to a first private key of the first party, and then links the first service data certificate and the service identity together;
and the second party acquires the signature of the first service data certificate from the chain according to the service identity, and determines to receive the first service data after successfully verifying the signature of the first service data certificate according to the first public key.
8. The method of claim 6, wherein the at least two parties conduct business processes according to the intelligent contract, comprising:
the second party acquires a first transaction address of the first party and detects whether the first transaction address is in the permission group;
if the first transaction address is in the permission group, the second party sends the service identity, second service data and a second public key of the second party to the first transaction address, generates a second service data certificate according to the second service data, signs the second service data certificate according to a second private key of the second party, and then links the second service data certificate and the service identity together;
and the first participant acquires the signature of the second service data certificate from the chain according to the service identity, and determines to receive the second service data after successfully verifying the signature of the second service data certificate according to the second public key.
9. The method of claim 6, wherein the at least two parties conduct business processes according to the intelligent contract, comprising:
the second participant acquires second transaction addresses of other second participants and detects whether the second transaction addresses are in the permission group;
if the second transaction address is in the permission group, the second participant sends the service identity, third service data and a second public key of the second participant to the second transaction address, generates a third service data certificate according to the third service data, signs the third service data certificate according to a second private key of the second participant, and then links the third service data certificate and the service identity together;
and the other second participants acquire the signature of the third service data certificate from the chain according to the service identity, and determine to receive the third service data after successfully verifying the signature of the third service data certificate according to the second public key.
10. A blockchain based business processing system, the business processing system comprising at least two participants:
the at least two parties are used for negotiating and generating a service identity and a service rule certificate, the service rule certificate comprises distributed identity identifications and transaction addresses of the parties participating in the service, and the transaction addresses of the parties in different services are different;
the at least two parties are used for generating an intelligent contract according to the business identity and the business rule certificate;
and the at least two participants are used for carrying out service processing according to the intelligent contract.
CN202110566475.7A 2021-05-24 2021-05-24 Service processing method and system based on block chain Active CN113328854B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110566475.7A CN113328854B (en) 2021-05-24 2021-05-24 Service processing method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110566475.7A CN113328854B (en) 2021-05-24 2021-05-24 Service processing method and system based on block chain

Publications (2)

Publication Number Publication Date
CN113328854A CN113328854A (en) 2021-08-31
CN113328854B true CN113328854B (en) 2022-09-16

Family

ID=77416579

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110566475.7A Active CN113328854B (en) 2021-05-24 2021-05-24 Service processing method and system based on block chain

Country Status (1)

Country Link
CN (1) CN113328854B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113642048B (en) * 2021-09-17 2023-09-26 安徽高山科技有限公司 Contract transmission signature method for protecting privacy
CN114996694B (en) * 2022-08-01 2023-01-24 阿里云计算有限公司 Data fusion method, device, system and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032885A (en) * 2019-02-19 2019-07-19 阿里巴巴集团控股有限公司 Method, node and the storage medium of secret protection are realized in block chain
WO2019174430A1 (en) * 2018-03-14 2019-09-19 郑杰骞 Block chain data processing method, management terminal, user terminal, conversion device, and medium
CN110287726A (en) * 2019-06-13 2019-09-27 上海交通大学 A kind of multiple domain identity authentication management system and method based on block chain
CN110675265A (en) * 2019-09-29 2020-01-10 四川师范大学 Method for realizing block chain double-key hiding address protocol without temporary key leakage
CN111225001A (en) * 2020-03-12 2020-06-02 北京跨联元焕网络科技有限公司 Block chain decentralized communication method, electronic equipment and system
CN111445233A (en) * 2019-01-16 2020-07-24 延安医链区块链科技有限公司 Intelligent contract generation method based on medical block chain
CN112532613A (en) * 2020-11-25 2021-03-19 山东师范大学 Block chain address-based covert communication method
CN112804046A (en) * 2021-01-06 2021-05-14 中国科学院信息工程研究所 Carrier-free steganography method and system based on block chain private key mapping

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019174430A1 (en) * 2018-03-14 2019-09-19 郑杰骞 Block chain data processing method, management terminal, user terminal, conversion device, and medium
CN111445233A (en) * 2019-01-16 2020-07-24 延安医链区块链科技有限公司 Intelligent contract generation method based on medical block chain
CN110032885A (en) * 2019-02-19 2019-07-19 阿里巴巴集团控股有限公司 Method, node and the storage medium of secret protection are realized in block chain
CN110287726A (en) * 2019-06-13 2019-09-27 上海交通大学 A kind of multiple domain identity authentication management system and method based on block chain
CN110675265A (en) * 2019-09-29 2020-01-10 四川师范大学 Method for realizing block chain double-key hiding address protocol without temporary key leakage
CN111225001A (en) * 2020-03-12 2020-06-02 北京跨联元焕网络科技有限公司 Block chain decentralized communication method, electronic equipment and system
CN112532613A (en) * 2020-11-25 2021-03-19 山东师范大学 Block chain address-based covert communication method
CN112804046A (en) * 2021-01-06 2021-05-14 中国科学院信息工程研究所 Carrier-free steganography method and system based on block chain private key mapping

Also Published As

Publication number Publication date
CN113328854A (en) 2021-08-31

Similar Documents

Publication Publication Date Title
Ferrag et al. Blockchain technologies for the internet of things: Research issues and challenges
EP4120114A1 (en) Data processing method and apparatus, smart device and storage medium
CN110933108B (en) Data processing method and device based on block chain network, electronic equipment and storage medium
CN107231351B (en) Electronic certificate management method and related equipment
CN111046352B (en) Identity information security authorization system and method based on block chain
US11341466B2 (en) Transferring digital tickets based on blockchain networks
CN110601816B (en) Lightweight node control method and device in block chain system
CN113556339B (en) Privacy computing method supporting interaction of TEE computing power nodes in heterogeneous trusted execution environment
JP2022534023A (en) Computer-implemented system and method
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
CN113328854B (en) Service processing method and system based on block chain
CN114760071B (en) Zero-knowledge proof based cross-domain digital certificate management method, system and medium
CN112307125A (en) Signing method and device for realizing encrypted electronic contract based on block chain intelligent contract
CN114519206B (en) Method for anonymously signing electronic contract and signature system
CN115705601A (en) Data processing method and device, computer equipment and storage medium
CN116975810A (en) Identity verification method, device, electronic equipment and computer readable storage medium
CN113672988B (en) Information management method, system, medium and electronic equipment based on block chain
CN113206746A (en) Digital certificate management method and device
CN113468600B (en) Data authorization method, device and equipment
CN117056900B (en) Method for main body whole-flow trusted authentication in trusted data space
CN102546573A (en) Safety information interactive system and method based on internet
CN115526629A (en) Receipt transaction method and device based on block chain network and identity authentication device
CN117556401A (en) Electronic signature method and device based on third party platform
CN114021187A (en) Data processing system and method and electronic equipment
CN115208642A (en) Identity authentication method, device and system based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant