CN114693438B - Service processing method, device, electronic equipment and readable storage medium - Google Patents

Service processing method, device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN114693438B
CN114693438B CN202011557700.2A CN202011557700A CN114693438B CN 114693438 B CN114693438 B CN 114693438B CN 202011557700 A CN202011557700 A CN 202011557700A CN 114693438 B CN114693438 B CN 114693438B
Authority
CN
China
Prior art keywords
merchant
address
transaction
signature data
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011557700.2A
Other languages
Chinese (zh)
Other versions
CN114693438A (en
Inventor
王锐
吴霄汉
邓柯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Quality Starker Technology Co Ltd
Original Assignee
Chengdu Quality Starker Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Quality Starker Technology Co Ltd filed Critical Chengdu Quality Starker Technology Co Ltd
Priority to CN202011557700.2A priority Critical patent/CN114693438B/en
Publication of CN114693438A publication Critical patent/CN114693438A/en
Application granted granted Critical
Publication of CN114693438B publication Critical patent/CN114693438B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/407Cancellation of a transaction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the invention provides a service processing method, a device, electronic equipment and a readable storage medium, aiming at reducing the difficulty of service development. The service processing method comprises the following steps: obtaining a service message and analyzing the service message into a transaction, wherein the service message carries: user information of a target user of the service and merchant information of a target merchant initiating the service message are proposed; based on the user information and the merchant information, controlling an encryptor to sign the transaction by using a private key of the target user to obtain first signature data, and to sign the transaction and the first signature data by using a private key of the target merchant to obtain second signature data; submitting the transaction, the first signature data, and the second signature data to a blockchain network process.

Description

Service processing method, device, electronic equipment and readable storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a service processing method, a device, an electronic apparatus, and a readable storage medium.
Background
The block chain technology is realized on a block chain network, distributed node equipment (hereinafter referred to as nodes for short) in the block chain network realizes generation and consensus of block data by running a block chain program, finally realizes a tamper-proof mechanism of the data, and provides a safe and reliable technical new idea for service development.
The blockchain technology can be applied to various business scenes, such as financial field, electronic commerce field, commodity or raw material tracing field, electronic certificate storing field and the like, and can be used for developing business due to the fact that the blockchain technology realizes a data tamper-proof mechanism, so that the trust crisis among parties involved in the business can be solved.
In the related art, when a user performs a service by means of a blockchain network, a transaction structure supported by the blockchain network needs to be constructed, and then the transaction is submitted to the blockchain network for execution. However, the construction process of the transaction is time consuming due to the complex structure of the transaction. Users typically need to learn the blockchain technology and related specifications of the blockchain network in advance in order to construct a transaction. Therefore, for the user, when the block chain network is utilized to develop the service, the service development process is complex.
Disclosure of Invention
The embodiment of the invention aims to provide a service processing method, a device, electronic equipment and a readable storage medium, aiming at reducing the difficulty of service development. The specific technical scheme is as follows:
In a first aspect of an embodiment of the present invention, a service processing method is provided, where the method includes:
Obtaining a service message and analyzing the service message into a transaction, wherein the service message carries: user information of a target user of the service and merchant information of a target merchant initiating the service message are proposed;
Based on the user information and the merchant information, controlling an encryptor to sign the transaction by using a private key of the target user to obtain first signature data, and to sign the transaction and the first signature data by using a private key of the target merchant to obtain second signature data;
Submitting the transaction, the first signature data, and the second signature data to a blockchain network process.
In a second aspect of the embodiment of the present invention, there is provided a service processing apparatus, the apparatus including:
the message analysis module is used for obtaining a service message and analyzing the service message into a transaction, wherein the service message carries: user information of a target user of the service and merchant information of a target merchant initiating the service message are proposed;
The signature control module is used for controlling an encryptor to sign the transaction by utilizing the private key of the target user to obtain first signature data based on the user information and the merchant information, and signing the transaction and the first signature data by utilizing the private key of the target merchant to obtain second signature data;
And the transaction submitting module is used for submitting the transaction, the first signature data and the second signature data to a blockchain network for processing.
In a third aspect of the embodiments of the present invention, there is provided an electronic device including a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory perform communication with each other through the communication bus;
the memory is used for storing a computer program;
The processor is configured to implement the service processing method provided by any embodiment of the present invention when executing the program stored in the memory.
In a fourth aspect of the embodiments of the present invention, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the service processing method provided by any of the embodiments of the present invention.
In the invention, when a user or a merchant performs business, the user or the merchant does not need to manually construct the transaction, and can simply send out a business message. After receiving the service message, the execution body automatically analyzes the service message into a transaction. In addition, in order to enable the blockchain network to verify the validity of the transaction after the transaction is submitted to the blockchain network, after the transaction is analyzed, the executing body can sign the transaction by utilizing an encryption machine, and then the executing body submits the transaction and the corresponding signature to the blockchain network for processing.
In the invention, the private key is managed and signed by the encryptor, which is beneficial to ensuring the security of the private key and improving the reliability of the signature compared with the private key and signed by a software mode.
In the signing process, firstly, a private key of a target user is utilized to sign a transaction to obtain first signature data, and the target user is a service provider; and then signing the transaction and the first signature data by using the private key of the target merchant to obtain second signature data, wherein the target merchant is a party for receiving the service and also a party for initiating the service message. Therefore, the invention carries out nested signature on the transaction from the user level and the merchant level, and the nested signature data can be used as the basis for auditing the user behavior and the merchant behavior in the later period, so that the business development process has the characteristic of being audited.
It should be further noted that, the execution body of the present invention submits the transaction, the first signature data and the second signature data to the blockchain network for processing, so that the blockchain network can verify the merchant signature and the user signature according to the second signature data, and can also independently verify the user signature according to the first signature data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It is evident that the drawings in the following description are only some embodiments of the present invention and that other drawings may be obtained from these drawings by those of ordinary skill in the art without inventive effort.
Fig. 1 is a schematic diagram of a service processing method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a signature according to an embodiment of the present invention;
Fig. 3 is a schematic diagram of a service processing method according to another embodiment of the present invention;
FIG. 4 is a schematic diagram of controlling an encryptor to sign according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of controlling an encryptor to sign according to another embodiment of the present invention;
FIG. 6 is a schematic diagram of controlling an encryptor to sign according to another embodiment of the present invention;
Fig. 7 is a schematic diagram of a service processing apparatus according to an embodiment of the present invention;
Fig. 8 is a schematic diagram of an electronic device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It will be apparent that the described embodiments are some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The block chain technology is realized on a block chain network, distributed node equipment (hereinafter referred to as nodes for short) in the block chain network realizes generation and consensus of block data by running a block chain program, finally realizes a tamper-proof mechanism of the data, and provides a safe and reliable technical new idea for service development.
In the related art, when a user performs a service by means of a blockchain network, a transaction structure supported by the blockchain network needs to be constructed, and then the transaction is submitted to the blockchain network for execution. However, the construction process of the transaction is time consuming due to the complex structure of the transaction. Users typically need to learn the blockchain technology and related specifications of the blockchain network in advance in order to construct a transaction. Therefore, for the user, when the block chain network is utilized to develop the service, the service development process is complex.
In view of this, the present invention proposes a service processing method, a device, an electronic apparatus, and a readable storage medium, which aim to reduce the difficulty of service development.
Referring to fig. 1, fig. 1 is a schematic diagram of a service processing method according to an embodiment of the present invention. The execution subject of the present invention may be middleware, in other words, the service processing method may be executed by the middleware. In the following, the present invention will take the example that the execution body is a middleware, and a service processing method will be described.
As shown in fig. 1, the middleware obtains a service message and parses the service message into a transaction.
Alternatively, in some embodiments, middleware may be deployed between the application and the blockchain network. The application program is used for responding to merchant operations (such as operations of bank staff) and sending service messages to the middleware. After receiving the service message, the middleware analyzes the service message into a transaction. The application program may be a business application program such as a bond management program, an ABS asset management program, a fund management program, or a monitoring application program such as a transaction auditing program, a transaction supervision program, a network maintenance program.
Or alternatively, in some embodiments, middleware may be deployed between the message conversion process and the blockchain network. The message conversion program is used for receiving a message (for example swift message) sent by the application program, calling preset conversion logic, converting the message into a service message, and then sending the converted service message to the middleware. After receiving the service message, the middleware analyzes the service message into a transaction.
Optionally, in some embodiments, the service packet carries a service type identifier, where the service type identifier is used to indicate a service type of the service packet used for processing.
To facilitate understanding, a user may make a business request to an open bank, for example, assuming that the user is ready to rollback assets hosted in the smart contract to an account. The bank responds to the service request and sends a service message for returning the asset to the middleware through the application program of the service request, wherein the service type carried by the service message is identified as SMTC, and the SMTC indicates that the service message is used for returning the asset.
Or, for example, assuming that a user is ready to transfer to another user, the user may make a service request to the bank where the account was opened. The bank responds to the service request and sends a service message for transferring accounts to the middleware through an application program of the bank, wherein the service type carried by the service message is identified as SMTT, and the SMTT indicates that the service message is used for transferring accounts.
In addition, the middleware is preset with a plurality of message analysis strategies for analyzing the service messages, each message analysis strategy corresponds to one service type identifier respectively and is used for analyzing the service messages containing the corresponding service type identifier so as to obtain one or more transactions related to the corresponding service types.
After the middleware receives the service message, in order to parse the service message into a transaction, the middleware can read the service type identifier from the service message, and search a message parsing policy corresponding to the service type identifier from a plurality of preset message parsing policies by taking the read service type identifier as an index. And the middleware analyzes the service message into a plurality of transactions based on the searched message analysis strategy.
In particular, a message parsing policy is actually a section of computer program, and middleware executes the message parsing policy by running the section of computer program.
The message analysis strategy is at least used for limiting the message analysis operation as follows:
1. The transaction quantity required to be analyzed by the business message and the transaction type of each transaction;
2. defining transaction data which each transaction needs to carry; and for each transaction data, defining which field of the traffic message the transaction data is to be retrieved from in particular, and defining which field of the traffic template the transaction data is to be populated into.
For ease of understanding, the middleware, upon receiving a certain service packet, reads a service type identifier from the service packet, and assumes that the read service type identifier is SMTC. And then, the middleware takes the service type identifier SMTC as an index, searches a message analysis strategy corresponding to the service type identifier SMTC from a plurality of preset message analysis strategies, and assumes that the found message analysis strategy is X. Then, the message middleware analyzes the service message based on the message analysis strategy X.
The message parsing policy X defines the following operations:
1. resolving the business message into 2 transactions, wherein the 2 transactions are respectively an asset rollback transaction r and a contract freezing transaction f;
2-1, reading transaction codes from 21 st to 100 th fields of the service message and filling the read transaction codes into 11 th to 90 th fields of the transaction template r when constructing the asset rollback transaction r; reading contract addresses from the 5 th and 6 th fields of the business message, and filling the read contract addresses into the 9 th and 10 th fields of the transaction template r; and (3) filling the transaction template r of the transaction data to form an asset rollback transaction r.
2-2, Reading the transaction code from the 106 th to 150 th fields of the service message when constructing the contract frozen transaction f, and filling the read transaction code into the 11 th to 55 th fields of the transaction template f; reading contract addresses from the 5 th and 6 th fields of the business message, and filling the read contract addresses into the 9 th and 10 th fields of the transaction template f; and (3) filling the transaction template f of the transaction data to form a contract freezing transaction f.
It should be noted that the specific data (such as service type identifier, transaction number, transaction data, field number, etc.) referred to in the above examples are only illustrative examples. During actual implementation of the invention, the actual data involved may be the same as or different from the data in the examples described above.
It should be further noted that the above limitation of the message parsing policy to the message parsing operation is merely an example. Any modifications, equivalent substitutions, improvements, or the like, which are within the spirit and principles of the examples described above, are intended to be included within the scope of the present invention.
In the invention, the service message also carries: user information of a target user of the service and merchant information of a target merchant initiating the service message are provided. For ease of understanding, assuming, by way of example, that user a1 has opened an account at bank a for which user a1 is ready to conduct business, user a1 may submit a business request to bank a. And the bank A responds to the service request, generates a service message and sends the service message to the middleware. The service message carries user information of a user a1 and merchant information of a bank A, wherein the user a1 is a target user for providing service, and the bank A is a target merchant for initiating the service message.
In the invention, after the middleware analyzes the business message into the transaction, the transaction is submitted to the blockchain network for execution. But in order for the blockchain network to verify the validity of the transaction after it has been submitted to the blockchain network, the middleware may perform a signing operation on the transaction after it has been parsed out.
As shown in fig. 1, after the middleware parses the service message into a transaction, based on user information and merchant information carried by the service message, the encryptor is controlled to sign the transaction by using the private key of the target user to obtain first signature data, and sign the transaction and the first signature data by using the private key of the target merchant to obtain second signature data.
For ease of understanding, referring to fig. 2, fig. 2 is a schematic signature diagram according to an embodiment of the present invention. When the encryptor signs, firstly, a private key of a target user is utilized to sign a transaction tx, so as to obtain first signature data (namely, a user signature). And then signing the transaction tx and the whole first signature data by utilizing the private key of the target merchant to obtain second signature data.
In the invention, the private key is managed and signed by the encryptor, which is beneficial to ensuring the security of the private key and improving the reliability of the signature compared with the private key and signing by a software mode.
In addition, in the invention, the private key of the target user is utilized to sign the transaction to obtain the first signature data, the target user is the user initiating the service message, and then the private key of the target merchant is utilized to sign the transaction and the first signature data to obtain the second signature data, and the target merchant is the merchant to which the target user belongs. Therefore, the invention carries out nested signature on the transaction from the user level and the merchant level, and the nested signature data can be used as the basis for auditing the user behavior and the merchant behavior in the later period, so that the business development process has the characteristic of being audited.
As shown in fig. 1, the middleware submits the transaction, the first signature data, and the second signature data to the blockchain network for processing.
When the method is implemented, after the middleware obtains the first signature data and the second signature data output by the encryptor, the transaction, the first signature data and the second signature data are submitted to the blockchain network for processing. The blockchain network may also document the first signature and the second signature in addition to processing the transaction.
By executing the business processing method shown in fig. 1, a user or a merchant does not need to manually construct a transaction when carrying out business, and can simply send out a business message. After receiving the service message, the middleware automatically analyzes the service message into a transaction, controls the encryption machine to conduct nested signature on the transaction, and submits the transaction and the corresponding signature to the blockchain network for processing. Therefore, the business processing method provided by the invention effectively simplifies the difficulty of the user in developing the business and is beneficial to improving the user experience.
In addition, the middleware submits the transaction, the first signature data and the second signature data to the blockchain network for processing, so that the blockchain network can verify the merchant signature and the user signature according to the second signature data, and can also independently verify the user signature according to the first signature data. It can be seen that the middleware provides sufficient data support for the different signing policies of the blockchain network.
It should be noted that, each of the above-mentioned processing flows of the middleware may be regarded as a plurality of functional modules of the middleware, such as a message parsing module, a signature control module, and a transaction submitting module. The functional modules of the middleware can be all deployed in one device or distributed among two or more devices. For simplifying the drawing, only the processing flow of the middleware is shown in fig. 1, and each processing flow of the middleware is not shown, and is specifically executed by that device.
For example, the message parsing module and the transaction submitting module of the middleware may be deployed in a first device, and the signature control module of the middleware may be deployed in a second device. After receiving the service message, the first device analyzes the service message into a transaction by using a message analysis module. And the first equipment sends the user information, the merchant information and the analyzed transaction carried by the service message to the second equipment. And after the second equipment receives the user information, the merchant information and the transaction, the signature control module is utilized to control the local encryption machine of the second equipment to execute the signature operation. After the encryptor outputs the first signature data and the second signature data to the second device, the second device transmits the first signature data and the second signature data to the first device. And after the first equipment receives the first signature data and the second signature data, the transaction, the first signature data and the second signature data are submitted to the blockchain network for processing by utilizing a transaction submitting module. When information is transmitted between the first device and the second device, the information can be encrypted, so that the information is ensured not to be tampered during the transmission period.
In addition, the second device and the encryptor may be deployed on the merchant side, and the second device and the encryptor are managed by the merchant. The business message sent to the first device by the merchant also carries: the service parameter and the encrypted data corresponding to the service parameter. The first device also transmits the encrypted data to the second device when transmitting the transaction, the user information, and the merchant information to the second device. After the second device receives the data, the second device firstly decrypts the data, and then compares the consistency of the decrypted service parameters with the service parameters in the transaction, so as to judge whether the transaction is legal or not. If the decrypted service parameters are consistent with the service parameters carried by the transaction, the first equipment is not wrote when the service message is analyzed, and the transaction analyzed by the first equipment is legal. In this way, the second device uses the signature control module to control the encryption machine local to the second device to execute the signature operation.
Referring to fig. 3, fig. 3 is a schematic diagram of a service processing method according to another embodiment of the present invention. As shown in fig. 3, the middleware is preset with a first database, and the first database is used for recording users contained in each merchant. The user included in the merchant is understood to be an account registered with the merchant. For example, there are a total of 20 tens of thousands of accounts registered with bank a, and these 20 tens of thousands of accounts may be considered as users contained by bank a, each account having a respective account address.
In particular implementations, each merchant ID represents a merchant and each user address represents a user, for example. The user address under the merchant ID entry indicates that the user belongs to the merchant.
As shown in fig. 3, before the middleware controls the encryptor to sign the transaction by using the private key of the target user to obtain the first signature data and signs the transaction and the first signature data by using the private key of the target merchant to obtain the second signature data based on the user information and the merchant information, the middleware may query the first database according to the user information and the merchant information carried by the service message, so as to determine whether the user information is included in the entry of the merchant information.
Under the condition that the item of the merchant information contains the user information, the target user for providing the service is described to belong to the target merchant for initiating the service message, and the target user can develop the service based on the target merchant or the target merchant can accept the service of the target user. Thus, the middleware controls the encryptor to sign the transaction by using the private key of the target user to obtain first signature data based on the user information and the merchant information, and to sign the transaction and the first signature data by using the private key of the target merchant to obtain second signature data.
And under the condition that the item of the merchant information does not contain the user information, the target user for proposing the service does not belong to the target merchant for initiating the service message, and the target user cannot develop the service based on the target merchant or the target merchant cannot accept the service of the target user. Thus, the middleware does not execute the flow of controlling the encryptor to sign, thereby terminating the service.
Through the inquiring and judging operations, the business which is not corresponding to the target user and the target merchant can be automatically removed, so that the business security is further improved.
Optionally, in some embodiments, the encryptor is configured to generate and store key sets, each key set containing a private key, a public key, and an address. And the user information carried by the service message is the user address of the target user, and the merchant information carried by the service message is the merchant ID of the target merchant.
Because the encryptor naturally establishes the correspondence among the private key, the public key and the address when generating the key group. In order to control the encryption machine to execute the signature operation, the middleware can first query the second database according to the merchant ID carried by the service message to determine the merchant address corresponding to the merchant ID. The second database is used for recording the corresponding relation between each merchant ID and each merchant address.
After determining the merchant address corresponding to the merchant ID, the middleware controls the encryption machine to sign the transaction by utilizing the private key corresponding to the user address based on the user address and the determined merchant address to obtain first signature data, and signs the transaction and the first signature data by utilizing the private key corresponding to the merchant address to obtain second signature data.
In the invention, the first database is deployed outside the encryption machine, and after the merchant address corresponding to the merchant ID is queried in advance, the encryption machine is controlled to sign based on the user address and the queried merchant address. Thus, since the encryptor does not need to deploy the first database, the memory of the encryptor can be saved. In addition, the encryption machine does not need to inquire the corresponding merchant address according to the merchant ID, and only needs to simply execute the signature operation, so that necessary programs to be implanted in the encryption machine are fewer, and security holes introduced along with the programs in the encryption machine are correspondingly fewer.
Further, it is contemplated that the encryption engine is configured to generate and store key sets for users and also for merchants, and thus a plurality of key sets are stored within the encryption engine, wherein one portion of the key sets is a key set of each merchant and another portion of the key sets is a key set of each user. However, the encryptor does not perceive the properties of the key sets, in other words, the encryptor cannot determine whether each key set belongs specifically to a merchant or to a user.
Because the encryptor does not perceive the attributes of the key set, when signing a transaction, the private key of the target user needs to be used for signing first, and then the private key of the target merchant needs to be used for signing. In order to enable the encryptor to sign in the above order, reference may be made to fig. 4, where fig. 4 is a schematic diagram illustrating controlling the encryptor to sign according to an embodiment of the present invention.
As shown in fig. 4, the middleware may first submit the user address and the transaction to the encryptor, so that the encryptor signs the transaction with the private key corresponding to the user address to obtain the first signature data.
And after the first signature data returned by the encryptor is obtained, submitting the transaction, the first signature data and the merchant address to the encryptor, so that the encryptor signs the transaction and the first signature data by utilizing a private key corresponding to the merchant address to obtain second signature data.
For example, in a specific implementation, as shown in fig. 4, the middleware generates a first command message and sends the first command message to the encryptor. The first command message carries at least: a first command code and a data element. Wherein the data element contains transaction and user addresses, and the first command code is used for characterizing operation types. Because the first command message is used for indicating the encryptor to sign the transaction by using the private key of the target user, the operation type of the first command code characterization carried by the first command message is the user private key signature. The first command code may be in the form of US, for example.
As shown in fig. 4, after the encryptor receives the first command message, it determines, according to the first command code carried by the first command message, that the first command message is used to instruct it to perform the signature operation. In this way, the encryptor reads the transaction and the address from the data element carried by the first command message, then uses the read address as an index, queries the target key group containing the address from the stored plurality of key groups, and then signs the read transaction by using the private key in the target key group to obtain the first signature data.
As shown in fig. 4, after the encryption machine executes the first command message, a first response message is generated, and the first response message is sent to the middleware. The first response message carries at least: a first response code and a data element. Wherein, the data element at least comprises first signature data, and can also comprise transaction and user addresses. The first response code corresponds to the first command code, in particular, the first response code may be equal to the first command code (e.g., the first command code shape is US, the first response code is also US), or the last bit of the first response code is greater than the last bit of the first command code (e.g., the first command code shape is US, the first response code shape is UT).
As shown in fig. 4, after receiving the first response message, the middleware determines that the first response message is used for returning the first signature data according to the first response code carried by the first response message. In this manner, the middleware reads the transaction, the user address, and the first signature data from the first response message. The middleware may then query the first database (i.e., the first database shown in fig. 3) according to the read user address, so as to determine the merchant address corresponding to the user address. It should be noted that, if the query and judgment flow shown in fig. 3 is executed in advance before the signature operation shown in fig. 4 is executed, the middleware must be equal to the merchant address carried by the service packet according to the merchant address queried from the first database by the user address.
Thus, as shown in fig. 4, the middleware may generate a second command message according to the transaction and the first signature data carried by the first response message and according to the queried merchant address, and send the second command message to the encryptor. The second command message carries at least: a second command code and a data element. The data element comprises a transaction, first signature data and a merchant address, and the second command code is used for representing the operation type. Because the second command message is used for indicating the encryptor to sign the transaction and the first signature data by using the private key of the target merchant, the operation type of the second command code characterization carried by the second command message is the merchant private key signature. The second command code may be in the form of an MS, for example.
As shown in fig. 4, after the encryptor receives the second command message, it determines, according to the second command code carried by the second command message, that the second command message is used to instruct it to perform the signature operation. In this way, the encryptor reads the transaction, the first signature data and the address from the data element carried by the second command message, then uses the read address as an index, queries the target key group containing the address from the stored plurality of key groups, and then signs the read transaction and the first signature data by using the private key in the target key group to obtain the second signature data.
As shown in fig. 4, after the encryption machine executes the second command message, a second response message is generated, and the second response message is sent to the middleware. The second response message carries at least: a second response code and a data element. The data element at least comprises second signature data, and can also comprise a transaction, first signature data and a merchant address. And the second response code corresponds to the second command code, in particular, the second response code may be equal to the second command code (e.g., the second command code may be shaped like an MS, and the second response code may also be shaped like an MS). Or the last bit of the second response code is greater than the last bit of the second command code (e.g., the second command code pattern such as MS, the second response code pattern such as MT).
As shown in fig. 4, after receiving the second response message, the middleware determines that the second response message is used for returning the second signature data according to the second response code carried by the second response message. In this manner, the middleware reads the transaction, the first signature data, and the second signature data from the second response message. The middleware may then submit the read transaction, the first signature data, and the second signature data to the blockchain network for execution.
It should be noted that, in the signature process shown in fig. 4, the first command message and the second command message each carry a first command code and a second command code, and the first command code is different from the second command code. Thus, after the encryption machine executes the command message, the encryption machine can determine the corresponding response code according to the command code carried by the command message, thereby generating the response message carrying the response code.
And after receiving the response message sent by the encryptor, the middleware can determine the current link of the signature flow according to the response code carried by the response message. Specifically, if the response message carries the first response code, the current link of the signature flow is determined as follows: the user private key signature has been performed but the merchant private key signature has not been performed. If the response message carries the second response code, determining that the current link of the signature flow is: both the user private key signature and the merchant private key signature have been performed. Furthermore, the middleware can make a corresponding response according to the current link of the signature process, for example, generate a second command message or submit a transaction to the blockchain network, so that the signature process is sequentially executed in the order of 'signing by the private key of the target user first and then signing by the private key of the target merchant'.
Or in order to enable the encryptor to sign in the above order, reference may be made to fig. 5, where fig. 5 is a schematic diagram illustrating controlling the encryptor to sign according to another embodiment of the present invention.
As shown in fig. 5, the middleware may first submit the user address and the transaction to the first encryptor, so that the first encryptor signs the transaction with the private key corresponding to the user address to obtain the first signature data. Wherein the first encryptor is used for generating and saving a key set for a user.
After the first signature data returned by the first encryptor is obtained, the transaction, the first signature data and the merchant address are submitted to the second encryptor, so that the second encryptor signs the transaction and the first signature data by utilizing a private key corresponding to the merchant address to obtain second signature data. The second encryptor is used for generating and storing a key group for the merchant.
For example, in a specific implementation, as shown in fig. 5, the middleware may generate a command message and send the first command message to the first encryptor. The command message carries at least: command codes and data elements. Wherein the data element contains transaction and user addresses, and the command code is used for representing the operation type. Since the command message is used to instruct the encryptor to sign the transaction, the operation type of the command code characterization carried by the command message is a signature type. The command code may be in the form of an SG, for example.
As shown in fig. 5, after receiving the command message, the first encryptor determines, according to the command code carried by the command message, that the command message is used to instruct it to perform the signature operation. In this way, the first encryptor reads the transaction and the address from the data element carried by the command message, then uses the read address as an index, queries the target key group containing the address from the stored plurality of key groups, and then signs the read transaction by using the private key in the target key group to sign the data.
As shown in fig. 5, after the first encryptor executes the command message, a response message is generated, and the response message is sent to the middleware. The response message carries at least: a response and a data element. Wherein, the data element at least comprises first signature data, and can also comprise transaction and user addresses. And the response code corresponds to the command code, in particular, the response code may be equal to the command code, or the last bit of the response code is greater than the last bit of the command code.
As shown in fig. 5, after receiving the response message sent by the first encryptor, the middleware reads the transaction, the user address and the first signature data from the response message. The middleware may then query the first database (i.e., the first database shown in fig. 3) according to the read user address, so as to determine the merchant address corresponding to the user address.
As shown in fig. 5, the middleware generates another command message according to the transaction and the first signature data carried by the response message and according to the queried merchant address, and sends the command message to the second encryptor. The command message carries at least: command codes and data elements. The data element comprises a transaction, first signature data and a merchant address, and the command code is used for representing the operation type. Since the command message is used to instruct the encryptor to sign the transaction and the first signature data, the operation type of the command code characterization carried by the command message is a signature type. The command code may be in the form of an SG, for example.
As shown in fig. 5, after receiving the command message, the second encryptor determines, according to the command code carried by the command message, that the command message is used to instruct it to perform the signature operation. In this way, the encryptor reads the transaction, the first signature data and the address from the data elements carried by the command message, then uses the read address as an index, queries the target key group containing the address from the stored plurality of key groups, and then signs the read transaction and the first signature data by using the private key in the target key group to obtain the second signature data.
As shown in fig. 5, after the second encryptor executes the command message, a response message is generated and sent to the middleware. The response message carries at least: a response and a data element. The data element at least comprises second signature data, and can also comprise a transaction, first signature data and a merchant address. And the response code corresponds to the command code, in particular, the response code may be equal to the command code, or the last bit of the response code is greater than the last bit of the command code.
As shown in fig. 5, after receiving the response message sent by the second encryptor, the middleware reads the transaction, the first signature data, and the second signature data from the response message. The middleware may then submit the read transaction, the first signature data, and the second signature data to the blockchain network for execution.
It should be noted that, in the signature process shown in fig. 5, the first encryptor executes the user private key signature link and returns the response message, and the second encryptor executes the merchant private key signature link and returns the response message. Thus, the middleware can determine the current link of the signature flow according to the source of the response message. Specifically, if the response message originates from the first encryptor, determining that the current link of the signature flow is: the user private key signature has been performed but the merchant private key signature has not been performed. If the response message originates from the second encryptor, determining that the current link of the signature flow is: both the user private key signature and the merchant private key signature have been performed. Furthermore, the middleware can make a corresponding response according to the current link of the signature process, for example, sending a command message to the second encryptor or submitting a transaction to the blockchain network, so that the signature process is sequentially executed in the order of signing by using the private key of the target user first and then signing by using the private key of the target merchant.
Or in order to enable the encryptor to sign in the above order, reference may be made to fig. 6, where fig. 6 is a schematic diagram illustrating controlling the encryptor to sign according to another embodiment of the present invention.
As shown in fig. 6, the middleware submits the transaction, the user address and the merchant address to the encryptor, where the user address and the merchant address have a sequential relationship, or the user address and the merchant address each carry a specific identifier, so that the encryptor distinguishes the user address and the merchant address from the two addresses according to the sequential relationship or the specific identifier, signs the transaction by using a private key corresponding to the distinguished user address to obtain first signature data, and signs the transaction and the first signature data by using a private key corresponding to the distinguished merchant address to obtain second signature data.
For example, in a specific implementation, as shown in fig. 6, the middleware generates a command message and sends the command message to the encryptor. The command message carries at least: command codes and data elements. Wherein the data element comprises a transaction, a user address and a merchant address. As shown in FIG. 6, there is a sequential relationship between the user address and the merchant address, e.g., user address is before, merchant address is after. The command code is used for representing the operation type, and because the command message is used for indicating the encryptor to carry out nested signature, the operation type represented by the command code carried by the command message is the nested signature. The command code may be in the form of a DS, for example.
As shown in fig. 6, after the encryptor receives the command message, it determines, according to the command code carried by the command message, that the command message is used to instruct it to perform the nested signature operation. In this way, the encryptor reads the transaction and two addresses from the data elements carried by the command message, then uses the address arranged in front of the two addresses as an index, queries the target key group containing the address from the stored multiple key groups, and signs the read transaction by using the private key in the target key group to obtain the first signature data.
The encryptor then uses the address arranged later in the two addresses as an index, queries another target key group containing the address from the stored plurality of key groups, and then signs the read transaction and the obtained first signature data by using the private key in the target key group to obtain second signature data.
As shown in fig. 6, after the encryptor has executed the command message, a response message is generated and sent to the middleware. The response message carries at least: a response and a data element. Wherein the data element comprises a transaction, first signature data and second signature data. And the response code corresponds to the command code, in particular, the response code may be equal to the command code, or the last bit of the response code is greater than the last bit of the command code.
As shown in fig. 6, after receiving the response message sent by the encryptor, the middleware reads the transaction, the first signature data, and the second signature data from the response message. The middleware may then submit the read transaction, the first signature data, and the second signature data to the blockchain network for execution.
Or, in the command message sent by the middleware, the user address in the data element carries a first preset identifier, and the merchant address in the data element carries a second preset identifier. After receiving the command message, the encryptor reads two addresses from the data element, then firstly uses the address carrying the first preset identifier as an index, queries a target key group containing the address from the stored multiple key groups, and then signs the read transaction by utilizing a private key in the target key group to obtain first signature data. And the encryptor then uses the address carrying the second preset identifier as an index, queries another target key group containing the address from the stored multiple key groups, and signs the read transaction and the obtained first signature data by utilizing the private key in the target key group so as to obtain second signature data. The encryptor finally generates a response message by which the transaction, the first signature data, and the second signature data are sent to the middleware. The example described in this paragraph is not shown in fig. 2 for simplicity of the drawing.
It should be noted that, in the flow shown in fig. 6, when the middleware controls the encryptor to sign, the user address and the merchant address are ordered according to the agreed order, and the encryptor is embedded with the identification logic of the agreed order in advance. Thus, after the encryptor receives the user address and the merchant address with the sequential relationship, the user address and the merchant address can be first identified from the two addresses according to the identification logic, so that the private key corresponding to the user address is used for signing at first, and then the private key corresponding to the merchant address is used for signing. The signature process is orderly executed according to the sequence of firstly signing by using the private key of the target user and then signing by using the private key of the target merchant.
In summary, in the foregoing examples, the middleware first queries a corresponding merchant address according to a merchant ID carried by the service packet, then, based on a user address carried by the service packet and the queried merchant address, controls the encryptor to sign the transaction by using a private key corresponding to the user address to obtain first signature data, and then signs the transaction and the first signature data by using a private key corresponding to the merchant address to obtain second signature data.
Alternatively, in other embodiments, the encryptor may have a correspondence between the merchant ID and the merchant address recorded therein. The middleware can send the transaction, the user address carried by the service message and the merchant ID carried by the service message to the encryption machine. After the encryption machine receives the transaction, the user address and the merchant ID, the encryption machine signs the transaction by utilizing a private key corresponding to the user address so as to obtain first signature data. Then the encryptor uses the merchant ID as an index to inquire the merchant address corresponding to the merchant ID, and then signs the transaction and the first signature data by utilizing the merchant private key corresponding to the merchant address to obtain second signature data. The encryption machine sends the transaction, the first signature data and the second signature data to the middleware, and the middleware submits the transaction, the first signature data and the second signature data to the blockchain network for processing.
In the blockchain technology field, addresses generally correspond to assets, or addresses to accounts, so if a business operation is desired to be performed on an account, a corresponding address needs to be provided. Based on the technical background, in each of the foregoing examples, since the service provider is a user, the account of the user needs to be subjected to a corresponding service operation, and thus the service message needs to carry the user address. The merchant is used for accepting the business, and the account of the merchant is not subjected to business operation, so that the business message does not need to carry the merchant address. The private key of the merchant is needed to be used for signing, so that the information (such as the ID) of the merchant is still needed to be carried, the address of the merchant can be mapped according to the information of the merchant, and the encryption machine can map the private key of the merchant according to the address of the merchant.
However, in other examples, the merchant information carried in the service packet may also be a merchant address, and the user information carried in the service packet is still a user address. Similarly, the encryptor is used to generate and store key sets, each of which contains a private key, a public key, and an address.
In this way, the middleware can submit the user address and the transaction to the encryptor in order to control the encryptor to sign, so that the encryptor signs the transaction by using the private key corresponding to the user address to obtain the first signature data. After the middleware obtains the first signature data returned by the encryptor, the transaction, the first signature data and the merchant address are submitted to the encryptor, so that the encryptor signs the transaction and the first signature data by using a private key corresponding to the merchant address to obtain second signature data. In specific implementation, reference may be made to fig. 4 and the corresponding description of fig. 4, and in order to avoid repetition, the description is omitted here.
Or the middleware is used for controlling the encryptor to sign, the middleware can submit the user address and the transaction to a third encryptor, so that the third encryptor signs the transaction by utilizing a private key corresponding to the user address to obtain first signature data, wherein the third encryptor is used for generating and storing key groups for users, and each key group comprises the private key, the public key and the address; after the middleware obtains the first signature data returned by the third encryptor, the transaction, the first signature data and the merchant address are submitted to a fourth encryptor, so that the fourth encryptor signs the transaction and the first signature data by using a private key corresponding to the merchant address to obtain second signature data, wherein the fourth encryptor is used for generating and storing key sets for merchants, and each key set comprises the private key, the public key and the address. In specific implementation, reference may be made to fig. 5 and the corresponding description of fig. 5, and in order to avoid repetition, the description is omitted here.
Or the middleware can submit the transaction, the user address and the merchant address to the encryptor in order to control the encryptor to sign, wherein the user address and the merchant address have a sequential relationship, or the user address and the merchant address respectively carry specific identifications, so that the encryptor distinguishes the user address and the merchant address from the two addresses according to the sequential relationship or the specific identifications, signs the transaction by using a private key corresponding to the distinguished user address to obtain first signature data, and signs the transaction and the first signature data by using a private key corresponding to the distinguished merchant address to obtain second signature data. In specific implementation, reference may be made to fig. 6 and the corresponding description of fig. 6, and in order to avoid repetition, the description is omitted here.
Based on the same inventive concept, the embodiment of the invention also provides a service processing device. Referring to fig. 7, fig. 7 is a schematic diagram of a service processing apparatus according to an embodiment of the present invention. As shown in fig. 7, the apparatus includes:
The message parsing module 71 is configured to obtain a service message and parse the service message into a transaction, where the service message carries: user information of a target user of the service and merchant information of a target merchant initiating the service message are proposed;
a signature control module 72, configured to control an encryptor to sign the transaction with a private key of the target user to obtain first signature data, and to sign the transaction and the first signature data with a private key of the target merchant to obtain second signature data, based on the user information and the merchant information;
A transaction submitting module 73, configured to submit the transaction, the first signature data, and the second signature data to a blockchain network for processing.
Optionally, in some embodiments, the apparatus further comprises:
The system comprises a relation judging module, a first database and a second database, wherein the relation judging module is used for inquiring the first database according to the user information and the merchant information before the signature control module controls the encryption machine to execute signature operation so as to judge whether the user information is contained in the entry of the merchant information, and the first database is used for recording users contained in each merchant;
And under the condition that the user information is not contained under the item of the merchant information, the signature control module does not execute the flow of controlling the encryption machine to carry out signature.
Optionally, in some embodiments, the encryptor is configured to generate and store key sets, each key set including a private key, a public key, and an address; the user information carried by the service message is the user address of the target user, and the merchant information carried by the service message is the merchant ID of the target merchant;
the signature control module includes:
The merchant address inquiring unit is used for inquiring a second database according to the merchant IDs to determine merchant addresses corresponding to the merchant IDs, wherein the second database is used for recording the corresponding relation between each merchant ID and each merchant address;
And the signature control unit is used for controlling the encryption machine to sign the transaction by utilizing the private key corresponding to the user address to obtain first signature data based on the user address and the determined merchant address, and signing the transaction and the first signature data by utilizing the private key corresponding to the merchant address to obtain second signature data.
Optionally, in some specific embodiments, the signature control unit includes:
the first control subunit is used for submitting the user address and the transaction to the encryptor, so that the encryptor signs the transaction by utilizing a private key corresponding to the user address to obtain first signature data;
and the second control subunit is used for submitting the transaction, the first signature data and the merchant address to the encryptor after the first signature data returned by the encryptor is obtained, so that the encryptor signs the transaction and the first signature data by utilizing a private key corresponding to the merchant address to obtain second signature data.
Optionally, in some specific embodiments, the signature control unit includes:
The third control subunit is used for submitting the user address and the transaction to a first encryption machine, so that the first encryption machine signs the transaction by utilizing a private key corresponding to the user address to obtain first signature data, wherein the first encryption machine is used for generating and storing a secret key set for a user;
And the fourth control subunit is used for submitting the transaction, the first signature data and the merchant address to a second encryption machine after the first signature data returned by the first encryption machine is obtained, so that the second encryption machine signs the transaction and the first signature data by utilizing a private key corresponding to the merchant address to obtain second signature data, wherein the second encryption machine is used for generating and storing a key set for a merchant.
Optionally, in some specific embodiments, the signature control unit is specifically configured to submit the transaction, the user address, and the merchant address to the encryptor, where the user address and the merchant address have a sequential relationship, or the user address and the merchant address each carry a specific identifier, so that the encryptor distinguishes the user address and the merchant address from the two addresses according to the sequential relationship or the specific identifier, signs the transaction with a private key corresponding to the distinguished user address to obtain first signature data, and signs the transaction with the first signature data with a private key corresponding to the distinguished merchant address to obtain second signature data.
Optionally, in some embodiments, the encryptor is configured to generate and store key sets, each key set including a private key, a public key, and an address; the user information carried by the service message is the user address of the target user, and the merchant information carried by the service message is the merchant address of the target merchant;
the signature control module includes:
The first control unit is used for submitting the user address and the transaction to the encryption machine, so that the encryption machine signs the transaction by utilizing a private key corresponding to the user address to obtain first signature data;
And the second control unit is used for submitting the transaction, the first signature data and the merchant address to the encryptor after the first signature data returned by the encryptor is obtained, so that the encryptor signs the transaction and the first signature data by utilizing a private key corresponding to the merchant address to obtain second signature data.
Optionally, in some specific embodiments, the user information carried by the service packet is a user address of the target user, and the merchant information carried by the service packet is a merchant address of the target merchant;
the signature control module includes:
the third control unit is used for submitting the user address and the transaction to a third encryption machine, so that the third encryption machine signs the transaction by utilizing a private key corresponding to the user address to obtain first signature data, wherein the third encryption machine is used for generating and storing key groups for a user, and each key group comprises the private key, the public key and the address;
And the fourth control unit is used for submitting the transaction, the first signature data and the merchant address to a fourth encryptor after the first signature data returned by the third encryptor is obtained, so that the fourth encryptor signs the transaction and the first signature data by utilizing a private key corresponding to the merchant address to obtain second signature data, wherein the fourth encryptor is used for generating and storing key groups for merchants, and each key group comprises the private key, the public key and the address.
Optionally, in some embodiments, the encryptor is configured to generate and store key sets, each key set including a private key, a public key, and an address; the user information carried by the service message is the user address of the target user, and the merchant information carried by the service message is the merchant address of the target merchant;
The signature control module is specifically configured to submit the transaction, the user address, and the merchant address to the encryptor, where the user address and the merchant address have a sequential relationship, or the user address and the merchant address each carry a specific identifier, so that the encryptor distinguishes the user address and the merchant address from the two addresses according to the sequential relationship or the specific identifier, signs the transaction by using a private key corresponding to the distinguished user address to obtain first signature data, and signs the transaction and the first signature data by using a private key corresponding to the distinguished merchant address to obtain second signature data.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
Based on the same inventive concept, the embodiment of the invention also provides an electronic device, as shown in fig. 8, which comprises a processor 801, a communication interface 802, a memory 803 and a communication bus 804, wherein the processor 801, the communication interface 802 and the memory 803 complete communication with each other through the communication bus 804.
The memory 803 is used for storing a computer program;
the processor 801 is configured to implement the following steps when executing a program stored in the memory 803:
Obtaining a service message and analyzing the service message into a transaction, wherein the service message carries: user information of a target user of the service and merchant information of a target merchant initiating the service message are proposed;
Based on the user information and the merchant information, controlling an encryptor to sign the transaction by using a private key of the target user to obtain first signature data, and to sign the transaction and the first signature data by using a private key of the target merchant to obtain second signature data;
Submitting the transaction, the first signature data, and the second signature data to a blockchain network process.
Or the processor 801 is configured to implement the steps of the service processing method provided in the above other method embodiments of the present invention when executing the program stored in the memory 803.
The communication bus mentioned by the above electronic device may be a peripheral component interconnect standard (PERIPHERAL COMPONENT INTERCONNECT, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the electronic device and other devices.
The memory may include random access memory (Random Access Memory, RAM) or may include non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, abbreviated as CPU), a network processor (Network Processor, abbreviated as NP), etc.; but may also be a digital signal processor (DIGITAL SIGNAL Processing, DSP), application Specific Integrated Circuit (ASIC), field-Programmable gate array (FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components.
In yet another embodiment of the present invention, a computer readable storage medium is provided, where instructions are stored, which when run on a computer, cause the computer to perform the service processing method according to any of the above embodiments.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk Solid STATE DISK (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (12)

1. A method of service processing, the method comprising:
Obtaining a service message and analyzing the service message into a transaction, wherein the service message carries: user information of a target user of the service and merchant information of a target merchant initiating the service message are proposed; the user information carried by the service message is the user address of the target user, and the merchant information carried by the service message is the merchant ID of the target merchant;
Based on the user information and the merchant information, controlling an encryptor to sign the transaction with a private key of the target user to obtain first signature data, and to sign the transaction with the first signature data with a private key of the target merchant to obtain second signature data, comprising: according to the merchant IDs, inquiring a second database to determine merchant addresses corresponding to the merchant IDs, wherein the second database is used for recording the corresponding relation between each merchant ID and each merchant address; based on the user address and the determined merchant address, controlling an encryptor to sign the transaction by using a private key corresponding to the user address to obtain first signature data, and signing the transaction and the first signature data by using a private key corresponding to the merchant address to obtain second signature data; the encryption machine is used for generating and storing key groups, and each key group comprises a private key, a public key and an address;
Submitting the transaction, the first signature data, and the second signature data to a blockchain network process.
2. The method of claim 1, wherein prior to controlling an encryptor to sign the transaction with the private key of the target user to obtain first signature data and to sign the transaction and the first signature data with the private key of the target merchant to obtain second signature data based on the user information and the merchant information, the method further comprises:
Inquiring a first database according to the user information and the merchant information to judge whether the user information is contained in the items of the merchant information, wherein the first database is used for recording users contained in each merchant;
And under the condition that the user information is not contained under the item of the merchant information, the process of controlling the encryption machine to sign is not executed.
3. The method of claim 1, wherein controlling the encryptor to sign the transaction with the private key corresponding to the user address to obtain first signature data and to sign the transaction with the private key corresponding to the merchant address to obtain second signature data based on the user address and the determined merchant address comprises:
submitting the user address and the transaction to the encryptor, so that the encryptor signs the transaction by utilizing a private key corresponding to the user address to obtain first signature data;
after the first signature data returned by the encryptor is obtained, the transaction, the first signature data and the merchant address are submitted to the encryptor, so that the encryptor signs the transaction and the first signature data by utilizing a private key corresponding to the merchant address to obtain second signature data.
4. The method of claim 1, wherein controlling the encryptor to sign the transaction with the private key corresponding to the user address to obtain first signature data and to sign the transaction with the private key corresponding to the merchant address to obtain second signature data based on the user address and the determined merchant address comprises:
Submitting the user address and the transaction to a first encryptor, so that the first encryptor signs the transaction by utilizing a private key corresponding to the user address to obtain first signature data, wherein the first encryptor is used for generating and storing a secret key group for a user;
After the first signature data returned by the first encryptor is obtained, the transaction, the first signature data and the merchant address are submitted to a second encryptor, so that the second encryptor signs the transaction and the first signature data by using a private key corresponding to the merchant address to obtain second signature data, wherein the second encryptor is used for generating and storing a key set for the merchant.
5. The method of claim 1, wherein controlling the encryptor to sign the transaction with the private key corresponding to the user address to obtain first signature data and to sign the transaction with the private key corresponding to the merchant address to obtain second signature data based on the user address and the determined merchant address comprises:
Submitting the transaction, the user address and the merchant address to the encryption machine, wherein the user address and the merchant address have a sequential relationship, or the user address and the merchant address respectively carry a specific identifier, so that the encryption machine distinguishes the user address and the merchant address from the two addresses according to the sequential relationship or the specific identifier, signs the transaction by using a private key corresponding to the distinguished user address to obtain first signature data,
And then signing the transaction and the first signature data by utilizing a private key corresponding to the distinguished merchant address so as to obtain second signature data.
6. The method according to claim 1 or 2, wherein the encryptor is adapted to generate and store key sets, each key set comprising a private key, a public key and an address; the user information carried by the service message is the user address of the target user, and the merchant information carried by the service message is the merchant ID of the target merchant;
the controlling the encryptor to sign the transaction with the private key of the target user to obtain first signature data and sign the transaction with the first signature data with the private key of the target merchant to obtain second signature data based on the user information and the merchant information includes:
Based on the user address and the merchant ID, the control encryption machine signs the transaction by using a private key corresponding to the user address to obtain first signature data, determines a corresponding merchant address by using the merchant ID, and signs the transaction and the first signature data by using the private key corresponding to the merchant address to obtain second signature data.
7. The method according to claim 1 or 2, wherein the encryptor is adapted to generate and store key sets, each key set comprising a private key, a public key and an address; the user information carried by the service message is the user address of the target user, and the merchant information carried by the service message is the merchant address of the target merchant;
the controlling the encryptor to sign the transaction with the private key of the target user to obtain first signature data and sign the transaction with the first signature data with the private key of the target merchant to obtain second signature data based on the user information and the merchant information includes:
submitting the user address and the transaction to the encryptor, so that the encryptor signs the transaction by utilizing a private key corresponding to the user address to obtain first signature data;
after the first signature data returned by the encryptor is obtained, the transaction, the first signature data and the merchant address are submitted to the encryptor, so that the encryptor signs the transaction and the first signature data by utilizing a private key corresponding to the merchant address to obtain second signature data.
8. The method according to claim 1 or 2, wherein the user information carried by the service message is a user address of the target user, and the merchant information carried by the service message is a merchant address of the target merchant;
the controlling the encryptor to sign the transaction with the private key of the target user to obtain first signature data and sign the transaction with the first signature data with the private key of the target merchant to obtain second signature data based on the user information and the merchant information includes:
Submitting the user address and the transaction to a third encryption machine, so that the third encryption machine signs the transaction by utilizing a private key corresponding to the user address to obtain first signature data, wherein the third encryption machine is used for generating and storing key groups for users, and each key group comprises the private key, the public key and the address;
After the first signature data returned by the third encryptor is obtained, the transaction, the first signature data and the merchant address are submitted to a fourth encryptor, so that the fourth encryptor signs the transaction and the first signature data by using a private key corresponding to the merchant address to obtain second signature data, wherein the fourth encryptor is used for generating and storing key groups for merchants, and each key group comprises the private key, the public key and the address.
9. The method according to claim 1 or 2, wherein the encryptor is adapted to generate and store a set of keys,
Each key group comprises a private key, a public key and an address; the user information carried by the service message is the user address of the target user, and the merchant information carried by the service message is the merchant address of the target merchant;
the controlling the encryptor to sign the transaction with the private key of the target user to obtain first signature data and sign the transaction with the first signature data with the private key of the target merchant to obtain second signature data based on the user information and the merchant information includes:
Submitting the transaction, the user address and the merchant address to the encryption machine, wherein the user address and the merchant address have a sequential relationship, or the user address and the merchant address respectively carry specific identifications, so that the encryption machine distinguishes the user address and the merchant address from the two addresses according to the sequential relationship or the specific identifications, signs the transaction by using a private key corresponding to the distinguished user address to obtain first signature data, and signs the transaction and the first signature data by using a private key corresponding to the distinguished merchant address to obtain second signature data.
10. A service processing apparatus, the apparatus comprising:
The message analysis module is used for obtaining a service message and analyzing the service message into a transaction, wherein the service message carries: user information of a target user of the service and merchant information of a target merchant initiating the service message are proposed; the user information carried by the service message is the user address of the target user, and the merchant information carried by the service message is the merchant ID of the target merchant;
The signature control module is configured to control an encryptor to sign the transaction with a private key of the target user to obtain first signature data, and sign the transaction with the first signature data with the private key of the target merchant to obtain second signature data, based on the user information and the merchant information, and includes: according to the merchant IDs, inquiring a second database to determine merchant addresses corresponding to the merchant IDs, wherein the second database is used for recording the corresponding relation between each merchant ID and each merchant address; based on the user address and the determined merchant address, controlling an encryptor to sign the transaction by using a private key corresponding to the user address to obtain first signature data, and signing the transaction and the first signature data by using a private key corresponding to the merchant address to obtain second signature data; the encryption machine is used for generating and storing key groups, and each key group comprises a private key, a public key and an address;
And the transaction submitting module is used for submitting the transaction, the first signature data and the second signature data to a blockchain network for processing.
11. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
the memory is used for storing a computer program;
The processor is configured to implement the method steps of any of claims 1-8 when executing a program stored on a memory.
12. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method steps of any of claims 1-8.
CN202011557700.2A 2020-12-25 2020-12-25 Service processing method, device, electronic equipment and readable storage medium Active CN114693438B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011557700.2A CN114693438B (en) 2020-12-25 2020-12-25 Service processing method, device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011557700.2A CN114693438B (en) 2020-12-25 2020-12-25 Service processing method, device, electronic equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN114693438A CN114693438A (en) 2022-07-01
CN114693438B true CN114693438B (en) 2024-05-28

Family

ID=82130274

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011557700.2A Active CN114693438B (en) 2020-12-25 2020-12-25 Service processing method, device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN114693438B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110290102A (en) * 2019-04-26 2019-09-27 武汉众邦银行股份有限公司 Service security system and method based on application
CN111178884A (en) * 2019-12-16 2020-05-19 平安壹钱包电子商务有限公司 Information processing method, device, equipment and readable storage medium
CN111737675A (en) * 2020-08-14 2020-10-02 支付宝(杭州)信息技术有限公司 Block chain-based electronic signature method and device
CN112087502A (en) * 2020-08-28 2020-12-15 成都质数斯达克科技有限公司 Method, device and equipment for processing request and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11100578B2 (en) * 2018-05-16 2021-08-24 Chicago Mercantile Exchange Inc. Secure deterministic tokens for encrypting electronic communications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110290102A (en) * 2019-04-26 2019-09-27 武汉众邦银行股份有限公司 Service security system and method based on application
CN111178884A (en) * 2019-12-16 2020-05-19 平安壹钱包电子商务有限公司 Information processing method, device, equipment and readable storage medium
CN111737675A (en) * 2020-08-14 2020-10-02 支付宝(杭州)信息技术有限公司 Block chain-based electronic signature method and device
CN112087502A (en) * 2020-08-28 2020-12-15 成都质数斯达克科技有限公司 Method, device and equipment for processing request and storage medium

Also Published As

Publication number Publication date
CN114693438A (en) 2022-07-01

Similar Documents

Publication Publication Date Title
CN110245186B (en) Service processing method based on block chain and related equipment
CN110633963B (en) Electronic bill processing method, electronic bill processing device, computer readable storage medium and computer readable storage device
CN112862612A (en) Method and device for sending resources in cross-link mode
US20140052641A1 (en) Electronic Invoice Issuing System For Electronic Commerce Website
CN110597925A (en) Cross-chain data processing method and device based on block chain
CN111314172B (en) Block chain-based data processing method, device, equipment and storage medium
JP2019115026A (en) Decentralized ledger device, decentralized ledger method, transaction information broadcast device, and method for sharing user information
WO2019161774A1 (en) Methods, application server, block chain node and media for logistics tracking and source tracing
CN112087502B (en) Method, device and equipment for processing request and storage medium
TW202101350A (en) Method and device for cross-chain transmission of authenticable message based on processing module
CN114567643B (en) Cross-blockchain data transfer method, device and related equipment
CN110930152B (en) Data processing method based on block chain and related equipment
CN114239044B (en) Decentralizing device retrospective shared access system
CN112363997B (en) Data version management method, device and storage medium
CN115705601A (en) Data processing method and device, computer equipment and storage medium
CN110232570B (en) Information supervision method and device
CN114693438B (en) Service processing method, device, electronic equipment and readable storage medium
CN110991573A (en) Product management method, system, client node and storage medium
CN110599212A (en) Anti-counterfeiting parameter generation and anti-counterfeiting verification method, device and storage medium
CN106559470A (en) A kind of method for pushing and device of account information
CN112163917B (en) Bill processing method and device based on blockchain, medium and electronic equipment
CN114896569A (en) Code copyright registration system, method and platform based on block chain
CN113450223A (en) Transaction processing method, device and equipment based on UTXO model and storage medium
CN113014556A (en) Bank-enterprise communication system, communication method and electronic terminal
CN112711777A (en) Chain linking method, chain linking device and node equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant