CN115018499A - Block chain-based digital certificate issuing method, device and system - Google Patents

Block chain-based digital certificate issuing method, device and system Download PDF

Info

Publication number
CN115018499A
CN115018499A CN202210602388.7A CN202210602388A CN115018499A CN 115018499 A CN115018499 A CN 115018499A CN 202210602388 A CN202210602388 A CN 202210602388A CN 115018499 A CN115018499 A CN 115018499A
Authority
CN
China
Prior art keywords
auditor
certificate
audit
issuer
auditing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210602388.7A
Other languages
Chinese (zh)
Inventor
石柯
谢桂鲁
邓福喜
吕宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Priority to CN202210602388.7A priority Critical patent/CN115018499A/en
Publication of CN115018499A publication Critical patent/CN115018499A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present specification provides a method, an apparatus and a system for issuing a digital certificate based on a block chain, wherein the method is applied to a block chain node in a block chain network, and comprises the following steps: responding to a certificate issuing transaction for calling a certificate issuing contract, transparently transmitting a certificate providing task to issuer node equipment where an issuer node corresponding to an issuer is located, and indicating an issuer chain lower computing engine deployed by the issuer node equipment to feed back an issuer task execution result; maintaining a digital certificate corresponding to the certificate to be issued in a certificate issuing contract based on the description information of the certificate to be issued held by the issuer in the issuer task execution result, and transmitting the certificate audit task to auditor nodes respectively corresponding to the auditors in a transparent mode for indicating a calculation engine under an auditor chain corresponding to the auditor node to feed back the auditor task execution result; and updating the auditing state of the digital certificate based on the auditing result generated by the corresponding auditor and carried by the task execution result of the auditor.

Description

Block chain-based digital certificate issuing method, device and system
Technical Field
The embodiment of the specification belongs to the technical field of block chains, and particularly relates to a digital certificate issuing method, device and system based on a block chain.
Background
The Blockchain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. In the block chain system, data blocks are combined into a chain data structure in a sequential connection mode according to a time sequence, and a distributed account book which is not falsifiable and counterfeitable is ensured in a cryptographic mode.
Each block chain node in the block chain network is deployed with the same block chain copy and intelligent contract, so that the data on the chain maintained by the block chain or the behavior on the executed chain is in a state shared by each block chain node, when all participants realize a cooperation task together through the block chain, on one hand, the disclosure of the task execution process is required to be ensured to be transparent, on the other hand, sensitive data which is necessary to execute the cooperation task in a self business system is not required to be exposed, particularly, in the scene of issuing and auditing of the voucher, on the one hand, the issuing process of the voucher is required to be ensured to be credible, on the other hand, the issuing party is not required to expose other information except the voucher to be issued, and on the other hand, the auditing party is not required to expose internal data used for auditing the voucher.
Disclosure of Invention
The invention aims to provide a digital certificate issuing method, device and system based on a block chain.
According to a first aspect of one or more embodiments of the present disclosure, a block chain-based digital certificate issuing method is provided, which is applied to block chain nodes in a block chain network, where the block chain network includes block chain nodes corresponding to an issuer and at least one auditor, and node devices where the block chain nodes corresponding to each issuer are respectively located are further provided with corresponding under-chain computing engines; the method comprises the following steps:
in response to a certificate issuing transaction for invoking a certificate issuing contract, transmitting a certificate providing task to an issuer node device where an issuer node corresponding to the issuer is located, wherein the certificate providing task is used for indicating an issuer down-chain computing engine deployed by the issuer node device to feed back an issuer task execution result to the certificate issuing contract;
based on the description information of the to-be-issued certificate held by the issuer, which is carried in the issuer task execution result, maintaining the digital certificate corresponding to the to-be-issued certificate in the certificate issue contract, and transparently transmitting a certificate audit task to the auditor node devices where the auditor nodes respectively corresponding to the auditors are located, wherein the certificate audit task is used for indicating an auditor chain lower computing engine deployed by the auditor node devices to feed back the auditor task execution result to the certificate issue contract;
updating the auditing state of the digital certificate based on the auditing result generated by the corresponding auditor and carried by the task execution result of the auditor; and when the audit state is updated to pass the audit of all auditors, the audit state is used for representing that the digital certificate is successfully issued.
According to a second aspect of one or more embodiments of the present specification, a block chain-based digital certificate issuing apparatus is provided, which is applied to block chain link points in a block chain network, where the block chain network includes block chain link points corresponding to an issuer and at least one auditor, and node devices where the block chain link points corresponding to each party are respectively located are further provided with corresponding under-chain computing engines; the device comprises:
the certificate issuing transaction response unit is used for responding to a certificate issuing transaction for calling a certificate issuing contract and transmitting a certificate providing task to issuer node equipment where an issuer node corresponding to the issuer is located, wherein the certificate providing task is used for indicating an issuer chain lower computing engine deployed by the issuer node equipment to feed back an issuer task execution result to the certificate issuing contract;
the digital certificate maintenance unit is used for maintaining a digital certificate corresponding to the certificate to be issued in the certificate issuing contract based on the description information of the certificate to be issued held by the issuer carried in the issuer task execution result, and transmitting a certificate audit task to auditor node equipment where auditor nodes respectively corresponding to the auditors are located, wherein the certificate audit task is used for indicating a calculation engine under an auditor chain deployed by the auditor node equipment to issue a feedback auditor task execution result to the certificate contract;
the auditing state updating unit is used for updating the auditing state of the digital certificate based on an auditing result which is carried by the task execution result of the auditing party and is generated by a corresponding auditing party; and when the audit state is updated to pass the audit of all auditors, the audit state is used for representing that the digital certificate is successfully issued.
According to a third aspect of one or more embodiments of the present specification, there is provided a blockchain-based digital voucher issuing system, comprising: the system comprises issuer node equipment, platform auditor node equipment, collection provider auditor node equipment and bank auditor node equipment, wherein each node equipment is respectively provided with a block chain link point and a corresponding under-chain calculation engine which belong to the same block chain network, and the block chain network is provided with a certificate issuing contract;
the issuer node equipment is used for calling a locally deployed issuer-under-chain calculation engine to return description information of accounts payable held by the issuer to the voucher issuing contract based on the voucher providing task under the condition that a voucher providing task which is transmitted by the voucher issuing contract in response to a voucher issuing transaction is obtained, wherein the description information is used for indicating the voucher issuing contract to maintain a digital voucher corresponding to the accounts payable, and updating the auditing state of the digital voucher to be submitted;
the platform auditor node equipment is used for calling a locally deployed platform chain lower computing engine to return a platform audit result to the certificate issuing contract based on the platform certificate audit task under the condition that the certificate issuing contract is obtained and is transparently transmitted when the audit state is submitted, and the platform audit result is used for indicating the certificate issuing contract to update the audit state;
the collection provider auditor node equipment is used for calling a locally deployed collection provider under-chain computing engine to return a collection provider audit result to the certificate issue contract based on the collection provider certificate audit task under the condition that the collection provider certificate audit state indicates that the collection provider certificate audit task is transparently transmitted when the certificate issue contract passes the platform audit, wherein the collection provider audit result is used for indicating the certificate issue contract to update the audit state;
the bank auditing party node equipment is used for calling a locally deployed bank under-chain computing engine to return a bank auditing result to the certificate issuing contract based on the bank certificate auditing task under the condition that the obtained bank certificate issuing contract is subjected to the bank certificate auditing task which is transmitted when the auditing state shows that the certificate issuing contract passes the auditing of a collection provider, and the bank auditing result is used for indicating the certificate issuing contract to update the auditing state; and when the audit state is updated to pass the bank audit, the audit state is used for representing that the digital certificate is successfully issued.
According to a fourth aspect of one or more embodiments of the present specification, there is provided an electronic apparatus comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of the first aspect by executing the executable instructions.
According to a fifth aspect of one or more embodiments of the present specification, a computer-readable storage medium is presented, on which computer instructions are stored, which instructions, when executed by a processor, implement the steps of the method according to the first aspect.
In the embodiment of the present specification, on one hand, a digital certificate corresponding to a certificate to be issued held by an issuer is maintained by a certificate issuance contract deployed through a block chain network, and meanwhile, an audit state of the digital certificate is updated according to an audit result provided by the auditor, so that the whole process from creation, audit to successful issuance of the digital certificate is transparent, that is, the issuance process of the digital certificate is ensured to be trusted; on the other hand, the certificate issuing contract only serves as a task dispatching function, tasks involving data participation inside the issuer or the auditor, such as the certificate providing task and the certificate auditing task, are actually handed to the calculation engine under the chain to be executed, and data used in the execution process cannot be shared on the block chain, so that privacy and safety of the issuer and the auditor are guaranteed.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and it is obvious for a person skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is a flowchart of a method for block chain-based digital voucher issuance according to an exemplary embodiment.
Fig. 2 is an architecture diagram of a blockchain-based digital voucher issuing system according to an exemplary embodiment.
Fig. 3 is a diagram of an application scenario of a digital voucher issuing system based on a blockchain according to an exemplary embodiment.
Fig. 4 is an interaction flow diagram of a digital voucher issuance scheme based on blockchains according to an exemplary embodiment.
Fig. 5 is a schematic structural diagram of an apparatus according to an exemplary embodiment.
Fig. 6 is a block diagram of a digital voucher issuing device based on a blockchain according to an exemplary embodiment.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
Fig. 1 is a flowchart of a method for block chain-based digital voucher issuance according to an exemplary embodiment. The method is applied to block chain nodes in a block chain network, wherein the block chain network comprises block chain nodes corresponding to an issuer and at least one auditor respectively, and corresponding under-chain computing engines are also deployed on node equipment where the block chain nodes corresponding to each issuer are respectively located; the method comprises the following steps:
s102: and in response to a certificate issuing transaction for invoking a certificate issuing contract, transmitting a certificate providing task to an issuer node device where an issuer node corresponding to the issuer is located, wherein the certificate providing task is used for indicating an issuer down-chain computing engine deployed by the issuer node device to feed back an issuer task execution result to the certificate issuing contract.
In the embodiment of the present specification, an issuer and an auditor of a digital certificate hold corresponding blockchain nodes in a blockchain network in advance, where the blockchain nodes held by the issuer of the digital certificate in the blockchain network are referred to as issuer nodes, and the blockchain nodes held by the auditor of the digital certificate are referred to as auditor nodes. The node device refers to a hardware device deployed with software of block chain nodes, resources deployed in relation to the block chain nodes belong to resources on a chain, and the rest belong to resources under the chain, for example, an issuer node device deployed with an issuer node also deploys an issuer under chain computing engine owned by the issuer as resources under the chain, and an auditor node device deployed with an auditor node also deploys an auditor under chain computing engine owned by the corresponding auditor as resources under the chain.
The calculation engine under link in the embodiments of the present specification refers to a service or a subsystem that provides calculation capability under link for a node device, and one calculation engine under link can often undertake one or more types of calculation tasks to provide support for calculation requirements corresponding to related tasks. For example, in embodiments of the present specification, an issuer down-chain compute engine can support performing the credential provisioning task, while a reviewer down-chain compute engine can support performing the credential reviewing task.
In this embodiment of the present specification, the blockchain network may be a blockchain sub-network managed by a blockchain main network, and a main network node in the blockchain main network is deployed on a node device where a sub-network node in the blockchain sub-network is located. In some block chain systems, in order to save physical device resources and meet the requirement of data isolation in a small range, a new block chain network is usually created again on a node device already deployed with the block chain network, the pre-existing block chain network is called a block chain master network, the block chain network created subsequently is called a block chain sub-network, the block chain master network manages the block chain sub-network through a master network contract, and since the block chain sub-network and the block chain master network belong to different block chain networks per se, data maintained by the block chain sub-network and the block chain master network are not shared, which is reflected in that sub-network nodes in the block chain sub-network and a database of master network nodes in the block chain master network respectively deployed on the same node device are isolated and cannot access each other. It should be noted that the range of the blockchain sub-network cannot exceed the range of the blockchain main network, which means that the node devices with the sub-network nodes deployed thereon must have the main network node deployed thereon.
A blockchain network to which embodiments of the present specification relate is deployed with credential issuance contracts that are specifically intended to provide trusted services for the creation, auditing and issuance of digital credentials, which are deployed as intelligent contracts by each blockchain link point in the blockchain network. In the embodiments of the present specification, the initiator of the credential issuance transaction has any nature, and may be initiated by the issuer or any auditor, or may be initiated by another third party. After the voucher issuing transaction is initiated into the blockchain network, the common identification of the blockchain network is executed by each blockchain node in the blockchain network, and the voucher issuing transaction is used for invoking a voucher issuing contract, so that each blockchain node can invoke the voucher issuing contract deployed by each node in response to the voucher issuing transaction, and one-time voucher issuing service is triggered and started.
In this embodiment of the present specification, the credential providing task specifically refers to a credential providing event generated by a credential issuance contract in response to the credential issuance transaction, and the credential providing event serving as the contract event may be monitored and acquired by a node device where each blockchain link point in a blockchain network is located, thereby implementing transparent transmission of information from the credential providing task to each node device from up to down. In order to make sure that the executing party of the credential providing task is the issuer node device where the corresponding issuer node is located, but not all other node devices that can acquire the credential providing task, the credential providing task usually carries the identification information of the issuer node, so that each node device checks whether the issuer node corresponding to the identification information is deployed locally after acquiring the credential providing task, and if the issuer node is deployed locally after checking, it can be determined that the credential providing task should be executed by itself, thereby triggering the process of invoking the locally deployed issuer-under-chain computing engine next, specifically, monitoring the credential providing event and invoking the executing subject of the issuer-under-chain computing engine as the issuer scheduling engine deployed by the issuer node device.
In this embodiment of the present specification, when called by an issuer node device, an issuer-down computing engine triggers execution of the credential providing task, obtains description information corresponding to a credential to be issued, which is selected by the issuer itself or is held by the issuer specified by the credential providing task, carries the description information in an issuer task execution result, and feeds the description information back to a credential issuance contract. Specifically, the issuer down-chain calculation engine firstly returns the description information of the to-be-issued voucher to the local issuer scheduling engine, and the issuer scheduling engine initiates a voucher providing transaction (i.e. issuer task execution result) carrying the description information of the to-be-issued voucher to the voucher issuing contract, so as to realize information feedback from down-chain to up-chain.
In one embodiment, only one issuer node held by one issuer is included in the blockchain network and specified by a credential issuance contract. In this case, the credential issuance transaction may not carry the identification information related to the issuer or the issuer node, and the credential issuance contract may directly read predefined issuer information from the credential issuance contract triggered by the invocation of the credential issuance transaction, and further determine to obtain the identification information of the issuer node held by the issuer, so as to carry the identification information of the issuer node in the generated credential provision task. In another embodiment, the blockchain network includes a plurality of issuer nodes respectively held by a plurality of issuers, in this case, it needs to be ensured that the credential providing task is finally executed only by the issuer node device where one issuer node is located, at this time, identification information related to a target issuer or a target issuer node executing the credential providing task may be carried in the credential issuing transaction, so that only the identification information of the target issuer node is carried in the credential providing task generated by the credential issuing contract in response to the credential issuing transaction, and the target issuer is specified from the plurality of issuers through the credential issuing transaction to uniquely participate in executing the credential providing task.
Similarly, the voucher issuing transaction may also carry identification information of a target voucher to be issued held by the issuer, and the description information of the voucher to be issued fed back by the issuer is specified as the description information of the target voucher to be issued. Specifically, the credential issuing contract carries identification information of the target to-be-issued credential in a credential providing task generated in response to the credential issuing transaction, and after acquiring the credential providing task, the issuer node device instructs the issuer chain lower computing engine to feed back description information of the target to-be-issued credential corresponding to the identification information held by the issuer in a process of invoking the issuer chain lower computing engine to execute the credential task.
S104: and maintaining the digital certificate corresponding to the certificate to be issued in the certificate issue contract based on the description information of the certificate to be issued held by the issuer in the issuer task execution result, and transparently transmitting a certificate audit task to auditor node equipment where auditor nodes respectively corresponding to the auditors are located, wherein the certificate audit task is used for indicating an auditor chain lower computing engine deployed by the auditor node equipment to feed back the auditor task execution result to the certificate issue contract.
The description information of the to-be-issued certificate related to the present specification may specifically include: the identity information of the issuer, the identity information of other parties (including the auditor) involved in the to-be-issued certificate, and the content information of the to-be-issued certificate (such as contract transaction information anchored by the to-be-issued certificate, the issuing amount, etc.). In summary, the description information of the to-be-issued voucher is the necessary information to be able to organize and restore into a digital voucher having the same content, effectiveness and function as the original to-be-issued voucher. After the credential providing task is fed back to the credential issuance contract, since the credential providing task designed in the embodiment of the present specification is specifically a credential providing transaction, that is, the credential providing task is initiated to the credential issuance contract in the form of the credential providing transaction, after the credential providing transaction completes consensus, each blockchain node in the blockchain network obtains the credential providing transaction, and invokes a local corresponding credential issuance contract to execute the credential providing transaction. The voucher issuing contract responds to the invocation of the voucher providing transaction, and the description information of the voucher to be issued carried by the voucher to be issued is extracted and converted into the digital voucher of the voucher to be issued to be maintained in the voucher issuing contract. It should be noted that the digital certificate is stored in the certificate issuing contract in the form of contract state, as a structure body containing multiple fields, which still has some empty values or values to be changed at the beginning of creation although part of necessary information is filled in by the description information of the certificate to be issued, and needs to be supplemented and perfected step by step in the subsequent steps. For example, the digital certificate includes an audit status field, which is used to characterize the current auditors that have audited the digital certificate and the respective audit results of the auditors that have completed the audit.
After the voucher issuing contract completes the creation of the digital voucher, the digital voucher will enter into the auditing link. Specifically, the credential auditing task according to the embodiment of the present specification is specifically a credential auditing event generated by a credential issuance contract, which is transmitted to each node device in a transparent manner by being monitored by each node device. In order to make sure that the executing party of the credential audit task is the auditor node device where the corresponding auditor node is located, but not all other node devices that can obtain the credential audit task, the credential audit task usually carries identification information of the auditor node, so that after obtaining the credential audit task, each node device checks whether the locally deployed auditor node corresponding to the identification information is deployed, and if the locally deployed auditor node is found after the checking, it can be determined that the credential audit task should be executed by itself, thereby triggering a process of calling the locally deployed auditor-chain-down calculation engine next, specifically, monitoring the credential audit event and calling the executing subject of the auditor-chain-down calculation engine as the auditor scheduling engine deployed by the auditor node device.
In this embodiment of the present specification, when called by an auditor node device, an auditor-chain lower computing engine triggers execution of the credential audit task, obtains information of at least part of the digital credentials carried by the credential audit task, and audits the obtained information of at least part of the digital credentials to obtain a corresponding audit result, where the audit result is used as an audit result generated by an auditor holding the auditor-chain lower computing engine (i.e., the auditor holding the corresponding auditor node), and the audit result is carried in an audit task execution result and fed back to a credential issue contract. Specifically, the calculation engine under the auditor chain returns the audit result generated by the corresponding auditor to the local auditor scheduling engine, and the auditor scheduling engine initiates a certificate providing transaction carrying the audit result generated by the corresponding auditor to the certificate issuing contract, so that information feedback from the chain to the chain is realized.
Optionally, the at least one auditor is statically specified by the credential issuance contract; and/or, the at least one auditor is dynamically specified by the description information of the to-be-issued certificate. In an embodiment, the at least one auditor involved in the embodiments of the present specification is specifically an auditor participating in auditing a newly created digital certificate, and the auditors may be statically specified by a certificate issuance contract, in which case, the certificate issuance contract is predefined with auditor information of the digital certificate, and further determines to obtain identification information of an auditor node held by the auditor, so as to carry the identification information of the auditor node in a generated certificate audit task. In another embodiment, the at least one auditor is dynamically specified by the description information of the to-be-issued certificate, since the auditor information is actually carried in the description information of the to-be-issued certificate provided by the issuer, the auditor of the digital certificate dynamically changes according to the difference of the to-be-issued certificate, and the certificate issuance contract responds to the issuer task execution result, not only will create the digital certificate corresponding to the to-be-issued certificate, but also will carry the identification information of the target auditor node held by the target auditor specified by the issuer in the generated certificate audit contract, so that the issuer dynamically specifies the auditor to participate in executing the certificate audit task. In yet another embodiment, the at least one auditor is specified by the credential issuance contract in conjunction with the descriptive information of the to-be-issued credential, in which case the auditor of the digital credential has at least one portion statically defined in the credential issuance contract and another portion dynamically determined by the issuer-provided descriptive information of the to-be-issued credential.
S106: updating the auditing state of the digital certificate based on the auditing result generated by the corresponding auditor and carried by the task execution result of the auditor; and when the audit state is updated to pass the audit of all auditors, the audit state is used for representing that the digital certificate is successfully issued.
In this embodiment of the present specification, after each auditor generates a corresponding audit result, each auditor independently feeds back a corresponding auditor task execution result to the credential issuance contract, where the credential issuance contract may receive multiple credential audit transactions initiated by multiple auditor node devices, and the credential issuance contract updates the audit state of the digital credential once in response to each credential audit transaction. For example, after a first voucher audit transaction (i.e., a first auditor task execution result) initiated by a first auditor node device held by a first auditor is received, the audit state of the digital voucher is updated to that the first auditor has completed audit, and the corresponding audit result is a first audit result generated by the first auditor and carried in the first voucher audit transaction.
In an embodiment of the present specification, in a case that the audit status is updated to pass the audits of all auditors corresponding to the digital voucher, the audit status is used to represent that the digital voucher is successfully issued; and in the case that the audit state indicates that the digital certificate is not audited by at least one auditor, the audit state is used for representing the digital certificate issue failure. Since the audit state is used for representing the current digital voucher is audited by which auditors and the respective audit results of the auditors which have finished auditing, when the audit state indicates that the current digital voucher has finished auditing all the auditors and the audit results generated by all the auditors are all audit passed, the digital voucher can be determined to be successfully issued, and at this time, the digital voucher maintained in the contract has the same legal utility as the corresponding voucher to be issued. An issue success event may also be generated to inform the issuer and auditor if the credential issuance contract determines that the digital credential issuance was successful.
And when the audit state indicates that the current digital voucher completes the audits of all auditors and the audit results generated by all auditors correspondingly are not all audited and passed, or when the audit state indicates that the current digital voucher does not complete the audits of all auditors but has the audit results that the audits do not pass, the digital voucher can be determined to be failed to be issued, and at this time, the digital voucher maintained in the contract does not have legal utility. And under the condition that the certificate issuing contract determines that the digital certificate fails to be issued, an issuing failure event can be generated to inform the issuer and the auditing party, and the issuer can consult with the auditing party with the auditing result of non-approval according to the failure reason carried in the issuing failure event so as to repeatedly issue after resolving divergence and perfecting materials.
Optionally, the transparently transmitting the credential audit task to the auditor node devices where the auditor nodes respectively corresponding to the auditors are located includes:
synchronously and transparently transmitting the certificate auditing task to the auditing party node equipment where the auditing party nodes respectively corresponding to the at least one auditing party are located; or, according to the audit sequence of the at least one auditor, asynchronously and transparently transmitting the certificate audit tasks to the auditor node devices where the auditor nodes corresponding to the at least one auditor are located respectively; and transmitting the certificate audit task to the auditor node equipment where the auditor node corresponding to the auditor behind the audit sequence is located, wherein the requirement for the auditor node equipment is as follows: the certificate issuing contract obtains the auditing result generated by the auditor with the prior auditing sequence.
In one embodiment, assuming that all auditors of the digital certificate include a plurality of auditors, the certificate audit task can be synchronously transmitted to the auditor node devices where the auditor nodes corresponding to all auditors are located, which means that the certificate issuing contract only generates one certificate audit task (i.e. certificate audit event), the certificate audit task contains the identification information of all the auditor nodes held by the auditor, so that each auditor node device deployed with the auditor node can execute the credential audit task at the same time under the trigger of the same credential audit task, and of course, although each auditor formally executes the same certificate audit task, because different auditors distribute different information to be audited in the certificate audit task, at least some of the information about the digital voucher that different auditors ultimately actually audit is not necessarily identical.
In another embodiment, it is assumed that all auditors of the digital voucher include a plurality of auditors, and the voucher audit tasks can be respectively and asynchronously transferred to the auditor node devices where the auditor nodes corresponding to each auditor are located according to the audit sequence of all auditors. The auditing sequence of all auditors is determined by the nature of the digital certificate, and the following rules need to be met in the asynchronous transparent transmission process: and transmitting the certificate audit task to the execution condition of the node equipment of the auditor where the auditor node corresponding to the auditor behind the audit sequence is located, wherein the execution condition is that the certificate issuing contract obtains the audit result generated by the auditor ahead of the audit sequence. Assuming that all the auditors include two auditors, namely a first auditor and a second auditor, and the auditing sequence is from first to second, namely the first auditor and the second auditor, when the auditing link of the digital certificate is started, a first certificate auditing task is generated firstly, the first certificate auditing task carries identification information of a first auditor node held by the first auditor and is used for indicating a first auditor node device where the first auditor node is located to trigger execution of the first certificate auditing task, and after the execution is completed, a first auditor task execution result of the first certificate execution task is fed back to a certificate issuing contract, and the certificate issuing contract obtains the first auditing result generated by the first auditor carried in the first auditor task execution result, and updates the auditing state based on the first auditing result. After that, according to the foregoing auditing rule, a second credential auditing task carrying identification information of a second auditing party node held by a second auditing party is further generated, so as to indicate a second auditing party node device where the second auditing party node is located to trigger execution of the second credential auditing task, and after the execution is completed, a second auditing party task execution result of the second credential execution task is fed back to a credential issuing contract, and the credential issuing contract obtains a second auditing result generated by the second auditing party carried in the second auditing party task execution result, and updates the auditing state based on the second auditing result. Since the embodiment defines the auditing sequence and divides the auditing link into multiple sections for execution, each section only uses the certificate issuing contract to obtain the auditing result generated by an auditor, so that the auditing process of the digital certificate is more in line with the practical specification, and since the auditing link can not be continued under the condition that the auditor with the prior auditing sequence can not provide the task execution result of the auditor, the overtime failure judgment can be triggered (when the corresponding auditor task execution result is not fed back after the certificate issuing contract is transmitted to the certificate auditing task for a preset time, the auditing result of the auditor is directly defaulted as the auditing failure), thereby reducing the consumption of the auditing resource by each certificate issuing service as much as possible, and simultaneously, the auditing link is segmented to facilitate the segmented update of the auditing transaction and the auditing state through a plurality of certificates, and carrying out credible endorsement and process monitoring on the auditing process of the digital certificate.
Optionally, the auditor node device that transparently transmits the credential audit task to the auditor node where the auditor node corresponding to the auditor behind the audit sequence is located further needs to satisfy: the auditing results generated by the auditor in the prior auditing sequence are all approved.
In the asynchronous transparent transmission process related to the embodiment of the present specification, the execution condition of the auditor node device where the audit task of the voucher is transmitted to the auditor node corresponding to the auditor with the latter audit sequence is that the voucher issuing contract has acquired the audit result generated by the auditor with the former audit sequence, and the audit results generated by the auditor with the former audit sequence are all audit passes. This means that the auditing link is continuously executed only when the auditing results fed back by the previous auditors are both approved, otherwise, once the voucher is found to be approved at a certain time, when the approval result generated by a certain auditor and indicating that the audit is not passed is obtained, the auditing link is also stopped, and the digital voucher is directly determined as failed to be issued. By means of the auditing link early termination mechanism of the embodiment of the specification, consumption of auditing resources by each voucher issuing service can be effectively reduced.
Optionally, the to-be-issued certificate is accounts payable, and the at least one auditor includes a platform, a collection provider, and a bank; the auditing sequence comprises the platform, the collection supplier and the bank from first to last; the platform audit result generated by the platform is generated by the platform auditing the issuer information and the issued amount of the digital certificate, the collection provider audit result generated by the collection provider is generated by the collection provider auditing the issuer information, the collection provider information, the issued amount and transaction contract information (generally, transaction information of goods or services purchased by an issuer corresponding to accounts payable) of the digital certificate, and the bank audit result generated by the bank is generated by the bank auditing the issuer information of the digital certificate. The embodiment of the present specification combines a specific application scenario, that is, an issue scenario of accounts payable of an enterprise, wherein the platform and the bank are specified by the certificate issue contract, the collection provider is specified by the description information of the certificate to be issued, the platform holds a platform auditor node in a block chain network, a platform auditor node device where the platform auditor node is located is deployed in a platform chain lower computing engine held by the platform, and the platform chain lower computing engine is used for auditing issuer information and issue amount of the digital certificate to generate a platform audit result; the payee supplier is used as an equity beneficiary of payable (payable is a certificate of issuance amount specified by the payable delivered by an issuer on a specified date and promised by the payable supplier), the payee supplier is provided with a payee supplier auditing party node in the block chain network, a payee supplier under-chain calculation engine held by the payee supplier auditing party is deployed on payee supplier auditing party node equipment where the payee supplier auditing party node is located, and the payee supplier under-chain calculation engine is used for auditing issuer information, payee supplier information, issuance amount and transaction contract information of the digital certificate to generate a payee supplier auditing result; the bank holds a bank auditor node in the block chain network, a bank auditor node device where the bank auditor node is located is deployed in a bank chain down-calculation engine held by the bank, and the bank chain down-calculation engine is used for auditing issuer information to generate a bank audit result. The auditors respectively audit information of all aspects of the digital certificate corresponding to the accounts payable at different angles and return audit results, so that effective issuing of the accounts payable digital certificate based on the block chain is supported.
In the embodiment of the present specification, on one hand, a digital certificate corresponding to a certificate to be issued held by an issuer is maintained by a certificate issuance contract deployed through a block chain network, and meanwhile, an audit state of the digital certificate is updated according to an audit result provided by the auditor, so that the whole process from creation, audit to successful issuance of the digital certificate is transparent, that is, the issuance process of the digital certificate is ensured to be trusted; on the other hand, the certificate issuing contract only serves as a task dispatching function, tasks involving data participation inside the issuer or the auditor, such as the certificate providing task and the certificate auditing task, are actually handed to the calculation engine under the chain to be executed, and data used in the execution process cannot be shared on the block chain, so that the privacy security of the issuer and the auditor is guaranteed.
Optionally, the issuer under-chain computing engine is used for interacting with an issuer system corresponding to the issuer and/or other external systems when being called; and when being called, the calculation engine under the auditor chain, which is deployed on the auditor node equipment where the auditor node corresponding to any auditor is located, is used for interacting with the first auditor system corresponding to any auditor and/or other external systems. In the embodiment of the present specification, each of the calculation engines under the chain may perform data interaction to the corresponding holder system or other external systems when performing a task, so that logic and functions related to private data may be further migrated to the corresponding holder system, and the calculation engines under the chain only undertake functions of sending a task request to the holder system and receiving a task result returned by the holder system, so that an issuer and an auditor do not need to migrate any business logic but only need to provide description information of a credential to be issued or a corresponding audit result, thereby further avoiding leakage of the private data.
Optionally, the issuer task execution result further carries an issuer digital signature corresponding to the description information of the to-be-issued certificate, and an auditor task execution result fed back by a calculation engine under an auditor chain disposed on auditor node equipment where an auditor node corresponding to any auditor is located carries an auditor digital signature corresponding to an audit result generated by any auditor; the method further comprises the following steps: determining that the description information to be issued is valid under the condition that the digital signature verification of the issuer is successful through the issuer public key corresponding to the issuer; and determining that the audit result generated by any auditor is valid under the condition that the audit digital signature corresponding to the audit result generated by any auditor is successfully checked by the public key of the auditor corresponding to the auditor. In the embodiment of the specification, the description information of the to-be-issued certificate fed back by the certificate issuing contract of the issuing party and the auditing result fed back by the auditing party in the process of issuing the contract need to be signed and bound, so that the certificate issuing contract can confirm the legality (certainly from a legal issuing party or an auditing party) and the integrity (the feedback information is not tampered) of various feedback information in an authenticating mode, and the safety and the reliability of the issuing process of the digital certificate are ensured.
Further, the method also comprises the following steps: and recording the digital signature of the issuer and/or the digital signature of the auditor corresponding to the audit result generated by any auditor in the digital certificate. In the embodiment of the present specification, an issuer digital signature provided by an issuer and/or an auditor digital signature provided by an auditor are also maintained in the digital certificate, so that after the digital certificate is successfully issued, other third parties can perform secondary audit on the validity of the digital certificate issuing process through the digital signatures. In addition, the digital certificate also maintains time information corresponding to the description information of the certificate to be issued fed back by the issuer and time information corresponding to the auditing result fed back by the auditing party, and the time information is also beneficial to the auditing parties or other third parties to carry out compliance auditing on the digital certificate.
Fig. 2 is an architecture diagram of a blockchain-based digital voucher issuance system according to an exemplary embodiment, which includes: the system comprises issuer node equipment, platform auditor node equipment, collection provider auditor node equipment and bank auditor node equipment, wherein block chain link points and corresponding under-chain calculation engines which belong to the same block chain network are respectively deployed on each node equipment, and a certificate issuing contract 201 is deployed on the block chain network;
the issuer node device 202 is deployed with an issuer node, an issuer scheduling engine, and an issuer down-chain computation engine, and is configured to, when a credential providing task that is passed through by the credential issuance contract in response to a credential issuance transaction is obtained, invoke the locally deployed issuer down-chain computation engine to return description information of accounts payable held by the issuer to the credential issuance contract based on the credential providing task, where the description information is used to instruct the credential issuance contract to maintain a digital credential corresponding to the accounts payable, and update a review state of the digital credential to be submitted;
the platform auditor node device 203 is deployed with a platform auditor node, a platform scheduling engine and a platform catenated computing engine, and is configured to, when obtaining a platform credential audit task that is passed through when the audit state is submitted, call a locally deployed platform catenated computing engine to return a platform audit result to the credential issuance contract based on the platform credential audit task, where the platform audit result is used to instruct the credential issuance contract to update the audit state;
the payee provider auditor node device 204 is deployed with a payee provider auditor node, a payee provider scheduling engine, and a payee provider under-chain computation engine, and configured to, when obtaining a payee provider credential audit task that the credential issuance contract is passed through when the audit state indicates that the platform audit is passed, invoke a locally deployed payee provider under-chain computation engine to return a payee provider audit result to the credential issuance contract based on the payee provider credential audit task, where the payee provider audit result is used to indicate the credential issuance contract to update the audit state;
the bank auditor node device 205 is deployed with a bank auditor node, a bank scheduling engine, and a bank-linked calculation engine, and is configured to, when obtaining a bank credential audit task that the credential issuance contract is passed through when the audit state indicates that the credential issuance contract passes the audit of the collection provider, call a locally-deployed bank-linked calculation engine to return a bank audit result to the credential issuance contract based on the bank credential audit task, where the bank audit result is used to indicate the credential issuance contract to update the audit state; and when the audit state is updated to pass the bank audit, the audit state is used for representing that the digital certificate is successfully issued.
Fig. 3 is a diagram of an application scenario of a digital voucher issuing system based on a blockchain according to an exemplary embodiment. Fig. 3 is an application scenario of the digital voucher issuing system shown in fig. 2, in which a structure of a blockchain main network and a blockchain sub network, and a communication connection structure between a down-link computing engine and each external engine are added. As shown in fig. 3, nodeB, nodeC, nodeD, and nodeB collectively form a blockchain main network, and a blockchain subnet established through the blockchain main network includes nodeB1 (issuer node), nodeB1 (platform auditor node), nodeB (collection provider auditor node), and nodeB1 (bank auditor node), and the blockchain subnet deploys a credential issue contract, where nodeB, nodeB1 and the issuer-chain lower computing engine are deployed in the same issuer node device, nodeB1 and the platform-chain lower computing engine are deployed in the same platform auditor node device, nodeB1 and the collection provider-chain lower computing engine are deployed in the same collection provider node auditor device, nodeB, nodeD1 and the bank-chain lower computing engine are deployed in the same bank auditor node device. Meanwhile, a network connection is established between the issuer-down calculation engine and the issuer system, for example, an HTTP (Hyper Text Transfer Protocol) connection, a network connection is established between the platform-down calculation engine and the platform system, a network connection is established between the collection provider-down calculation engine and the collection provider system, and a network connection is established between the bank-down calculation engine and the bank system.
Fig. 4 is an interaction flow diagram of a blockchain-based digital voucher issuance scheme according to an exemplary embodiment. The following describes in detail a scheme of digital voucher issuance based on block chains in this specification, taking the issuer issue of accounts payable in fig. 3 as an example. Referring to fig. 4, the block chain-based digital certificate issuing scheme according to the present disclosure may be implemented based on the cooperation between a certificate issuing contract, an issuer node device, a platform auditor node device, a collection provider auditor node device, and a bank auditor node device, where the method may include the following steps:
s401: the issuer system invokes an issuer down-chain compute engine deployed by an issuer node device to instruct the issuer down-chain compute engine to issue a credential transaction initiated by an issuer node to a credential issuance contract deployed in the blockchain subnet.
S402: the credential issuance contract generates a credential provisioning event carrying identification information of the issuer node in response to the credential issuance transaction.
S403: the issuer node equipment monitors the voucher providing event, and calls the issuer-chain lower computing engine to execute a voucher providing task corresponding to the voucher providing event under the condition that the issuer node equipment is determined to be deployed with the block chain node corresponding to the identification information of the issuer node, and the issuer-chain lower computing engine requests the issuer system to acquire the description information of the target accounts payable indicated by the voucher providing task.
S404: and after acquiring the description information of the target accounts payable, the issuer node equipment initiates a certificate supply transaction carrying the description information of the target accounts payable to the certificate issuing contract.
S405: and the voucher issuing contract responds to the voucher providing transaction, maintains a digital voucher corresponding to the target accounts payable in the voucher issuing contract according to the description information of the target accounts payable, updates the auditing state of the digital voucher to be submitted, and simultaneously generates a platform voucher auditing event carrying the identification information of the platform auditing party node, the issuer information of the digital voucher and the issuing amount.
S406: the platform auditor node equipment monitors a platform certificate audit event, and calls a platform chain lower computing engine to execute a platform certificate audit task corresponding to the platform certificate audit event under the condition that a block chain node corresponding to identification information of the platform auditor node is determined to be deployed, the platform chain lower computing engine transfers the platform certificate audit task to a platform system and requests the platform system to acquire a platform audit result corresponding to the platform certificate audit task, and the platform audit result is generated by auditing the platform system according to issuer information and issue amount of the digital certificate.
S407: and after the platform auditor node equipment acquires the platform audit result, initiating a platform certificate audit transaction carrying the platform audit result to the certificate issuing contract.
S408: and the voucher issuing contract responds to the platform voucher audit transaction, updates the audit state of the digital voucher to pass the platform audit under the condition that the current audit state is submitted and the platform audit result is approved, and simultaneously generates a voucher audit event of the collection provider, wherein the voucher audit event carries the identification information of the audit party node of the collection provider, the issuer information of the digital voucher, the information of the collection provider, the issuing amount and the transaction contract information.
S409: the method comprises the steps that a check party node device of a collection provider monitors a certificate check event of the collection provider, and calls a calculation engine under a chain of the collection provider to execute a certificate check task of the collection provider corresponding to the certificate check event of the collection provider under the condition that a block chain node corresponding to identification information of the check party node of the collection provider is determined to be deployed, the calculation engine under the chain of the collection provider transfers the check task of the collection provider to a collection provider system and requests the collection provider system to obtain a check result of the collection provider corresponding to the certificate check task of the collection provider, and the check result of the collection provider is generated by checking issuer information, collection provider information, issuing amount and transaction contract information of a digital certificate by the collection provider system.
S410: and after the check result of the collection provider is obtained by the collection provider check party node equipment, a collection provider certificate check transaction carrying the check result of the collection provider is initiated to the certificate issuing contract.
S411: and the certificate issuing contract responds to the certificate audit transaction of the collection provider, updates the audit state of the digital certificate to pass the audit of the collection provider under the condition that the current audit state is that the digital certificate passes the platform audit and the audit result of the collection provider is that the digital certificate passes the audit, and simultaneously generates a bank certificate audit event carrying the identification information of the bank audit node and the issuer information of the digital certificate.
S412: the method comprises the steps that a bank auditor node device monitors a bank certificate audit event, and calls a bank chain lower computing engine to execute a bank certificate audit task corresponding to the bank certificate audit event under the condition that a block chain node corresponding to identification information of the bank auditor node is determined to be deployed, the bank chain lower computing engine transfers the bank audit task to a bank system and requests the bank system to acquire a bank audit result corresponding to the bank certificate audit task, and the bank audit result is generated by the bank system by auditing digital certificate issuer information.
S413: and after the bank audit result is obtained by the bank audit node equipment, initiating a bank certificate audit transaction carrying the bank audit result to the certificate issuing contract.
S414: the voucher issuing contract responds to the bank voucher auditing transaction, and updates the auditing state of the digital voucher to be approved by the bank under the condition that the current auditing state is that the digital voucher passes the auditing of the collection supplier and the bank auditing result is that the auditing is passed.
FIG. 5 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 5, at the hardware level, the apparatus includes a processor 502, an internal bus 505, a network interface 506, a memory 508 and a nonvolatile memory 510, but may also include hardware required for other functions. One or more embodiments of the present description may be implemented in software, such as by processor 502 reading corresponding computer programs from non-volatile storage 510 into memory 508 and then running. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Fig. 6 is a block diagram of a block chain-based digital certificate issuing apparatus provided in the present specification according to an exemplary embodiment, which may be applied to the device shown in fig. 5 to implement the technical solution of the present specification; the device is applied to block chain link points in a block chain network, the block chain network comprises block chain link points corresponding to an issuer and at least one auditor respectively, and corresponding under-chain computing engines are also deployed on node equipment where the block chain link points corresponding to each party are respectively located; the device comprises:
a credential issuance transaction response unit 601, configured to transmit, in response to a credential issuance transaction invoking a credential issuance contract, a credential provisioning task to an issuer node device where an issuer node corresponding to the issuer is located, where the credential provisioning task is used to instruct an issuer-chain lower computing engine deployed by the issuer node device to feed back an issuer task execution result to the credential issuance contract;
a digital certificate maintenance unit 602, configured to maintain, in the certificate issuance contract, a digital certificate corresponding to the to-be-issued certificate based on description information of the to-be-issued certificate held by the issuer, which is carried in the issuer task execution result, and transparently transmit a certificate audit task to auditor node devices where auditor nodes respectively corresponding to the auditors are located, where the certificate audit task is used to instruct an auditor chain lower computing engine deployed by the auditor node devices to feed back an auditor task execution result to the certificate issuance contract;
an audit state updating unit 603, configured to update an audit state of the digital certificate based on an audit result generated by a corresponding auditor and carried by the audit task execution result; and when the audit state is updated to pass the audit of all auditors, the audit state is used for representing that the digital certificate is successfully issued.
Optionally, the digital certificate maintenance unit 602 is specifically configured to:
synchronously and transparently transmitting the certificate auditing task to the auditing party node equipment where the auditing party nodes respectively corresponding to the at least one auditing party are located; alternatively, the first and second liquid crystal display panels may be,
according to the auditing sequence of the at least one auditor, asynchronously transmitting the certificate auditing tasks to the auditor node equipment where the auditor node corresponding to the at least one auditor is located respectively; and transmitting the certificate audit task to the auditor node equipment where the auditor node corresponding to the auditor behind the audit sequence is located, wherein the requirement for the auditor node equipment is as follows: the certificate issuing contract obtains the auditing result generated by the auditor with the prior auditing sequence.
Optionally, the to-be-issued certificate is accounts payable, and the at least one auditor includes a platform, a collection provider, and a bank; the auditing sequence comprises the platform, the collection supplier and the bank from first to last; the platform audit result generated by the platform is generated by auditing the issuer information and the issued amount of the digital certificate by the platform, the collection provider audit result generated by the collection provider is generated by auditing the issuer information, the collection provider information, the issued amount and the transaction contract information of the digital certificate by the collection provider, and the bank audit result generated by the bank is generated by auditing the issuer information of the digital certificate by the bank.
Optionally, the auditor node device that transparently transmits the credential audit task to the auditor node where the auditor node corresponding to the auditor behind the audit sequence is located further needs to satisfy:
the auditing results generated by the auditor in the prior auditing sequence are all approved.
Optionally, the at least one auditor is statically specified by the credential issuance contract; and/or the presence of a gas in the gas,
the at least one auditor is dynamically specified by the descriptive information of the pending issue credential.
Optionally, the issuer under-chain computing engine is used for interacting with an issuer system corresponding to the issuer and/or other external systems when being called;
and when being called, the calculation engine under the auditor chain, which is deployed on the auditor node equipment where the auditor node corresponding to any auditor is located, is used for interacting with the first auditor system corresponding to any auditor and/or other external systems.
Optionally, the method further includes:
an issue failure determination unit 604, configured to, in a case that the audit status indicates that the audit by at least one auditor is failed, characterize the issue failure of the digital certificate.
Optionally, the issuer task execution result further carries an issuer digital signature corresponding to the description information of the to-be-issued certificate, and an auditor task execution result fed back by a calculation engine under an auditor chain disposed on auditor node equipment where an auditor node corresponding to any auditor is located carries an auditor digital signature corresponding to an audit result generated by any auditor; the method further comprises the following steps:
a first verification unit 605, configured to determine that the description information to be issued is valid when the digital signature verification of the issuer is successful through an issuer public key corresponding to the issuer;
a second verification unit 606, configured to determine that the audit result generated by any one of the auditors is valid under the condition that the audit digital signature corresponding to the audit result generated by any one of the auditors is verified successfully through the public key of the auditor corresponding to the any one of the auditors.
Optionally, the method further includes:
a signature recording unit 607, configured to record the issuer digital signature and/or the auditor digital signature corresponding to the audit result generated by any auditor in the digital certificate.
Optionally, the block chain network is a block chain sub-network managed by a block chain main network, and a main network node in the block chain main network is deployed on a node device where a sub-network node in the block chain sub-network is located.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a server system. Of course, the present invention does not exclude that with future developments in computer technology, the computer implementing the functionality of the above embodiments may be, for example, a personal computer, a laptop computer, a vehicle mounted human interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device or a combination of any of these devices.
Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in processes, methods, articles, or apparatus that include the recited elements is not excluded. For example, if the terms first, second, etc. are used to denote names, they do not denote any particular order.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
The above description is merely exemplary of one or more embodiments of the present disclosure and is not intended to limit the scope of one or more embodiments of the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.

Claims (14)

1. A blockchain-based digital voucher issuance system, comprising: the system comprises issuer node equipment, platform auditor node equipment, collection provider auditor node equipment and bank auditor node equipment, wherein block chain link points and corresponding under-chain calculation engines which belong to the same block chain network are respectively deployed on each node equipment, and a certificate issuing contract is deployed on the block chain network;
the issuer node equipment is used for calling a locally deployed issuer-under-chain calculation engine to return description information of accounts payable held by the issuer to the voucher issuing contract based on the voucher providing task under the condition that a voucher providing task which is transmitted by the voucher issuing contract in response to a voucher issuing transaction is obtained, wherein the description information is used for indicating the voucher issuing contract to maintain a digital voucher corresponding to the accounts payable, and updating the auditing state of the digital voucher to be submitted;
the platform auditor node equipment is used for calling a locally deployed platform-linked computing engine to return a platform audit result to the voucher issuing contract based on the platform voucher audit task under the condition that the voucher issuing contract is obtained as a platform voucher audit task which is transparently transmitted when the audit state is submitted, wherein the platform audit result is used for indicating the voucher issuing contract to update the audit state;
the collection provider auditor node equipment is used for calling a locally deployed collection provider under-chain computing engine to return a collection provider audit result to the certificate issue contract based on the collection provider certificate audit task under the condition that the collection provider certificate audit state indicates that the collection provider certificate audit task is transparently transmitted when the certificate issue contract passes the platform audit, wherein the collection provider audit result is used for indicating the certificate issue contract to update the audit state;
the bank auditing party node equipment is used for calling a locally deployed bank under-chain computing engine to return a bank auditing result to the certificate issuing contract based on the bank certificate auditing task under the condition that the obtained bank certificate issuing contract is subjected to the bank certificate auditing task which is transmitted when the auditing state shows that the certificate issuing contract passes the auditing of a collection provider, and the bank auditing result is used for indicating the certificate issuing contract to update the auditing state; and when the audit state is updated to pass the bank audit, the audit state is used for representing that the digital certificate is successfully issued.
2. A digital certificate issuing method based on a block chain is applied to block chain nodes in a block chain network, wherein the block chain network comprises block chain nodes corresponding to an issuer and at least one auditor respectively, and corresponding under-chain computing engines are also deployed on node equipment where the block chain nodes corresponding to each issuer are respectively located; the method comprises the following steps:
in response to a credential issuance transaction for invoking a credential issuance contract, transmitting a credential provision task to an issuer node device where an issuer node corresponding to the issuer is located, where the credential provision task is used to instruct an issuer-down computing engine deployed by the issuer node device to feed back an issuer task execution result to the credential issuance contract;
based on the description information of the to-be-issued certificate held by the issuer, which is carried in the issuer task execution result, maintaining the digital certificate corresponding to the to-be-issued certificate in the certificate issue contract, and transparently transmitting a certificate audit task to the auditor node devices where the auditor nodes respectively corresponding to the auditors are located, wherein the certificate audit task is used for indicating an auditor chain lower computing engine deployed by the auditor node devices to feed back the auditor task execution result to the certificate issue contract;
updating the auditing state of the digital certificate based on the auditing result generated by the corresponding auditor and carried by the task execution result of the auditor; and when the audit state is updated to pass the audit of all auditors, the audit state is used for representing that the digital certificate is successfully issued.
3. The method of claim 2, wherein the transparently transmitting the credential audit task to the auditor node devices where the auditor nodes respectively corresponding to the auditors are located comprises:
synchronously and transparently transmitting the certificate auditing task to the auditing party node equipment where the auditing party nodes corresponding to the at least one auditing party respectively are located; alternatively, the first and second electrodes may be,
according to the auditing sequence of the at least one auditor, asynchronously transmitting the certificate auditing tasks to the auditor node equipment where the auditor node corresponding to the at least one auditor is located respectively; and transmitting the certificate audit task to the auditor node equipment where the auditor node corresponding to the auditor with the later audit sequence is located, wherein the requirement of the auditor node equipment needs to be satisfied: the certificate issuing contract obtains the auditing result generated by the auditor with the prior auditing sequence.
4. The method of claim 3, the to-be-issued certificate being accounts payable, the at least one auditor comprising a platform, a collection provider, and a bank; the auditing sequence comprises the platform, the collection supplier and the bank from first to last; the platform audit result generated by the platform is generated by auditing the issuer information and the issued amount of the digital certificate by the platform, the collection provider audit result generated by the collection provider is generated by auditing the issuer information, the collection provider information, the issued amount and the transaction contract information of the digital certificate by the collection provider, and the bank audit result generated by the bank is generated by auditing the issuer information of the digital certificate by the bank.
5. The method according to claim 3, wherein the passing through of the credential audit task to the auditor node device where the auditor node corresponding to the auditor following the audit sequence is located further needs to satisfy:
the auditing results generated by the auditor in the prior auditing sequence are all approved.
6. The method of claim 2, the at least one auditor being statically specified by the credential issuance contract; and/or the presence of a gas in the gas,
the at least one auditor is dynamically specified by the descriptive information of the pending issue credential.
7. The method of claim 2, the publisher catenated computing engine, when invoked, to interact with the publisher system and/or other external systems to which the publisher corresponds;
and when being called, the calculation engine under the auditor chain, which is deployed on the auditor node equipment where the auditor node corresponding to any auditor is located, is used for interacting with the first auditor system corresponding to any auditor and/or other external systems.
8. The method of claim 2, further comprising:
and in the case that the audit state indicates that the digital certificate is not audited by at least one auditor, the audit state is used for representing the digital certificate issue failure.
9. The method according to claim 2, wherein the issuer task execution result further carries an issuer digital signature corresponding to the description information of the to-be-issued voucher, and an auditor task execution result fed back by a calculation engine under an auditor chain disposed on auditor node equipment where an auditor node corresponding to any auditor is located carries an auditor digital signature corresponding to an audit result generated by any auditor; the method further comprises the following steps:
determining that the description information to be issued is valid under the condition that the digital signature verification of the issuer is successful through the issuer public key corresponding to the issuer;
and determining that the audit result generated by any auditor is valid under the condition that the audit digital signature corresponding to the audit result generated by any auditor is successfully checked by the public key of the auditor corresponding to the auditor.
10. The method of claim 9, further comprising:
and recording the digital signature of the issuer and/or the digital signature of the auditor corresponding to the audit result generated by any auditor in the digital certificate.
11. The method according to claim 2, wherein the blockchain network is a blockchain sub-network managed by a blockchain main network, and the main network node in the blockchain main network is deployed on a node device where a sub-network node in the blockchain sub-network is located.
12. A digital certificate issuing device based on a block chain is applied to block chain link points in a block chain network, wherein the block chain network comprises block chain link points corresponding to an issuer and at least one auditor respectively, and corresponding under-chain computing engines are also deployed on node equipment where the block chain link points corresponding to each party are respectively located; the device comprises:
the certificate issuing transaction response unit is used for responding to a certificate issuing transaction for calling a certificate issuing contract and transmitting a certificate providing task to issuer node equipment where an issuer node corresponding to the issuer is located, wherein the certificate providing task is used for indicating an issuer chain lower computing engine deployed by the issuer node equipment to feed back an issuer task execution result to the certificate issuing contract;
the digital certificate maintenance unit is used for maintaining a digital certificate corresponding to the certificate to be issued in the certificate issuing contract based on the description information of the certificate to be issued held by the issuer carried in the issuer task execution result, and transmitting a certificate audit task to auditor node equipment where auditor nodes respectively corresponding to the auditors are located, wherein the certificate audit task is used for indicating a calculation engine under an auditor chain deployed by the auditor node equipment to issue a feedback auditor task execution result to the certificate contract;
the auditing state updating unit is used for updating the auditing state of the digital certificate based on an auditing result which is carried by the task execution result of the auditing party and is generated by a corresponding auditing party; and when the audit state is updated to pass the audit of all auditors, the audit state is used for representing that the digital certificate is successfully issued.
13. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 2-11 by executing the executable instructions.
14. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 2-11.
CN202210602388.7A 2022-05-30 2022-05-30 Block chain-based digital certificate issuing method, device and system Pending CN115018499A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210602388.7A CN115018499A (en) 2022-05-30 2022-05-30 Block chain-based digital certificate issuing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210602388.7A CN115018499A (en) 2022-05-30 2022-05-30 Block chain-based digital certificate issuing method, device and system

Publications (1)

Publication Number Publication Date
CN115018499A true CN115018499A (en) 2022-09-06

Family

ID=83070361

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210602388.7A Pending CN115018499A (en) 2022-05-30 2022-05-30 Block chain-based digital certificate issuing method, device and system

Country Status (1)

Country Link
CN (1) CN115018499A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115829561A (en) * 2022-12-23 2023-03-21 星环信息科技(上海)股份有限公司 Data product transaction method, system, computing node and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110298190A (en) * 2019-04-19 2019-10-01 矩阵元技术(深圳)有限公司 Decentralization Secure data processing method, device and storage medium
CN110472438A (en) * 2019-07-31 2019-11-19 阿里巴巴集团控股有限公司 Transaction data processing based on block chain, Transaction Inquiries method, device and equipment
CN112634040A (en) * 2020-12-25 2021-04-09 中国农业银行股份有限公司 Data processing method and device
CN113849191A (en) * 2021-11-30 2021-12-28 支付宝(杭州)信息技术有限公司 Intelligent contract deployment method, system, device and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110298190A (en) * 2019-04-19 2019-10-01 矩阵元技术(深圳)有限公司 Decentralization Secure data processing method, device and storage medium
CN110472438A (en) * 2019-07-31 2019-11-19 阿里巴巴集团控股有限公司 Transaction data processing based on block chain, Transaction Inquiries method, device and equipment
CN112634040A (en) * 2020-12-25 2021-04-09 中国农业银行股份有限公司 Data processing method and device
CN113849191A (en) * 2021-11-30 2021-12-28 支付宝(杭州)信息技术有限公司 Intelligent contract deployment method, system, device and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115829561A (en) * 2022-12-23 2023-03-21 星环信息科技(上海)股份有限公司 Data product transaction method, system, computing node and storage medium
CN115829561B (en) * 2022-12-23 2023-12-19 星环信息科技(上海)股份有限公司 Transaction method, system, computing node and storage medium for data products

Similar Documents

Publication Publication Date Title
CN111213340B (en) Selecting attestation delegation for cryptographic functions and making it secure
CN109981679B (en) Method and apparatus for performing transactions in a blockchain network
CN110442652B (en) Cross-chain data processing method and device based on block chain
US10972274B2 (en) Trusted identity solution using blockchain
CN107341702B (en) Service processing method and device
CN108346028B (en) Business approval processing method, device and system
CN111382168B (en) Node group creating method and node group-based transaction method in alliance chain network
CN109246197B (en) Data processing method and device based on intelligent contract
TW201822033A (en) Resource processing method and apparatus
CN111066047A (en) Implementing a blockchain based workflow
CN111899008B (en) Resource transfer method, device, equipment and system
CN111159304A (en) Data processing method, device, equipment and system based on block chain
CN113468602A (en) Data inspection method, device and equipment
CN111770112B (en) Information sharing method, device and equipment
CN110263580B (en) Data processing method and device based on block chain and block chain link points
US20190378069A1 (en) Maximizing retention of transaction results for blockchain block creation
US20220156725A1 (en) Cross-chain settlement mechanism
CN111985007A (en) Contract signing and executing method and device based on block chain
CN109711840B (en) Transaction data processing method and device and storage medium
CN114896639A (en) Data processing method and device, electronic equipment and storage medium
CN114971827A (en) Account checking method and device based on block chain, electronic equipment and storage medium
CN111047327A (en) Intelligent contract execution method, device and equipment
CN111260475A (en) Data processing method, block chain node point equipment and storage medium
CN115018499A (en) Block chain-based digital certificate issuing method, device and system
CN112291321B (en) Service processing method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination