CN115037478A

CN115037478A - File signing method and device based on block chain

Info

Publication number: CN115037478A
Application number: CN202210635208.5A
Authority: CN
Inventors: 祝贵可
Original assignee: Zhejiang eCommerce Bank Co Ltd
Current assignee: Zhejiang eCommerce Bank Co Ltd
Priority date: 2022-06-07
Filing date: 2022-06-07
Publication date: 2022-09-09

Abstract

An embodiment of the present specification provides a block chain-based file subscription method and an apparatus, where the block chain-based file subscription method includes: the method comprises the steps of obtaining a file to be signed, obtaining a target digital certificate from a corresponding certificate issuing mechanism, obtaining first check information of the file to be signed from a block chain, checking the file to be signed based on the first check information, signing the file to be signed based on the target digital certificate under the condition that the check is successful, obtaining the target signing file, determining second check information of the target signing file, and sending the second check information to the block chain for storage. And by setting the verification information and storing the verification information into the blockchain, the verification information cannot be easily tampered, and the consistency and the safety of the generated target signing file are ensured.

Description

File signing method and device based on block chain

Technical Field

The embodiment of the specification relates to the technical field of online contract generation, in particular to a block chain-based file signing method.

Background

With the development of internet technology, and in consideration of environmental protection and convenience, more and more document signing operations are performed on line.

At present, in the online subscription, a plurality of subscribers receive a generated file to be signed, and after performing subscription operation in sequence according to the file to be signed, a target subscription file is obtained.

However, for such a subscription scheme, the subscription process between a plurality of subscribers is isolated, that is, the signed file obtained by the previous subscriber may be tampered when being transferred to the next subscriber, and the generated target subscription file does not have consistency and security. Therefore, a file subscription method that can ensure the consistency and security of the target subscription file is needed.

Disclosure of Invention

In view of this, embodiments of the present specification provide a file subscription method based on a block chain. One or more embodiments of the present disclosure also relate to a block chain-based file signing apparatus, a computing device, a computer-readable storage medium, and a computer program, so as to solve technical deficiencies in the prior art.

According to a first aspect of embodiments of the present specification, there is provided a block chain-based file subscription method, including:

acquiring a file to be signed and acquiring a target digital certificate from a corresponding certificate authority;

acquiring first verification information of a file to be signed from a block chain, and verifying the file to be signed based on the first verification information;

under the condition of successful verification, signing the file to be signed based on the target digital certificate to obtain a target signing file;

and determining second check-up information of the target signing file, and sending the second check-up information to the block chain storage.

According to a second aspect of embodiments herein, there is provided a block chain-based file signing apparatus, including:

the acquisition module is configured to acquire a file to be signed and acquire a target digital certificate from a corresponding certificate authority;

the checking module is configured to acquire first checking information of the file to be signed from the block chain and check the file to be signed based on the first checking information;

the signing module is configured to sign a signature for the file to be signed based on the target digital certificate under the condition of successful verification to obtain a target signing file;

and the storage module is configured to determine second check-up information of the target subscription file and send the second check-up information to the block chain storage.

According to a third aspect of embodiments herein, there is provided a computing device comprising:

a memory and a processor;

the memory is used for storing computer-executable instructions, and the processor is used for executing the computer-executable instructions, and the computer-executable instructions are executed by the processor to realize the steps of the file signing method based on the block chain.

According to a fourth aspect of embodiments herein, there is provided a computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the steps of the above block chain-based file subscription method.

According to a fifth aspect of embodiments herein, there is provided a computer program, wherein the computer program, when executed in a computer, causes the computer to perform the steps of the above block chain based file signing method.

In an embodiment of the present specification, a file to be signed is acquired, a target digital certificate is acquired from a corresponding certificate authority, first verification information of the file to be signed is acquired from a blockchain, the file to be signed is verified based on the first verification information, if the verification is successful, the file to be signed is signed based on the target digital certificate, the target signed file is acquired, second verification information of the target signed file is determined, and the second verification information is sent to the blockchain for storage. And by setting the verification information and storing the verification information into the blockchain, the verification information cannot be easily tampered, and the consistency and the safety of the generated target signing file are ensured.

Drawings

Fig. 1 is a schematic structural diagram of a file signing system of a block chain-based file signing method according to an embodiment of the present specification;

fig. 2 is a flowchart of a block chain-based file subscription method according to an embodiment of the present specification;

fig. 3 is a flowchart illustrating a processing procedure of a block chain-based file signing method applied to multi-party contract file signing according to an embodiment of the present specification;

fig. 4 is a schematic structural diagram of a block chain-based file signing apparatus according to an embodiment of the present specification;

fig. 5 is a block diagram of a computing device according to an embodiment of the present disclosure.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be implemented in many ways other than those specifically set forth herein, and those skilled in the art will appreciate that the present description is susceptible to similar generalizations without departing from the scope of the description, and thus is not limited to the specific implementations disclosed below.

The terminology used in the description of one or the embodiments is for the purpose of describing particular embodiments only and is not intended to be limiting of one or the embodiments. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any and all possible combinations of one or more of the listed items.

It will be understood that, although the terms first, second, etc. may be used herein to describe various information in one or more embodiments of the present specification, such information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first can be termed a second and, similarly, a second can be termed a first without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

First, the noun terms referred to in one or embodiments of the present specification are explained.

Digital Certificate (CA), authentication Authority: the digital certificate is a digital certificate which marks the identity information of each communication party in internet communication and can be used by a user to identify the identity of the other party in the internet communication. The digital certificate guarantees the integrity and the safety of information and data and the like which are communicated in internet communication by a user in an encrypted or decrypted form.

Block chains: the data storage system comprises a plurality of servers, wherein each server stores data of all servers on a block chain network, each server can be regarded as a node, and the data storage system can ensure that any node needs to change data and correspondingly modifies the data stored in all the nodes, so that the data is not easy to tamper and has the characteristics of reality and reliability.

Public key: in the asymmetric encryption and decryption method, one of the encryption and decryption keys is a public key facing the outside, and data encrypted by the public key must be decrypted by the private key or data encrypted by the private key must be decrypted by the public key.

Private key: the private key is a key which is open to a user, and data encrypted by the public key must be decrypted by the private key, or data encrypted by the private key must be decrypted by the public key.

Hash (Hash) operation: the operation method is to generate a code called an information digest from text information by using a hash function, and to generate an encryption key and a decryption key. Common hash operations include: MD5 operation, MD6 operation, MD5 operation, SHA1 operation, CRC32 budget, and the like.

ASCII operation: it is a standard single byte character coding and decoding method.

Unicode operation: a variable length character encoding and decoding method. The method comprises the following steps: UTF-8 operation, UTF-16 operation, and UTF-32 operation.

In the present specification, a block chain based file signing method is provided, and the present specification relates to a block chain based file signing apparatus, a computing device, and a computer readable storage medium, which are described in detail in the following embodiments one by one.

Referring to fig. 1, fig. 1 is a schematic structural diagram illustrating a file signing system of a block chain-based file signing method according to an embodiment of the present disclosure.

The file signing system comprises a plurality of signing nodes, and each signing node is a terminal or a server which can transmit, process and store signing file data on a block chain network. The plurality of signing nodes are connected in sequence to transmit data of the signing file and the file to be signed, and after the plurality of signing nodes respectively sign the file to be signed, check information of the signing file needs to be sent to a block chain formed by the plurality of signing nodes for storage. According to the file signing system, the verification information is stored in each signing node, so that decentralization of file data transmission and storage is realized, the consistency of signing file data is ensured, and meanwhile, the signing file data is safer and more reliable due to the characteristic of difficult tampering.

As shown in fig. 1, an initial node acquires an initial to-be-signed file, signs the initial to-be-signed file to obtain a first signed file, generates first check information, sends the first check information to a block chain for storage, and transmits the first signed file to a next signed node, that is, a first node. On the first node, the first node acquires a digital certificate A generated by a certificate authority A, the first node performs verification based on first verification information, performs signing based on the digital certificate A and a first signing file under the condition that the verification is met, obtains a second signing file, generates second verification information, sends the second verification information to a block chain for storage, and transmits the second signing file to the next signing node, namely the second node. And on the second node, the second node acquires the digital certificate B generated by the certificate authority B, verifies the second node based on the second verification information, signs a contract based on the digital certificate B and the second signing file under the condition of meeting the verification to obtain a third signing file, generates third verification information, sends the third verification information to the block chain for storage, and transmits the third signing file to the next signing node, namely the third node. And on the third node, the third node acquires the digital certificate C generated by the certificate issuing organization C, verifies the third node based on third verification information, signs a contract based on the digital certificate C and the third signing file under the condition of meeting the verification to obtain a target signing file, generates target verification information, and sends the target verification information to the block chain for storage.

A specific block chain-based file subscription method will be described in detail in the following embodiments.

Referring to fig. 2, fig. 2 is a flowchart illustrating a block chain-based file subscription method according to an embodiment of the present specification, where the method is applied to a subscription node in a block chain network, and specifically includes the following steps.

Step 202: and acquiring a file to be signed, and acquiring a target digital certificate from a corresponding certificate authority.

The contracted node is a terminal or a server in the block chain network, which can perform data transmission, processing and storage, and correspondingly, the contracted node may be considered to represent an individual or a mechanism corresponding to the terminal or the server.

The file to be signed is a file that the current signing node needs to sign, for example, the file to be signed may be an electronic contract, an electronic notice, an electronic bulletin, and the like.

The certificate authority is a certification management center of a digital certificate of a third party, receives a certification request of an organization or a person, generates a corresponding digital certificate, and then issues the digital certificate to the organization or the person sending the certification request. The target digital certificate is a digital certificate which is issued to a corresponding organization or a user by a certificate issuing organization after the certification request of the organization or the individual is received.

The method for generating the file to be signed may be the file to be signed generated by the system for generating the file to be signed, or the file to be signed after the real file to be signed is identified by the character identification system. The system for generating the file to be signed may be a system that may automatically generate the file to be signed by using a pre-trained neural network model according to information of a signatory, that is, information on a signing node. The character recognition system may be configured to perform character recognition on an image of a real document to be signed by using a pre-trained character recognition model to obtain the document to be signed. And is not limited herein.

Specifically, a file to be signed sent by a generator of the file to be signed is obtained, and a target digital certificate is obtained from a corresponding certificate authority, wherein the file to be signed is a file on which a current signing node needs to sign.

Illustratively, the current node is a terminal used by the user U1, the generator of the file to be signed is a server of the organization C2, and obtains the target digital certificate a from the corresponding certificate authority a, and the user U1 obtains the file to be signed D1 sent by the server of the organization 1 through the terminal, and the user a needs the file to be signed D1 to sign.

The method lays a foundation for verifying the file to be signed, and provides an information foundation for subsequent signing by acquiring the target digital certificate from the corresponding certificate authority.

Step 204: and acquiring first verification information of the file to be signed from the block chain, and verifying the file to be signed based on the first verification information.

The first check information is check information for checking whether the signing node is qualified for signing the file to be signed, and the first check information is coding information generated by coding the file to be signed in advance. The encoding of the file to be signed may be hash operation according to file information of the file to be signed, ASCII operation or Unicode operation according to the file to be signed, or encoding by using a pre-trained encoding model according to file characteristics of the file to be signed. The file information of the file to be signed may be one or more of generator information of the file to be signed, subscriber information of the file to be signed, a file name of the file to be signed, a storage address of the file to be signed, and a keyword of the file to be signed.

And acquiring first check information of the file to be signed from the block chain, specifically acquiring the first check information of the file to be signed from the block chain according to the file information of the file to be signed.

And verifying the file to be signed based on the first verification information, specifically, coding the file to be signed, generating first verification information, comparing the first verification information with the first verification information, and determining whether the file to be signed is changed and whether the signing node is qualified to sign the file to be signed.

Specifically, first check information of a file to be signed is obtained from a block chain, the file to be signed is encoded to generate first check information, the first check information and the first check information are compared to determine whether the file to be signed is changed or not and whether a signing node is qualified to sign the file to be signed or not, wherein the first check information is encoding information generated by encoding the file to be signed in advance.

Illustratively, first verification information 9175cfa of the file to be signed D1 is obtained from the blockchain, MD5 encoding is performed on the file to be signed, first verification information 9175cfa is generated, the first verification information 9175cfa and the first verification information 9175cfa are compared, it is determined that the file to be signed D1 is not changed, and the signing node user U1 is qualified to sign the file to be signed D1.

By acquiring the first check information of the file to be signed and checking the file to be signed based on the first check information, the security of signing at a signing node of the file to be signed is ensured, and meanwhile, the consistency of the file to be signed is ensured.

Step 206: and under the condition of successful verification, signing the file to be signed based on the target digital certificate to obtain the target signing file.

And if the verification of the file to be signed is successful, namely that the file to be signed is determined not to be changed, and the signing node is qualified to sign the file to be signed.

The target digital certificate is provided with node information corresponding to the signing node, and the node information has fairness and adaptability, namely the node information is sent by a certificate authority of a third party and is generated for the signing node. The target digital certificate can be coded by a character string, a two-dimensional code and a communication verification code. When the identity authentication is carried out on the signing node which is currently signed by the target digital certificate, the signing can be carried out on the file to be signed directly according to the node information used for the identity authentication.

Specifically, based on the node information of the target digital certificate, the signing node is verified, and a target signing file is obtained by signing the file to be signed by using the target digital certificate.

Illustratively, the node information of the target digital certificate a is a string code HF03_6234, the signing node user U1 is verified based on the string code 6234, and the signing file D1 is signed based on the string code HF03, so as to obtain a target signing file D2.

And under the condition of successful verification, signing is carried out on the file to be signed based on the target digital certificate, the signing safety is further ensured, and the signing efficiency can be improved by signing the file to be signed by using the target digital certificate.

Step 208: and determining second check-up information of the target signing file, and sending the second check-up information to the block chain storage.

And the second check information of the target subscription file is check information for checking whether other subscription nodes are qualified to further subscribe the target subscription file, and the second check information is coding information generated by coding the target subscription file. The encoding of the target contract file may be hash operation performed according to file information of the target contract file, ASCII operation or Unicode operation performed according to the target contract file, or encoding using a pre-trained encoding model according to file characteristics of the target contract file. The file information of the target contracted file can be one or more of generator information of the target contracted file, contracting party information of the target contracted file, a file name of the target contracted file, a storage address of the target contracted file and keywords of the target contracted file.

Specifically, the target subscription file is encoded to obtain second check-up information of the target subscription file, and the second check-up information is sent to the block chain for storage.

Illustratively, the destination subscription file D2 is MD5 encoded to obtain the second check-up information 9196cfa of the destination subscription file D2, and the second check-up information 9196cfa is sent to the blockchain storage.

In this embodiment of the present specification, a file to be signed is acquired, a target digital certificate is acquired from a corresponding certificate authority, first verification information of the file to be signed is acquired from a block chain, the file to be signed is verified based on the first verification information, if the verification is successful, the file to be signed is signed based on the target digital certificate, a target signed file is acquired, second verification information of the target signed file is determined, and the second verification information is sent to the block chain for storage. And by setting the verification information and storing the verification information into the blockchain, the verification information cannot be easily tampered, and the consistency and the safety of the generated target signing file are ensured.

Optionally, before step 208, the following specific steps are further included:

and backing up the target signing backup file to obtain a target signing backup file, and sending the target signing backup file to a block chain for storage.

And backing up the target signing file to obtain a target signing backup file, and storing the target signing backup file on the block chain, namely storing the target signing backup file in each signing node on the block chain network, so that the target signing files of all the signing nodes can be obtained on any signing node in the follow-up process. For example, if the target subscription file is wrong or changed, the target subscription backup subscription file can be obtained for restoration, and the consistency of the target subscription file is further ensured.

Optionally, step 202 includes the following specific steps:

and receiving a file to be signed sent by a previous signing node, wherein the previous signing node is a signing node which completes the signing of the file last, and the file to be signed is a file of which the signing node on the target signing file completes the signing.

In this embodiment of the present specification, the block link network includes multiple signing nodes, the multiple signing nodes may not be connected in a fixed sequence, and the multiple signing nodes may also be connected in sequence to perform data transmission between a target signing file and a file to be signed.

The previous signing node may be a signing node which is not connected in a fixed sequence, and preferentially acquires a file to be signed and signs, or may be a previous signing node of a current signing node which is connected in sequence. After the previous signing node finishes signing and generates the target signing file of the previous signing node, the target signing file is sent to the current signing node to be used as the file to be signed on the current signing node, and the previous signing node is the generator of the file to be signed.

Illustratively, the blockchain network includes two contracting node users, U1 and U2, connected in chronological order by two contracting node users, U1 and U2. The user U1 is the previous signing node, the user U2 is the current signing node, and the previous signing node U1 obtains the target signing file D1 of the previous signing node after completing signing, that is, the file to be signed D1 of the current signing node, and the current signing node user U2 receives the file to be signed D1.

By receiving the file to be signed sent by the previous signing node, an information basis is provided for the subsequent signing of the current node. Therefore, the block chain network sequentially connecting the plurality of signing nodes realizes multi-party signing to obtain a final target signing file, the final target signing file can record signing operations of the plurality of signing nodes, and the signing efficiency of multi-party signing is improved.

Optionally, the block chain-based file subscription method further includes the following specific steps:

acquiring a time stamp of each signing node for completing signing;

determining the signing sequence of each signing node according to each timestamp;

and sequentially acquiring backtracking information corresponding to each signing node according to a signing sequence, wherein the backtracking information comprises a file to be signed, verification information and a target signing file.

The time stamp of the completion of the subscription of each subscription node may be recorded in the target subscription file of each subscription node, or may be recorded in a pre-constructed subscription completion time record table, which is not limited herein.

The signing sequence is a time stamp for completing signing according to each signing node, and the ordering sequence of each signing node recorded by each signing node is corresponding to the sequence of each time stamp.

The specific way of sequentially acquiring the backtracking information corresponding to each signing node according to the signing sequence is to determine the check information of each signing node in the reverse order of the signing sequence according to the signing sequence, and sequentially acquire the backtracking information corresponding to each signing node according to the check information of each signing node.

Specifically, a timestamp of completion of signing by each signing node is obtained, a signing sequence of each signing node is determined according to each timestamp, check information of each signing node in an opposite sequence of the signing sequence is determined according to the signing sequence, and a file to be signed and a target signing file corresponding to each signing node are sequentially obtained according to the check information of each signing node.

Illustratively, three signing nodes, organization C1, organization C2, and organization C3, each signing node completes a subscription with a timestamp of 2020-5-119: 00: 00 (mechanism C1), 2020-5-119: 01: 40 (mechanism C2), 2020-5-119: 01: 20 (institution C3), and the contracting order is C1-C3-C2. Determining the check information in the reverse order of the subscription order: the verification information of the organization C2, the verification information of the organization C3 and the verification information of the organization C1 sequentially determine files to be signed and target signed files of the organization C2, the organization C3 and the organization C1.

The time stamps of signing completion of each signing node are obtained, the signing sequence of each signing node is determined according to each time stamp, the backtracking information corresponding to each signing node is obtained in sequence according to the signing sequence, the whole signing process can be backtracked, the integrity of the whole signing process is guaranteed, when a problem occurs in signing, the problem can be clearly backtracked and inquired on which signing node, and the accuracy and consistency of a target signing file of each signing node are guaranteed.

Optionally, the verifying the file to be signed based on the first verification information in step 204 includes the following specific steps:

carrying out Hash operation on the file information of the file to be signed to obtain a second Hash value of the file to be signed;

and verifying the file to be signed based on the first hash value and the second hash value.

The first check information is a first hash value obtained by performing hash operation on file information of a file to be signed by a previous signing node.

The file information of the file to be signed may represent file characteristics of the file to be signed, and may be one or more of generator information of the file to be signed, subscriber information of the file to be signed, a file name of the file to be signed, a storage address of the file to be signed, and a keyword of the file to be signed.

And verifying the file to be signed based on the first hash value and the second hash value, specifically determining that the file to be signed passes the verification if the first hash value is consistent with the second hash value, and determining that the file to be signed does not pass the verification if the first hash value is inconsistent with the second hash value.

Specifically, performing hash operation on file information of the file to be signed to obtain a second hash value of the file to be signed, determining that the file to be signed passes verification if the first hash value is consistent with the second hash value, and determining that the file to be signed does not pass verification if the first hash value is inconsistent with the second hash value.

Exemplarily, the first hash value 43f68667 of the file to be signed D1 is a value obtained by performing hash operation on a keyword of the file to be signed D1 by a previous signing node (mechanism C1), the keyword of the file to be signed D1 is obtained by performing hash operation on the keyword of the current signing node, the second hash value 43f68667 of the file to be signed D1 is obtained, the first hash value 43f68667 is consistent with the second hash value 43f68667, and it is determined that the file to be signed D1 passes verification.

And performing hash operation on the file information of the file to be signed to obtain a second hash value of the file to be signed, and verifying the file to be signed based on the first hash value and the second hash value. The hash value is used for verifying the files to be signed, so that the verification accuracy and the verification efficiency are improved, and the safety and the consistency of the target signed files are ensured.

Optionally, the obtaining the first verification information of the file to be signed from the block chain in step 204 includes the following specific steps:

determining a storage address corresponding to a file to be signed;

and acquiring first check information of the file to be signed from the block chain according to the storage address.

The file to be signed may be stored in the local storage of the signing node, or may be stored in the remote storage. And determining a storage address corresponding to the file to be signed according to the file information of the file to be signed. The file information of the file to be signed may be one or more of generator information of the file to be signed, subscriber information of the file to be signed, a file name of the file to be signed, a storage address of the file to be signed, and a keyword of the file to be signed.

Each signing node in the block chain stores first verification information of a file to be signed, so that the first verification information of the file to be signed is obtained from any signing node in the block chain.

Specifically, a storage address corresponding to the file to be signed is determined, and first check information of the file to be signed is obtained from any signing node in the block chain according to the storage address.

Exemplarily, a memory address 0x40008000 corresponding to the file D1 to be signed is determined, and the first verification information 9175cfa of the file D1 to be signed is obtained from any signing node in the blockchain according to the memory address 0x 40008000.

Determining a storage address corresponding to the file to be signed, and acquiring first verification information of the file to be signed from the block chain according to the storage address. The first check information of the file to be signed can be acquired according to the storage address, so that the accuracy of the acquired first check information is ensured, and the safety and reliability of subsequent signing are further ensured.

Optionally, step 208 includes the following specific steps:

determining second check-up information of the target subscription file, and sending the second check-up information to the blockchain storage, including:

carrying out hash operation on the file information of the target signed file to obtain a second hash value of the target signed file;

and sending the second hash value to the block chain storage.

The file information of the target contracted file is information which can represent the file characteristics of the target contracted file, and can be one or more of generator information of the target contracted file, contractor information of the target contracted file, a file name of the target contracted file, a storage address of the target contracted file, and a keyword of the target contracted file.

And sending the second hash value to the block chain for storage, specifically, sending the second hash value to the block chain, and storing the second hash value to any signing node on the block chain.

Specifically, hash operation is performed on file information of the target signed file to obtain a second hash value of the target signed file, and the second hash value is sent to the block chain and stored on any signed node on the block chain.

Exemplarily, a hash operation is performed on the file name of the target subscription file D2 to obtain a second hash value 43f63a60 of the target subscription file D2, and the second hash value 43f63a60 is sent to the block chain and stored on any subscription node on the block chain.

And carrying out Hash operation on the file information of the target signed file to obtain a second Hash value of the target signed file, and sending the second Hash value to a block chain for storage. And the second hash value of the target signed file is sent to the block chain for storage, so that the verification accuracy and the verification efficiency are improved, and the safety and the consistency of the target signed file are ensured in the subsequent verification of the target signed file.

Optionally, the signing is performed on the file to be signed based on the target digital certificate in step 206, and the obtaining of the target signed file includes the following specific steps:

carrying out digital signature on a file to be signed by using a target private key to obtain a digital signature file;

verifying the digital signature file by using the target public key;

and in the case of successful verification, determining the digital signature file as a target contract file.

The target digital certificate is a digital certificate generated by using an asymmetric encryption and decryption method in use, and comprises a target public key and a target private key, wherein the target public key is a key which is open towards the outside, namely the target public key can be checked by any signing node on the block chain network and is a key which is consistent with all signing nodes on the block chain network, and the target private key is a key which is only open to the signing node corresponding to the target digital certificate, namely the target private key cannot be checked by other signing nodes on the block chain network and is a unique key corresponding to the signing node.

The method comprises the steps of utilizing the characteristic that a target private key corresponds to a signing node to digitally sign a file to be signed to obtain a digital signature file, utilizing the characteristic that a target public key is consistent with all signing nodes to verify the digital signature file, verifying that the digital signature file is not changed, and ensuring the safety and the consistency of the obtained target signing file.

Illustratively, the target private key HF09 is used to digitally sign the file to be signed D1 to obtain a digitally signed file D1 ', the target public key 07G6 is used to verify the digitally signed file D1 ', and if the verification is successful, the digitally signed file D1 ' is determined as the target signed file D2.

And carrying out digital signature on the file to be signed by using the target private key to obtain a digital signature file, verifying the digital signature file by using the target public key, and determining the digital signature file as the target signing file under the condition of successful verification. The target private key is used for carrying out digital signature, the signing efficiency of the file to be signed is improved, the digital signature file is verified according to the target public key to obtain the target signing file, and the safety and consistency of the target signing file are guaranteed.

Optionally, the step 202 of obtaining the target digital certificate from the corresponding certificate authority includes the following specific steps:

sending an authentication request to a certificate authority corresponding to a target signatory, wherein the authentication request carries signatory information of the target signatory, and the target signatory is a signatory logging in a signatory node;

and receiving a target digital certificate fed back by the certificate authority, wherein the target digital certificate is generated by the certificate authority based on the information of the signing party.

The target signatory is a person or a mechanism for logging in the signing node, and the target signatory and the corresponding certificate issuing mechanism establish a corresponding relationship in advance. For an individual, when a subscription needs to be performed on a file to be signed, a certification request may be sent to the certificate authority to obtain the target digital certificate, or a certification request may be sent to the certificate authority in advance to obtain the target digital certificate. For an organization, generally, a certification request is sent to a certificate authority in advance to acquire a target digital certificate.

The subscriber information of the target subscriber is identity information used for indicating the identity of the target subscriber and/or context information of a subscription scenario. For example, a tenant and a tenant need to sign a tenant contract, the tenant sends an authentication request to a certificate authority of a third party having a corresponding relationship with the tenant, the authentication request carries identity information of the tenant and scenario information of a tenant scene, the tenant sends an authentication request to the certificate authority of the third party having a corresponding relationship with the tenant, and the authentication request carries the identity information of the tenant and the scenario information of the tenant scene.

Specifically, a certificate authority C corresponding to a target subscriber (user U3) sends a certificate Request Cert _ Request, where the certificate Request includes identity information of the target subscriber and/or context information of a signing context, and receives a target digital certificate fed back by the certificate authority.

Illustratively, the target subscriber is a user U3, a certification Request Cert _ Request is sent to a certificate authority C corresponding to the user U3, wherein the certification Request Cert _ Request includes an identity information number XXXX of the user U3 and scene information (transaction scene) of a signing scene, and a target digital certificate C fed back by the certificate authority C is received, wherein the target digital certificate C is generated based on the identity information number XXXX and the scene information of the transaction scene.

And receiving a certification request carrying the information of the signatory party and generating a target digital certificate based on the information of the signatory party, which is fed back by the certificate authority, by sending the certification request carrying the information of the signatory party to the certificate authority corresponding to the target signatory party. The target digital certificate has the correspondence to the target signing party, and the security of the target digital certificate is ensured, namely the security of a target signing file obtained by signing based on the target digital certificate is ensured.

The following describes, with reference to fig. 3, a block chain-based file subscription method provided in this specification in an application of the block chain-based file subscription method in a multi-party contract file subscription scenario as an example. Fig. 3 is a flowchart illustrating a processing procedure of a block chain-based file subscription method applied to multi-party contract file subscription, which is provided in an embodiment of the present specification, and specifically includes the following steps.

Step 302: acquiring a contract file to be signed generated by a contract generator;

the blockchain includes a plurality of sign-up nodes, each sign-up node including a signatory that logs into the sign-up node.

Step 304: the method comprises the steps that a first signing node sends a certification request to a first certificate authority corresponding to a first signing party, wherein the first signing party is a person or a mechanism logging in the first signing node;

step 306: receiving a first target digital certificate fed back by a first certificate authority, wherein the first target digital certificate comprises a public key and a first private key;

step 308: acquiring a first hash value of a contract file to be signed from a blockchain, wherein the first hash value is generated in advance based on the file content of the contract file to be signed;

step 310: the first signing node generates a second hash value based on the file content of the contract file to be signed;

step 312: comparing the first hash value with the second hash value;

step 314: if the two are consistent, the first signing node carries out digital signature on the contract file to be signed by using the first private key to obtain a first digital signature file;

step 316: the first signing node verifies the first digital signature file by using the public key;

step 318: under the condition that the verification is successful, determining a first digital signature file as a first target contract file;

step 320: the first signing node generates a third hash value based on the file content of the first target contract file and sends the third hash value to the block chain for storage;

step 322: and repeating the step 304 to the step 320 until all the signing nodes in the block chain complete signing to obtain the target contract file.

In the embodiment of the specification, the certification request is sent to the certificate issuing mechanism corresponding to the signing party, and the target digital certificate is generated based on the signing party information fed back by the certificate issuing mechanism, so that the signing operation has higher adaptability and reliability, and meanwhile, the security of the digital certificate is ensured, namely, the security of the target contract file obtained based on signing by the digital certificate is ensured, the target private key is used for carrying out digital signature, the signing efficiency of the file to be signed is improved, the digital signature file is verified according to the target public key, the target contract file is obtained, the security and the consistency of the target contract file are ensured, the hash value is used for comparison, the verification accuracy and the verification efficiency are improved, and the security and the consistency of the target contract file are ensured. By utilizing the characteristic that the block chain is difficult to change data on the block chain, the stored hash value cannot be easily tampered, namely the subscription on each subscription node is subjected to safety verification, and the consistency and the safety of the generated target contract file are ensured.

Corresponding to the above method embodiment, this specification further provides an embodiment of a block chain-based file signing apparatus, and fig. 4 shows a schematic structural diagram of a block chain-based file signing apparatus provided in an embodiment of this specification. As shown in fig. 4, the apparatus includes:

an obtaining module 402, configured to obtain a file to be signed, and obtain a target digital certificate from a corresponding certificate authority;

the verification module 404 is configured to acquire first verification information of the file to be signed from the blockchain, and verify the file to be signed based on the first verification information;

the signing module 406 is configured to sign a contract for the file to be signed based on the target digital certificate to obtain a target signing file under the condition that the verification is successful;

the storage module 408 is configured to determine second check-up information of the target subscription file, and send the second check-up information to the blockchain storage.

Optionally, the obtaining module 402 may be further configured to:

and receiving a file to be signed sent by a previous signing node, wherein the previous signing node is the signing node which completes the signing of the file, and the file to be signed is the file which has completed the signing by the previous signing node.

Optionally, the apparatus further comprises:

the backtracking module is configured to acquire timestamps of signing completion of each signing node, determine a signing sequence of each signing node according to each timestamp, and sequentially acquire backtracking information corresponding to each signing node according to the signing sequence, wherein the backtracking information comprises a file to be signed, verification information and a target signing file.

Optionally, the verification module 404 may be further configured to:

and carrying out Hash operation on the file information of the file to be signed to obtain a second Hash value of the file to be signed, and verifying the file to be signed based on the first Hash value and the second Hash value.

Optionally, the storage module 408 may be further configured to:

and carrying out Hash operation on the file information of the target signed file to obtain a second Hash value of the target signed file, and sending the second Hash value to a block chain for storage.

Optionally, the subscription module 406 may be further configured to:

and carrying out digital signature on the file to be signed by using the target private key to obtain a digital signature file, verifying the digital signature file by using the target public key, and determining the digital signature file as the target signing file under the condition of successful verification.

Optionally, the obtaining module 402 may be further configured to:

and sending a certification request to a certificate authority corresponding to the target subscriber, wherein the certification request carries the subscriber information of the target subscriber, the target subscriber is a subscriber who logs in a signing node, and a target digital certificate fed back by the certificate authority is received, wherein the target digital certificate is generated by the certificate authority based on the subscriber information.

The foregoing is a schematic solution of a block chain-based file signing apparatus according to this embodiment. It should be noted that the technical solution of the file subscription apparatus based on the block chain belongs to the same concept as the technical solution of the file subscription method based on the block chain, and details of the technical solution of the file subscription apparatus based on the block chain, which are not described in detail, can be referred to the description of the technical solution of the file subscription method based on the block chain.

FIG. 5 illustrates a block diagram of a computing device, according to one embodiment of the present description. The components of the computing device 500 include, but are not limited to, a memory 510 and a processor 520. Processor 520 is coupled to memory 510 via bus 530, and database 550 is used to store data.

Computing device 500 also includes access device 540, access device 540 enabling computing device 500 to communicate via one or more networks 560. Examples of such networks include a Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. The Access device 540 may include any type of Network Interface, wired or Wireless, for example, one or more of a Network Interface Card (NIC), such as an IEEE802.11 Wireless Local Area Network (WLAN) Wireless Interface, a worldwide Interoperability for Microwave Access (Wi-MAX) Interface, an ethernet Interface, a Universal Serial Bus (USB) Interface, a cellular Network Interface, a bluetooth Interface, a Near Field Communication (NFC) Interface, and so on.

In one embodiment of the present description, the above-described components of computing device 500, as well as other components not shown in FIG. 5, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device architecture shown in FIG. 5 is for purposes of example only and is not limiting as to the scope of the present description. Those skilled in the art may add or replace other components as desired.

Computing device 500 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smartphone), wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 500 may also be a mobile or stationary server.

Wherein the processor 520 is configured to execute computer-executable instructions, which when executed by the processor, implement the steps of the above block chain-based file subscription method.

The above is an illustrative scheme of a computing device of the present embodiment. It should be noted that the technical solution of the computing device and the technical solution of the above block chain-based file subscription method belong to the same concept, and details that are not described in detail in the technical solution of the computing device can be referred to the description of the technical solution of the above block chain-based file subscription method.

An embodiment of the present specification further provides a computer-readable storage medium, which stores computer-executable instructions, and when the computer-executable instructions are executed by a processor, the steps of the above-mentioned block chain-based file subscription method are implemented.

The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium and the technical solution of the above block chain-based file subscription method belong to the same concept, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the above block chain-based file subscription method.

An embodiment of the present specification further provides a computer program, where the computer program is executed in a computer, and causes the computer to execute the steps of the above file signing method based on a block chain.

The above is an illustrative scheme of a computer program of the present embodiment. It should be noted that the technical solution of the computer program and the technical solution of the above block chain based file subscription method belong to the same concept, and details that are not described in detail in the technical solution of the computer program can be referred to the description of the technical solution of the above block chain based file subscription method.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U.S. disk, removable hard disk, magnetic diskette, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signal, telecommunications signal, and software distribution medium, etc.

It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts, but those skilled in the art should understand that the present embodiment is not limited by the described acts, because some steps may be performed in other sequences or simultaneously according to the present embodiment. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for an embodiment of the specification.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the teaching of the embodiments of the present disclosure. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the embodiments. The specification is limited only by the claims and their full scope and equivalents.

Claims

1. A file signing method based on block chain is applied to signing nodes in a block chain network; the method comprises the following steps:

acquiring first verification information of the file to be signed from a block chain, and verifying the file to be signed based on the first verification information;

under the condition of successful verification, signing the file to be signed based on the target digital certificate to obtain a target signed file;

2. The method of claim 1, wherein the obtaining a file to be signed comprises:

and receiving a file to be signed sent by a previous signing node, wherein the previous signing node is a signing node which completes the signing of the file last, and the file to be signed is a file which has completed the signing of the previous signing node.

3. The method of claim 1 or 2, further comprising:

acquiring a time stamp of each signing node for completing signing;

and sequentially acquiring backtracking information corresponding to each signing node according to the signing sequence, wherein the backtracking information comprises a file to be signed, verification information and a target signing file.

4. The method according to claim 2, wherein the first check information is a first hash value obtained by performing a hash operation on the file information of the file to be signed by the previous signing node;

the verifying the file to be signed based on the first verification information comprises:

5. The method according to any one of claims 1, 2, and 4, wherein the obtaining the first check information of the file to be signed from the blockchain includes:

determining a storage address corresponding to the file to be signed;

and acquiring first check information of the file to be signed from a block chain according to the storage address.

6. The method of any of claims 1, 2, and 4, wherein determining second parity information for the target subscription file and sending the second parity information to the blockchain storage comprises:

performing hash operation on the file information of the target signed file to obtain a second hash value of the target signed file;

sending the second hash value to the blockchain storage.

7. The method of claim 1, the target digital certificate comprising a target public key and a target private key;

the signing is carried out on the file to be signed based on the target digital certificate to obtain a target signing file, and the signing method comprises the following steps:

carrying out digital signature on the file to be signed by using the target private key to obtain a digital signature file;

verifying the digital signature file by using the target public key;

and in case of successful verification, determining the digital signature file as a target signing file.

8. The method of claim 1 or 7, the obtaining a target digital certificate from a corresponding certificate authority, comprising:

sending an authentication request to a certificate authority corresponding to a target subscriber, wherein the authentication request carries subscriber information of the target subscriber, and the target subscriber is a subscriber logging in the signing node;

and receiving a target digital certificate fed back by the certificate authority, wherein the target digital certificate is generated by the certificate authority based on the contractor information.

9. A block chain-based file signing apparatus, comprising:

the checking module is configured to acquire first checking information of the file to be signed from a block chain and check the file to be signed based on the first checking information;

the signing module is configured to sign the file to be signed based on the target digital certificate under the condition of successful verification to obtain a target signing file;

a storage module configured to determine second check-up information of the target subscription file and send the second check-up information to the block chain storage.

10. A computing device, comprising:

a memory and a processor;

the memory is configured to store computer-executable instructions, and the processor is configured to execute the computer-executable instructions, which when executed by the processor, implement the steps of the blockchain-based file subscription method of any one of claims 1 to 8.

11. A computer readable storage medium storing computer executable instructions which, when executed by a processor, perform the steps of the blockchain-based file subscription method of any one of claims 1 to 8.