CN115499175B - Digital product authorization method and system based on private key storage - Google Patents
Digital product authorization method and system based on private key storage Download PDFInfo
- Publication number
- CN115499175B CN115499175B CN202211054211.4A CN202211054211A CN115499175B CN 115499175 B CN115499175 B CN 115499175B CN 202211054211 A CN202211054211 A CN 202211054211A CN 115499175 B CN115499175 B CN 115499175B
- Authority
- CN
- China
- Prior art keywords
- private key
- node
- product
- buyer
- fragments
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
Abstract
The application discloses a digital product authorization method and a digital product authorization system based on private key storage, belongs to the technical field of digital products, and is used for solving the technical problems that the private key is possibly revealed and the security of the private key is low due to the fact that the existing digital product transaction adopts centralized private key storage. The method comprises the following steps: the buyer node sets the number of sales of the digital products to be sold, and randomly generates a product identifier and a key pair for each number of the digital products to be sold; the seller node averagely splits the private key in the key pair into private key fragments with preset parts; the private key fragments with the preset parts are respectively stored by the same number of private key hosting nodes; the authorization node generates product authorization information based on payment information of the buyer and sends the product authorization information to the private key escrow node; the private key hosting node sends the locally stored private key fragments to a buyer according to the product authorization information; and the buyer decrypts and splices each private key fragment by buying the family private key to obtain the complete private key.
Description
Technical Field
The application relates to the technical field of digital product transaction, in particular to a digital product authorization method and system based on private key storage.
Background
With the rapid development of blockchain technology, a number of emerging digitized products are derived, wherein a digital product is a representative one. A digital product is a product whose information content is transported in a bit stream based on a digital format exchange or over the internet. In the prior art, a digital product is combined with a blockchain technology, a seller uploads the digital product in the blockchain and encrypts the digital product, a buyer can only see the encrypted digital product, and the buyer can acquire a decryption private key of the digital product after paying the purchase expense, so that the original digital product is unlocked.
However, in the current digital product transaction, there is a method of storing a private key through centralization, and this method stores a complete private key in a private key hosting party, which may cause the private key to be stolen or revealed by the private key hosting party, so that the situation of secret key disclosure and data loss may occur, and the security of the digital product transaction process cannot be ensured.
Disclosure of Invention
The embodiment of the application provides a digital product authorization method and a digital product authorization system based on private key storage, which are used for solving the following technical problems: the existing digital product transaction adopts centralized private key storage, which may cause the leakage of the private key and has lower security.
The embodiment of the application adopts the following technical scheme:
in one aspect, an embodiment of the present application provides a digital product authorization method based on private key storage, where the method includes: the seller node sets the number of the digital products to be sold, and randomly generates a product identifier and a key pair for each number of the digital products to be sold; encrypting the digital product to be sold through the public key in the secret key pair to obtain corresponding product encrypted content; the seller node averagely splits the private key in the key pair into private key fragments with preset parts; the private key fragments with the preset parts are respectively stored by the same number of private key hosting nodes; the authorization node responds to payment operation of the buyer node on the digital product to be sold, locks one part in the remaining sold parts of the digital product to be sold as the product to be authorized, generates corresponding product authorization information and sends the corresponding product authorization information to all private key escrow nodes; wherein the product authorization information includes: a buyer wallet address, a buyer public key and a product identification of the product to be authorized; each private key escrow node encrypts the private key fragments of the product to be authorized stored locally through the buyer public key according to the received product authorization information, and sends the private key fragments to the buyer node after verification by the intelligent contract; and the buyer node decrypts each received private key fragment through buying the family private key, splices the decrypted private key fragments according to fragment serial numbers to obtain a complete private key, and further decrypts the product encrypted content of the product to be authorized through the complete private key to obtain the original digital product.
According to the embodiment of the application, the private key is split into a plurality of parts, and a plurality of private key hosting nodes exist in a scattered manner, so that a small number of private key hosting nodes can be prevented from stealing the complete private key. Compared with centralized private key storage, the risk of private key leakage and data loss is reduced.
In a possible implementation, the seller node averagely splits the private key in the key pair into a preset number of private key fragments; the private key fragments with the preset parts are respectively stored by the same number of private key hosting nodes, and specifically comprise the following steps: the seller node uploads all the encrypted contents of the products corresponding to the digital products to be sold to a blockchain for release, and randomly designates a preset number of private key escrow nodes; the seller node averagely splits the private key in the secret key pair into private key fragments with preset parts, and the private key fragments are in one-to-one correspondence with the designated private key escrow nodes; wherein the preset number is equal to the preset number of parts; the seller node encrypts the corresponding private key fragments through the public key of each designated private key escrow node, and sends the encrypted private key fragments and the corresponding fragment serial numbers to the corresponding private key escrow node; after receiving the encrypted private key fragments, the private key hosting node decrypts the private key of the hosting party by using the private key hosting node, and stores the decrypted private key fragments and the corresponding fragment serial numbers locally.
In a possible embodiment, the method further comprises: the authorization node monitors the number of times that each private key escrow node delays or leaks to send private key fragments through an intelligent contract; the private key escrow node judges that the private key fragments are delayed if the private key fragments are not sent in a pre-examination time period after receiving the product authorization information; and if the number of times that any private key escrow node delays or leaks to send the private key fragments exceeds a preset threshold value, executing a punishment mechanism on the private key escrow node.
The embodiment of the application monitors the work of the private key escrow node by recording the delayed or missed times of the private key escrow node, and ensures the speed and the integrity of the private key fragments received by the buyer through a punishment mechanism.
In a possible implementation manner, the authorizing node responds to the payment operation of the buyer node on the digital product to be sold, randomly locks one part in the remaining sales parts of the digital product to be sold as the product to be authorized, generates corresponding product authorizing information and sends the corresponding product authorizing information to all private key escrow nodes, and specifically includes: after receiving the payment message, the authorization node deducts the corresponding payment amount from the wallet address of the buyer, and detects whether the remaining selling parts of the digital product to be sold corresponding to the payment message are 0 through the intelligent contract; if the remaining sales fraction is not 0, randomly locking one of the remaining sales fractions to serve as a product to be authorized, generating product authorization information and sending the product authorization information to all private key escrow nodes; if the remaining sales number is 0, returning the payment amount to the wallet address of the buyer, and simultaneously sending a notification of insufficient supply to the buyer and the seller nodes.
In a possible implementation manner, each private key escrow node encrypts the private key fragments of the product to be authorized stored locally through the buyer public key according to the received product authorization information, and sends the private key fragments to the buyer node after verification by the intelligent contract, and specifically includes: after each private key escrow node receives the product authorization information, determining whether corresponding private key fragments are stored locally according to the product identification of the product to be authorized; if any private key escrow node determines that the private key fragments of the product to be authorized are locally stored, encrypting and sending the private key fragments through a buyer public key in the product authorization information; after determining, by the smart contract, that the private key escrow node is a private key escrow node specified by the seller node, the authorizing node generates a product key message and sends the product key message to the buyer node; wherein the product key message comprises at least any one of: the encrypted private key fragments, fragment serial numbers, product identification of the product to be authorized and the IP address of the receiver.
In a possible implementation manner, the buyer node decrypts each received piece of private key through buying the private key, and splices the decrypted piece of private key according to the piece serial number to obtain a complete private key, and further decrypts the product encrypted content of the product to be authorized through the complete private key to obtain an original digital product, which specifically includes: the buyer node verifies whether the receiver is self according to the receiver IP address in the product key message; if the receiver is determined to be self, decrypting each received private key fragment by using the buyer private key of the receiver; after decrypting the preset number of private key fragments, the buyer node splices according to the fragment serial number of each private key fragment to obtain a complete private key, and performs validity verification on the complete private key through the intelligent contract; after determining that the complete private key is a legal private key, the authorization node opens a decryption interface of the product to be authorized to the buyer node, so that the buyer node inputs the complete private key to decrypt based on the decryption interface.
In a possible implementation manner, the validity verification of the complete private key through the smart contract specifically includes: the intelligent contract matches the complete private key with a used private key catalog stored in the authorized node; if the private key which is the same as the complete private key is matched in the used private key catalog, continuing to detect whether the payment message of the buyer node is received or not; if the payment message of the buyer node is received, determining that the complete private key is a legal private key; and if the payment message of the buyer node is not received, determining that the complete private key is an illegal private key.
In a possible embodiment, the method further comprises: after each transaction is successful, the authorization node subtracts one from the remaining sales number of the digital product to be sold, records the product identifier of the sold digital product in a sold product catalog, and records the private key of the sold digital product in a used private key catalog; and if the transaction fails, the authorization node releases the locked product to be authorized and returns the deducted payment amount to the buyer wallet address.
The embodiment of the application records the used private key and the sold product identifier, performs validity verification on the private key decrypted by the buyer, avoids the step of skipping payment after someone acquires one private key, directly uses the private key to maliciously decrypt the digital product, or uses one private key to perform multiple attempts by using 30% of the repetition rate of the private key, and tries to try out the digital product with the same private key without paying. This action guarantees the benefit of the seller.
On the other hand, the embodiment of the application also provides a digital product authorization system based on private key storage, which comprises: the seller node is used for setting the selling parts of the digital products to be sold and randomly generating a product identifier and a secret key pair for each digital product to be sold; encrypting the digital product to be sold through the public key in the secret key pair to obtain corresponding product encrypted content; dividing the private key in the key pair into private key fragments with preset parts on average; the private key fragments with the preset parts are respectively stored by the same number of private key hosting nodes; an authorization node comprising an intelligent contract; the authorization node is used for responding to payment operation of the buyer node on the digital product to be sold, locking one part in the remaining sales parts of the digital product to be sold as the product to be authorized, generating corresponding product authorization information and sending the corresponding product authorization information to all private key escrow nodes; wherein the product authorization information includes: a buyer wallet address, a buyer public key and a product identification of the product to be authorized; the private key hosting node is used for encrypting the private key fragments of the product to be authorized, which are stored locally, through the buyer public key according to the received product authorization information, and transmitting the private key fragments to the buyer node after being verified by the intelligent contract; and the buyer node is used for decrypting each received private key fragment through buying the family private key, splicing the decrypted private key fragments according to fragment serial numbers to obtain a complete private key, and decrypting the product encrypted content of the product to be authorized through the complete private key to obtain an original digital product.
In a possible embodiment, the authorization node is further configured to: monitoring the number of times that each private key escrow node delays or leaks to send the private key fragments; the private key escrow node judges that the private key fragments are delayed if the private key fragments are not sent in a pre-examination time period after receiving the product authorization information; and if the number of times that any private key escrow node delays or leaks to send the private key fragments exceeds a preset threshold value, executing a punishment mechanism on the private key escrow node.
According to the digital product authorization method and system based on private key storage, the digital product of a seller can be sold offline after being online, and long-term operation of sales business is not affected. In the sales process, the private key of each part of the digital product is automatically sent by the private key hosting node in the whole process, and the private key is split into a plurality of parts and is scattered to be stored in a plurality of private key hosting nodes, so that a small number of private key hosting nodes can be prevented from stealing the complete private key. Compared with a centralized private key storage method, the method reduces the risks of private key leakage and data loss. In addition, each digital product corresponds to a secret key pair, only one person purchases each digital product, and the decryption interface can be opened only through validity verification after purchase, so that even if a user acquires a private key after purchasing the digital product, other digital products cannot be decrypted by using the private key, the fairness of transactions is protected, and the benefit of sellers is maintained.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to the drawings without inventive effort to those skilled in the art. In the drawings:
FIG. 1 is a flowchart of a digital product authorization method based on private key storage according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a digital product authorization system based on private key storage according to an embodiment of the present application.
Detailed Description
In order to make the technical solution of the present application better understood by those skilled in the art, the technical solution of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
The embodiment of the application provides a digital product authorization method based on private key storage, as shown in fig. 1, the digital product authorization method based on private key storage specifically comprises the steps of S101-S105:
s101, a seller node sets the number of sales of digital products to be sold, and randomly generates a product identifier and a secret key pair for each digital product to be sold; and encrypting the digital product to be sold through the public key in the key pair to obtain corresponding product encrypted content.
Specifically, before the seller puts on the shelf of the digital products to be sold, the seller sets a selling number of parts for each digital product to be sold in the node of the seller, and randomly generates a unique product identifier and a secret key pair for each digital product to be sold. And then encrypting the digital product to be sold through a public key in the key pair, and releasing the encrypted product content to the blockchain.
In one embodiment, if seller A wants to put on shelf two digital products to be sold, product 1 and product 2, respectively. Then, before putting on shelf, the respective selling parts are set for the product 1 and the product 2, assuming that 1000 parts are sold for the product 1 and 2000 parts are sold for the product 2, 1000 product identifications and 1000 key pairs are correspondingly generated for the product 1, and each part of the product 1 is encrypted by the respective public key, so as to obtain the encrypted content of 1000 parts of the product 1. Similarly, 2000 product identifiers and 2000 key pairs are generated for the products 2, and each product 2 is encrypted by a respective public key to obtain 2000 encrypted contents of the product 2. The encrypted content of products 1 and 2 is then distributed to the blockchain.
As a possible implementation, in the sales interface of digital products, several parts of the product encrypted content of each digital product may be displayed through the same interface or link, and the remaining sales parts of such digital products may be displayed.
S102, the seller node averagely splits the private key in the key pair into private key fragments with preset parts; the private key fragments with the preset number are respectively stored by the same number of private key hosting nodes.
Specifically, the seller node uploads all the encrypted contents of the products corresponding to the digital products to be sold to the blockchain for release, and randomly designates a preset number of private key escrow nodes in the blockchain. The seller node averagely splits the private key in the secret key pair into private key fragments with preset parts, and corresponds the private key fragments to the designated private key hosting nodes one by one, then acquires the public key of each designated private key hosting node to encrypt the corresponding private key fragments, and then sends the encrypted private key fragments and the corresponding fragment serial numbers to the corresponding private key hosting nodes.
In one embodiment, the vendor node randomly selects 8 private key escrow nodes for the product 1, then obtains public keys of the 8 private key escrow nodes, equally splits 1000 private keys corresponding to the product 1 into 8 parts, each part of private key fragments corresponds to one private key escrow node, encrypts the public key of the private key escrow node, and sends the encrypted private key fragments to the corresponding private key escrow node.
Further, after receiving the encrypted private key fragments, the private key hosting node decrypts the private key by using the private key of the hosting party, and stores the decrypted private key fragments and the corresponding fragment serial numbers locally.
As a possible implementation, the node with governance rights to the blockchain is automatically registered as a private key escrow node. The intelligent contract monitors the number of delayed or missed private key fragments per private key escrow node. If the number of delayed or missed private key fragments of any private key escrow node exceeds a preset threshold, the intelligent contract executes a punishment mechanism on the private key escrow node. And if the private key fragments are not transmitted more than five minutes after receiving the product authorization information, judging that the private key fragments are delayed.
In one embodiment, the penalty mechanism may include disqualifying the private key escrow node from escrow; or the private key escrow node is put into a blacklist, so that penalty means such as probability of the private key escrow node being selected by a seller node are reduced.
And S103, the authorization node responds to payment operation of the buyer node on the digital product to be sold, locks one part in the remaining sold parts of the digital product to be sold as the product to be authorized, generates corresponding product authorization information and sends the corresponding product authorization information to all private key escrow nodes.
Specifically, the authorization node includes an intelligent contract, and the intelligent contract is used for monitoring and verifying transaction information of the buyer node and the seller node. After receiving payment information of a certain buyer node, the authorization node firstly deducts corresponding payment amount from a wallet address of the buyer, and detects whether the remaining selling parts of the digital product to be sold corresponding to the payment information are 0 or not through an intelligent contract.
If the remaining sales number is not 0, randomly locking one of the remaining sales numbers as a product to be authorized, and generating a piece of product authorization information to be sent to all private key escrow nodes. The product authorization information comprises a wallet address of a buyer, a public key of the buyer and a product identification of a product to be authorized.
If the remaining sales fraction is 0, refund the payment amount to the wallet address of the buyer node and send a notification of insufficient source to both the buyer and seller nodes.
S104, each private key hosting node encrypts the private key fragments of the locally stored product to be authorized through the buyer public key according to the received product authorization information, and sends the private key fragments to the buyer node after verification by the authorization node.
Specifically, the private key hosting module can independently operate, and when the private key hosting module runs, product authorization information sent by the authorization nodes can be automatically received, and after receiving the information, each private key hosting node determines whether corresponding private key fragments are locally stored according to product identifiers of products to be authorized. If any private key escrow node determines that the private key fragments of the product to be authorized are stored locally, encrypting the private key fragments through the buyer public key in the product authorization information, and sending the encrypted private key fragments to the authorization node for verification.
Further, the authorization node verifies the identity of the private key escrow node sending the private key fragments through the intelligent contract, and after the authorization node determines that the private key escrow node sending the private key fragments is one of the private key escrow nodes designated by the seller node, a product secret key message is generated and sent to the buyer node; wherein the product key message comprises at least any one of: the encrypted private key fragments, fragment serial numbers, product identification of the product to be authorized and the IP address of the receiver.
S105, the buyer node decrypts each received private key fragment through the buyer private key, splices the decrypted private key fragments according to fragment serial numbers to obtain a complete private key, and further decrypts the encrypted product content of the product to be authorized through the complete private key to obtain the original digital product.
Specifically, after receiving the product key message, the buyer node verifies whether the recipient is itself according to the recipient IP address in the product key message. If the receiver is determined to be self, the buyer private key of the receiver is used for decrypting each received private key fragment. After decrypting the preset number of private key fragments, the buyer performs splicing according to the fragment serial number of each private key fragment to obtain the complete private key.
Further, the buyer automatically sends the complete private key to the authorization node for validity verification, and the specific method comprises the following steps: after receiving the complete private key, the authorization node matches the complete private key with the used private key catalogue stored in the authorization node. If the same private key as the private key is matched in the used private key catalog, continuing to detect whether the payment message of the buyer is received. If the payment message of the buyer is received, the private key is determined to be a legal private key. If the payment message of the buyer is not received, determining the private key as an illegal private key, refusing to open a decryption interface to the buyer by the intelligent contract, and informing an authorized node manager to check the identity of the buyer. This step avoids the act of someone using someone else's private key to maliciously decrypt the digital product, and can discover this act and take precautionary measures in time.
Further, after the complete private key is determined to be a legal private key, the authorization node opens a decryption interface of the product to be authorized to the buyer node, so that the buyer corresponding to the buyer node can input the complete private key to decrypt based on the decryption interface.
It should be noted that, the "legal private key" and the "illegal private key" mentioned in the present application are concepts defined by the present application, and are not meanings of "legal" and "illegal" in the conventional sense. The legal private key refers to a private key obtained after payment, and the illegal private key refers to a private key obtained without payment, and generally refers to the condition that someone steals a private key of a product purchased by another person to directly decrypt the product.
As a possible implementation, after each transaction is successful, the authorization node subtracts one from the remaining number of sales of the digital product to be sold, records the product identification of the sold digital product in the sold product catalog, and records the private key of the sold digital product in the used private key catalog. If the transaction fails, such as when the buyer cancels the order halfway, the authorization node releases the locked product to be authorized and returns the deducted payment amount to the wallet address of the buyer.
In addition, the embodiment of the application also provides a digital product authorization system based on private key storage, as shown in fig. 2, the digital product authorization system 200 based on private key storage specifically includes:
a seller node 210 for randomly generating a product identification and a key pair for each digital product to be sold; encrypting the digital product to be sold through the public key in the secret key pair to obtain corresponding product encrypted content; dividing the private key in the key pair into private key fragments with preset parts on average; the private key fragments with the preset parts are respectively stored by the same number of private key hosting nodes;
an authorizing node 220 comprising a smart contract; the authorization node is used for responding to payment operation of the buyer node on the digital product to be sold, locking one part in the remaining sales parts of the digital product to be sold as the product to be authorized, generating corresponding product authorization information and sending the corresponding product authorization information to all private key escrow nodes; wherein the product authorization information includes: a buyer wallet address, a buyer public key and a product identification of the product to be authorized;
private key escrow node 230 is configured to encrypt, according to the received product authorization information, the private key fragments of the product to be authorized, which are stored locally, by the buyer public key, and send the encrypted private key fragments to the buyer node after verification by the smart contract;
the buyer node 240 is configured to decrypt each received piece of private key through buying a family private key, splice the decrypted piece of private key according to the piece serial number to obtain a complete private key, and decrypt the encrypted product content of the product to be authorized through the complete private key to obtain an original digital product.
As a possible implementation, the authorizing node is further configured to: monitoring the number of times that each private key escrow node delays or leaks to send the private key fragments; the private key escrow node judges that the private key fragments are delayed if the private key fragments are not sent in a pre-examination time period after receiving the product authorization information; and if the number of times that any private key escrow node delays or leaks to send the private key fragments exceeds a preset threshold value, executing a punishment mechanism on the private key escrow node.
The embodiments of the present application are described in a progressive manner, and the same and similar parts of the embodiments are all referred to each other, and each embodiment is mainly described in the differences from the other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing describes certain embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the embodiments of the application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiments of the present application should be included in the scope of the claims of the present application.
Claims (5)
1. A digital product authorization method based on private key storage, the method comprising:
the seller node sets the number of the digital products to be sold, and randomly generates a product identifier and a key pair for each number of the digital products to be sold; encrypting the digital product to be sold through the public key in the secret key pair to obtain corresponding product encrypted content;
the seller node averagely splits the private key in the key pair into private key fragments with preset parts; the private key fragments with the preset parts are respectively stored by the same number of private key hosting nodes, and specifically comprise the following steps:
the seller node uploads all the encrypted contents of the products corresponding to the digital products to be sold to a blockchain for release, and randomly designates a preset number of private key escrow nodes;
the seller node averagely splits the private key in the secret key pair into private key fragments with preset parts, and the private key fragments are in one-to-one correspondence with the designated private key escrow nodes; wherein the preset number is equal to the preset number of parts;
the seller node encrypts the corresponding private key fragments through the public key of each designated private key escrow node, and sends the encrypted private key fragments and the corresponding fragment serial numbers to the corresponding private key escrow node;
after receiving the encrypted private key fragments, the private key escrow node decrypts the private key by using the private key of the escrow party, and stores the decrypted private key fragments and the corresponding fragment serial numbers locally;
the authorization node responds to payment operation of the buyer node on the digital product to be sold, locks one part in the remaining sold parts of the digital product to be sold as the product to be authorized, generates corresponding product authorization information and sends the corresponding product authorization information to all private key escrow nodes; wherein the product authorization information includes: a buyer wallet address, a buyer public key and a product identification of the product to be authorized;
each private key escrow node encrypts the private key fragments of the product to be authorized stored locally through the buyer public key according to the received product authorization information, and sends the private key fragments to the buyer node after verification by the authorization node, wherein the private key escrow node specifically comprises the following steps:
after each private key escrow node receives the product authorization information, determining whether corresponding private key fragments are stored locally according to the product identification of the product to be authorized;
if any private key escrow node determines that the private key fragments of the product to be authorized are locally stored, encrypting the private key fragments through a buyer public key in the product authorization information, and sending the encrypted private key fragments to an authorization node for verification;
after the authorization node determines that the private key escrow node is the private key escrow node designated by the seller node, generating a product key message and sending the product key message to the buyer node; wherein the product key message comprises at least any one of: the encrypted private key fragments, fragment serial numbers, product identifiers of products to be authorized and the IP addresses of receivers;
the buyer node decrypts each received private key fragment by buying the family private key, and splices the decrypted private key fragments according to fragment serial numbers to obtain a complete private key, and further decrypts the product encrypted content of the product to be authorized by the complete private key to obtain an original digital product, and the method specifically comprises the following steps:
the buyer node verifies whether the receiver is self according to the receiver IP address in the product key message;
if the receiver is determined to be self, decrypting each received private key fragment by using the buyer private key of the receiver;
after decrypting the preset number of private key fragments, the buyer node splices according to the fragment serial number of each private key fragment to obtain a complete private key, and performs validity verification on the complete private key through the authorization node;
after determining that the complete private key is a legal private key, the authorization node opens a decryption interface of the product to be authorized to the buyer node so that the buyer node can input the complete private key to decrypt based on the decryption interface;
after each transaction is successful, the authorization node subtracts one from the remaining sales number of the digital product to be sold, records the product identifier of the sold digital product in a sold product catalog, and records the private key of the sold digital product in a used private key catalog; if the transaction fails, the authorization node releases the locked product to be authorized and returns the deducted payment amount to the buyer wallet address;
the authorization node is used for verifying the validity of the complete private key, and the method specifically comprises the following steps:
the authorization node matches the complete private key with a used private key catalog stored in the authorization node; if the private key which is the same as the complete private key is matched in the used private key catalog, continuing to detect whether the payment message of the buyer node is received or not; if the payment message of the buyer node is received, determining that the complete private key is a legal private key; and if the payment message of the buyer node is not received, determining that the complete private key is an illegal private key.
2. The digital product authorization method based on private key storage of claim 1, further comprising:
the authorization node monitors the number of times that each private key escrow node delays or leaks to send out private key fragments; the private key escrow node judges that the private key fragments are delayed if the private key fragments are not sent in a pre-examination time period after receiving the product authorization information;
and if the number of times that any private key escrow node delays or leaks to send the private key fragments exceeds a preset threshold value, executing a punishment mechanism on the private key escrow node.
3. The digital product authorization method based on private key storage according to claim 1, wherein the authorization node, in response to a payment operation of a buyer node on the digital product to be sold, randomly locks a share as a product to be authorized in the remaining sales shares of the digital product to be sold, and generates corresponding product authorization information to be sent to all private key escrow nodes, specifically comprising:
after receiving the payment message, the authorization node deducts the corresponding payment amount from the wallet address of the buyer and detects whether the remaining selling parts of the digital product to be sold corresponding to the payment message are 0;
if the remaining sales fraction is not 0, randomly locking one of the remaining sales fractions to serve as a product to be authorized, generating product authorization information and sending the product authorization information to all private key escrow nodes;
if the remaining sales number is 0, returning the payment amount to the wallet address of the buyer, and simultaneously sending a notification of insufficient supply to the buyer and the seller nodes.
4. A digital product authorization system based on private key storage, the system comprising:
the seller node is used for setting the selling parts of the digital products to be sold and randomly generating a product identifier and a secret key pair for each digital product to be sold; encrypting the digital product to be sold through the public key in the secret key pair to obtain corresponding product encrypted content; dividing the private key in the key pair into private key fragments with preset parts on average; the private key fragments with the preset parts are respectively stored by the same number of private key hosting nodes, and specifically comprise the following steps:
the seller node uploads all the encrypted contents of the products corresponding to the digital products to be sold to a blockchain for release, and randomly designates a preset number of private key escrow nodes;
the seller node averagely splits the private key in the secret key pair into private key fragments with preset parts, and the private key fragments are in one-to-one correspondence with the designated private key escrow nodes; wherein the preset number is equal to the preset number of parts;
the seller node encrypts the corresponding private key fragments through the public key of each designated private key escrow node, and sends the encrypted private key fragments and the corresponding fragment serial numbers to the corresponding private key escrow node;
after receiving the encrypted private key fragments, the private key escrow node decrypts the private key by using the private key of the escrow party, and stores the decrypted private key fragments and the corresponding fragment serial numbers locally;
an authorization node comprising an intelligent contract; the authorization node is used for responding to payment operation of the buyer node on the digital product to be sold, locking one part in the remaining sales parts of the digital product to be sold as the product to be authorized, generating corresponding product authorization information and sending the corresponding product authorization information to all private key escrow nodes; wherein the product authorization information includes: a buyer wallet address, a buyer public key and a product identification of the product to be authorized;
the private key escrow node is used for encrypting the private key fragments of the product to be authorized stored locally through the buyer public key according to the received product authorization information, and transmitting the private key fragments to the buyer node after being verified by the intelligent contract, and specifically comprises the following steps:
after each private key escrow node receives the product authorization information, determining whether corresponding private key fragments are stored locally according to the product identification of the product to be authorized;
if any private key escrow node determines that the private key fragments of the product to be authorized are locally stored, encrypting the private key fragments through a buyer public key in the product authorization information, and sending the encrypted private key fragments to an authorization node for verification;
after the authorization node determines that the private key escrow node is the private key escrow node designated by the seller node, generating a product key message and sending the product key message to the buyer node; wherein the product key message comprises at least any one of: the encrypted private key fragments, fragment serial numbers, product identifiers of products to be authorized and the IP addresses of receivers;
the buyer node is configured to decrypt each received private key fragment by buying a family private key, splice the decrypted private key fragments according to fragment serial numbers to obtain a complete private key, and decrypt the product encrypted content of the product to be authorized by using the complete private key to obtain an original digital product, and specifically includes:
the buyer node verifies whether the receiver is self according to the receiver IP address in the product key message;
if the receiver is determined to be self, decrypting each received private key fragment by using the buyer private key of the receiver;
after decrypting the preset number of private key fragments, the buyer node splices according to the fragment serial number of each private key fragment to obtain a complete private key, and performs validity verification on the complete private key through the authorization node;
after determining that the complete private key is a legal private key, the authorization node opens a decryption interface of the product to be authorized to the buyer node so that the buyer node can input the complete private key to decrypt based on the decryption interface;
after each transaction is successful, the authorization node subtracts one from the remaining sales number of the digital product to be sold, records the product identifier of the sold digital product in a sold product catalog, and records the private key of the sold digital product in a used private key catalog; if the transaction fails, the authorization node releases the locked product to be authorized and returns the deducted payment amount to the buyer wallet address;
the authorization node is used for verifying the validity of the complete private key, and the method specifically comprises the following steps:
the authorization node matches the complete private key with a used private key catalog stored in the authorization node; if the private key which is the same as the complete private key is matched in the used private key catalog, continuing to detect whether the payment message of the buyer node is received or not; if the payment message of the buyer node is received, determining that the complete private key is a legal private key; and if the payment message of the buyer node is not received, determining that the complete private key is an illegal private key.
5. A digital product authorization system based on private key storage as recited in claim 4, wherein,
the authorizing node is further configured to: monitoring the number of times that each private key escrow node delays or leaks to send the private key fragments;
the private key escrow node judges that the private key fragments are delayed if the private key fragments are not sent in a pre-examination time period after receiving the product authorization information; and if the number of times that any private key escrow node delays or leaks to send the private key fragments exceeds a preset threshold value, executing a punishment mechanism on the private key escrow node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211054211.4A CN115499175B (en) | 2022-08-31 | 2022-08-31 | Digital product authorization method and system based on private key storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211054211.4A CN115499175B (en) | 2022-08-31 | 2022-08-31 | Digital product authorization method and system based on private key storage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115499175A CN115499175A (en) | 2022-12-20 |
| CN115499175B true CN115499175B (en) | 2023-08-15 |
Family
ID=84465960
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211054211.4A Active CN115499175B (en) | 2022-08-31 | 2022-08-31 | Digital product authorization method and system based on private key storage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115499175B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106961336A (en) * | 2017-04-18 | 2017-07-18 | 北京百旺信安科技有限公司 | A kind of key components trustship method and system based on SM2 algorithms |
| CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| CN109462588A (en) * | 2018-11-13 | 2019-03-12 | 上海物融智能科技有限公司 | A kind of decentralization data trade method and system based on block chain |
| WO2020063357A1 (en) * | 2018-09-29 | 2020-04-02 | 杭州复杂美科技有限公司 | Digital asset custody method and apparatus, and storage medium |
| CN112017045A (en) * | 2020-08-18 | 2020-12-01 | 无锡井通网络科技有限公司 | Digital asset off-site transaction system and method based on block chain |
| CN112784306A (en) * | 2021-02-01 | 2021-05-11 | 杭州链网科技有限公司 | Cross-chain escrow method and system based on key fragmentation and multi-signature |
| JP2021145355A (en) * | 2015-02-09 | 2021-09-24 | ティーゼロ・アイピー,エルエルシー | Crypto integration platform |
| CN113837875A (en) * | 2020-06-22 | 2021-12-24 | 京东方科技集团股份有限公司 | Transaction method, node and medium based on block chain network |
| CN114547636A (en) * | 2020-11-11 | 2022-05-27 | 德国邮政股份公司 | Distributed account book system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109697365B (en) * | 2018-12-20 | 2023-04-07 | 深圳市元征科技股份有限公司 | Information processing method, block chain node and electronic equipment |
| US11494763B2 (en) * | 2019-08-19 | 2022-11-08 | Anchor Labs, Inc. | Cryptoasset custodial system with custom logic |
-
2022
- 2022-08-31 CN CN202211054211.4A patent/CN115499175B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2021145355A (en) * | 2015-02-09 | 2021-09-24 | ティーゼロ・アイピー,エルエルシー | Crypto integration platform |
| CN106961336A (en) * | 2017-04-18 | 2017-07-18 | 北京百旺信安科技有限公司 | A kind of key components trustship method and system based on SM2 algorithms |
| CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| WO2020063357A1 (en) * | 2018-09-29 | 2020-04-02 | 杭州复杂美科技有限公司 | Digital asset custody method and apparatus, and storage medium |
| CN109462588A (en) * | 2018-11-13 | 2019-03-12 | 上海物融智能科技有限公司 | A kind of decentralization data trade method and system based on block chain |
| CN113837875A (en) * | 2020-06-22 | 2021-12-24 | 京东方科技集团股份有限公司 | Transaction method, node and medium based on block chain network |
| CN112017045A (en) * | 2020-08-18 | 2020-12-01 | 无锡井通网络科技有限公司 | Digital asset off-site transaction system and method based on block chain |
| CN114547636A (en) * | 2020-11-11 | 2022-05-27 | 德国邮政股份公司 | Distributed account book system |
| CN112784306A (en) * | 2021-02-01 | 2021-05-11 | 杭州链网科技有限公司 | Cross-chain escrow method and system based on key fragmentation and multi-signature |
Non-Patent Citations (1)
| Title |
|---|
| 基于区块链的数据管理方案;周艺华;李洪明;;信息安全研究(第01期) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115499175A (en) | 2022-12-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1942430B1 (en) | Token Passing Technique for Media Playback Devices | |
| US7725404B2 (en) | Secure electronic commerce using mutating identifiers | |
| CA2808369C (en) | System for protecting an encrypted information unit | |
| US6915434B1 (en) | Electronic data storage apparatus with key management function and electronic data storage method | |
| CN109034793A (en) | Digital cash method of commerce and digital cash wallet hardware based on block chain | |
| US11831753B2 (en) | Secure distributed key management system | |
| KR20060111387A (en) | Deliver-upon-request secure electronic message system | |
| GB2382425A (en) | Anonymous transactions based on distributed processing | |
| US9967091B2 (en) | Method for enhancing security in distributed systems | |
| JP2007282295A (en) | Cryptographic system and method with key escrow feature | |
| JP2009526321A (en) | System for executing a transaction in a point-of-sale information management terminal using a changing identifier | |
| JPH10508438A (en) | System and method for key escrow and data escrow encryption | |
| JP2006514490A (en) | Content distribution system and method between a plurality of parties having a rights management function | |
| US7370199B2 (en) | System and method for n-way authentication in a network | |
| CN109145641B (en) | Privacy information protection method and system | |
| CN102957708A (en) | Application encrypting and decrypting method, server and terminal | |
| CN115499175B (en) | Digital product authorization method and system based on private key storage | |
| KR20200091112A (en) | Method for sharing information using blockchain technology | |
| CN113269641A (en) | Transaction management method, device and system | |
| Gaber et al. | A novel approach to allow multiple resales of DRM-protected contents | |
| CN115170132B (en) | Payment method suitable for high-speed post network member system | |
| KR101789562B1 (en) | Mobile payment method and system | |
| CN109104393A (en) | A kind of identity authentication method, device and system | |
| CN116488855A (en) | Lightweight weight determining system and method based on chained memory structure encryption technology | |
| Gajmal et al. | A Survey on Access Controls in Cloud Computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |