CN116663024A

CN116663024A - Block chain-based transaction method, electronic equipment and storage medium

Info

Publication number: CN116663024A
Application number: CN202310524522.0A
Authority: CN
Inventors: 聂磊; 李安颖; 胡国君; 岳小鹏; 杨生辉; 张海峰
Original assignee: Shanghai Silk Road Yunke Information Co ltd
Current assignee: Shanghai Silk Road Yunke Information Co ltd
Priority date: 2023-05-10
Filing date: 2023-05-10
Publication date: 2023-08-29

Abstract

The application provides a transaction method based on a blockchain, electronic equipment and a storage medium, and relates to the technical field of computers. The method comprises the following steps: responding to the request operation of the target service, and sending a service request message to a service provider node through a service management system; receiving a target data packet returned by the service provider node according to the service request message through the service management system, so that the service management system decrypts the target data packet based on a symmetric encryption algorithm to obtain the target service, wherein the target data packet comprises: a target encryption service encrypted by a first key corresponding to a symmetric encryption algorithm is adopted; the first target operation result is obtained by operating the target service through the service management system, and the first target operation result returned by the service management system is received, so that the target service provided by the service provider node is not directly exposed to the service requester node, the confidentiality operation of the target service can be realized, and the transaction security is improved.

Description

Block chain-based transaction method, electronic equipment and storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a blockchain-based transaction method, an electronic device, and a storage medium.

Background

The blockchain is a chain composed of one block and another block, each block stores certain information, and the information is connected into a chain according to the time sequence generated by each block, and the chain is stored in all servers, so long as one server in the whole system can work, the whole blockchain is safe. These servers, referred to as nodes in the blockchain system, provide storage space and computational support for the entire blockchain system.

In the prior art, when the blockchain technology is applied to a privacy computing scene, an algorithm requester can acquire an algorithm from an algorithm provider and operate the algorithm.

It can be seen that the existing algorithm acquisition method is simpler, so that the risk of algorithm leakage often exists in the acquisition process, and the requirement of an algorithm provider for protecting own algorithm cannot be met.

Disclosure of Invention

The present application aims to solve the above-mentioned drawbacks of the prior art, and provides a blockchain-based transaction method, an electronic device, and a storage medium, which can improve the security of services.

In order to achieve the above purpose, the technical scheme adopted by the embodiment of the application is as follows:

in a first aspect, the present application provides a transaction method based on a blockchain, applied to a service requester node in a blockchain system, where the service requester node is respectively in communication connection with a service management system and a service provider node in the blockchain system, the method includes:

Responding to the request operation of the target service, and sending a service request message to the service provider node through the service management system;

receiving, by the service management system, a target data packet returned by the service provider node according to the service request message, so that the service management system decrypts the target data packet based on a symmetric encryption algorithm to obtain a target service, where the target data packet includes: a target encryption service encrypted by a first key corresponding to a symmetric encryption algorithm is adopted;

and operating the target service through the service management system to obtain a first target operation result, and receiving the first target operation result returned by the service management system.

In an alternative embodiment, the service provider node is preconfigured with a first matching relationship set based on an asymmetric encryption algorithm, where the first matching relationship includes: the target data packet further comprises a first public key and a first private key corresponding to the first public key: a first ciphertext encrypted by the first key using a first public key;

the service management system is preconfigured with the first private key, decrypts the target data packet based on a symmetric encryption algorithm to obtain a target service, and comprises the following steps:

The service management system adopts a first private key to decrypt a first ciphertext in the target data packet based on an asymmetric encryption algorithm to obtain a first key, and decrypts the target encryption service based on the symmetric encryption algorithm according to the first key to obtain the target service.

In an optional implementation manner, after the target service is executed by the service management system to obtain a first target running result and the first target running result returned by the service management system is received, the method further includes:

transmitting an operation result data packet to the service provider node through the service management system based on the asymmetric encryption algorithm, so that the service provider node performs signature verification on a target encryption operation result in the operation result data packet according to the asymmetric encryption algorithm after receiving the operation result data packet to obtain a signature verification hash value, wherein the operation result data packet comprises: a target encryption operation result signed by the hash value of the first target operation result is obtained by adopting an asymmetric encryption algorithm;

and sending the first target operation result to the service provider node so that the service provider node carries out hash calculation on the first target operation result to obtain a hash value of the first target operation result, and determining whether the operation result data packet is valid or not according to the hash value of the first target operation result and the verification hash value.

In an optional implementation manner, the service provider node is further preconfigured with a second matching relationship corresponding to at least one service identifier based on an asymmetric encryption algorithm, where the second matching relationship includes: the target data packet further comprises a second public key and a second private key corresponding to the second public key: a second ciphertext encrypted by the second private key using the first key; the operation result data packet specifically includes: a second private key is adopted to sign a target encryption operation result and a target service identifier of the hash value of the first target operation result;

after receiving the operation result data packet, the service provider node performs signature verification on a target encryption operation result in the operation result data packet according to an asymmetric encryption algorithm to obtain a signature verification hash value, and the method comprises the following steps:

and the service provider node determines a second target matching relation according to the target service identifier after receiving the operation result data packet, and performs signature verification on the target encryption operation result according to a second public key corresponding to the second target matching relation to obtain a signature verification hash value.

In an optional implementation manner, the service management system decrypts the first ciphertext in the target data packet with a first private key based on an asymmetric encryption algorithm to obtain a first key, and decrypts the target encrypted service according to the first key based on the symmetric encryption algorithm to obtain a target service, which includes:

The service management system starts a target security sandbox after receiving the target data packet, decrypts a first ciphertext in the target data packet by using a first private key through the target security sandbox to obtain a first key, and decrypts a target encryption service according to the first key to obtain a target service;

the step of operating the target service through the service management system to obtain a first target operation result includes:

and operating the target service through a target security sandbox in the service management system to obtain a first target operation result.

In an optional embodiment, after the first target operation result is obtained by operating the target service through a target security sandbox in the service management system, the method further includes:

destroying the target safe sandbox by the service management system based on preset time.

In an alternative embodiment, the method further comprises:

receiving an update notification of the service provider node for the target service;

forwarding the update notification to the service management system to enable the service management system to send a service update request message to the service provider node according to the update notification;

Receiving, by the service management system, a target update data packet returned by the service provider node according to the service update request message, where the target update data packet includes: and the target encryption updating service is encrypted by adopting the first key corresponding to the symmetric encryption algorithm.

In a second aspect, the present invention provides a transaction method based on a blockchain, applied to a service provider node in a blockchain system, where the service provider node is respectively in communication connection with a service management system and a service requester node in the blockchain system, and the method includes:

receiving a request operation of a service requester node for responding to a target service, and sending a service request message through the service management system;

and acquiring a target data packet based on the service request message and returning the target data packet to the service management system so that the service management system decrypts the target data packet based on a symmetric encryption algorithm to obtain a target service, operating the target service to obtain a first target operation result, and returning the first target operation result to the service requester node.

In a third aspect, the present invention provides an electronic device comprising: a processor, a storage medium storing machine-readable instructions executable by the processor, the processor in communication with the storage medium via a bus when the electronic device is running, the processor executing the machine-readable instructions to perform the steps of the blockchain-based transaction method as in any of the previous embodiments.

In a fourth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of a blockchain-based transaction method as in any of the previous embodiments.

The beneficial effects of the application are as follows:

the transaction method, the electronic device and the storage medium based on the blockchain provided by the embodiment of the application comprise the following steps: responding to the request operation of the target service, and sending a service request message to a service provider node through a service management system; receiving a target data packet returned by the service provider node according to the service request message through the service management system, so that the service management system decrypts the target data packet based on a symmetric encryption algorithm to obtain the target service, wherein the target data packet comprises: a target encryption service encrypted by a first key corresponding to a symmetric encryption algorithm is adopted; the first target operation result is obtained by the service management system operating the target service, and the first target operation result returned by the service management system is received.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a block chain based transaction system architecture diagram provided in an embodiment of the present application;

FIG. 2 is a flow chart of a blockchain-based transaction method according to an embodiment of the present application;

FIG. 3 is a flowchart of another blockchain-based transaction method according to an embodiment of the present application;

FIG. 4 is a flowchart of another block chain based transaction method according to an embodiment of the present application;

FIG. 5 is a flowchart of another blockchain-based transaction method according to an embodiment of the present application;

FIG. 6 is a flowchart of another blockchain-based transaction method according to an embodiment of the present application;

FIG. 7 is a schematic diagram of a functional module of a blockchain-based transaction device according to an embodiment of the present application;

Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.

Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.

For a better understanding of the present application, before describing the embodiments of the present application, related terms in the embodiments of the present application will be explained first:

symmetric encryption algorithm: the data sender processes the plaintext (original data) and the encryption key together through a special encryption algorithm to change the plaintext into a complex encrypted ciphertext to be sent out; after receiving the ciphertext, the receiver needs to decrypt the ciphertext by using the encryption key and the inverse algorithm of the same algorithm to restore the ciphertext into readable plaintext if the receiver wants to interpret the ciphertext. In the symmetric encryption algorithm, only one key is used, and both the sender and the receiver encrypt and decrypt data by using the key.

Asymmetric encryption algorithm: if the sender wants to send the encrypted information which can be interpreted only by the receiver, the sender must first know the public key of the receiver, and then encrypt the original text by using the public key of the receiver; after receiving the encrypted ciphertext, the receiver can decrypt the ciphertext by using the private key of the receiver.

Fig. 1 is a block chain-based transaction system architecture diagram according to an embodiment of the present application, where, as shown in fig. 1, the transaction system may include: the at least one service requester node 110, the at least one service provider node 120 and the service management system 130, wherein the at least one service requester node 110 and the at least one service provider node 120 may form a blockchain system, the nodes may communicate with each other via the network 140 to synchronously obtain data stored in the blockchain system, and the nodes may communicate with the service management system 130. Alternatively, each service requester node 110 and each service provider node 120 may respectively correspond to a server, and the service management system may be deployed in any electronic device such as a computer, a server, and the like, which is not limited herein.

Optionally, the service provider node may be used to provide various services, which may include, but is not limited to, an algorithm service, a billing service, etc., and in order to better understand the present application, an embodiment of the present application is illustrated by using an algorithm service as an example, and in some embodiments, the algorithm service may be specifically an air control algorithm service, a quality control algorithm service, etc., which is not limited herein.

Fig. 2 is a flow chart of a block chain-based transaction method according to an embodiment of the present application, where the method may be applied to each service requester node in the transaction system of fig. 1, as shown in fig. 1, and the method may include:

s101, responding to a request operation of a target service, and sending a service request message to a service provider node through a service management system.

The service request message may carry an identifier of the target service, and when the service requester node requests to run or execute the target service, the service requester node may generate a request operation for the target service, where the generated request operation may be sent to the service management system, and the service management system sends a corresponding service request message to the service provider node.

S102, receiving a target data packet returned by the service provider node according to the service request message through the service management system, so that the service management system decrypts the target data packet based on the symmetric encryption algorithm to obtain the target service.

Wherein the target data packet comprises: and the target encryption service encrypted by the first key corresponding to the symmetric encryption algorithm is adopted. The service provider node may store at least one encryption service, where each encryption service may be generated by encrypting its corresponding service using a different key based on a symmetric encryption algorithm. For example, the first service may be encrypted with the key a based on the symmetric encryption algorithm to obtain a first encrypted service, and the second service may be encrypted with the key B based on the symmetric encryption algorithm to obtain a second encrypted service.

Alternatively, the symmetric encryption algorithm may include, but is not limited to: DES (Data Encryption Standard), 3DES (Triple DES) and AES (Advanced Encryption Standard), and specific encryption algorithms can be flexibly selected according to actual application scenarios.

In the interaction process, after receiving the service request message, the service provider node can generate a target data packet according to the identifier of the target service carried in the service request message, and send the target data packet to the service management system, and the service management system decrypts the target data packet based on the symmetric encryption algorithm to obtain the target service requested by the service requester node.

It should be noted that, for the service management system, in order to enable the service management system to decrypt the target data packet after acquiring the target data packet, the target data packet may optionally also carry the first key together. Of course, it should be noted that the first key may be preset in the service management system, or may be sent by the service provider node through another data transmission path.

S103, a first target operation result is obtained through the operation target service of the service management system, and the first target operation result returned by the service management system is received.

Optionally, the service management system may immediately operate the target service to obtain the first target operation result after decrypting to obtain the target service, and of course, may also operate according to an operation instruction of the service request node to obtain the first target operation result, which is not limited to the operation opportunity of the target service. The first target operation result obtained by the service management system can be synchronously sent to the service requester node, so that the service requester node can know the operation result of the target service, and in the process, it can be seen that the target service provided by the service provider node cannot be directly exposed to the service requester node, thereby realizing secret operation of the target service and improving the safety of transactions. In addition, if the target service is executed based on the target data provided by the service requester node in the execution process, the target data provided by the service requester node is not directly exposed to the service provider node, so that the transaction security can be further improved.

Of course, it should be noted that if the target data support is required in the running process of the target service, optionally, the service requester node may further send the required target data to the service management system, and the service management system runs the target service based on the target data, so as to obtain the first target running result. Optionally, if the target service is a wind control algorithm service, the obtained first target operation result may indicate whether the target data meets a wind control requirement or a wind control index.

In summary, an embodiment of the present application provides a transaction method based on a blockchain, where the method may be applied to a service requester node in a blockchain system, where the service requester node is respectively communicatively connected to a service management system and a service provider node in the blockchain system, and the method includes: responding to the request operation of the target service, and sending a service request message to a service provider node through a service management system; receiving a target data packet returned by the service provider node according to the service request message through the service management system, so that the service management system decrypts the target data packet based on a symmetric encryption algorithm to obtain the target service, wherein the target data packet comprises: a target encryption service encrypted by a first key corresponding to a symmetric encryption algorithm is adopted; the first target operation result is obtained by the service management system operating the target service, and the first target operation result returned by the service management system is received.

In an alternative embodiment, the service provider node is preconfigured with a first matching relationship set based on an asymmetric encryption algorithm, the first matching relationship comprising: the first public key, the first private key corresponding to the first public key, and the target data packet further comprises: the first ciphertext encrypted by the first key using the first public key.

Alternatively, the asymmetric encryption algorithm may include, but is not limited to, the following: RSA algorithm, DSA algorithm and ECC algorithm, and specific encryption algorithm can be flexibly selected according to actual application scenes.

When the service provider node returns the target data packet to the service management system according to the service request message, considering the security of the first key, optionally, the target data packet may further include: the first ciphertext encrypted by the first public key can realize the encryption operation of the first key, thereby further improving the security of the transaction.

Based on the above, optionally, the service management system is preconfigured with a first private key, and decrypts the target data packet based on a symmetric encryption algorithm to obtain the target service, including:

the service management system adopts a first private key to decrypt a first ciphertext in the target data packet based on an asymmetric encryption algorithm to obtain a first key, and decrypts the target encryption service according to the first key based on the symmetric encryption algorithm to obtain the target service.

Based on the above embodiment, after the service management system obtains the target data packet, the service management system may decrypt the first ciphertext with the first private key to obtain the first key, and then decrypt the target encrypted service with the first key to obtain the target service. It can be seen that, in the embodiment of the application, the target service is encrypted, and in addition, the first key corresponding to the target service is encrypted, so that the transaction security can be further improved.

In some embodiments, the service requester node may also pre-configure the first private key in advance, and then the service management system may acquire and store the first private key through the service requester node.

Fig. 3 is a flowchart of another blockchain-based transaction method according to an embodiment of the present application. In an optional embodiment, in order to enable the service provider node to verify the validity of the first target operation result, optionally, a verification operation may be performed on the obtained first target operation result. As shown in fig. 3, after the service management system runs the target service to obtain the first target running result and receives the first target running result returned by the service management system, the method further includes:

S201, sending an operation result data packet to a service provider node through a service management system based on an asymmetric encryption algorithm, so that the service provider node performs signature verification on a target encryption operation result in the operation result data packet according to the asymmetric encryption algorithm after receiving the operation result data packet, and a signature verification hash value is obtained.

Wherein, the operation result data packet includes: and signing the hash value of the first target operation result by adopting an asymmetric encryption algorithm.

After the service management system executes to obtain the first target operation result, the service management system can perform signature operation on the hash value of the first target operation result based on the asymmetric encryption algorithm to obtain the target encryption operation result, generate an operation result data packet according to the target encryption operation result, and further forward the generated operation result data packet to the service provider node.

Accordingly, after receiving the operation result data packet, the service provider node may perform a signature verification operation on the operation result data packet to obtain a signature verification hash value, where if the signature verification passes, it is indicated that the first target operation result is obtained by executing the target service, and otherwise, it may be indicated that the first target operation result is not obtained by executing the target service.

Of course, it should be noted that, the content included in the operation result data packet is not limited to the above description, and may further include, according to an actual application scenario: the runtime of the target service, the hash value of the target data corresponding to the target service, and the like are not limited herein.

S202, sending a first target operation result to the service provider node so that the service provider node carries out hash calculation on the first target operation result to obtain a hash value of the first target operation result, and determining whether an operation result data packet is effective or not according to the hash value and the signature verification hash value of the first target operation result.

Alternatively, the service management system may send the first target operation result to the service provider synchronously with sending the operation result data packet to the service provider node. In some application scenarios, if the service provider node needs to verify the validity of the operation result data packet, the service provider node may perform hash calculation on the first target operation result sent by the service requester node, so as to obtain a hash value of the first target operation result, compare whether the hash value of the first target operation result is identical to the signature verification hash value obtained by the signature verification, if so, indicate that the operation result data packet sent by the service management system to the service provider node is a valid data packet, that is, in the transmission process of the operation result data packet, the service management system or other users do not perform illegal tampering on the first target operation result in the operation result data packet, if not identical, indicate that the operation result data packet is an invalid data packet, and the operation result data packet is illegally tampered.

By applying the embodiment of the application, the algorithm provider can flexibly acquire the first target operation result according to the requirement, wherein, the first target operation result can be verified whether to be obtained by executing the target service or not, and the validity of the operation result data packet can be determined.

Of course, it should be noted that the present application is not limited to the timing of the service requester node sending the first target operation result to the service provider, and alternatively, the service requester node may also send the first target operation result according to the authentication request of the service provider node.

In an alternative embodiment, the service provider node is further preconfigured with a second matching relationship corresponding to at least one service identifier based on an asymmetric encryption algorithm, where the second matching relationship includes: the second public key, the second private key corresponding to the second public key, and the target data packet further comprises: a second ciphertext encrypted by the second private key using the first key; the operation result data packet specifically includes: and signing the hash value of the first target operation result by adopting the second private key to obtain a target encryption operation result and a target service identifier.

The different service identifiers may correspond to different second public keys and second private keys, optionally, the target data packet sent by the service provider node to the service management system may further include a second ciphertext encrypted by the second private key by using the first key, after the service management system receives the second ciphertext, the service management system may decrypt the second ciphertext by using the first key to obtain the second private key, where the second private key may be used for the service management system to sign the hash value of the obtained first target operation result.

Optionally, after receiving the operation result data packet, the service provider node performs signature verification on the target encryption operation result in the operation result data packet according to an asymmetric encryption algorithm to obtain a signature verification hash value, including:

after receiving the operation result data packet, the service provider node determines a second target matching relationship according to the target service identifier, and performs signature verification on the target encryption operation result according to a second public key corresponding to the second target matching relationship to obtain a signature verification hash value.

The service provider node can determine a second target matching relationship corresponding to the target service identifier according to the target service identifier carried in the operation result data packet in the signing verification process, further determine a second public key corresponding to the target service identifier based on the second target matching relationship, and verify the target encryption operation result by adopting the second public key to obtain a signing verification hash value.

It will be appreciated that if the verification is passed, i.e. if the verification hash value is correctly obtained, it is indicated that the first target operation result is obtained by executing the target service, otherwise it may be indicated that the first target operation result is not obtained by executing the target service.

In an optional embodiment, the service management system decrypts the first ciphertext in the target data packet with the first private key based on the asymmetric encryption algorithm to obtain the first key, and decrypts the target encrypted service according to the first key based on the symmetric encryption algorithm to obtain the target service, including:

and the service management system starts the target security sandbox after receiving the target data packet, decrypts the first ciphertext in the target data packet by using the first private key through the target security sandbox to obtain a first key, and decrypts the target encryption service according to the first key to obtain the target service.

Wherein different services may correspond to starting different secure sandboxes. Optionally, the target security sandbox may be deployed as a container in the service management system and interact in an interface service manner, in some embodiments, the service management system may start the target security sandbox after acquiring the target data packet, import the target data packet into the target security sandbox through the data import interface, parse the target data packet in the target security sandbox, decrypt the first ciphertext using the first private key, thereby obtaining the first key, and decrypt the target encrypted service according to the first key to further obtain the target service.

By introducing the target security sandbox, the embodiment of the application can further reduce the risk of leakage of the target service by utilizing the security isolation capability of the target security sandbox and can improve the security of the transaction.

Accordingly, the method for obtaining the first target operation result by operating the target service through the service management system includes: and operating the target service through the target security sandbox in the service management system to obtain a first target operation result.

Based on the above description, further, the execution of the target service can be completed in the target security sandbox, so that the risk of leakage in the execution process of the target service is reduced.

In some embodiments, the first private key may also be obtained in a manner described below, wherein the blockchain system in which the at least one service requester node 110 and the at least one service provider node 120 reside may be deployed with an asymmetric key distribution smart contract, and the service management system, upon starting up the target secure sandbox after receiving the target data packet, may send a registration request to the asymmetric key distribution smart contract in the blockchain system to perform self-registration and request the key. Wherein the registration request may include: after receiving the registration request, the asymmetric key distribution intelligent contract can use the request data to create a first matching relationship between the first public key and the first private key, return the first private key to the target security sandbox, and store the first public key in a uplink manner. In some embodiments, if the target secure sandbox is destroyed, the created first matching relationship may also be set to destroy along with the target secure sandbox, and in specific implementation, the asymmetric key distribution intelligent contract may be called again when the target sandbox is destroyed, and the first public key identifier corresponding to the first private key is discarded, so as to implement the destruction operation.

Fig. 4 is a flowchart of another block chain-based transaction method according to an embodiment of the present application. In an alternative embodiment, as shown in fig. 4, after the first target operation result is obtained by the target security sandboxed operation target service in the service management system, the method further includes:

s301, destroying the target safe sandbox through the service management system based on preset time.

Optionally, in consideration of that the target security sandbox may need to frequently execute the target service within a preset period of time, in this case, in order to improve the execution efficiency of the target service, and also in order to reduce the operation pressure of the service management system, the service provider node, and the like, a preset time may be set, the service management system may perform timing after obtaining the first target operation result, if the timing time reaches the preset time, the target security sandbox may be destroyed, and otherwise, the target security sandbox may be reserved.

Of course, in some embodiments, the service management system may be set to destroy the target security sandbox immediately after returning the first target operation result, which may be flexibly set according to the actual application scenario, and is not limited herein.

Fig. 5 is a flowchart of another blockchain-based transaction method according to an embodiment of the present application. In an alternative embodiment, as shown in fig. 5, the method further includes:

s401, receiving an update notification of a service provider node for a target service.

Optionally, the update notification may carry a version identifier, an update time, etc. after the update of the target service, which is not limited herein.

In some embodiments, taking the service provider node as an example, taking the target service as the wind control algorithm service, taking the service provider node as an example, for example, the service provider node may need to repair a vulnerability in the wind control algorithm service, so as to update the version of the wind control algorithm service. Alternatively, in this scenario, the service provider node may generate a corresponding update notification based on the update operation to the target service and send the update notification to the service requester node synchronously.

And S402, forwarding the update notification to the service management system so that the service management system sends a service update request message to the service provider node according to the update notification.

After the service requester node obtains the update notification, it may further forward it to a service management system, where the service management system sends a service update request message to the service provider node according to the update notification to request to obtain the updated target service. Optionally, based on the content carried in the update notification, the service update request message may carry part or all of the content in the update notification, for example, may carry a version identifier after the update of the target service, which is not limited herein.

S403, receiving a target update data packet returned by the service provider node according to the service update request message by the service management system, wherein the target update data packet comprises: and the target encryption updating service is encrypted by adopting the first key corresponding to the symmetric encryption algorithm.

After receiving the service update request message, the service provider node may generate a target update data packet according to the service update request message and send the target update data packet to the service management system, and the service management system further operates the updated target service, and the specific operation process may refer to the relevant parts and will not be repeated herein.

It may be appreciated that the target update packet, that is, the packet after updating the target packet, may correspondingly include the target encrypted update service encrypted by using the first key.

Of course, it should be noted that the updated target service may also be encrypted with a first key different from the target service, for example, the target service may correspond to the first key A1, and the updated target service may correspond to the first key A2, which is not limited herein. Of course, in some embodiments, each time the target service is updated, the service provider node may synchronously update the second matching relationship corresponding to the target service, where the updated second matching relationship may include: the updated second public key and the second private key corresponding to the updated second public key, correspondingly, the target update data packet may further include: the updated second ciphertext may be obtained by encrypting the updated second private key with the first key, and the use of the updated second public key and the second private key may be referred to in the related description, which is not repeated herein.

Fig. 6 is a flowchart of another block chain-based transaction method according to an embodiment of the present application. In an alternative embodiment, as shown in fig. 6, the method may be applied to each service provider node in the transaction system of fig. 1, and the method may include:

s501, receiving a request operation of a service requester node for responding to a target service, and sending a service request message through a service management system.

S502, acquiring a target data packet based on the service request message and returning the target data packet to the service management system, so that the service management system decrypts the target data packet based on the symmetric encryption algorithm to obtain target service, operates the target service to obtain a first target operation result, and returns the first target operation result to the service requester node.

For the service provider node, after receiving the service request message, the service provider node may generate a target data packet according to the identifier of the target service carried in the service request message, and send the target data packet to the service management system, where the service management system decrypts the target data packet based on the symmetric encryption algorithm to obtain the target service requested by the service requester node, runs the target service to obtain a first target running result, and returns the first target running result to the service requester node.

By applying the embodiment of the application, the target service provided by the service provider node is not directly exposed to the service requester node, so that the confidentiality operation of the target service can be realized, and the transaction security is improved. In addition, if the target service is executed based on the target data provided by the service requester node in the execution process, the target data provided by the service requester node is not directly exposed to the service provider node, so that the transaction security can be further improved.

Based on the above embodiment, in combination with a specific application scenario, taking a target service as an example of a wind control algorithm service, a wind control algorithm provider node may be a service provider node, and a wind control algorithm user node may be a service requester node, so when the embodiment of the present application is applied, the wind control algorithm user node may obtain a wind control algorithm calculation result based on service risk data without exposing the wind control algorithm service to the wind control algorithm user node, and the service risk data may not be directly exposed to the wind control algorithm provider node; in addition, the wind control algorithm provider node can also obtain the wind control algorithm calculation result and verify whether the wind control algorithm calculation result is obtained through wind control algorithm service calculation provided by the wind control algorithm provider node, so that the wind control algorithm calculation result is verified.

Fig. 7 is a schematic diagram of a functional module of a transaction device based on a blockchain, where the device is applied to a service requester node in a blockchain system, where the service requester node is respectively connected with a service management system and a service provider node in the blockchain system in a communication manner, and the basic principle and the technical effects of the device are the same as those of the corresponding method embodiments described above, and for brevity, no part is mentioned in this embodiment, and reference may be made to corresponding contents in the method embodiments. As shown in fig. 7, the transaction apparatus 200 includes:

a response module 210 for transmitting a service request message to the service provider node through the service management system in response to a request operation for a target service;

the receiving module 220 receives, through the service management system, a target data packet returned by the service provider node according to the service request message, so that the service management system decrypts the target data packet based on a symmetric encryption algorithm to obtain a target service, where the target data packet includes: a target encryption service encrypted by a first key corresponding to a symmetric encryption algorithm is adopted;

and the operation module 230 is used for operating the target service through the service management system to obtain a first target operation result and receiving the first target operation result returned by the service management system.

In an optional implementation manner, the operation module 230 is further configured to send an operation result data packet to the service provider node through the service management system based on an asymmetric encryption algorithm, so that the service provider node performs signature verification on a target encryption operation result in the operation result data packet according to the asymmetric encryption algorithm after receiving the operation result data packet, to obtain a signature verification hash value, where the operation result data packet includes: a target encryption operation result signed by the hash value of the first target operation result is obtained by adopting an asymmetric encryption algorithm;

the operation module 230 is specifically configured to obtain a first target operation result by operating the target service through a target security sandbox in the service management system.

In an alternative embodiment, the operation module 230 is further configured to destroy the target security sandbox by the service management system based on a preset time.

In an alternative embodiment, the transaction device 200 further includes: an update module for receiving an update notification of the service provider node for the target service;

Optionally, the present invention further provides another transaction device based on a blockchain, the transaction device may be applied to a service provider node in a blockchain system, where the service provider node is respectively in communication with a service management system and a service requester node in the blockchain system, and the transaction device includes:

the sending module is used for receiving the request operation of the service request party node for responding to the target service and sending a service request message through the service management system;

The acquisition module is used for acquiring a target data packet based on the service request message and returning the target data packet to the service management system so that the service management system decrypts the target data packet based on a symmetric encryption algorithm to obtain a target service, operates the target service to obtain a first target operation result, and returns the first target operation result to the service requester node.

The foregoing apparatus is used for executing the method provided in the foregoing embodiment, and its implementation principle and technical effects are similar, and are not described herein again.

The above modules may be one or more integrated circuits configured to implement the above methods, for example: one or more application specific integrated circuits (Application Specific Integrated Circuit, abbreviated as ASICs), or one or more microprocessors, or one or more field programmable gate arrays (Field Programmable Gate Array, abbreviated as FPGAs), etc. For another example, when a module above is implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a central processing unit (Central Processing Unit, CPU) or other processor that may invoke the program code. For another example, the modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).

Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application, where the electronic device may be integrated in the transaction apparatus. As shown in fig. 8, the electronic device may include: processor 310, storage medium 320, and bus 330, storage medium 320 storing machine-readable instructions executable by processor 310. When the electronic device is running, processor 310 communicates with storage medium 320 via bus 330, processor 310 executes the machine-readable instructions to perform the steps of the method embodiments described above. The specific implementation manner and the technical effect are similar, and are not repeated here.

Optionally, the present application further provides a storage medium, on which a computer program is stored, which when being executed by a processor performs the steps of the above-described method embodiments. The specific implementation manner and the technical effect are similar, and are not repeated here.

In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.

The integrated units implemented in the form of software functional units described above may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (english: processor) to perform part of the steps of the methods of the embodiments of the application. And the aforementioned storage medium includes: u disk, mobile hard disk, read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), magnetic disk or optical disk, etc.

It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.

The above is only a preferred embodiment of the present application, and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. The above is only a preferred embodiment of the present application, and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims

1. A blockchain-based transaction method, applied to a service requester node in a blockchain system, the service requester node being communicatively connected with a service management system and a service provider node in the blockchain system, respectively, the method comprising:

2. The method of claim 1, wherein the service provider node is preconfigured with a first matching relationship set based on an asymmetric encryption algorithm, the first matching relationship comprising: the target data packet further comprises a first public key and a first private key corresponding to the first public key: a first ciphertext encrypted by the first key using a first public key;

3. The method of claim 1, wherein after the running the target service through the service management system to obtain a first target running result and receiving the first target running result returned by the service management system, the method further comprises:

4. A method according to claim 3, wherein the service provider node is further preconfigured with a second matching relationship corresponding to at least one service identity based on an asymmetric encryption algorithm, the second matching relationship comprising: the target data packet further comprises a second public key and a second private key corresponding to the second public key: a second ciphertext encrypted by the second private key using the first key; the operation result data packet specifically includes: a second private key is adopted to sign a target encryption operation result and a target service identifier of the hash value of the first target operation result;

5. The method of claim 2, wherein the service management system decrypts the first ciphertext in the target data packet with a first private key based on an asymmetric encryption algorithm to obtain a first key, and decrypts the target encrypted service according to the first key based on the symmetric encryption algorithm to obtain a target service, comprising:

6. The method of claim 5, wherein after the first target operation result is obtained by operating the target service through a target security sandbox in the service management system, the method further comprises:

7. The method according to any one of claims 1-6, further comprising:

8. A blockchain-based transaction method, applied to a service provider node in a blockchain system, the service provider node being communicatively connected to a service management system and a service requester node in the blockchain system, respectively, the method comprising:

9. An electronic device, comprising: a processor, a storage medium, and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor in communication with the storage medium via the bus when the electronic device is running, the processor executing the machine-readable instructions to perform the steps of the blockchain-based transaction method of any of claims 1-8.

10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the blockchain-based transaction method of any of claims 1-8.