CN117035890B - Transaction security method, device, system, medium and equipment of electronic invoice - Google Patents
Transaction security method, device, system, medium and equipment of electronic invoice Download PDFInfo
- Publication number
- CN117035890B CN117035890B CN202311296390.7A CN202311296390A CN117035890B CN 117035890 B CN117035890 B CN 117035890B CN 202311296390 A CN202311296390 A CN 202311296390A CN 117035890 B CN117035890 B CN 117035890B
- Authority
- CN
- China
- Prior art keywords
- invoice
- signature
- transaction
- electronic
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000012795 verification Methods 0.000 claims abstract description 41
- 230000008569 process Effects 0.000 claims description 29
- 230000015654 memory Effects 0.000 claims description 17
- 238000012545 processing Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 230000007246 mechanism Effects 0.000 description 7
- 238000007726 management method Methods 0.000 description 6
- 230000002441 reversible effect Effects 0.000 description 5
- 238000013478 data encryption standard Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000003245 coal Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 238000013068 supply chain management Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/04—Billing or invoicing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Bioethics (AREA)
- Finance (AREA)
- Health & Medical Sciences (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Marketing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application belongs to the technical field of electronic invoice management and discloses a transaction security method, a device, a system, a medium and equipment of an electronic invoice, wherein the method comprises the steps of issuing the electronic invoice into a blockchain network after carrying out a first signature; acquiring an invoice transaction request sent by an invoice request terminal; and verifying the second signature, decrypting the encrypted application information by adopting private key information of the invoice generator, encrypting a data source of the electronic invoice through public key information of the invoice requester if the verification is passed, and sending the encrypted data source of the electronic invoice to an invoice request terminal so that the invoice request terminal can acquire the electronic invoice through the data source. According to the technical scheme, the private information such as the identity information of the transaction party can be not required to be disclosed, and meanwhile, other data users of the blockchain network cannot acquire the private information of the invoice transaction party, so that the safety of electronic invoice transaction is improved.
Description
Technical Field
The application belongs to the technical field of electronic invoice management, and particularly relates to a transaction security method, device, system, medium and equipment of an electronic invoice.
Background
Although the electronic invoice improves the transaction efficiency, a certain risk still exists in the use process, for example, the privacy of a transactor cannot be ensured in the transaction stage of the electronic invoice. The existing method can only detect whether the electronic invoice is tampered or not, but cannot guarantee the safety of the electronic invoice in the transaction process.
Disclosure of Invention
The embodiment of the application provides a transaction security method, device, system, medium and equipment of an electronic invoice, and further can improve the transaction security of the electronic invoice at least to a certain extent.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned in part by the practice of the application.
According to a first aspect of embodiments of the present application, there is provided a transaction security method for an electronic invoice, which is executed in an invoice generating terminal, including:
when a transaction occurs, generating an electronic invoice according to transaction information, and issuing the electronic invoice to a blockchain network after carrying out a first signature on the electronic invoice;
acquiring an invoice transaction request sent by an invoice request terminal, wherein the generation process of the invoice transaction request comprises the following steps: the invoice request terminal verifies the first signature, encrypts application information by utilizing public key information of an invoice request party, and generates the invoice transaction request after carrying out second signature on the application information;
And verifying the second signature, decrypting the encrypted application information by adopting private key information of an invoice generator, encrypting a data source of the electronic invoice by the public key information of the invoice requester if the verification is passed, and sending the encrypted data source of the electronic invoice to the invoice request terminal so that the invoice request terminal can acquire the electronic invoice by the data source.
In some embodiments of the present application, based on the foregoing solution, the generating an electronic invoice according to transaction information includes:
automatically filling the transaction information into a preset field of the first electronic invoice to generate a second electronic invoice containing the transaction information;
and anonymizing the transaction information in the second electronic invoice by adopting the anonymizing identifier to obtain a third electronic invoice with anonymized transaction information.
In some embodiments of the present application, based on the foregoing solution, the issuing the electronic invoice after the first signing into the blockchain network includes:
invoking an intelligent contract to generate release information of the electronic invoice in the blockchain network, so that the invoice requester generates the invoice transaction request through the release information;
And after the electronic invoice is subjected to a first signature, the electronic invoice is issued to the blockchain network, wherein the first signature is a signature generated at least based on public parameters of a alliance chain where the invoice generator and the invoice requester are located, private key information of the invoice generator and the electronic invoice.
In some embodiments of the present application, based on the foregoing solution, when the invoice request terminal verifies the first signature, encrypts application information by using public key information of an invoice requester, and generates the invoice transaction request after performing a second signature on the application information, the invoice request terminal is specifically configured to:
acquiring the release information and verifying the validity of the first signature;
if the verification is passed, encrypting the application information by utilizing public key information of the invoice requester;
and generating the invoice transaction request after carrying out a second signature on the application information, wherein the second signature is a signature generated at least based on public parameters of a alliance chain where the invoice generator and the invoice requester are located, private key information of the invoice requester and the application information.
In some embodiments of the present application, based on the foregoing, after encrypting the data source of the electronic invoice with the invoice requester's public key information, the method further comprises:
Performing a third signature on the basis of the encrypted data source, the first signature, the second signature and the electronic invoice;
and sending the third signature to a verification node in a alliance chain so that the verification node verifies whether the first signature and the third signature are signed by the same invoice generator, if so, further verifying the validity of the first signature, the second signature and the third signature, and if the verification is passed, allowing the invoice generator terminal to send the encrypted data source of the electronic invoice to the invoice request terminal.
In some embodiments of the present application, based on the foregoing aspect, the method further includes:
receiving a certification information uploading request sent by a supervision node in a alliance chain, wherein the generation process of the certification information uploading request comprises the following steps: the invoice request terminal sends a query request to the supervision node, wherein the query request is a request initiated by the invoice requester for doubtful transaction process of the electronic invoice, and the supervision node generates the certification information uploading request according to the query request;
uploading the proving information of the electronic invoice to the supervision node so that the supervision node confirms the validity of the transaction process of the electronic invoice.
According to a second aspect of embodiments of the present application, there is provided a transaction security device for an electronic invoice, provided at an invoice generating terminal, including:
the issuing module is used for generating an electronic invoice according to transaction information when the transaction occurs, and issuing the electronic invoice into a blockchain network after carrying out first signature on the electronic invoice;
the acquisition module is used for acquiring an invoice transaction request sent by the invoice request terminal, and the generation process of the invoice transaction request comprises the following steps: the invoice request terminal verifies the first signature, encrypts application information by utilizing public key information of an invoice request party, and generates the invoice transaction request after carrying out second signature on the application information;
and the sending module is used for verifying the second signature, decrypting the encrypted application information by adopting private key information of an invoice generator, encrypting a data source of the electronic invoice through public key information of the invoice requester if the verification is passed, and sending the encrypted data source of the electronic invoice to the invoice request terminal so that the invoice request terminal can acquire the electronic invoice through the data source.
According to a third aspect of embodiments of the present application, there is provided a transaction security system for an electronic invoice, an invoice request terminal, and a transaction security device for an electronic invoice according to the second aspect.
According to a fourth aspect of embodiments of the present application, there is provided a computer readable storage medium having stored therein at least one program code loaded and executed by a processor to implement the operations performed by the method according to any of the first aspects.
According to a fifth aspect of embodiments of the present application, there is provided an electronic device comprising one or more processors and one or more memories, the one or more memories having stored therein at least one piece of program code that is loaded and executed by the one or more processors to implement the operations performed by the method of any of the first aspects.
The beneficial effects of this application are:
according to the technical scheme, when a transaction occurs, an invoice generating terminal carries out a first signature on an electronic invoice containing transaction information and then issues the electronic invoice to a blockchain network, then an invoice requesting terminal encrypts application information of the invoice requesting terminal by utilizing public key information of an invoice generating party, carries out a second signature on the application information and then sends an invoice transaction request to the invoice generating terminal; and verifying the second signature by the invoice generating terminal and decrypting the application information, and encrypting the data source of the electronic invoice through the public key information of the invoice requester, so that the invoice requesting terminal can decrypt the data source of the electronic invoice by utilizing the public key information of the invoice requesting terminal, and further acquire the electronic invoice from the data source. In the whole electronic invoice transaction process, the invoice generating terminal and the invoice requesting terminal verify each other by utilizing a signature mechanism and public key information, private information such as identity information of the invoice generating terminal and the invoice requesting terminal does not need to be disclosed, and other data users of the blockchain network cannot acquire the private information such as the identity information of the invoice transaction parties, so that the reliability and the safety of the electronic invoice transaction are improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art. In the drawings:
FIG. 1 illustrates a flow chart of a transaction security method for an electronic invoice in an embodiment of the application;
FIG. 2 illustrates a block chain network architecture diagram upon which the methods in embodiments of the present application are based;
FIG. 3 illustrates a block diagram of a transaction security device for an electronic invoice in an embodiment of the application;
fig. 4 shows a schematic diagram of a computer system suitable for use in implementing the electronic device of the embodiments of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the present application. One skilled in the relevant art will recognize, however, that the aspects of the application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
In order to solve the technical problems that whether an electronic invoice is tampered or not can only be detected in the prior art, but the safety of the electronic invoice in a transaction process cannot be guaranteed, the embodiment of the application provides a transaction safety method of the electronic invoice, when the transaction occurs, the electronic invoice containing transaction information is issued to a blockchain network after being subjected to a first signature by an invoice generating terminal, then the invoice requesting terminal encrypts application information of the invoice requesting terminal by utilizing public key information of an invoice generating party, and an invoice transaction request is sent to the invoice generating terminal after the application information is subjected to a second signature; and verifying the second signature by the invoice generating terminal and decrypting the application information, and encrypting the data source of the electronic invoice through the public key information of the invoice requester, so that the invoice requesting terminal can decrypt the data source of the electronic invoice by utilizing the public key information of the invoice requesting terminal, and further acquire the electronic invoice from the data source. In the whole electronic invoice transaction process, the invoice generating terminal and the invoice requesting terminal verify each other by utilizing a signature mechanism and public key information, private information such as identity information of the invoice generating terminal and the invoice requesting terminal does not need to be disclosed, and other data users of the blockchain network cannot acquire the private information such as the identity information of the invoice transaction parties, so that the reliability and the safety of the electronic invoice transaction are improved.
The transaction security method of the electronic invoice provided by the embodiment of the application will be described in detail below.
It should be noted that, the transaction security method of the electronic invoice provided in the embodiment of the present application may be applied to any terminal device using an operating system, where the operating system includes, but is not limited to, a Windows system, a Mac system, a Linux system, a Chrome OS system, a UNIX operating system, an IOS system, an android system, and the like, and is not limited herein; the terminal device includes, but is not limited to, an IPAD tablet computer, a personal mobile computer, an industrial computer, a personal computer, etc., which are not limited herein. For convenience of description, the embodiments of the present application will be described with respect to a personal computer as an execution subject, except for the specific description. It will be appreciated that the execution subject is not limited to the embodiments of the present application, and in other embodiments, other types of terminal devices may be used as the execution subject.
According to a first aspect of the present application, a method for transaction security of an electronic invoice is presented, the method being implemented in a personal computer in which program code for running the method is embedded to support implementation of the method.
Referring to FIG. 1, a flow chart of a transaction security method for an electronic invoice in an embodiment of the application is shown.
As shown in fig. 1, according to a first aspect of an embodiment of the present application, an electronic invoice transaction security method is provided, which is executed in an invoice generating terminal, preferably, the invoice generating terminal is provided with an energy purchasing electronic commerce system, where the energy purchasing electronic commerce system may include electronic commerce services of energy and equipment in industries of coal, electric power, transportation, chemical industry, oil products, IT, etc., and in the process of conducting electronic commerce transaction, the energy purchasing electronic commerce system needs to issue an electronic invoice to a transaction opponent party, and in order to ensure the transaction security of the electronic invoice, the electronic invoice transaction security method is provided, including but not limited to being implemented by steps S101-S103:
s101, when a transaction occurs, generating an electronic invoice according to transaction information, and issuing the electronic invoice to a blockchain network after carrying out a first signature;
s102, acquiring an invoice transaction request sent by an invoice request terminal, wherein the generation process of the invoice transaction request comprises the following steps: the invoice request terminal verifies the first signature, encrypts application information by utilizing public key information of an invoice request party, and generates the invoice transaction request after carrying out second signature on the application information;
And S103, verifying the second signature, decrypting the encrypted application information by adopting private key information of an invoice generator, encrypting a data source of the electronic invoice by the public key information of the invoice requester if the verification is passed, and sending the encrypted data source of the electronic invoice to the invoice request terminal so that the invoice request terminal can acquire the electronic invoice by the data source.
In step S101, when a transaction occurs, an electronic invoice is generated based on the arrangement and extraction of transaction information, and may be obtained through a channel such as an electronic commerce platform, a supply chain management system, and the like. The transaction information comprises identity information, commodity information, transaction amount and the like of both transaction sides. The identity information of both transaction sides comprises, but is not limited to, names, addresses, contact ways and the like of buyers and sellers, the commodity information comprises commodity names, specifications, quantity, unit price and the like, and the transaction amount comprises commodity total price, tax and freight related fees.
In step S101, after finishing the arrangement and extraction of the transaction information, an electronic invoice may be generated according to a predetermined electronic invoice format and standard, wherein the electronic invoice is in the form of structured data, and a standard electronic document format, such as an XML format, a JSON format or a PDF format, is generally adopted, so as to facilitate subsequent processing and transmission. The process of generating an electronic invoice may include, but is not limited to, information populating, numbering, and time stamping. The information filling refers to filling the sorted and extracted transaction information into a preset field of the electronic invoice, so as to ensure that the electronic invoice contains key information of the transaction; the numbering refers to the corresponding numbering allocated to the electronic invoice so as to record and archive; assigning a timestamp refers to assigning a timestamp to an electronic invoice for subsequent traceability.
In some embodiments in step S101, the generating an electronic invoice according to the transaction information includes:
automatically filling the transaction information into a preset field of the first electronic invoice to generate a second electronic invoice containing the transaction information;
and anonymizing the transaction information in the second electronic invoice by adopting the anonymizing identifier to obtain a third electronic invoice with anonymized transaction information.
The anonymization processing means: and hiding the transaction information in a preset mode. Therefore, the privacy information, such as identity information, of the two parties of the transaction can be further protected, so that other users except the two parties of the transaction in the electronic invoice cannot be identified, and unauthorized others are prevented from accessing and abusing the privacy information in the electronic invoice.
In some embodiments, anonymizing transaction information in the second electronic invoice using an anonymous identifier includes:
in the generated electronic invoice, identity information of both sides of the transaction is replaced by an anonymous identifier, wherein the anonymous identifier is a unique identifier generated randomly and is irrelevant to specific identity information. In particular by using a hash function or other encryption algorithm. The hash function takes as input the original identity information and generates as output a fixed length unique hash value. This hash value may be used in an electronic invoice as an anonymous identifier.
It will be appreciated that in order to ensure that both parties to a transaction are able to obtain the transaction information in the electronic invoice, the anonymization process is reversible, that is, when both parties to the transaction need to obtain the transaction information in the electronic invoice, the anonymized identifier may be restored to the original identity information, and in particular, a reversible encryption algorithm may be employed to ensure that an authorized user is able to restore the transaction information.
In some embodiments, the reversible encryption algorithm includes, but is not limited to:
symmetric encryption algorithm: the symmetric encryption algorithm uses the same key for encryption and decryption. Common symmetric encryption algorithms include AES (advanced encryption standard) and DES (data encryption standard). In the anonymization process, the anonymized identifier is encrypted using a symmetric encryption algorithm, and only authorized users having the corresponding key can decrypt the restored identity information.
Asymmetric encryption algorithm: asymmetric encryption algorithms use a pair of keys, a public key and a private key. The public key is used to encrypt data and the private key is used to decrypt data. Common asymmetric encryption algorithms include RSA (Rivest-Shamir-Adleman) and ECC (elliptic Curve encryption). In the anonymization process, an asymmetric encryption algorithm may be used to encrypt the anonymous identifier, and only the authorized user holds the corresponding private key to decrypt the restored identity information.
Referring to fig. 2, a block chain network architecture diagram upon which the methods in embodiments of the present application are based is shown.
As shown in fig. 2, in the embodiment of the present application, both parties of the transaction of the electronic invoice are added to the blockchain network as data users of the blockchain, and a management node mechanism and a verification node mechanism in the alliance chain are introduced to further ensure the transaction security of the electronic invoice. Specifically, the management node, the verification node and the transaction parties of the electronic invoice belong to a alliance chain, before the transaction parties of the electronic invoice join in the alliance chain, the management node is required to firstly apply for joining in the alliance chain and acquire a signature certificate of the alliance chain, so that the transaction of the electronic invoice can be carried out, and the electronic invoice is sent to the verification node after the transaction of the electronic invoice is completed, wherein the verification node is used for carrying out validity verification on the transaction of the electronic invoice in the blockchain.
Before joining in the alliance chain, the transaction parties of the electronic invoice need to initiate an identity authentication request to the management node, submit an authentication application, and after authenticating the identity of the transaction parties, the management node sends the admission qualification of the alliance chain and the user private key to the transaction parties.
In step S101, the issuing the electronic invoice after the electronic invoice is signed first into the blockchain network includes:
Invoking an intelligent contract to generate release information of the electronic invoice in the blockchain network, so that the invoice requester generates the invoice transaction request through the release information;
and after the electronic invoice is subjected to a first signature, the electronic invoice is issued to the blockchain network, wherein the first signature is a signature generated at least based on public parameters of a alliance chain where the invoice generator and the invoice requester are located, private key information of the invoice generator and the electronic invoice.
The intelligent contract refers to a contract related to transaction issuing of an electronic invoice, and information related to issuing generated by an invoice generator when issuing the electronic invoice is defined in the intelligent contract, including but not limited to issuing time, issuing scope and the like, and is not limited herein.
Specifically, the invoice generating terminal may sign the transaction release of the electronic invoice based on a group signature algorithm, including: signing the electronic invoice by adopting auxiliary information, performing non-interactive zero knowledge proof by utilizing public parameters of a alliance chain and private key information of an invoice producer, and then generating a linkable group signature of the electronic invoice by utilizing the auxiliary information to obtain a first signature of the electronic invoice.
In step S102, when the invoice request terminal verifies the first signature, encrypts application information by using public key information of an invoice requester, and generates the invoice transaction request after performing a second signature on the application information, the invoice request terminal is specifically configured to:
acquiring the release information and verifying the validity of the first signature;
if the verification is passed, encrypting the application information by utilizing public key information of the invoice requester;
and generating the invoice transaction request after carrying out a second signature on the application information, wherein the second signature is a signature generated at least based on public parameters of a alliance chain where the invoice generator and the invoice requester are located, private key information of the invoice requester and the application information.
Specifically, after the issuing information is obtained by the invoice request terminal, the validity of the first signature of the invoice request party is verified based on a group signature mechanism, after verification is passed, the application information is encrypted by utilizing public key information of the invoice request party to obtain encrypted application information containing public keys of the invoice generation party, the application information comprises but is not limited to application time, application objects and the like, but it is understood that the application information does not comprise privacy information such as identity information of the invoice request party, then the invoice transaction request is obtained after signing and group signing the encrypted application information, and the way of signing and group signing by the invoice request terminal is the same as that of the invoice generation terminal, and is not repeated here.
In step S103, it should be noted that, if the transaction information in the electronic invoice is anonymized before being issued, after the invoice requester obtains the electronic invoice, the invoice requester terminal may perform reversible processing on the transaction information of the electronic invoice based on a preset reversible encryption algorithm, so as to obtain the electronic invoice containing normal transaction information.
In step S103, after the invoice generating terminal obtains the invoice transaction request sent by the invoice requesting terminal, the second signature of the invoice requesting terminal is firstly verified based on the group signature mechanism of the alliance chain, after the verification is passed, the encrypted application information is decrypted by using the private key information pre-distributed by the invoice generating party to obtain the public key information of the invoice requesting party, and then the data source of the electronic invoice is encrypted by using the public key information of the invoice requesting party, so that the invoice requesting party can obtain the electronic invoice from the data source of the electronic invoice by using the public key information of the invoice requesting party, wherein the data source comprises a data storage address, a data private key and the like, and the method is not limited herein.
In step S103, after encrypting the data source of the electronic invoice with the public key information of the invoice requester, the method further comprises:
Performing a third signature on the basis of the encrypted data source, the first signature, the second signature and the electronic invoice;
and sending the third signature to a verification node in a alliance chain so that the verification node verifies whether the first signature and the third signature are signed by the same invoice generator, if so, further verifying the validity of the first signature, the second signature and the third signature, and if the verification is passed, allowing the invoice generator terminal to send the encrypted data source of the electronic invoice to the invoice request terminal.
It should be noted that, because the invoice requester signs the transaction of the electronic invoice twice, the verification node can verify the consistency of the two signatures by using the signature consistency verification algorithm, if the verification is passed, it is explained that the two signatures are signed by the same invoice generator, and it can be explained that in the transaction process of the electronic invoice, the issuer of the electronic invoice and the person sending the electronic invoice data source to the electronic invoice requester are the same invoice owner, so that the malicious interference of other people on the transaction process of the electronic invoice can be prevented.
Specifically, after the two signatures are verified to be signed by the same invoice generator, the validity of the first signature, the second signature and the third signature needs to be further verified, a signature validity verification algorithm can be called, the signatures with auxiliary information are verified by using a group public key, a group public parameter and the like of a alliance chain, if the signatures of the invoice requester and the invoice generator pass verification, the transaction of the electronic invoice can be confirmed to be a safe transaction, and the invoice generator terminal is allowed to send the encrypted data source of the electronic invoice to the invoice request terminal.
In the process, the verification node only verifies the validity and effectiveness of the signatures of the invoice requester and the invoice generator, but cannot acquire the privacy information such as the identity information of the transaction parties, so that the privacy of the transaction parties can be protected, and the transaction safety is ensured.
In some embodiments of the present application, based on the foregoing aspect, the method further includes:
receiving a certification information uploading request sent by a supervision node in a alliance chain, wherein the generation process of the certification information uploading request comprises the following steps: the invoice request terminal sends a query request to the supervision node, wherein the query request is a request initiated by the invoice requester for doubtful transaction process of the electronic invoice, and the supervision node generates the certification information uploading request according to the query request;
Uploading the proving information of the electronic invoice to the supervision node so that the supervision node confirms the validity of the transaction process of the electronic invoice.
It should be noted that, if the invoice requester finds that the validity of the electronic invoice or the consistency of the electronic invoice is doubtful in the transaction of the electronic invoice, the invoice requester may send a data arbitration request and related proving materials to the supervision node of the federation chain. The supervision node can inquire the transaction history after receiving the request, verify the consistency and the validity of the electronic invoice, and can track the true identities of the two parties of the transaction under specific conditions. That is, the invoice requester in the embodiment of the application may initiate a dispute handling request if there is a objection to the transaction of the electronic invoice. After receiving the submitted evidence, the supervision node checks the information such as the corresponding transaction history record and verifies the respective evidence information, and the verification and verification ends to return the verification result. Therefore, the transaction of the electronic invoice can be strongly regulated by the related regulatory authorities, and the transaction safety of the electronic invoice is further ensured.
It should be noted that, the method is based on a blockchain network implementation, and since the blockchain is non-tamper-resistant, on-chain verification of the blockchain itself can ensure the integrity of the electronic invoice, any tampering of the electronic invoice data can cause mismatch of hash values, so that the electronic invoice is detected. It should be noted that in-chain verification only verifies the integrity of the invoice data and does not relate to the specific contents of the invoice. Verifying the authenticity and legitimacy of an invoice requires participation of a verification node and a supervision node.
Based on the above disclosure, in the embodiment of the present application, when a transaction occurs, an invoice generating terminal performs a first signature on an electronic invoice including transaction information and then issues the electronic invoice to a blockchain network, and then an invoice requesting terminal encrypts application information of the invoice requesting terminal by using public key information of an invoice generating party, performs a second signature on the application information and then sends an invoice transaction request to the invoice generating terminal; and verifying the second signature by the invoice generating terminal and decrypting the application information, and encrypting the data source of the electronic invoice through the public key information of the invoice requester, so that the invoice requesting terminal can decrypt the data source of the electronic invoice by utilizing the public key information of the invoice requesting terminal, and further acquire the electronic invoice from the data source. In the whole electronic invoice transaction process, the invoice generating terminal and the invoice requesting terminal verify each other by utilizing a signature mechanism and public key information, private information such as identity information of the invoice generating terminal and the invoice requesting terminal does not need to be disclosed, and other data users of the blockchain network cannot acquire the private information such as the identity information of the invoice transaction parties, so that the reliability and the safety of the electronic invoice transaction are improved.
Referring to fig. 3, a block diagram of a transaction security device for electronic invoices in an embodiment of the present application is shown.
As shown in fig. 3, according to a second aspect of the embodiments of the present application, there is provided a transaction security device for an electronic invoice, provided at an invoice generating terminal, including:
the issuing module is used for generating an electronic invoice according to transaction information when the transaction occurs, and issuing the electronic invoice into a blockchain network after carrying out first signature on the electronic invoice;
the acquisition module is used for acquiring an invoice transaction request sent by the invoice request terminal, and the generation process of the invoice transaction request comprises the following steps: the invoice request terminal verifies the first signature, encrypts application information by utilizing public key information of an invoice request party, and generates the invoice transaction request after carrying out second signature on the application information;
and the sending module is used for verifying the second signature, decrypting the encrypted application information by adopting private key information of an invoice generator, encrypting a data source of the electronic invoice through public key information of the invoice requester if the verification is passed, and sending the encrypted data source of the electronic invoice to the invoice request terminal so that the invoice request terminal can acquire the electronic invoice through the data source.
According to a third aspect of embodiments of the present application, there is provided a transaction security system for an electronic invoice, an invoice request terminal, and a transaction security device for an electronic invoice according to the second aspect.
According to a fourth aspect of embodiments of the present application, there is provided a computer readable storage medium having stored therein at least one program code loaded and executed by a processor to implement operations performed by a method as described in any of the first aspects above.
The computer readable storage medium may take the form of a portable compact disc read only memory (CD-ROM) and include program code that can be run on a terminal device, such as a personal computer. However, the computer-readable storage medium of the present application is not limited thereto, and in the present application, the readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device
The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
As shown in fig. 4, according to a fifth aspect of an embodiment of the present application, there is provided an electronic device, including one or more processors and one or more memories, the one or more memories storing at least one program code therein, the at least one program code being loaded and executed by the one or more processors to implement the operations performed by the method of any of the first aspects.
Those skilled in the art will appreciate that the various aspects of the present application may be implemented as a system, method, or program product. Accordingly, aspects of the present application may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
Referring to fig. 4, a schematic diagram of a computer system suitable for use in implementing the electronic device of the embodiments of the present application is shown.
An electronic device 400 according to this embodiment of the present application is described below with reference to fig. 4. The electronic device 400 shown in fig. 4 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 4, the electronic device 400 is embodied in the form of a general purpose computing device. The components of electronic device 400 may include, but are not limited to: the at least one processing unit 410, the at least one memory unit 420, and a bus 430 connecting the various system components, including the memory unit 420 and the processing unit 410.
Wherein the storage unit stores program code that is executable by the processing unit 410 such that the processing unit 410 performs steps according to various exemplary embodiments of the present application described in the above-described "example methods" section of the present specification.
The storage unit 420 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 421 and/or cache memory 422, and may further include Read Only Memory (ROM) 423.
The storage unit 420 may also include a program/utility 424 having a set (at least one) of program modules 425, such program modules 425 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 430 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.
The electronic device 400 may also communicate with one or more external devices 500 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 400, and/or any device (e.g., router, modem, etc.) that enables the electronic device 400 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 450. Also, electronic device 400 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 460. As shown, the network adapter 460 communicates with other modules of the electronic device 400 over the bus 430. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 400, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The foregoing is merely exemplary of the present application and is not intended to limit the present application, and various modifications and variations may be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the scope of the claims of the present application.
Claims (8)
1. A transaction security method for an electronic invoice, which is executed in an invoice generating terminal, comprising:
when a transaction occurs, generating an electronic invoice according to transaction information, and issuing the electronic invoice to a blockchain network after carrying out a first signature on the electronic invoice; wherein, the generating the electronic invoice according to the transaction information comprises: automatically filling the transaction information into a preset field of the first electronic invoice to generate a second electronic invoice containing the transaction information;
anonymizing transaction information in the second electronic invoice by adopting an anonymizing identifier to obtain a third electronic invoice with anonymized transaction information; the issuing of the electronic invoice to the blockchain network after the electronic invoice is subjected to the first signature comprises the following steps: the electronic invoice is issued to the blockchain network after a first signature is carried out, wherein the first signature is a signature generated at least based on public parameters of a alliance chain where an invoice generator and an invoice requester are located, private key information of the invoice generator and the electronic invoice;
Acquiring an invoice transaction request sent by an invoice request terminal, wherein the generation process of the invoice transaction request comprises the following steps: the invoice request terminal verifies the first signature, encrypts application information by utilizing public key information of an invoice request party, and generates the invoice transaction request after carrying out second signature on the application information;
verifying the second signature, decrypting the encrypted application information by adopting private key information of an invoice generator, encrypting a data source of the electronic invoice by the public key information of the invoice requester if the verification is passed, and sending the encrypted data source of the electronic invoice to the invoice request terminal so that the invoice request terminal can acquire the electronic invoice by the data source;
after encrypting the data source of the electronic invoice with the invoice requester's public key information, the method further comprises:
performing a third signature on the basis of the encrypted data source, the first signature, the second signature and the electronic invoice;
and sending the third signature to a verification node in a alliance chain so that the verification node verifies whether the first signature and the third signature are signed by the same invoice generator, if so, further verifying the validity of the first signature, the second signature and the third signature, and if the verification is passed, allowing the invoice generator terminal to send the encrypted data source of the electronic invoice to the invoice request terminal.
2. The method according to claim 1, wherein the method further comprises:
and calling an intelligent contract to generate release information of the electronic invoice in the blockchain network, so that the invoice requester generates the invoice transaction request through the release information.
3. The method according to claim 2, wherein when the invoice request terminal verifies the first signature, encrypts application information with public key information of an invoice requester, and generates the invoice transaction request after second signing the application information, the invoice request terminal is specifically configured to:
acquiring the release information and verifying the validity of the first signature;
if the verification is passed, encrypting the application information by utilizing public key information of the invoice requester;
and generating the invoice transaction request after carrying out a second signature on the application information, wherein the second signature is a signature generated at least based on public parameters of a alliance chain where the invoice generator and the invoice requester are located, private key information of the invoice requester and the application information.
4. The method according to claim 1, wherein the method further comprises:
Receiving a certification information uploading request sent by a supervision node in a alliance chain, wherein the generation process of the certification information uploading request comprises the following steps: the invoice request terminal sends a query request to the supervision node, wherein the query request is a request initiated by the invoice requester for doubtful transaction process of the electronic invoice, and the supervision node generates the certification information uploading request according to the query request;
uploading the proving information of the electronic invoice to the supervision node so that the supervision node confirms the validity of the transaction process of the electronic invoice.
5. The utility model provides a trade safety device of electronic invoice, locates invoice generation terminal, its characterized in that includes:
the issuing module is used for generating an electronic invoice according to transaction information when the transaction occurs, and issuing the electronic invoice into a blockchain network after carrying out first signature on the electronic invoice;
the acquisition module is used for acquiring an invoice transaction request sent by the invoice request terminal, and the generation process of the invoice transaction request comprises the following steps: the invoice request terminal verifies the first signature, encrypts application information by utilizing public key information of an invoice request party, and generates the invoice transaction request after carrying out second signature on the application information; wherein, the generating the electronic invoice according to the transaction information comprises: automatically filling the transaction information into a preset field of the first electronic invoice to generate a second electronic invoice containing the transaction information;
Anonymizing transaction information in the second electronic invoice by adopting an anonymizing identifier to obtain a third electronic invoice with anonymized transaction information; the issuing of the electronic invoice to the blockchain network after the electronic invoice is subjected to the first signature comprises the following steps: the electronic invoice is issued to the blockchain network after a first signature is carried out, wherein the first signature is a signature generated at least based on public parameters of a alliance chain where the invoice generator and the invoice requester are located, private key information of the invoice generator and the electronic invoice;
the sending module is used for verifying the second signature, decrypting the encrypted application information by adopting private key information of an invoice generator, encrypting a data source of the electronic invoice through public key information of the invoice requester if the verification is passed, and sending the encrypted data source of the electronic invoice to the invoice request terminal so that the invoice request terminal can acquire the electronic invoice through the data source;
the device is also for:
performing a third signature on the basis of the encrypted data source, the first signature, the second signature and the electronic invoice;
And sending the third signature to a verification node in a alliance chain so that the verification node verifies whether the first signature and the third signature are signed by the same invoice generator, if so, further verifying the validity of the first signature, the second signature and the third signature, and if the verification is passed, allowing the invoice generator terminal to send the encrypted data source of the electronic invoice to the invoice request terminal.
6. A transaction security system for electronic invoices, comprising an invoice requesting terminal and a transaction security device for electronic invoices according to claim 5.
7. A computer readable storage medium, characterized in that a computer readable storage medium is provided, in which at least one program code is stored, which is loaded and executed by a processor to implement the operations performed by the method according to any of the claims 1-4.
8. An electronic device comprising one or more processors and one or more memories, the one or more memories having stored therein at least one piece of program code that is loaded and executed by the one or more processors to implement the operations performed by the method of any of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311296390.7A CN117035890B (en) | 2023-10-09 | 2023-10-09 | Transaction security method, device, system, medium and equipment of electronic invoice |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311296390.7A CN117035890B (en) | 2023-10-09 | 2023-10-09 | Transaction security method, device, system, medium and equipment of electronic invoice |
Publications (2)
Publication Number | Publication Date |
---|---|
CN117035890A CN117035890A (en) | 2023-11-10 |
CN117035890B true CN117035890B (en) | 2024-02-06 |
Family
ID=88645310
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311296390.7A Active CN117035890B (en) | 2023-10-09 | 2023-10-09 | Transaction security method, device, system, medium and equipment of electronic invoice |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117035890B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN118115221A (en) * | 2023-11-27 | 2024-05-31 | 中科迅联智慧网络科技(北京)有限公司 | Invoice data access method and device and electronic equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109345194A (en) * | 2018-09-12 | 2019-02-15 | 北京东港瑞宏科技有限公司 | A kind of electronic bill flow system |
CN110909383A (en) * | 2019-11-15 | 2020-03-24 | 深圳市网心科技有限公司 | Electronic invoice management method and device, electronic equipment and storage medium |
CN116051220A (en) * | 2023-01-04 | 2023-05-02 | 电子科技大学 | Digital invoice receiving platform and receiving method based on blockchain |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050177518A1 (en) * | 2004-02-10 | 2005-08-11 | Brown Collie D. | Electronic funds transfer and electronic bill receipt and payment system |
-
2023
- 2023-10-09 CN CN202311296390.7A patent/CN117035890B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109345194A (en) * | 2018-09-12 | 2019-02-15 | 北京东港瑞宏科技有限公司 | A kind of electronic bill flow system |
CN110909383A (en) * | 2019-11-15 | 2020-03-24 | 深圳市网心科技有限公司 | Electronic invoice management method and device, electronic equipment and storage medium |
CN116051220A (en) * | 2023-01-04 | 2023-05-02 | 电子科技大学 | Digital invoice receiving platform and receiving method based on blockchain |
Also Published As
Publication number | Publication date |
---|---|
CN117035890A (en) | 2023-11-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6873270B2 (en) | Handling of transaction activities based on smart contracts in the blockchain Caution Methods and devices for protecting data | |
CN113012008B (en) | Identity management method, device and equipment based on trusted hardware | |
CN111080295B (en) | Electronic contract processing method and device based on blockchain | |
CN111160909B (en) | Hidden static supervision system and method for blockchain supply chain transaction | |
CN106936588B (en) | Hosting method, device and system of hardware control lock | |
CN110189184B (en) | Electronic invoice storage method and device | |
CN111160908B (en) | Supply chain transaction privacy protection system, method and related equipment based on blockchain | |
CN103152182A (en) | Method for authenticating and validating electronic data | |
CN117035890B (en) | Transaction security method, device, system, medium and equipment of electronic invoice | |
CN112511309B (en) | Method and device for directionally sharing supervision-oriented information on block chain and electronic equipment | |
CN110708162B (en) | Resource acquisition method and device, computer readable medium and electronic equipment | |
CN111105235B (en) | Supply chain transaction privacy protection system, method and related equipment based on blockchain | |
CN114172663B (en) | Business right determining method and device based on block chain, storage medium and electronic equipment | |
CN112435026A (en) | Method and device for protecting file transaction information by using zero-knowledge proof and electronic equipment | |
CN112699353A (en) | Financial information transmission method and financial information transmission system | |
US8745375B2 (en) | Handling of the usage of software in a disconnected computing environment | |
CN115796871A (en) | Resource data processing method and device based on block chain and server | |
CN110992034A (en) | Supply chain transaction privacy protection system and method based on block chain and related equipment | |
CN111079190A (en) | Block chain supply chain transaction hiding dynamic supervision system and method | |
CN114666064A (en) | Block chain-based digital asset management method, device, storage medium and equipment | |
WO2022132718A1 (en) | Technologies for trust protocol with immutable chain storage and invocation tracking | |
CN116055225B (en) | Power data access method, device and system based on block chain | |
US20230124498A1 (en) | Systems And Methods For Whitebox Device Binding | |
CN102542698B (en) | Safety protective method of electric power mobile payment terminal | |
CN117499923B (en) | Mobile terminal partition time-sharing security access method and system in transformer substation environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |