TWI694709B - Blockchain-based electronic signature method and device, and electronic equipment - Google Patents

Blockchain-based electronic signature method and device, and electronic equipment Download PDF

Info

Publication number
TWI694709B
TWI694709B TW108107759A TW108107759A TWI694709B TW I694709 B TWI694709 B TW I694709B TW 108107759 A TW108107759 A TW 108107759A TW 108107759 A TW108107759 A TW 108107759A TW I694709 B TWI694709 B TW I694709B
Authority
TW
Taiwan
Prior art keywords
blockchain
certificate
target
electronic
electronic document
Prior art date
Application number
TW108107759A
Other languages
Chinese (zh)
Other versions
TW202002570A (en
Inventor
丁維
栗志果
Original Assignee
香港商阿里巴巴集團服務有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 香港商阿里巴巴集團服務有限公司 filed Critical 香港商阿里巴巴集團服務有限公司
Publication of TW202002570A publication Critical patent/TW202002570A/en
Application granted granted Critical
Publication of TWI694709B publication Critical patent/TWI694709B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights

Abstract

本說明書一個或多個實施例提供一種基於區塊鏈的電子簽名方法及裝置、電子設備,該方法可以包括:接收簽約用戶透過客戶端發起的目標交易;其中,所述目標交易用於觸發對目標電子文書進行電子簽名操作;與所述簽約用戶對應的CA(Certificate Authority)證書被預先儲存至所述區塊鏈;回應於所述目標交易,調用與電子簽名對應的智慧型合約,執行所述智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與所述簽約用戶對應的CA證書;以及,基於所述CA證書對所述目標電子文書進行電子簽名操作。 One or more embodiments of this specification provide a blockchain-based electronic signature method and device, and electronic equipment. The method may include: receiving a target transaction initiated by a contracted user through a client; wherein the target transaction is used to trigger The target electronic document is electronically signed; the CA (Certificate Authority) certificate corresponding to the contracted user is stored in the blockchain in advance; in response to the target transaction, the smart contract corresponding to the electronic signature is invoked to execute the The electronic signature program declared in the smart contract reads the CA certificate corresponding to the contracted user from the blockchain; and, based on the CA certificate, performs an electronic signature operation on the target electronic document.

Description

基於區塊鏈的電子簽名方法及裝置、電子設備 Blockchain-based electronic signature method and device, and electronic equipment

本說明書一個或多個實施例有關區塊鏈技術領域,尤其有關一種基於區塊鏈的電子簽名方法及裝置、電子設備。 One or more embodiments of this specification relate to the field of blockchain technology, and in particular to a blockchain-based electronic signature method and device, and electronic equipment.

區塊鏈技術,也被稱之為分散式帳本技術,是一種由若干台運算設備共同參與「記帳」,共同維護一份完整的分散式資料庫的新興技術。由於區塊鏈技術具有去中心化、公開透明、每台運算設備可以參與資料庫記錄、並且各運算設備之間可以快速的進行資料同步的特性,使得區塊鏈技術已在眾多的領域中廣泛的進行應用。 Blockchain technology, also known as decentralized ledger technology, is an emerging technology in which several computing devices participate in "accounting" and jointly maintain a complete decentralized database. Blockchain technology has the characteristics of decentralization, openness and transparency, each computing device can participate in database records, and data synchronization can be quickly performed between various computing devices, making blockchain technology widely in many fields. Application.

本說明書提出一種基於區塊鏈的電子簽名方法,所述方法包括:接收簽約用戶透過客戶端發起的目標交易;其中,所述目標交易用於觸發對目標電子文書進行電子簽名操作;與所述簽約用戶對應的CA(Certificate Authority)證書被預先儲存至所述區塊鏈; 回應於所述目標交易,調用與電子簽名對應的智慧型合約,執行所述智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與所述簽約用戶對應的CA證書;以及,基於所述CA證書對所述目標電子文書進行電子簽名操作。 This specification proposes a blockchain-based electronic signature method. The method includes: receiving a target transaction initiated by a contracted user through a client; wherein the target transaction is used to trigger an electronic signature operation on a target electronic document; and The CA (Certificate Authority) certificate corresponding to the contracted user is stored in the blockchain in advance; In response to the target transaction, call a smart contract corresponding to the electronic signature, execute the electronic signature program declared in the smart contract, and read the CA certificate corresponding to the contracted user from the blockchain; and, based on The CA certificate performs an electronic signature operation on the target electronic document.

可選地,所述區塊鏈中儲存的所述CA證書,被預設了限制所述簽約用戶以外的用戶帳戶進行存取的存取權限;所述調用與電子簽名對應的智慧型合約,包括:確定所述目標交易中是否包括所述簽約用戶對所述目標文字進行電子簽名的授權資訊;其中,所述授權資訊用於指示將所述CA證書的存取權限授權給所述智慧型合約;如果所述目標交易中包括所述授權資訊,則觸發調用與電子簽名對應的智慧型合約。 Optionally, the CA certificate stored in the blockchain is preset with access rights that restrict access to user accounts other than the contracted user; the calling smart contract corresponding to the electronic signature, The method includes: determining whether the target transaction includes authorization information for the contracted user to electronically sign the target text; wherein, the authorization information is used to indicate that the access authority of the CA certificate is authorized to the smart type Contract; if the authorization information is included in the target transaction, trigger a smart contract corresponding to the electronic signature.

可選地,所述如果所述目標交易中包括所述授權資訊,則觸發調用與電子簽名對應的智慧型合約,包括:如果所述目標交易中包括所述授權資訊,進一步確定所述目標交易是否被成功儲存至所述區塊鏈;如果是,則觸發調用與電子簽名對應的智慧型合約。 Optionally, if the target transaction includes the authorization information, triggering a call to a smart contract corresponding to the electronic signature includes: if the target transaction includes the authorization information, further determining the target transaction Whether it has been successfully stored in the blockchain; if it is, trigger a smart contract corresponding to the electronic signature.

可選地,所述目標電子文書被預先儲存至區塊鏈;其中,所述區塊鏈中儲存的所述目標電子文書,被預設了限制所述智慧型合約以外的用戶帳戶進行存取的存取權限;所述基於所述CA證書對所述目標電子文書進行電子簽名操作,包括: 從所述區塊鏈中讀取所述目標電子文書; 基於所述CA證書對讀取到的所述目標電子文書進行電子簽名操作。 可選地,所述CA證書包括所述簽約用戶的私鑰; 所述基於所述CA證書對讀取到的所述目標電子文書進行電子簽名操作,包括:基於所述CA證書中的所述簽約用戶的私鑰,對讀取到的所述目標電子文書進行電子簽名操作。 可選地,所述區塊鏈包括主鏈以及若干子鏈;所述若干子鏈包括用於儲存所述目標電子文書的存取位址的第一子鏈,以及用於儲存所述目標電子文書的原始內容的第二子鏈; 所述從所述區塊鏈中讀取所述目標電子文書,包括: 從所述第一子鏈中讀取所述目標電子文書的存取位址; 基於所述目標電子文書的存取位址從所述第二子鏈中讀取所述目標電子文書的原始內容。 可選地,所述若干子鏈還包括用於於儲存所述CA證書的第三子鏈; 所述從區塊鏈中讀取與所述簽約用戶對應的CA證書,包括: 從所述第三子鏈中讀取與所述簽約用戶對應的CA證書。 可選地,所述目標電子文書為電子合約。 本說明書還提出一種基於區塊鏈的電子簽名裝置,所述裝置包括: 接收模組,接收簽約用戶透過客戶端發起的目標交易;其中,所述目標交易用於觸發對目標電子文書進行電子簽名操作;與所述簽約用戶對應的CA證書被預先儲存至所述區塊鏈; 簽名模組,回應於所述目標交易,調用與電子簽名對應的智慧型合約,執行所述智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與所述簽約用戶對應的CA證書;以及,基於所述CA證書對所述目標電子文書進行電子簽名操作。 可選地,所述區塊鏈中儲存的所述CA證書,被預設了限制所述簽約用戶以外的用戶帳戶進行存取的存取權限; 所述簽名模組: 確定所述目標交易中是否包括所述簽約用戶對所述目標文字進行電子簽名的授權資訊;其中,所述授權資訊用於指示將所述CA證書的存取權限授權給所述智慧型合約; 如果所述目標交易中包括所述授權資訊,則觸發調用與電子簽名對應的智慧型合約。 可選地,所述簽名模組進一步: 如果所述目標交易中包括所述授權資訊,進一步確定所述目標交易是否被成功儲存至所述區塊鏈;如果是,則觸發調用與電子簽名對應的智慧型合約。 可選地,所述目標電子文書被預先儲存至區塊鏈;其中,所述區塊鏈中儲存的所述目標電子文書,被預設了限制所述智慧型合約以外的用戶帳戶進行存取的存取權限; 所述簽名模組: 從所述區塊鏈中讀取所述目標電子文書; 基於所述CA證書對讀取到的所述目標電子文書進行電子簽名操作。 可選地,所述CA證書包括所述簽約用戶的私鑰; 所述簽名模組: 基於所述CA證書中的所述簽約用戶的私鑰,對讀取到的所述目標電子文書進行電子簽名操作。 可選地,所述區塊鏈包括主鏈以及若干子鏈;所述若干子鏈包括用於儲存所述目標電子文書的存取位址的第一子鏈,以及用於儲存所述目標電子文書的原始內容的第二子鏈; 所述簽名模組進一步: 從所述第一子鏈中讀取所述目標電子文書的存取位址; 基於所述目標電子文書的存取位址從所述第二子鏈中讀取所述目標電子文書的原始內容。 可選地,所述若干子鏈還包括用於於儲存所述CA證書的第三子鏈; 所述簽名模組進一步: 從所述第三子鏈中讀取與所述簽約用戶對應的CA證書。 可選地,所述目標電子文書為電子合約。 本說明書還提出一種電子設備,包括: 處理器; 用於儲存機器可執行指令的記憶體; 其中,透過讀取並執行所述記憶體儲存的與基於區塊鏈的基於區塊鏈的電子簽名的控制邏輯對應的機器可執行指令,所述處理器被促使: 接收簽約用戶透過客戶端發起的目標交易;其中,所述目標交易用於觸發對目標電子文書進行電子簽名操作;與所述簽約用戶對應的CA證書被預先儲存至所述區塊鏈; 回應於所述目標交易,調用與電子簽名對應的智慧型合約,執行所述智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與所述簽約用戶對應的CA證書;以及, 基於所述CA證書對所述目標電子文書進行電子簽名操作。 透過以上技術方案,一方面,由於用戶可以透過調用智慧型合約的方式,來觸發智慧型合約從區塊鏈中讀取與簽約用戶對應的CA證書,並基於讀取到的CA證書對電子文書進行電子簽名操作;因此,可以避免由用戶手動對電子文書進行簽名,簡化電子簽名操作的複雜度; 另一方面,由於簽約用戶的CA證書被預先儲存至區塊鏈,並且區塊鏈上的CA證書,只能由智慧型合約來統一使用,因此可以避免非法的第三方用戶透過冒用簽約用戶的CA證書的方式,在違背簽約用戶的意願的情況下,使用簽約用戶的CA證書對電子文書進行電子簽名操作,可以提升對電子文書進行電子簽名操作時的安全等級。 Optionally, the target electronic document is pre-stored in the blockchain; wherein, the target electronic document stored in the blockchain is preset to restrict access to user accounts other than the smart contract Access authority; the electronic signature operation of the target electronic document based on the CA certificate includes: Reading the target electronic document from the blockchain; Perform an electronic signature operation on the read target electronic document based on the CA certificate. Optionally, the CA certificate includes the private key of the contracted user; Said electronically signing the read target electronic document based on the CA certificate includes: based on the private key of the contracted user in the CA certificate, performing the read on the target electronic document Electronic signature operation. Optionally, the blockchain includes a main chain and several sub-chains; the several sub-chains include a first sub-chain for storing the access address of the target electronic document, and a storage for the target electron The second sub-chain of the original content of the document; The reading of the target electronic document from the blockchain includes: Reading the access address of the target electronic document from the first sub-chain; The original content of the target electronic document is read from the second sub-chain based on the access address of the target electronic document. Optionally, the several sub-chains further include a third sub-chain for storing the CA certificate; The reading of the CA certificate corresponding to the contracted user from the blockchain includes: Reading the CA certificate corresponding to the contracted user from the third sub-chain. Optionally, the target electronic document is an electronic contract. This specification also proposes a blockchain-based electronic signature device, which includes: The receiving module receives the target transaction initiated by the contracted user through the client; wherein the target transaction is used to trigger an electronic signature operation on the target electronic document; the CA certificate corresponding to the contracted user is pre-stored in the block chain; The signature module, in response to the target transaction, invokes the smart contract corresponding to the electronic signature, executes the electronic signature program declared in the smart contract, and reads the CA certificate corresponding to the contracted user from the blockchain ; And, perform an electronic signature operation on the target electronic document based on the CA certificate. Optionally, the CA certificate stored in the blockchain is preset with access rights that restrict access to user accounts other than the contracted user; The signature module: Determining whether the target transaction includes authorization information for the contracted user to electronically sign the target text; wherein, the authorization information is used to indicate that the access authority of the CA certificate is authorized to the smart contract; If the authorization information is included in the target transaction, the smart contract corresponding to the electronic signature is invoked. Optionally, the signature module further: If the authorization information is included in the target transaction, it is further determined whether the target transaction is successfully stored in the blockchain; if it is, it triggers the call of a smart contract corresponding to the electronic signature. Optionally, the target electronic document is pre-stored in the blockchain; wherein, the target electronic document stored in the blockchain is preset to restrict access to user accounts other than the smart contract 'S access rights; The signature module: Reading the target electronic document from the blockchain; Perform an electronic signature operation on the read target electronic document based on the CA certificate. Optionally, the CA certificate includes the private key of the contracted user; The signature module: Based on the private key of the contracted user in the CA certificate, perform an electronic signature operation on the read target electronic document. Optionally, the blockchain includes a main chain and several sub-chains; the several sub-chains include a first sub-chain for storing the access address of the target electronic document, and a storage for the target electron The second sub-chain of the original content of the document; The signature module further: Reading the access address of the target electronic document from the first sub-chain; The original content of the target electronic document is read from the second sub-chain based on the access address of the target electronic document. Optionally, the several sub-chains further include a third sub-chain for storing the CA certificate; The signature module further: Reading the CA certificate corresponding to the contracted user from the third sub-chain. Optionally, the target electronic document is an electronic contract. This manual also proposes an electronic device, including: processor; Memory for storing machine executable instructions; Wherein, by reading and executing the machine-executable instructions stored in the memory corresponding to the control logic of the blockchain-based electronic signature based on the blockchain, the processor is prompted to: Receiving a target transaction initiated by a contracted user through a client; wherein the target transaction is used to trigger an electronic signature operation on a target electronic document; the CA certificate corresponding to the contracted user is stored in the blockchain in advance; In response to the target transaction, call a smart contract corresponding to the electronic signature, execute the electronic signature program declared in the smart contract, and read the CA certificate corresponding to the contracted user from the blockchain; and, Perform an electronic signature operation on the target electronic document based on the CA certificate. Through the above technical solution, on the one hand, since the user can invoke the smart contract to trigger the smart contract to read the CA certificate corresponding to the contracted user from the blockchain, and based on the read CA certificate to the electronic document Perform electronic signature operations; therefore, it is possible to avoid manual signatures of electronic documents by users, simplifying the complexity of electronic signature operations; On the other hand, because the CA certificate of the contracted user is pre-stored in the blockchain, and the CA certificate on the blockchain can only be used by smart contracts, it can avoid illegal third-party users by fraudulently signing the contracted user The way of the CA certificate is to use the CA certificate of the contracted user to perform electronic signature operations on the electronic documents against the wishes of the contracted user, which can improve the security level when performing electronic signature operations on the electronic documents.

本說明書旨在提出一種,透過調用部署在區塊鏈上的智慧型合約,利用發布在區塊鏈上的簽約者的CA證書,來代替簽約者利用簽約者自動對待簽約的電子文書進行電子簽名的技術方案。 在實現時,一方面,可以在區塊鏈上提前部署用於對電子文書進行電子簽名操作的智慧型合約;另一方面,CA機構在為簽約者頒發CA證書後,也可以將為簽約者頒發的CA證書發布至區塊鏈,在區塊鏈的分散式資料庫(即分散式帳本)中進行儲存。 而簽約者在需要對電子文書進行電子簽名時,可以透過客戶端發起一筆用於觸發對電子文書進行電子簽名操作的交易。而區塊鏈中的節點設備在收到該交易後,可以發起對上述智慧型合約的調用,執行該智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與上述簽約用戶的CA證書,然後基於讀取到的CA證書對自動對上述電子文書進行電子簽名操作。 透過以上技術方案,一方面,由於用戶可以透過調用智慧型合約的方式,來觸發智慧型合約從區塊鏈中讀取與簽約用戶對應的CA證書,並基於讀取到的CA證書對電子文書進行電子簽名操作;因此,可以避免由用戶手動對電子文書進行簽名,簡化電子簽名操作的複雜度; 另一方面,由於簽約用戶的CA證書被預先儲存至區塊鏈,並且區塊鏈上的CA證書,只能由智慧型合約來統一使用,因此可以避免非法的第三方用戶透過冒用簽約用戶的CA證書的方式,在違背簽約用戶的意願的情況下,使用簽約用戶的CA證書對電子文書進行電子簽名操作,可以提升對電子文書進行電子簽名操作時的安全等級。 下面透過具體實施例並結合具體的應用場景對本說明書進行描述。 請參考圖1,圖1是本說明書一實施例提供的一種基於區塊鏈的電子簽名方法,應用於區塊鏈中的節點設備,執行以下步驟: 步驟102,接收簽約用戶透過客戶端發起的目標交易;其中,所述目標交易用於觸發對目標電子文書進行電子簽名操作;與所述簽約用戶對應的CA證書被預先儲存至所述區塊鏈; 步驟104,回應於所述目標交易,調用與電子簽名對應的智慧型合約,執行所述智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與所述簽約用戶對應的CA證書;以及,基於所述CA證書對所述目標電子文書進行電子簽名操作。 在本說明書描述的區塊鏈,具體可以包括任意類型的區塊鏈網路;例如,在實際應用中,可以採用共有鏈、私有鏈、或者聯盟鏈中的任意一種。 例如,在示出的是一種實施方式中,上述區塊鏈網路具體可以是一個由主鏈,以及若干子鏈構成的聯盟鏈。 在本說明書中所描述的交易,是指用戶透過區塊鏈的客戶端創建,並需要最終發布至區塊鏈中的一筆資料。 其中,區塊鏈中的交易,存在狹義的交易以及廣義的交易之分。狹義的交易是指用戶向區塊鏈發布的一筆價值轉移;例如,在傳統的比特幣區塊鏈網路中,交易可以是用戶在區塊鏈中發起的一筆轉帳。而廣義的交易是指用戶向區塊鏈發布的一筆具有業務意圖的業務資料;例如,運營方可以基於實際的業務需求搭建一個聯盟鏈,依託於聯盟鏈部署一些與價值轉移無關的其它類型的線上業務(比如,租房業務、車輛調度業務、保險理賠業務、信用服務、醫療服務等),而在這類聯盟鏈中,交易可以是用戶在聯盟鏈中發布的一筆具有業務意圖的業務訊息或者業務請求。 而上述目標交易,則是指由用戶透過客戶端創建的,用於觸發對區塊鏈上部署的智慧型合約進行調用的調用訊息或者調用請求。 上述電子文書,可以包括任意形式的以數字形式存在的待簽約文字;例如,在一個例子中,上述電子文書具體可以是電子合約。 在本說明書中,簽約用戶可以基於個人的身分資訊,向CA機構申請CA證書。而CA機構收到簽約用戶的CA證書申請後,可以基於簽約用戶提交的身分資訊,對簽約用戶進行身分認證,並在身分認證透過後,可以為上述簽約用戶頒發CA證書。 其中,簽約用戶向CA機構申請CA證書的具體過程,在本說明書中不再進行詳細描述; 例如,在實際應用中,簽約用戶用向CA機構提交身分資訊申請CA證書,而CA機構在對簽約用戶的身分資訊驗證透過後,可以為簽約用戶分配公鑰私鑰對,並將分配的公鑰私鑰對與該簽約用戶的身分資訊進行綁定後,使用CA機構持有的私鑰進行電子簽名,形成CA證書頒發給簽約用戶。 在本說明書中,對於頒發給簽約用戶的CA證書,可以發布至區塊鏈,在區塊鏈的分散式資料庫中進行儲存; 例如,在一個例子中,CA證書在將CA證書頒發給簽約用戶後,簽約用戶可以透過客戶端以交易的形式在區塊鏈中發布上述CA證書(CA證書以密文的形式攜帶在交易中),而區塊鏈中的節點設備,在收到上述CA證書後,可以發起對上述CA證書進行共識處理,並在共識通過後,將上述CA證書收錄儲存至上述區塊鏈的分散式資料庫。 在示出的一種實施方式中,為了提升簽約用戶的CA證書的使用安全,當CA機構為簽約用戶頒發的CA證書經過共識處理,被成功收錄儲存至區塊鏈的分散式資料庫之後,可以為鏈上儲存的CA證書設置存取權限,來限制該簽約用戶以外的用戶帳戶進行存取。 也即,透過為鏈上儲存的CA證書設置存取權限,來確保只有該簽約用戶本人,能夠具有存取鏈上儲存的CA證書的權限,對該CA證書進行查看、操作。 例如,在實現時,可以為鏈上儲存的CA證書預配置存取權限列表,並將上述簽約用戶的身分資訊寫入上述存取權限列表,用於指示只有該簽約用戶能夠具有該CA證書的存取權限;比如,在區塊鏈中,透過利用簽約用戶的公鑰,或者公鑰衍生資料(如對公鑰進行運算得到的帳戶位址)來指示用戶的身分,因此可以將上述簽約用戶的公鑰或者公鑰衍生資料,配置為唯一能夠存取上述CA證書的合法身分。 在本說明書中,區塊鏈的運營方,可以依託於上述區塊鏈,在區塊鏈上部署對儲存在區塊鏈上的電子文書進行電子簽名的線上業務,使得簽約用戶在簽署電子文書時,可以不再需要基於持有的私鑰,手動的對電子文書進行電子簽名操作,而是在鏈上線上完成針對電子文書的電子簽名操作。 在實現時,區塊鏈的運營方,可以開發用於對區塊鏈上的電子文書進行線上電子簽名的智慧型合約,在該智慧型合約中聲明用於對電子文書進行電子簽名操作的電子簽名程序。 其中,上述電子簽名程序具體可以是聲明在智慧型合約中的,與對電子文書進行電子簽名操作的執行邏輯相關的程式碼(比如一些可供調用的程序方法或者函數)。 而對於開發完成的上述智慧型合約,區塊鏈的運營方可以透過區塊鏈中的任一節點設備,將該智慧型合約發布至區塊鏈。而區塊鏈中的節點設備,在收到上述智慧型合約後,可以發起對上述智慧型合約進行共識處理,並在共識透過後,將上述智慧型合約收錄儲存至上述區塊鏈的分散式資料庫。 後續,簽約用戶可以透過客戶端存取區塊鏈中的任一節點設備,向區塊鏈中發布用於觸發對目標電子文書進行電子簽名操作的目標交易,來發起對已經部署完成的智慧型合約的調用,觸發執行上述智慧型合約中聲明的電子簽名程序,來線上的對上述目標電子文書進行電子簽名操作。 在本說明書中,區塊鏈的運營方,除了可以依託於上述區塊鏈,在區塊鏈上部署對儲存在區塊鏈上的電子文書進行電子簽名的線上業務以外,還可以依託於上述區塊鏈,在區塊鏈上部署用於觸發對儲存在區塊鏈上的電子文書進行線上顯示的線上業務。 在實現時,區塊鏈的運營方,可以開發用於對區塊鏈上的電子文書進行線上顯示的智慧型合約,在該智慧型合約中聲明用於對電子文書進行內容驗證的驗證程序。 其中,上述驗證程序具體可以是聲明在智慧型合約中的,與對電子文書的原始內容進行驗證操作的執行邏輯相關的程序代碼。 而對於開發完成的上述智慧型合約,區塊鏈的運營方仍然可以透過區塊鏈中的任一節點設備,將該智慧型合約發布至區塊鏈。而區塊鏈中的節點設備,在收到上述智慧型合約後,可以發起對上述智慧型合約進行共識處理,並在共識通過後,將上述智慧型合約收錄儲存至上述區塊鏈的分散式資料庫。 後續,簽約用戶可以透過客戶端存取區塊鏈中的任一節點設備,向區塊鏈中發布用於觸發對目標電子文書進行線上顯示的目標交易,來發起對已經部署完成的該智慧型合約的調用,觸發執行上述智慧型合約中聲明的驗證程序,對上述目標電子文書的內容進行驗證,並在內容驗證通過後,向上述客戶端返回上述目標電子文書以及上述目標電子文書的內容驗證結果(比如電子文書內容是否被篡改)。 其中,需要說明的是,以上描述的用於對區塊鏈上的電子文書進行線上電子簽名的智慧型合約、和用於對區塊鏈上的電子文書進行線上顯示的智慧型合約,在實際應用中,可以整合為一個智慧型合約在區塊鏈上進行部署(圖3中示出的為將上述兩種智慧型合約整合成為一個智慧型合約),也可以作為兩個不同的智慧型合約在區塊鏈上進行部署,在本說明書中不進行特別限定。 以下以上述目標電子文書為簽約用戶需要簽署的電子合約為例進行說明。 在示出的一種實施方式中,上述區塊鏈具體可以採用的主鏈-子鏈的架構,可以包括一主鏈(Main Chain)和若干子鏈(Child Chain)。其中,上述區塊鏈網路中的子鏈的數量,可以基於實際的業務需求進行規劃,在本說明書中不進行特別限定。 請參見圖2,圖2為本說明書示出的一種區塊鏈的架構圖。 如圖2所示,在示出的一種實施方式中,上述區塊鏈可以按照收錄儲存的資料類型,劃分為「存證鏈」、「合約摘要子鏈」(第一子鏈)、“合約子鏈」(第二子鏈)、「CA證書子鏈」(第三子鏈)。 上述存證鏈,可以是上述區塊鏈的主鏈;也即,可以將上述區塊鏈的主鏈作為存證鏈,用於對簽約用戶在區塊鏈上完成的一系列操作相關的交易資料進行儲存存證,以便於未來對簽約用戶的操作行為進行追溯;其中,區塊鏈的運營方部署的上述智慧型合約,可以在共識通過後,收錄儲存至主鏈。 上述合約摘要子鏈,用於儲存電子合約的摘要資料(對合約內容進行雜湊運算得到的hash值)和電子合約的原始內容的存取位址。 上述合約子鏈,用於儲存電子合約的原始內容。 其中,在示出的一種實施方式中,為了提升電子合約的原始內容的資料安全,可以為鏈上儲存的電子合約的原始內容設置存取權限,來限制上述智慧型合約以外的用戶帳戶進行存取。也即,透過為鏈上儲存的電子合約的原始內容設定存取權限,來確保只有上述智慧型合約,能夠具有存取鏈上儲存的電子合約的原始內容的權限,對該電子合約的原始內容進行查看、操作。 上述CA證書子鏈,用於儲存由CA機構頒發給簽約用戶的CA證書。 其中,需要說明的是,以上描述的子鏈劃分方式,僅為示例性的,在實際應用中,可以基於實際的需求,對以上示出的各個子鏈進行進一步的細分,也可以對以上示出的多個子鏈進行合併處理; 例如,可以將上述合約摘要子鏈,進一步劃分為「合約摘要子鏈」和「合約位址子鏈」,在合約摘要子鏈中儲存電子合約的摘要資訊,在合約位址子鏈中儲存電子合約的存取位址;又如,也可以將上述合約摘要子鏈和合約子鏈,合併為同一個子鏈,將電子合約的摘要資訊、存取位址、原始內容均儲存在該子鏈中。 以下以採用圖2中示出的區塊鏈的架構,來詳細描述簽約用戶對電子文書進行簽約的流程。 請參見圖3,圖3為本說明書示出的一種簽約用戶對電子文書進行簽約的流程圖。 如圖3所示,在本說明書示出的電子文書的簽約流程中,可以劃分為電子合約上傳、簽約用戶身分認證、簽約用戶合約確認、簽約用戶電子簽名等四個階段。 1)電子合約上傳 如圖3所示,電子合約的起草方,在完成電子合約的起草後: 一方面,可以透過客戶端將電子合約的原始內容上傳給電子合約系統,而電子合約系統可以進一步以交易的形式在上述合約子鏈中發布電子合約的原始內容(電子合約的原始內容以密文的形式攜帶在交易中);而上述合約子鏈中的節點設備,在收到上述電子合約的原始內容後,可以發起對上述電子合約的原始內容進行共識處理,並在共識通過後,將上述電子合約的原始內容收錄儲存至上述合約子鏈的分散式資料庫。 當上述電子合約的原始內容被成功收錄至上述合約子鏈的分散式資料庫後,上述合約子鏈可以向上述電子合約系統返回一個保存成功的通知訊息,將上述電子合約的原始內容在上述合約子鏈上的存取位址,返回給上述電子合約系統;而上述電子合約系統在收到上述合約子鏈的反饋後,可以向上述客戶端返回一個上傳成功的通知訊息,將上述電子合約的原始內容在上述合約子鏈上的存取位址,進一步返回給上述客戶端。 例如,上述電子合約的原始內容的存取位址,具體可以包括收錄該電子合約的原始內容的交易的hash值,以及收錄該交易的區塊的區塊編號等資訊。 在示出的一種實施方式中,為了提升電子文書的使用安全,當電子文書的原始內容經過共識處理,被成功收錄儲存至上述存證鏈的分散式資料庫之後,可以為鏈上儲存的電子文書的原始內容設定存取權限,來限制除了以上描述的智慧型合約以外的用戶帳戶進行存取。 也即,透過為鏈上儲存的電子文書設置存取權限,來確保只有鏈上部署的智慧型合約,能夠具有存取鏈上儲存的電子文書的原始內容的權限,對電子文書的原始內容進行查看、操作。 其中,為鏈上儲存的電子文書的原始內容設置存取權限的具體過程,不再進行贅述。 另一方面,電子合約的起草方在透過客戶端收到上述合約子鏈返回的電子合約的原始內容在上述合約子鏈上的存取位址後,還可以透過客戶端運算該電子合約的摘要資訊,並將該電子合約的摘要資訊上傳給電子合約系統。而上述電子合約系統,可以進一步以交易的形式在上述合約摘要子鏈中發布該電子合約的摘要資訊和該電子合約的存取位址(均以密文的形式攜帶在交易中)。上述合約摘要子鏈中的節點設備,在收到上述電子合約的摘要資訊和該電子合約的存取位址後,可以發起對上述電子合約的摘要資訊和該電子合約的存取位址進行共識處理,並在共識通過後,將上述電子合約的摘要資訊和該電子合約的存取位址收錄儲存至上述合約摘要子鏈的分散式資料庫。 當上述電子合約的摘要資訊和該電子合約的存取位址被成功收錄至上述合約摘要子鏈的分散式資料庫後,上述合約摘要子鏈也可以向上述電子合約系統返回一個保存成功的通知訊息,將上述電子合約的摘要資訊和該電子合約的存取位址在上述合約摘要子鏈中的存取位址,返回給上述電子合約系統。而上述電子合約系統在收到上述合約摘要子鏈的反饋後,也可以進一步向上述客戶端返回一個上傳成功的通知訊息,將上述電子合約的摘要資訊和該電子合約的存取位址在上述合約摘要子鏈中的存取位址,進一步返回給上述客戶端。 此時,電子合約起草方,成功將電子合約的原始內容、電子合約的摘要資訊和該電子合約的存取位址,分別收錄儲存至不同的子鏈。 2)簽約用戶身分認證 如圖3所示,簽約用戶可以透過客戶端向上述電子合約系統發送簽約請求,發起對上述電子合約的線上簽約;而上述電子合約系統在收到該簽約請求後,可以回應該簽約請求,對該簽約用戶進行身分認證。 其中,對簽約用戶進行身分認證的具體方式,在本說明書中將不進行特別限定; 例如,在一個例子中,上述簽約請求可以基於簽約用戶持有的私鑰進行電子簽名操作,而電子合約系統可以透過與簽約用戶持有的私鑰對應的公鑰對上述簽約請求的電子簽名進行驗證,以確定該簽約請求是否由持有該私鑰的簽約用戶本人發起的簽約請求。當然,在實際應用中,也可以借助人臉識別等其它形式的認證技術,來完成對上述簽約用戶的身分認證,在本說明書中不再進行一一列舉。 當電子合約系統完成對上述簽約用戶的身分認證後,可以產生一條該簽約用戶已經透過身分認證的認證記錄,並根據產生的認證記錄建構一筆交易,然後將該交易在上述存證鏈(即主鏈)上進行發布,以發起對已經部署完成的,用於對區塊鏈上的電子合約進行線上顯示的智慧型合約進行調用,來觸發線上顯示需要簽署的電子合約。 而上述存證鏈中的節點設備,在收到上述交易後,可以發起對上述交易進行共識處理,並在共識通過後,將上述交易收錄儲存至上述存證鏈的分散式資料庫進行存證,然後向上述電子合約系統返回上述交易在存證鏈上的存取位址。後續,電子合約系統可以基於該交易在存證鏈上的存取位址,對該簽約用戶的身分認證結果進行追溯查詢。 3)簽約用戶合約確認 請繼續參見圖3,上述電子合約系統根據產生的上述認證記錄建構的交易共識通過,在上述存證鏈上完成存證後,此時上述存證鏈上的節點設備,可以立即觸發調用已經部署完成的,用於對區塊鏈上的電子合約進行線上顯示的智慧型合約,執行該智慧型合約中聲明的驗證程序,對該電子合約的原始內容進行驗證,以確定該電子合約的原始內容是否發生篡改。 在示出的一種實施方式中,在觸發調用上述智慧型合約之前,首先確定該筆交易是否被成功儲存至上述存證鏈;如果該筆交易被成功儲存至上述存證鏈,此時再發起對上述智慧型合約的調用;也即,只有由用戶發起的用於觸發對上述電子合約進行線上顯示的交易在上述存證鏈上完成存證後,才會觸發調用上述智慧型合約。 在本說明書中,上述智慧型合約在執行上述驗證程序時,首先可以從上述合約摘要子鏈中讀取上述電子文書的摘要資訊和上述電子文書的存取位址; 例如,在上述交易中,可以攜帶上述電子合約的摘要資訊和上述電子合約的存取位址,在上述合約摘要子鏈中的存取位址,而上述智慧型合約可以基於該存取位址,從上述合約摘要子鏈讀取上述電子合約的摘要資訊和存取位址。然後,可以基於上述電子合約的存取位址,從上述合約子鏈中讀取上述電子合約的原始內容; 例如,上述智慧型合約可以建構一筆用於查詢電子合約的原始內容的交易,並基於持有的私鑰對該交易進行電子簽名;而在上述合約子鏈中,可以將該智慧型合約的公鑰配置為具有存取權限的授權公鑰。當該合約子鏈中的節點設備收到該交易後,可以基於上述授權公鑰對該交易的電子簽名進行驗證;如果驗證通過,表明該智慧型合約具有存取該合約子鏈中儲存的電子合約的原始內容的存取權限,可以正常回應該筆交易,向該智慧型合約返回被查詢的電子合約的原始內容。 進一步的,在從上述合約子鏈讀取到電子合約的原始內容後,可以進一步運算出讀取到的電子合約的原始內容的摘要資訊;例如,以上述摘要資訊為hash值為例,可以基於雜湊演算法對讀取到的電子合約的原始內容重新進行雜湊運算得到對應的hash值;然後,可以將重新運算得到的電子合約的原始內容的摘要資訊,與從上述合約摘要子鏈讀取上述電子合約的摘要資訊進行匹配;如果重新運算得到的摘要資訊,與從上述合約摘要子鏈讀取上述電子合約的摘要資訊匹配,表明從上述合約子鏈中讀取到的電子合約的原始內容,與合約起草方最初上傳至上述合約子鏈的電子合約的原始內容完全一致,並沒有發生篡改;此時,該電子合約的原始內容通過了內容驗證;反之。如果重新運算得到的摘要資訊,與從上述合約摘要子鏈讀取上述電子合約的摘要資訊匹配,表明從上述合約子鏈中讀取到的電子合約的原始內容,與合約起草方最初上傳至上述合約子鏈的電子合約的原始內容不一致,可能發生了篡改;此時,該電子合約的原始內容未通過內容驗證。 當完成針對上述電子合約的原始內容的內容驗證後,上述智慧型合約可以將讀取到的電子合約的原始內容,以及針對該電子合約的原始內容的內容驗證結果,返回給上述電子合約系統,再透過上述電子合約系統返回給上述簽約用戶的客戶端向簽約用戶進行線上顯示,由簽約用戶對顯示的電子合約的原始內容進行簽約確認。 在本說明書中,當簽約用戶對顯示的電子合約的原始內容進行確認後,可以透過客戶端向上述電子合約系統發送一筆內容確認訊息;而上述電子合約系統在收到該內容確認訊息後,可以回應該內容確認訊息,根據該內容確認訊息建構一筆交易,然後將該交易在上述存證鏈(即主鏈)上進行發布。 而上述存證鏈中的節點設備,在收到上述交易後,可以發起對上述交易進行共識處理,並在共識通過後,將上述交易收錄儲存至上述存證鏈的分散式資料庫進行存證,然後向上述電子合約系統返回上述交易在存證鏈上的存取位址。後續,電子合約系統可以基於該交易在存證鏈上的存取位址,對該簽約用戶對上述電子合約進行的內容確認操作進行追溯查詢。 4)簽約用戶電子簽名 請繼續參見圖3,當簽約用戶對需要簽署的電子合約的原始內容進行內容確認,並且該筆內容確認成功在存證鏈上完成存證後,簽約用戶可以透過客戶端向上述電子合約系統發送電子簽名請求,發起對上述電子合約的線上電子簽名。 上述電子合約系統在收到該電子簽名請求後,可以基於該電子簽名請求來建構一筆用於觸發對上述電子合約進行電子簽名操作的交易,然後將該交易在上述存證鏈(即主鏈)上進行發布,以發起對已經部署完成的,用於對區塊鏈上的電子合約進行線上電子簽名操作的智慧型合約進行調用,來觸發對需要簽署的電子合約進行線上電子簽名操作。 而上述存證鏈中的節點設備,在收到上述交易後,可以發起對上述交易進行共識處理,並在共識通過後,將上述交易收錄儲存至上述存證鏈的分散式資料庫進行存證,然後向上述電子合約系統返回上述交易在存證鏈上的存取位址。後續,電子合約系統可以基於該交易在存證鏈上的存取位址,對該簽約用戶對上述電子合約發起的本次對上述電子合約的電子簽名操作進行追溯查詢。 在示出的一種實施方式中,在上述電子簽名請求中,可以攜帶簽約用戶對上述電子合約進行電子簽名的授權資訊。相應地,電子合約系統根據該電子簽名請求建構的交易中,也會攜帶該授權資訊, 其中,上述授權資訊,具體用於指示將已經儲存至上述CA證書子鏈上的該簽約用戶的CA證書的存取權限,授權給上述區塊鏈上已經部署的用於對上述電子合約進行電子簽名操作的智慧型合約。 需要說明的是,上述授權資訊的內容形式,在本說明書中不進行特別限定;例如,在實際應用中,上述授權資訊具體可以是一個任意形式的用於取得上述CA證書的存取權限的一個電子憑證;比如,字串、密碼或者其它形式的可供驗證的電子憑證。 請繼續參見圖3,上述電子合約系統根據上述電子簽名請求建構的交易共識通過,在上述存證鏈上完成存證後,此時上述存證鏈上的節點設備,可以立即觸發調用已經部署完成的,用於對區塊鏈上的電子合約進行電子簽名操作的智慧型合約,執行該智慧型合約中聲明的電子簽名程序,對該電子合約進行線上電子簽名。 在示出的一種實施方式中,在觸發調用上述智慧型合約之前,首先可以確定上述交易中是否攜帶上述授權資訊;如果上述交易中攜帶上述授權資訊,表明上述簽約用戶已經將儲存在上述CA證書子鏈上的個人的CA證書的存取權限,授權給上述智慧型合約(即簽約用戶同意了由智慧型合約代替自己完成電子簽名操作),此時再發起對上述智慧型合約的調用。也即,只有簽約用戶將個人的CA證書的存取權限授權給了上述智慧型合約後,才會觸發調用上述智慧型合約。 其中,在示出的另一種實施方式中,如果上述交易中攜帶上述授權資訊,還可以進一步確認該筆交易是否被成功儲存至上述存證鏈;如果該筆交易被成功儲存至上述存證鏈,此時再發起對上述智慧型合約的調用;也即,只有簽約用戶將個人的CA證書的存取權限授權給了上述智慧型合約,並且由用戶發起的用於觸發對上述電子合約進行電子簽名操作的交易在上述存證鏈上完成存證後,才會觸發調用上述智慧型合約。 在本說明書中,上述智慧型合約在執行上述電子簽名程序時,一方面,可以從上述合約子鏈上來讀取電子合約的原始內容;例如,由於上述合約子鏈上儲存的電子合約的原始內容,只有區塊鏈上部署的上述智慧型合約具有存取權限,因此上述智慧型合約可以從上述合約子鏈正常讀取電子合約的原始內容; 另一方面,還可以從上述CA證書子鏈中來讀取上述簽約用戶的CA證書; 例如,上述智慧型合約可以建構一筆用於查詢CA證書的交易,在該交易中攜帶作為上述授權資訊的電子憑證,然後將該交易在上述CA證書子鏈中進行發布;而上述CA證書子鏈上的節點設備收到該筆交易後們可以對該交易中的電子憑證進行驗證,以確認該智慧型合約是否具有存取上述簽約用戶的CA證書的存取權限;如果驗證通過,可以將上述簽約用戶的CA證書返回給上述智慧型合約;也即,上述智慧型合約可以透過向上述CA證書子鏈中的節點設備提交作為上述授權資訊的電子憑證,從CA證書子鏈中以上述簽約用戶的存取權限來讀取CA證書。 當然,在實際應用中,如果上述CA證書子鏈中未儲存上述簽約用戶的CA證書,也可以以簽約用戶的授權身分,向CA機構重新申請CA證書,具體的實施不再贅述。 進一步,當從上述合約子鏈上讀取到了待簽署的電子合約的原始內容,並且從上述CA證書子鏈中讀取到上述簽約用戶的個人CA證書後,可以基於讀取到的CA證書,對該電子合約的原始內容進行電子簽名操作。 在示出的一種實施方式中,如果簽約用戶的公鑰私鑰由CA機構統一分配,在簽約用戶的CA證書中,通常會攜帶該簽約用戶的公鑰私鑰對;在這種情況下,可以基於該CA證書中攜帶的私鑰,對待簽署的電子合約的原始內容進行電子簽名操作即可。 在示出的另一種實施方式中,如果簽約用戶的公鑰私鑰並不是由CA機構統一分配,而是由簽約用戶自主產生;例如,在用戶客戶端的安全環境中搭載密鑰產生演算法,或者在用戶持有的安全硬體(比如USB key)中搭載密鑰產生演算法,簽約用戶可以透過觸發運行上述密鑰產生演算法,為自己創建私鑰公鑰對;在這種情況下,上述CA證書中通常只會攜帶簽約用戶的公鑰。簽約用戶可以對個人私鑰進行加密後,將個人私鑰單獨提交給上述智慧型合約,進而上述智慧型合約可以對簽約用戶的私鑰進行解密後,基於該私鑰對待簽署的電子合約的原始內容進行電子簽名操作即可。 其中,需要強調的是,在基於CA證書對上述電子合約的原始內容進行電子簽名操作時,也可以將上述CA證書也作為載荷攜帶在電子簽名中;在這種情況下,在需要對簽約用戶的電子簽名進行驗證時,可以基於CA機構的公鑰對上述電子簽名中攜帶的CA證書進行解密,獲得上述簽約用戶的公鑰,然後基於上述簽約用戶的公鑰對電子簽名進行驗證即可,而不再需要單獨查詢上述簽約用戶的公鑰。 請繼續參見圖3,當完成針對上述電子簽名的原始內容的電子簽名操作後,上述智慧型合約可以產生一筆用於指示上述簽約用戶已完成對上述電子合約進行電子簽名操作的簽名記錄,並基於該簽名記錄建構一筆交易,在上述存證鏈上進行發布,由上述存證鏈上的節點設備對該交易共識處理後,在上述存證鏈上進行儲存,以便於電子合約系統後續可以對簽約用戶本次對該電子合約的電子簽名操作進行追溯查詢。 透過以上技術方案,一方面,由於用戶可以透過調用智慧型合約的方式,來觸發智慧型合約從區塊鏈中讀取與簽約用戶對應的CA證書,並基於讀取到的CA證書對電子文書進行電子簽名操作;因此,可以避免由用戶手動對電子文書進行簽名,簡化電子簽名操作的複雜度; 另一方面,由於簽約用戶的CA證書被預先儲存至區塊鏈,並且區塊鏈上的CA證書,只能由智慧型合約來統一使用,因此可以避免非法的第三方用戶透過冒用簽約用戶的CA證書的方式,在違背簽約用戶的意願的情況下,使用簽約用戶的CA證書對電子文書進行電子簽名操作,可以提升對電子文書進行電子簽名操作時的安全等級。 與上述方法實施例相對應,本說明書還提供了一種基於區塊鏈的電子簽名裝置的實施例。本說明書的基於區塊鏈的電子簽名裝置的實施例可以應用在電子設備上。裝置實施例可以透過軟體實現,也可以透過硬體或者軟硬體結合的方式實現。以軟體實現為例,作為一個邏輯意義上的裝置,是透過其所在電子設備的處理器將非易失性記憶體中對應的電腦程式指令讀取到內部記憶體中運行形成的。從硬體層面而言,如圖4所示,為本說明書的基於區塊鏈的電子簽名裝置所在電子設備的一種硬體結構圖,除了圖4所示的處理器、內部記憶體、網路介面、以及非易失性記憶體之外,實施例中裝置所在的電子設備通常根據該電子設備的實際功能,還可以包括其他硬體,對此不再贅述。 圖5是本說明書一示例性實施例示出的一種基於區塊鏈的電子簽名裝置的方塊圖。 請參考圖5,所述基於區塊鏈的電子簽名裝置50可以應用在前述圖3所示的電子設備中,包括有:接收模組501和簽名模組502。 接收模組501,接收簽約用戶透過客戶端發起的目標交易;其中,所述目標交易用於觸發對目標電子文書進行電子簽名操作;與所述簽約用戶對應的CA證書被預先儲存至所述區塊鏈; 簽名模組502,回應於所述目標交易,調用與電子簽名對應的智慧型合約,執行所述智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與所述簽約用戶對應的CA證書;以及,基於所述CA證書對所述目標電子文書進行電子簽名操作。 在本實施例中,所述區塊鏈中儲存的所述CA證書,被預設了限制所述簽約用戶以外的用戶帳戶進行存取的存取權限; 所述簽名模組502: 確定所述目標交易中是否包括所述簽約用戶對所述目標文字進行電子簽名的授權資訊;其中,所述授權資訊用於指示將所述CA證書的存取權限授權給所述智慧型合約; 如果所述目標交易中包括所述授權資訊,則觸發調用與電子簽名對應的智慧型合約。 在本實施例中,所述簽名模組502進一步: 如果所述目標交易中包括所述授權資訊,進一步確定所述目標交易是否被成功儲存至所述區塊鏈;如果是,則觸發調用與電子簽名對應的智慧型合約。 在本實施例中,所述目標電子文書被預先儲存至區塊鏈;其中,所述區塊鏈中儲存的所述目標電子文書,被預設了限制所述智慧型合約以外的用戶帳戶進行存取的存取權限; 所述簽名模組502: 從所述區塊鏈中讀取所述目標電子文書; 基於所述CA證書對讀取到的所述目標電子文書進行電子簽名操作。 在本實施例中,所述CA證書包括所述簽約用戶的私鑰; 所述簽名模組502: 基於所述CA證書中的所述簽約用戶的私鑰,對讀取到的所述目標電子文書進行電子簽名操作。 在本實施例中,所述區塊鏈包括主鏈以及若干子鏈;所述若干子鏈包括用於儲存所述目標電子文書的存取位址的第一子鏈,以及用於儲存所述目標電子文書的原始內容的第二子鏈; 所述簽名模組502進一步: 從所述第一子鏈中讀取所述目標電子文書的存取位址; 基於所述目標電子文書的存取位址從所述第二子鏈中讀取所述目標電子文書的原始內容。 在本實施例中,所述若干子鏈還包括用於於儲存所述CA證書的第三子鏈; 所述簽名模組502進一步: 從所述第三子鏈中讀取與所述簽約用戶對應的CA證書。 在本實施例中,所述目標電子文書為電子合約。 上述裝置中各個模組的功能和作用的實現過程具體詳見上述方法中對應步驟的實現過程,在此不再贅述。 對於裝置實施例而言,由於其基本對應於方法實施例,所以相關之處參見方法實施例的部分說明即可。以上所描述的裝置實施例僅僅是示意性的,其中,所述作為分離部件說明的模組可以是或者也可以不是實體上分開的,作為模組顯示的部件可以是或者也可以不是實體模組,即可以位於一個地方,或者也可以分佈到多個網路模組上。可以根據實際的需要選擇其中的部分或者全部模組來實現本說明書方案的目的。本發明所屬技術領域中具有通常知識者在不付出創造性勞動的情況下,即可以理解並實施。 上述實施例闡明的系統、裝置、模組或模組,具體可以由電腦晶片或實體實現,或者由具有某種功能的產品來實現。一種典型的實現設備為電腦,電腦的具體形式可以是個人電腦、膝上型電腦、蜂巢式電話、相機電話、智慧型電話、個人數位助理、媒體播放器、導航設備、電子郵件收發設備、遊戲控制台、平板電腦、可穿戴設備或者這些設備中的任意幾種設備的組合。 與上述方法實施例相對應,本說明書還提供了一種電子設備的實施例。該電子設備包括:處理器以及用於儲存機器可執行指令的記憶體;其中,處理器和記憶體通常透過內部匯流排相互連接。在其他可能的實現方式中,所述設備還可能包括外部介面,以能夠與其他設備或者部件進行通訊。 在本實施例中,透過讀取並執行所述記憶體儲存的與基於區塊鏈的電子簽名的控制邏輯對應的機器可執行指令,所述處理器被促使: 接收簽約用戶透過客戶端發起的目標交易;其中,所述目標交易用於觸發對目標電子文書進行電子簽名操作;與所述簽約用戶對應的CA證書被預先儲存至所述區塊鏈; 回應於所述目標交易,調用與電子簽名對應的智慧型合約,執行所述智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與所述簽約用戶對應的CA證書;以及, 基於所述CA證書對所述目標電子文書進行電子簽名操作。 在本實施例中,所述區塊鏈中儲存的所述CA證書,被預設了限制所述簽約用戶以外的用戶帳戶進行存取的存取權限; 透過讀取並執行所述記憶體儲存的與基於區塊鏈的電子簽名的控制邏輯對應的機器可執行指令,所述處理器被促使: 確定所述目標交易中是否包括所述簽約用戶對所述目標文字進行電子簽名的授權資訊;其中,所述授權資訊用於指示將所述CA證書的存取權限授權給所述智慧型合約; 如果所述目標交易中包括所述授權資訊,則觸發調用與電子簽名對應的智慧型合約。 在本實施例中,透過讀取並執行所述記憶體儲存的與基於區塊鏈的電子簽名的控制邏輯對應的機器可執行指令,所述處理器被促使: 如果所述目標交易中包括所述授權資訊,進一步確定所述目標交易是否被成功儲存至所述區塊鏈;如果是,則觸發調用與電子簽名對應的智慧型合約。 在本實施例中,所述目標電子文書被預先儲存至區塊鏈;其中,所述區塊鏈中儲存的所述目標電子文書,被預設了限制所述智慧型合約以外的用戶帳戶進行存取的存取權限; 透過讀取並執行所述記憶體儲存的與基於區塊鏈的電子簽名的控制邏輯對應的機器可執行指令,所述處理器被促使: 從所述區塊鏈中讀取所述目標電子文書; 基於所述CA證書對讀取到的所述目標電子文書進行電子簽名操作。 在本實施例中,所述CA證書包括所述簽約用戶的私鑰; 透過讀取並執行所述記憶體儲存的與基於區塊鏈的電子簽名的控制邏輯對應的機器可執行指令,所述處理器被促使: 基於所述CA證書中的所述簽約用戶的私鑰,對讀取到的所述目標電子文書進行電子簽名操作。 在本實施例中,所述區塊鏈包括主鏈以及若干子鏈;所述若干子鏈包括用於儲存所述目標電子文書的存取位址的第一子鏈,以及用於儲存所述目標電子文書的原始內容的第二子鏈; 透過讀取並執行所述記憶體儲存的與基於區塊鏈的電子簽名的控制邏輯對應的機器可執行指令,所述處理器被促使: 從所述第一子鏈中讀取所述目標電子文書的存取位址; 基於所述目標電子文書的存取位址從所述第二子鏈中讀取所述目標電子文書的原始內容。 在本實施例中,所述若干子鏈還包括用於於儲存所述CA證書的第三子鏈; 透過讀取並執行所述記憶體儲存的與基於區塊鏈的電子簽名的控制邏輯對應的機器可執行指令,所述處理器被促使: 從所述第三子鏈中讀取與所述簽約用戶對應的CA證書。 本領域技術人員在考慮說明書及實踐這裡揭示的發明後,將容易想到本說明書的其它實施方案。本說明書旨在涵蓋本說明書的任何變型、用途或者適應性變化,這些變型、用途或者適應性變化遵循本說明書的一般性原理並包括本說明書未揭示的本技術領域中的公知常識或慣用技術手段。說明書和實施例僅被視為示例性的,本說明書的真正範圍和精神由下面的申請專利範圍指出。 應當理解的是,本說明書並不局限於上面已經描述並在圖式中顯示的精確結構,並且可以在不脫離其範圍進行各種修改和改變。本說明書的範圍僅由所附的申請專利範圍來限制。 以上所述僅為本說明書的較佳實施例而已,並不用以限制本說明書,凡在本說明書的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本說明書保護的範圍之內。 This manual aims to propose a By invoking smart contracts deployed on the blockchain, Using the CA certificate of the contractor issued on the blockchain, To replace the contractor's technical solution of using the contractor to automatically sign the electronic document to be signed. In the realization, on the one hand, Smart contracts for electronic signature operations on electronic documents can be deployed in advance on the blockchain; on the other hand, After the CA agency issues the CA certificate to the contractor, You can also publish the CA certificate issued to the contractor to the blockchain, Stored in a distributed database (ie distributed ledger) on the blockchain. When a contractor needs to sign an electronic document electronically, A transaction that triggers an electronic signature operation on an electronic document can be initiated through the client. After receiving the transaction, the node device in the blockchain Can initiate calls to the above smart contracts, Execute the electronic signature program stated in the smart contract, Read the CA certificate of the contracted user from the blockchain, Then, based on the read CA certificate, the electronic signature operation is automatically performed on the electronic document. Through the above technical solutions, on the one hand, Since users can call smart contracts, To trigger the smart contract to read the CA certificate corresponding to the contracted user from the blockchain, And based on the read CA certificate to electronically sign electronic documents; therefore, Can avoid manual signature of electronic documents by users, Simplify the complexity of electronic signature operations; on the other hand, Since the CA certificate of the contracted user is stored in the blockchain in advance, And the CA certificate on the blockchain, Can only be used by smart contracts, Therefore, it is possible to prevent illegal third-party users from using the CA certificates of contracted users, Against the wishes of the contracted user, Use the signed user’s CA certificate to electronically sign electronic documents, It can improve the security level when performing electronic signature operations on electronic documents. The following describes this specification through specific embodiments and specific application scenarios. Please refer to Figure 1, FIG. 1 is a block chain-based electronic signature method provided by an embodiment of this specification, Node devices used in the blockchain, Perform the following steps: Step 102, Receive target transactions initiated by contracted users through the client; among them, The target transaction is used to trigger an electronic signature operation on the target electronic document; The CA certificate corresponding to the contracted user is stored in the blockchain in advance; Step 104, In response to the stated target transaction, Call the smart contract corresponding to the electronic signature, Execute the electronic signature program stated in the smart contract, Read the CA certificate corresponding to the contracted user from the blockchain; as well as, Perform an electronic signature operation on the target electronic document based on the CA certificate. The blockchain described in this specification, Specifically, it can include any type of blockchain network; E.g, In practical applications, You can use a common chain, Private chain, Or any kind of alliance chain. E.g, In one embodiment shown, The above-mentioned blockchain network can be a main chain, And the alliance chain composed of several sub-chains. The transactions described in this manual, Refers to the user created through the client of the blockchain, And it needs to be finally released to the blockchain. among them, Transactions in the blockchain, There are narrow transactions and broad transactions. The narrow sense of the transaction refers to a value transfer issued by the user to the blockchain; E.g, In the traditional Bitcoin blockchain network, The transaction can be a transfer initiated by the user in the blockchain. The broad sense of transactions refers to a piece of business data released by users to the blockchain with business intentions; E.g, The operator can build an alliance chain based on actual business needs, Relying on the alliance chain to deploy some other types of online services that are not related to value transfer (for example, Rental business, Vehicle scheduling business, Insurance claims business, Credit service, Medical services, etc.), In this type of alliance chain, The transaction may be a business message or business request issued by the user in the alliance chain with business intent. And the above target transaction, Refers to created by the user through the client, It is used to trigger a call message or call request to call a smart contract deployed on the blockchain. The above electronic documents, Can include any form of digital to-be-signed text; E.g, In an example, The above electronic document may specifically be an electronic contract. In this manual, Contracted users can base on their personal identity information, Apply for a CA certificate from a CA agency. After the CA organization receives the CA certificate application from the contracted user, It can be based on the identity information submitted by contracted users, Identity verification of contracted users, And after the identity certification is passed, CA certificates can be issued for the above-mentioned contracted users. among them, The specific process for the contracted user to apply for a CA certificate from the CA organization, No more detailed description in this manual; E.g, In practical applications, The contracted user submits the identity information to the CA organization to apply for the CA certificate, After the CA agency has verified the identity information of the contracted user, You can assign public and private key pairs for contracted users, After binding the assigned public key and private key to the identity information of the contracted user, Use the private key held by the CA organization for electronic signature, Form a CA certificate and issue it to contracted users. In this manual, For CA certificates issued to contracted users, Can be posted to the blockchain, Store in a distributed database on the blockchain; E.g, In an example, After issuing the CA certificate to the contracted user, the CA certificate The contracted user can issue the above CA certificate in the blockchain in the form of a transaction through the client (the CA certificate is carried in the transaction in the form of cipher text), And the node equipment in the blockchain, After receiving the above CA certificate, Can initiate consensus processing on the above CA certificates, And after the consensus is passed, Collect and store the above CA certificate to the distributed database of the above blockchain. In one embodiment shown, In order to improve the security of the use of CA certificates of contracted users, When the CA certificate issued by the CA agency for the contracted user is processed by consensus, After being successfully included in the distributed database of the blockchain, You can set access permissions for the CA certificates stored on the chain, To restrict access to user accounts other than the contracted user. That is, By setting access rights for the CA certificates stored on the chain, To ensure that only the contracted user himself, Ability to have access to CA certificates stored on the chain, View the CA certificate, operating. E.g, In the realization, You can pre-configure the access permission list for the CA certificates stored on the chain, And write the identity information of the contracted user into the access permission list, Used to indicate that only the contracted user can have access to the CA certificate; such as, In the blockchain, By using the public key of the contracted user, Or public key derived data (such as the account address obtained by computing the public key) to indicate the user's identity, Therefore, the public key or public key derivative data of the contracted user can be derived, Configured as the only legal identity that can access the above CA certificate. In this manual, The operator of the blockchain, Can rely on the above blockchain, Deploy online services on the blockchain to electronically sign electronic documents stored on the blockchain, When signing users when signing electronic documents, Can no longer be based on the private key held, Manually perform electronic signature operations on electronic documents, Instead, the electronic signature operation for electronic documents is completed online on the chain. In the realization, The operator of the blockchain, Smart contracts can be developed for online electronic signatures of electronic documents on the blockchain, An electronic signature program for performing electronic signature operations on electronic documents is declared in the smart contract. among them, The above-mentioned electronic signature program may specifically be declared in a smart contract, Program code related to the execution logic of electronic signature operations on electronic documents (such as some program methods or functions that can be called). And for the above-mentioned smart contract developed, The operator of the blockchain can use any node equipment in the blockchain, Publish the smart contract to the blockchain. And the node equipment in the blockchain, After receiving the above smart contract, Can initiate consensus processing on the above smart contracts, And after the consensus is passed, Collect and store the above-mentioned smart contracts to the decentralized database of the above-mentioned blockchain. Follow-up, Contracted users can access any node device in the blockchain through the client, Publish target transactions to the blockchain to trigger electronic signature operations on target electronic documents, To initiate a call to a smart contract that has been deployed, Trigger the execution of the electronic signature program stated in the above smart contract, On-line, electronically sign the target electronic document. In this manual, The operator of the blockchain, In addition to relying on the above blockchain, In addition to online services that deploy electronic signatures on electronic documents stored on the blockchain, You can also rely on the above blockchain, Deploy online services on the blockchain to trigger online display of electronic documents stored on the blockchain. In the realization, The operator of the blockchain, Smart contracts can be developed for online display of electronic documents on the blockchain, In this smart contract, a verification procedure for verifying the content of an electronic document is declared. among them, The above verification procedure can be specifically stated in the smart contract, Program code related to the execution logic for verifying the original content of an electronic document. And for the above-mentioned smart contract developed, The operator of the blockchain can still use any node equipment in the blockchain, Publish the smart contract to the blockchain. And the node equipment in the blockchain, After receiving the above smart contract, Can initiate consensus processing on the above smart contracts, And after the consensus is passed, Collect and store the above-mentioned smart contracts to the decentralized database of the above-mentioned blockchain. Follow-up, Contracted users can access any node device in the blockchain through the client, Publish the target transaction to the blockchain to trigger the online display of the target electronic document, To initiate a call to the smart contract that has been deployed, Trigger the execution of the verification procedures stated in the above smart contract, Verify the contents of the above target electronic documents, And after the content verification is passed, Return the target electronic document and the content verification result of the target electronic document (such as whether the content of the electronic document has been tampered with) to the client. among them, It should be noted, The smart contract described above for online electronic signature of electronic documents on the blockchain, And smart contracts for online display of electronic documents on the blockchain, In practical applications, Can be integrated into a smart contract for deployment on the blockchain (shown in Figure 3 is to integrate the above two smart contracts into a smart contract), It can also be deployed on the blockchain as two different smart contracts, There is no particular limitation in this specification. The following takes the above target electronic document as an electronic contract to be signed by the contracted user as an example for description. In one embodiment shown, The main chain-sub-chain architecture that the above blockchain can specifically adopt, It can include a main chain (Main Chain) and several child chains (Child Chain). among them, The number of sub-chains in the above blockchain network, Can be planned based on actual business needs, There is no particular limitation in this specification. See Figure 2, 2 is a block diagram of a blockchain shown in this specification. as shown in picture 2, In one embodiment shown, The above blockchain can be stored according to the type of data collected, Divided into "certification chain", "Contract Summary Subchain" (the first subchain), "Contract sub-chain" (second sub-chain), "CA certificate sub-chain" (third sub-chain). The above certificate deposit chain, Can be the main chain of the above blockchain; That is, The main chain of the above blockchain can be used as a certificate storage chain, Used to store and store transaction data related to a series of operations completed by contracted users on the blockchain, In order to trace the operation behavior of contracted users in the future; among them, The above smart contract deployed by the operator of the blockchain, After the consensus is passed, Inclusion and storage to the main chain. The above contract summary sub-chain, It is used to store the summary data of the electronic contract (hash value obtained by hashing the contract content) and the access address of the original content of the electronic contract. The above contract sub-chain, Used to store the original content of electronic contracts. among them, In one embodiment shown, In order to improve the data security of the original content of the electronic contract, You can set access permissions for the original content of electronic contracts stored on the chain, To restrict access to user accounts other than the above smart contracts. That is, By setting access permissions for the original content of the electronic contract stored on the chain, To ensure that only the above smart contracts, Ability to have access to the original content of electronic contracts stored on the chain, View the original content of the electronic contract, operating. The above CA certificate sub-chain, It is used to store the CA certificate issued by the CA organization to the contracted users. among them, It should be noted, The sub-chain division method described above, Just for example, In practical applications, Can be based on actual needs, Further subdivide each sub-chain shown above, Multiple sub-chains shown above can also be merged; E.g, You can sub-chain the above contract summary, It is further divided into "contract summary sub-chain" and "contract address sub-chain", Store the summary information of the electronic contract in the contract summary sub-chain, Store the access address of the electronic contract in the contract address sub-chain; Another example, You can also combine the above contract summary sub-chain and contract sub-chain, Merge into the same sub-chain, The summary information of the electronic contract, Access address, The original content is stored in this sub-chain. The following uses the architecture of the blockchain shown in Figure 2, To describe in detail the process of contracting users signing electronic documents. See Figure 3, FIG. 3 is a flowchart of a contracted user signing an electronic document shown in this specification. As shown in Figure 3, In the signing process of electronic documents shown in this manual, Can be divided into electronic contract upload, Signed user identity authentication, Contract user confirmation, There are four stages of signing users' electronic signatures. 1) Electronic contract upload As shown in Figure 3, Drafters of electronic contracts, After completing the drafting of the electronic contract: on the one hand, The original content of the electronic contract can be uploaded to the electronic contract system through the client, The electronic contract system can further publish the original content of the electronic contract in the form of a transaction in the contract sub-chain (the original content of the electronic contract is carried in the transaction in the form of cipher text); And the node equipment in the above contract sub-chain, After receiving the original content of the above electronic contract, Can initiate consensus processing on the original content of the above electronic contract, And after the consensus is passed, The original content of the above electronic contract is collected and stored in the decentralized database of the above contract sub-chain. When the original content of the above electronic contract is successfully included in the decentralized database of the above contract sub-chain, The above-mentioned contract sub-chain can return a notification message of successful preservation to the above-mentioned electronic contract system, The access address of the original content of the above electronic contract on the above contract sub-chain, Return to the above electronic contract system; After receiving the feedback from the contract sub-chain, the above electronic contract system You can return a notification message to the client that the upload was successful, The access address of the original content of the above electronic contract on the above contract sub-chain, Further return to the above client. E.g, The access address of the original content of the above electronic contract, Specifically, it may include the hash value of the transaction including the original content of the electronic contract, And the block number and other information of the block that contains the transaction. In one embodiment shown, In order to improve the safety of the use of electronic documents, When the original content of the electronic document is processed by consensus, After being successfully included in the decentralized database of the above certificate chain, You can set access permissions for the original content of electronic documents stored on the chain, To restrict access to user accounts other than the smart contracts described above. That is, By setting access permissions for electronic documents stored on the chain, To ensure that only smart contracts deployed on the chain, Ability to have access to the original content of electronic documents stored on the chain, View the original content of electronic documents, operating. among them, The specific process of setting access rights for the original content of electronic documents stored on the chain, No more details. on the other hand, After the drafter of the electronic contract receives the access address of the original content of the electronic contract returned by the above-mentioned contract sub-chain through the client on the above-mentioned contract sub-chain, You can also calculate the summary information of the electronic contract through the client, And upload the summary information of the electronic contract to the electronic contract system. And the above electronic contract system, The summary information of the electronic contract and the access address of the electronic contract (both are carried in the form of cipher text in the transaction) may be further published in the contract summary sub-chain in the form of a transaction. The node equipment in the above contract summary sub-chain, After receiving the summary information of the above electronic contract and the access address of the electronic contract, Can initiate consensus processing on the summary information of the above electronic contract and the access address of the electronic contract, And after the consensus is passed, Collect and store the summary information of the above electronic contract and the access address of the electronic contract to the decentralized database of the above contract summary sub-chain. After the summary information of the above electronic contract and the access address of the electronic contract are successfully included in the decentralized database of the above contract summary sub-chain, The above contract summary sub-chain can also return a successful save notification message to the above electronic contract system, The summary information of the above electronic contract and the access address of the electronic contract in the access address of the above contract summary sub-chain, Return to the above electronic contract system. After receiving the feedback from the contract summary sub-chain, the above electronic contract system You can further return a notification message to the client that the upload was successful, The summary information of the above electronic contract and the access address of the electronic contract in the access address of the above contract summary sub-chain, Further return to the above client. at this time, Drafters of electronic contracts, The original content of the electronic contract, Summary information of the electronic contract and the access address of the electronic contract, Collect and store to different sub-chains respectively. 2) Identity verification of contracted users As shown in Figure 3, The contracted user can send a contract request to the above electronic contract system through the client, Initiate online signing of the above electronic contracts; After receiving the signing request, the above electronic contract system You can respond to the signing request, Perform identity verification on the contracted user. among them, The specific method of identity verification for contracted users, There will be no special restrictions in this manual; E.g, In an example, The above-mentioned signing request may be based on the private key held by the signing user for electronic signature operation, The electronic contract system can verify the electronic signature of the contract request through the public key corresponding to the private key held by the contracted user. To determine whether the contract request is initiated by the contract user who holds the private key. of course, In practical applications, You can also use other forms of authentication technology such as face recognition, To complete the identity verification of the above contracted users, I will not list them one by one in this manual. After the electronic contract system completes the identity authentication of the above-mentioned contracted user, An authentication record that the contracted user has passed the identity authentication can be generated, And construct a transaction based on the generated authentication record, Then publish the transaction on the above certificate deposit chain (that is, the main chain), In order to initiate the completion of the deployment, Used to call smart contracts that are displayed online on electronic contracts on the blockchain, To trigger the online display of the electronic contract that needs to be signed. And the node equipment in the above certificate deposit chain, After receiving the above transaction, Can initiate consensus processing on the above transactions, And after the consensus is passed, Store the above transactions into the decentralized database of the above deposit chain for deposit, Then return the access address of the transaction on the deposit chain to the electronic contract system. Follow-up, The electronic contract system can be based on the access address of the transaction on the deposit chain, Perform retrospective inquiry on the results of the identity authentication of the contracted user. 3) Confirmation of contract signed by user Please continue to see Figure 3, The above electronic contract system passed the transaction consensus constructed based on the generated above authentication record, After completing the certificate deposit on the above certificate deposit chain, At this time, the node equipment on the above certificate deposit chain, Can immediately trigger the call to the deployment has been completed, Smart contract for online display of electronic contracts on the blockchain, Execute the verification procedure stated in the smart contract, Verify the original content of the electronic contract, To determine whether the original content of the electronic contract has been tampered with. In one embodiment shown, Before triggering the above smart contract, First determine whether the transaction has been successfully stored in the above deposit chain; If the transaction is successfully stored in the above deposit chain, At this time, initiate the call to the above smart contract; That is, Only after the transaction initiated by the user to trigger the online display of the above electronic contract is completed on the above deposit chain, Only then will the above smart contract be called. In this manual, When the above smart contract executes the above verification procedure, First, the summary information of the electronic document and the access address of the electronic document can be read from the contract summary sub-chain; E.g, In the above transaction, Can carry the summary information of the above electronic contract and the access address of the above electronic contract, The access address in the above contract summary sub-chain, And the above smart contract can be based on the access address, Read the summary information and access address of the above electronic contract from the above contract summary sub-chain. then, Can be based on the access address of the above electronic contract, Read the original content of the above electronic contract from the above contract sub-chain; E.g, The above smart contract can construct a transaction for querying the original content of the electronic contract, And electronically sign the transaction based on the held private key; In the above contract sub-chain, The public key of the smart contract can be configured as an authorized public key with access rights. When the node device in the contract sub-chain receives the transaction, The electronic signature of the transaction can be verified based on the above authorized public key; If the verification is passed, It indicates that the smart contract has access rights to access the original content of the electronic contract stored in the contract sub-chain, Can respond normally to a transaction, Return the original content of the queried electronic contract to the smart contract. further, After reading the original content of the electronic contract from the above contract sub-chain, It can further calculate the summary information of the original content of the read electronic contract; E.g, Taking the above summary information as a hash value, for example, You can re-hash the original content of the read electronic contract based on the hash algorithm to obtain the corresponding hash value; then, The summary information of the original content of the recalculated electronic contract can be Match with reading the summary information of the above electronic contract from the above contract summary sub-chain; If the summary information is recalculated, Match with the summary information of the above electronic contract read from the above contract summary sub-chain, Indicate the original content of the electronic contract read from the above contract sub-chain, It is completely consistent with the original content of the electronic contract originally uploaded by the contract drafter to the above contract sub-chain, No tampering occurred; at this time, The original content of the electronic contract passed the content verification; on the contrary. If the summary information is recalculated, Match with the summary information of the above electronic contract read from the above contract summary sub-chain, Indicate the original content of the electronic contract read from the above contract sub-chain, It is inconsistent with the original content of the electronic contract originally uploaded by the contract drafter to the above contract sub-chain, Tampering may have occurred; at this time, The original content of the electronic contract failed the content verification. When the content verification of the original content of the above electronic contract is completed, The above smart contract can read the original content of the read electronic contract, And the content verification result for the original content of the electronic contract, Return to the above electronic contract system, The client that returns to the above-mentioned contracted user through the above-mentioned electronic contract system displays online to the contracted user, The signed user confirms the signing of the original content of the displayed electronic contract. In this manual, After the contracted user confirms the original content of the displayed electronic contract, You can send a content confirmation message to the above electronic contract system through the client; After receiving the content confirmation message, the above electronic contract system You can respond to the content confirmation message, Construct a transaction based on the content confirmation message, The transaction is then published on the above deposit chain (ie, the main chain). And the node equipment in the above certificate deposit chain, After receiving the above transaction, Can initiate consensus processing on the above transactions, And after the consensus is passed, Store the above transactions into the decentralized database of the above deposit chain for deposit, Then return the access address of the transaction on the deposit chain to the electronic contract system. Follow-up, The electronic contract system can be based on the access address of the transaction on the deposit chain, The content confirmation operation of the above-mentioned electronic contract performed by the contracted user is retrospectively queried. 4) Electronic signatures of contracted users Please continue to see Figure 3, When the contracted user confirms the original content of the electronic contract that needs to be signed, And after the content is confirmed to be successfully deposited on the certification chain, The contracted user can send an electronic signature request to the above electronic contract system through the client, Initiate online electronic signature of the above electronic contract. After receiving the electronic signature request, the above electronic contract system A transaction for triggering an electronic signature operation on the above electronic contract can be constructed based on the electronic signature request, Then publish the transaction on the above certificate deposit chain (that is, the main chain), In order to initiate the completion of the deployment, It is used to call smart contracts for online electronic signature operations on electronic contracts on the blockchain, To trigger online electronic signature operations on electronic contracts that need to be signed. And the node equipment in the above certificate deposit chain, After receiving the above transaction, Can initiate consensus processing on the above transactions, And after the consensus is passed, Store the above transactions into the decentralized database of the above deposit chain for deposit, Then return the access address of the transaction on the deposit chain to the electronic contract system. Follow-up, The electronic contract system can be based on the access address of the transaction on the deposit chain, The contracted user initiates a retrospective inquiry on the electronic signature operation of the electronic contract initiated by the electronic contract. In one embodiment shown, In the above electronic signature request, It can carry the authorization information of the signed user to electronically sign the above electronic contract. Correspondingly, In the transaction constructed by the electronic contract system based on the electronic signature request, Will also carry the authorization information, among them, The above authorization information, Specifically used to indicate the access authority of the CA certificate of the contracted user that has been stored on the CA certificate sub-chain, It is authorized to the smart contract that has been deployed on the above-mentioned blockchain for electronic signature operation on the above-mentioned electronic contract. It should be noted, The content form of the above authorization information, There is no special limitation in this manual; E.g, In practical applications, The above authorization information may specifically be an electronic certificate of any form used to obtain the access authority of the CA certificate; such as, String, Password or other forms of electronic certificates that can be verified. Please continue to see Figure 3, The above electronic contract system passed the transaction consensus constructed based on the above electronic signature request, After completing the certificate deposit on the above certificate deposit chain, At this time, the node equipment on the above certificate deposit chain, Can immediately trigger the call to the deployment has been completed, Smart contracts for electronic signature operations on electronic contracts on the blockchain, Execute the electronic signature program stated in the smart contract, Online electronic signature of the electronic contract. In one embodiment shown, Before triggering the above smart contract, First, it can be determined whether the above authorization information is carried in the above transaction; If the above authorization information is carried in the above transaction, It indicates that the above-mentioned contracted user has the access right of the individual's CA certificate stored on the above-mentioned CA certificate sub-chain, Authorize to the above smart contract (that is, the signed user agrees to complete the electronic signature operation by the smart contract instead of himself), At this time, the call to the above smart contract is initiated. That is, Only after the contracted user authorizes the access authority of the personal CA certificate to the above smart contract, Only then will the above smart contract be called. among them, In another embodiment shown, If the above authorization information is carried in the above transaction, You can further confirm whether the transaction was successfully stored in the above certificate deposit chain; If the transaction is successfully stored in the above deposit chain, At this time, initiate the call to the above smart contract; That is, Only the contracted user authorized the access rights of the personal CA certificate to the above smart contract, And the transaction initiated by the user to trigger the electronic signature operation on the above electronic contract is completed on the above certificate deposit chain, Only then will the above smart contract be called. In this manual, When the above smart contract executes the above electronic signature program, on the one hand, The original content of the electronic contract can be read from the above contract sub-chain; E.g, Due to the original content of the electronic contract stored on the above contract sub-chain, Only the above smart contracts deployed on the blockchain have access rights, Therefore, the above smart contract can normally read the original content of the electronic contract from the above contract sub-chain; on the other hand, You can also read the CA certificate of the contracted user from the CA certificate sub-chain; E.g, The above smart contract can construct a transaction for querying the CA certificate, Carry the electronic certificate as the above authorization information in the transaction, Then issue the transaction in the above CA certificate sub-chain; After receiving the transaction, the node devices on the above CA certificate sub-chain can verify the electronic certificate in the transaction. To confirm whether the smart contract has the access right to access the CA certificate of the contracted user; If the verification is passed, The CA certificate of the contracted user can be returned to the smart contract; That is, The above smart contract can submit the electronic certificate as the above authorization information to the node device in the above CA certificate sub-chain, The CA certificate is read from the CA certificate sub-chain with the access rights of the contracted user mentioned above. of course, In practical applications, If the CA certificate of the contracted user is not stored in the above-mentioned CA certificate sub-chain, You can also use the authorized status of the contracted user, Reapply for the CA certificate from the CA organization, The specific implementation is not repeated here. further, When the original content of the electronic contract to be signed is read from the above contract sub-chain, And after reading the personal CA certificate of the contracted user from the CA certificate sub-chain, Can be based on the read CA certificate, Perform an electronic signature operation on the original content of the electronic contract. In one embodiment shown, If the public key and private key of the contracted user are uniformly distributed by the CA organization, In the CA certificate of the contracted user, Usually carries the public key and private key pair of the contracted user; under these circumstances, It can be based on the private key carried in the CA certificate, The original content of the electronic contract to be signed can be electronically signed. In another embodiment shown, If the public key and private key of the contracted user are not uniformly distributed by the CA organization, It is generated independently by the contracted user; E.g, The key generation algorithm is carried in the security environment of the user client, Or carry the key generation algorithm in the security hardware (such as USB key) held by the user, Contracted users can run the above key generation algorithm by triggering, Create a private key public key pair for yourself; under these circumstances, The above CA certificate usually only carries the public key of the contracted user. After signing up, users can encrypt their private keys, Submit the personal private key to the above smart contract separately, Furthermore, after the above smart contract can decrypt the private key of the contracted user, It is sufficient to perform an electronic signature operation on the original content of the electronic contract to be signed based on the private key. among them, What needs to be emphasized is that When performing an electronic signature operation on the original content of the above electronic contract based on the CA certificate, You can also carry the above CA certificate as a payload in the electronic signature; under these circumstances, When it is necessary to verify the electronic signature of the contracted user, The CA certificate carried in the above electronic signature can be decrypted based on the public key of the CA institution, Obtain the public key of the above contracted user, Then verify the electronic signature based on the public key of the contracted user, It is no longer necessary to separately query the public keys of the contracted users. Please continue to see Figure 3, After completing the electronic signature operation for the original content of the electronic signature, The above-mentioned smart contract may generate a signature record indicating that the above-mentioned contracted user has completed the electronic signature operation on the above-mentioned electronic contract, And construct a transaction based on the signature record, Publish on the above deposit chain, After the consensus processing of the transaction by the node equipment on the above certificate deposit chain, Store on the above deposit chain, In order that the electronic contract system can follow up on the electronic signature operation of the electronic contract by the contracted user. Through the above technical solutions, on the one hand, Since users can call smart contracts, To trigger the smart contract to read the CA certificate corresponding to the contracted user from the blockchain, And based on the read CA certificate to electronically sign electronic documents; therefore, Can avoid manual signature of electronic documents by users, Simplify the complexity of electronic signature operations; on the other hand, Since the CA certificate of the contracted user is stored in the blockchain in advance, And the CA certificate on the blockchain, Can only be used by smart contracts, Therefore, it is possible to prevent illegal third-party users from using the CA certificates of contracted users, Against the wishes of the contracted user, Use the signed user’s CA certificate to electronically sign electronic documents, It can improve the security level when performing electronic signature operations on electronic documents. Corresponding to the above method embodiment, This specification also provides an embodiment of a blockchain-based electronic signature device. The embodiment of the blockchain-based electronic signature device of this specification can be applied to electronic devices. Device embodiments can be implemented through software, It can also be achieved by a combination of hardware and software. Take software implementation as an example, As a logical device, It is formed by reading the corresponding computer program instructions in the non-volatile memory into the internal memory through the processor of the electronic device where it is located. From the hardware level, As shown in Figure 4, This is a hardware structure diagram of the electronic equipment where the blockchain-based electronic signature device is located in this specification, In addition to the processor shown in Figure 4, Internal memory, Web interface, As well as non-volatile memory, In the embodiment, the electronic device where the device is located is generally based on the actual function of the electronic device, It can also include other hardware, This will not be repeated here. FIG. 5 is a block diagram of a blockchain-based electronic signature device shown in an exemplary embodiment of this specification. Please refer to Figure 5, The blockchain-based electronic signature device 50 can be applied to the aforementioned electronic device shown in FIG. 3, These include: Receive module 501 and signature module 502. Receive module 501, Receive target transactions initiated by contracted users through the client; among them, The target transaction is used to trigger an electronic signature operation on the target electronic document; The CA certificate corresponding to the contracted user is stored in the blockchain in advance; Signature module 502, In response to the stated target transaction, Call the smart contract corresponding to the electronic signature, Execute the electronic signature program stated in the smart contract, Read the CA certificate corresponding to the contracted user from the blockchain; as well as, Perform an electronic signature operation on the target electronic document based on the CA certificate. In this embodiment, The CA certificate stored in the blockchain, Access rights that restrict access to user accounts other than the contracted user are preset; The signature module 502: Determine whether the target transaction includes authorization information for the contracted user to electronically sign the target text; among them, The authorization information is used to instruct access authority of the CA certificate to the smart contract; If the authorization information is included in the target transaction, Then the smart contract corresponding to the electronic signature is invoked. In this embodiment, The signature module 502 further: If the authorization information is included in the target transaction, Further determine whether the target transaction is successfully stored in the blockchain; if, Then the smart contract corresponding to the electronic signature is invoked. In this embodiment, The target electronic document is pre-stored in the blockchain; among them, The target electronic document stored in the blockchain, Access rights that restrict access to user accounts outside the smart contract are preset; The signature module 502: Reading the target electronic document from the blockchain; Perform an electronic signature operation on the read target electronic document based on the CA certificate. In this embodiment, The CA certificate includes the private key of the contracted user; The signature module 502: Based on the private key of the contracted user in the CA certificate, Perform an electronic signature operation on the read target electronic document. In this embodiment, The blockchain includes a main chain and several sub-chains; The plurality of sub-chains includes a first sub-chain for storing the access address of the target electronic document, And a second sub-chain for storing the original content of the target electronic document; The signature module 502 further: Reading the access address of the target electronic document from the first sub-chain; The original content of the target electronic document is read from the second sub-chain based on the access address of the target electronic document. In this embodiment, The several sub-chains also include a third sub-chain for storing the CA certificate; The signature module 502 further: Reading the CA certificate corresponding to the contracted user from the third sub-chain. In this embodiment, The target electronic document is an electronic contract. For the implementation process of the functions and functions of each module in the above device, please refer to the implementation process of the corresponding steps in the above method for details. I will not repeat them here. For the device embodiment, Since it basically corresponds to the method embodiment, Therefore, please refer to the part description of the method embodiment for relevant points. The device embodiments described above are only schematic, among them, The modules described as separate components may or may not be physically separated, The component displayed as a module may or may not be a physical module, Can be located in one place, Or it can be distributed to multiple network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in this specification. In the technical field to which the present invention belongs, those who have ordinary knowledge without paying creative work, It can be understood and implemented. The system described in the above embodiment, Device, Module or module, It can be realized by computer chip or entity, Or it can be realized by a product with a certain function. A typical implementation device is a computer, The specific form of the computer can be a personal computer, Laptop, Cellular phone, Camera phone, Smart phone, Personal digital assistant, media Player, Navigation equipment, Email sending and receiving equipment, Game console, tablet, Wearable devices or any combination of these devices. Corresponding to the above method embodiment, This specification also provides an embodiment of an electronic device. The electronic equipment includes: Processor and memory for storing machine executable instructions; among them, The processor and the memory are usually connected to each other through an internal bus. In other possible implementations, The device may also include an external interface, To be able to communicate with other equipment or components. In this embodiment, By reading and executing machine-executable instructions stored in the memory corresponding to the control logic of the blockchain-based electronic signature, The processor is prompted to: Receive target transactions initiated by contracted users through the client; among them, The target transaction is used to trigger an electronic signature operation on the target electronic document; The CA certificate corresponding to the contracted user is stored in the blockchain in advance; In response to the stated target transaction, Call the smart contract corresponding to the electronic signature, Execute the electronic signature program stated in the smart contract, Read the CA certificate corresponding to the contracted user from the blockchain; as well as, Perform an electronic signature operation on the target electronic document based on the CA certificate. In this embodiment, The CA certificate stored in the blockchain, Access rights that restrict access to user accounts other than the contracted user are preset; By reading and executing machine-executable instructions stored in the memory corresponding to the control logic of the blockchain-based electronic signature, The processor is prompted to: Determine whether the target transaction includes authorization information for the contracted user to electronically sign the target text; among them, The authorization information is used to instruct access authority of the CA certificate to the smart contract; If the authorization information is included in the target transaction, Then the smart contract corresponding to the electronic signature is invoked. In this embodiment, By reading and executing machine-executable instructions stored in the memory corresponding to the control logic of the blockchain-based electronic signature, The processor is prompted to: If the authorization information is included in the target transaction, Further determine whether the target transaction is successfully stored in the blockchain; if, Then the smart contract corresponding to the electronic signature is invoked. In this embodiment, The target electronic document is pre-stored in the blockchain; among them, The target electronic document stored in the blockchain, Access rights that restrict access to user accounts outside the smart contract are preset; By reading and executing machine-executable instructions stored in the memory corresponding to the control logic of the blockchain-based electronic signature, The processor is prompted to: Reading the target electronic document from the blockchain; Perform an electronic signature operation on the read target electronic document based on the CA certificate. In this embodiment, The CA certificate includes the private key of the contracted user; By reading and executing machine-executable instructions stored in the memory corresponding to the control logic of the blockchain-based electronic signature, The processor is prompted to: Based on the private key of the contracted user in the CA certificate, Perform an electronic signature operation on the read target electronic document. In this embodiment, The blockchain includes a main chain and several sub-chains; The plurality of sub-chains includes a first sub-chain for storing the access address of the target electronic document, And a second sub-chain for storing the original content of the target electronic document; By reading and executing machine-executable instructions stored in the memory corresponding to the control logic of the blockchain-based electronic signature, The processor is prompted to: Reading the access address of the target electronic document from the first sub-chain; The original content of the target electronic document is read from the second sub-chain based on the access address of the target electronic document. In this embodiment, The several sub-chains also include a third sub-chain for storing the CA certificate; By reading and executing machine-executable instructions stored in the memory corresponding to the control logic of the blockchain-based electronic signature, The processor is prompted to: Reading the CA certificate corresponding to the contracted user from the third sub-chain. After considering the description and practice of the invention disclosed herein, those skilled in the art It will be easy to think of other embodiments of this specification. This manual is intended to cover any variations, Change in use or adaptability, These variants, The use or adaptive change follows the general principles of this specification and includes common knowledge or common technical means in the technical field not disclosed in this specification. The description and examples are to be considered exemplary only, The true scope and spirit of this specification are indicated by the following patent applications. It should be understood that This specification is not limited to the precise structure already described above and shown in the drawings, And various modifications and changes can be made without departing from its scope. The scope of this specification is limited only by the scope of the attached patent application. The above is only the preferred embodiment of this specification, Is not intended to limit this manual, Within the spirit and principles of this manual, Any modifications made, Equivalent replacement, Improvement etc., All should be included in the scope of protection of this manual.

102:方法步驟 104:方法步驟 50:基於區塊鏈的電子簽名裝置 501:接收模組 502:簽名模組 102: Method steps 104: Method steps 50: Blockchain-based electronic signature device 501: Receive module 502: Signature module

圖1是一示例性實施例提供的一種基於區塊鏈的電子簽名方法的流程圖; 圖2是一示例性實施例提供的一種區塊鏈的架構圖; 圖3是一示例性實施例提供的一種簽約用戶對電子文書進行簽約的流程圖; 圖4是一示例性實施例提供的一種電子設備的結構示意圖; 圖5是一示例性實施例提供的一種基於區塊鏈的電子簽名裝置的邏輯方塊圖。 FIG. 1 is a flowchart of a blockchain-based electronic signature method provided by an exemplary embodiment; 2 is an architecture diagram of a blockchain provided by an exemplary embodiment; FIG. 3 is a flowchart of a contracted user signing an electronic document provided by an exemplary embodiment; 4 is a schematic structural diagram of an electronic device provided by an exemplary embodiment; FIG. 5 is a logical block diagram of a blockchain-based electronic signature device provided by an exemplary embodiment.

Claims (13)

一種基於區塊鏈的電子簽名方法,包括:接收簽約用戶透過客戶端發起的目標交易,其中,該目標交易用於觸發對目標電子文書進行電子簽名操作,與該簽約用戶對應的CA(Certificate Authority)證書被預先儲存至該區塊鏈;回應於該目標交易,調用與電子簽名對應的智慧型合約,執行該智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與該簽約用戶對應的CA證書;以及基於該CA證書對該目標電子文書進行電子簽名操作,其中,該目標電子文書被預先儲存至區塊鏈,該區塊鏈中儲存的該目標電子文書,被預設了限制該智慧型合約以外的用戶帳戶進行存取的存取權限,該區塊鏈包括主鏈以及若干子鏈,該若干子鏈包括用於儲存該目標電子文書的存取位址的第一子鏈,以及用於儲存該目標電子文書的原始內容的第二子鏈,該基於該CA證書對該目標電子文書進行電子簽名操作,包括:從該區塊鏈中讀取該目標電子文書;以及基於該CA證書對讀取到的該目標電子文書進行電子簽名操作,其中,該從該區塊鏈中讀取該目標電子文書,包括: 從該第一子鏈中讀取該目標電子文書的存取位址;以及基於該目標電子文書的存取位址從該第二子鏈中讀取該目標電子文書的原始內容。 A blockchain-based electronic signature method includes: receiving a target transaction initiated by a contracted user through a client, wherein the target transaction is used to trigger an electronic signature operation on a target electronic document, and a CA (Certificate Authority) corresponding to the contracted user ) The certificate is pre-stored in the blockchain; in response to the target transaction, the smart contract corresponding to the electronic signature is called, the electronic signature program declared in the smart contract is executed, and the signed user is read from the blockchain Corresponding CA certificate; and performing electronic signature operation on the target electronic document based on the CA certificate, wherein the target electronic document is pre-stored in the blockchain, and the target electronic document stored in the blockchain is preset Restrict access rights for user accounts outside of the smart contract. The blockchain includes a main chain and several sub-chains. The several sub-chains include a first sub-node for storing the access address of the target electronic document Chain, and a second sub-chain for storing the original content of the target electronic document, the electronic signature operation on the target electronic document based on the CA certificate, including: reading the target electronic document from the blockchain; and Perform an electronic signature operation on the read target electronic document based on the CA certificate, where the target electronic document read from the blockchain includes: Reading the access address of the target electronic document from the first sub-chain; and reading the original content of the target electronic document from the second sub-chain based on the access address of the target electronic document. 根據申請專利範圍第1項所述的方法,其中,該區塊鏈中儲存的該CA證書,被預設了限制該簽約用戶以外的用戶帳戶進行存取的存取權限;以及該調用與電子簽名對應的智慧型合約,包括:確定該目標交易中是否包括該簽約用戶對該目標文字進行電子簽名的授權資訊,其中,該授權資訊用於指示將該CA證書的存取權限授權給該智慧型合約;以及如果該目標交易中包括該授權資訊,則觸發調用與電子簽名對應的智慧型合約。 The method according to item 1 of the patent application scope, wherein the CA certificate stored in the blockchain is preset with access rights that restrict access to user accounts other than the contracted user; and the call and electronic The smart contract corresponding to the signature includes: determining whether the target transaction includes authorization information for the contracted user to electronically sign the target text, wherein the authorization information is used to indicate that the access authority of the CA certificate is authorized to the smart Contract; and if the target transaction includes the authorization information, trigger a smart contract corresponding to the electronic signature. 根據申請專利範圍第2項所述的方法,該如果該目標交易中包括該授權資訊,則觸發調用與電子簽名對應的智慧型合約,包括:如果該目標交易中包括該授權資訊,進一步確定該目標交易是否被成功儲存至該區塊鏈,如果是,則觸發調用與電子簽名對應的智慧型合約。 According to the method described in item 2 of the scope of the patent application, if the target transaction includes the authorization information, the smart contract corresponding to the electronic signature is triggered to be called, including: if the target transaction includes the authorization information, further determine the Whether the target transaction has been successfully stored on the blockchain, and if so, it will trigger a smart contract corresponding to the electronic signature. 根據申請專利範圍第1項所述的方法,該CA證書包括該簽約用戶的私鑰;以及 該基於該CA證書對讀取到的該目標電子文書進行電子簽名操作,包括:基於該CA證書中的該簽約用戶的私鑰,對讀取到的該目標電子文書進行電子簽名操作。 According to the method described in item 1 of the patent application scope, the CA certificate includes the private key of the contracted user; and Performing an electronic signature operation on the read target electronic document based on the CA certificate includes: performing an electronic signature operation on the read target electronic document based on the private key of the contracted user in the CA certificate. 根據申請專利範圍第4項所述的方法,該若干子鏈還包括用於於儲存該CA證書的第三子鏈;以及該從區塊鏈中讀取與該簽約用戶對應的CA證書,包括:從該第三子鏈中讀取與該簽約用戶對應的CA證書。 According to the method described in item 4 of the patent application scope, the several sub-chains also include a third sub-chain for storing the CA certificate; and the reading of the CA certificate corresponding to the contracted user from the blockchain, including : Read the CA certificate corresponding to the contracted user from the third sub-chain. 根據申請專利範圍第1項所述的方法,該目標電子文書為電子合約。 According to the method described in item 1 of the patent application scope, the target electronic document is an electronic contract. 一種基於區塊鏈的電子簽名裝置,包括:接收模組,接收簽約用戶透過客戶端發起的目標交易,其中,該目標交易用於觸發對目標電子文書進行電子簽名操作,與該簽約用戶對應的CA(Certificate Authority)證書被預先儲存至該區塊鏈;以及簽名模組,回應於該目標交易,調用與電子簽名對應的智慧型合約,執行該智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與該簽約用戶對應的CA證書,以及,基於該CA證書對該目標電子文書進行電子簽名操作,其中,該目標電子文書被預先儲存至區塊鏈,該區塊鏈中儲 存的該目標電子文書,被預設了限制該智慧型合約以外的用戶帳戶進行存取的存取權限,該區塊鏈包括主鏈以及若干子鏈,該若干子鏈包括用於儲存該目標電子文書的存取位址的第一子鏈,以及用於儲存該目標電子文書的原始內容的第二子鏈,其中,該簽名模組:從該區塊鏈中讀取該目標電子文書,以及基於該CA證書對讀取到的該目標電子文書進行電子簽名操作,其中,該簽名模組進一步:從該第一子鏈中讀取該目標電子文書的存取位址;以及基於該目標電子文書的存取位址從該第二子鏈中讀取該目標電子文書的原始內容。 A blockchain-based electronic signature device includes: a receiving module that receives a target transaction initiated by a contracted user through a client terminal, wherein the target transaction is used to trigger an electronic signature operation on a target electronic document, corresponding to the contracted user The CA (Certificate Authority) certificate is pre-stored in the blockchain; and the signature module, in response to the target transaction, invokes the smart contract corresponding to the electronic signature, executes the electronic signature program declared in the smart contract, and removes Read the CA certificate corresponding to the contracted user in the blockchain, and perform an electronic signature operation on the target electronic document based on the CA certificate, wherein the target electronic document is pre-stored in the blockchain, and the blockchain stores The stored target electronic document is preset with access rights that restrict access to user accounts outside the smart contract. The blockchain includes a main chain and several sub-chains, and the several sub-chains include storage for the target The first sub-chain of the access address of the electronic document and the second sub-chain for storing the original content of the target electronic document, wherein the signature module: reads the target electronic document from the blockchain, And performing an electronic signature operation on the read target electronic document based on the CA certificate, wherein the signature module further: reads the access address of the target electronic document from the first sub-chain; and based on the target The access address of the electronic document reads the original content of the target electronic document from the second sub-chain. 根據申請專利範圍第7項所述的裝置,該區塊鏈中儲存的該CA證書,被預設了限制該簽約用戶以外的用戶帳戶進行存取的存取權限;以及該簽名模組:確定該目標交易中是否包括該簽約用戶對該目標文字進行電子簽名的授權資訊,其中,該授權資訊用於指示將該CA證書的存取權限授權給該智慧型合約;以及如果該目標交易中包括該授權資訊,則觸發調用與電子簽名對應的智慧型合約。 According to the device described in item 7 of the patent application scope, the CA certificate stored in the blockchain is preset with access rights that restrict access to user accounts other than the contracted user; and the signature module: OK Whether the target transaction includes authorization information for the contracted user to electronically sign the target text, wherein the authorization information is used to indicate that the access authority of the CA certificate is authorized to the smart contract; and if the target transaction includes The authorization information triggers the smart contract corresponding to the electronic signature. 根據申請專利範圍第8項所述的裝置,該簽名模組進一步:如果該目標交易中包括該授權資訊,進一步確定該目標交易是否被成功儲存至該區塊鏈,如果是,則觸發調用與電子簽名對應的智慧型合約。 According to the device described in item 8 of the patent application scope, the signature module further: If the target transaction includes the authorization information, further determine whether the target transaction is successfully stored in the blockchain, and if so, trigger the call and The smart contract corresponding to the electronic signature. 根據申請專利範圍第7項所述的裝置,該CA證書包括該簽約用戶的私鑰;以及該簽名模組:基於該CA證書中的該簽約用戶的私鑰,對讀取到的該目標電子文書進行電子簽名操作。 According to the device described in item 7 of the scope of the patent application, the CA certificate includes the private key of the contracted user; and the signature module: based on the private key of the contracted user in the CA certificate, the target electronic Documents perform electronic signature operations. 根據申請專利範圍第10項所述的裝置,該若干子鏈還包括用於儲存該CA證書的第三子鏈;以及該簽名模組進一步:從該第三子鏈中讀取與該簽約用戶對應的CA證書。 According to the device described in item 10 of the patent application scope, the several sub-chains further include a third sub-chain for storing the CA certificate; and the signature module further: read the contracted user from the third sub-chain Corresponding CA certificate. 根據申請專利範圍第7項所述的裝置,該目標電子文書為電子合約。 According to the device described in item 7 of the patent application scope, the target electronic document is an electronic contract. 一種電子設備,包括:處理器;以及用於儲存機器可執行指令的記憶體, 其中,透過讀取並執行該記憶體儲存的與基於區塊鏈的基於區塊鏈的電子簽名的控制邏輯對應的儲存機器可執行指令,該處理器被促使:接收簽約用戶透過客戶端發起的目標交易,其中,該目標交易用於觸發對目標電子文書進行電子簽名操作;與該簽約用戶對應的CA(Certificate Authority)證書被預先儲存至該區塊鏈;回應於該目標交易,調用與電子簽名對應的智慧型合約,執行該智慧型合約中聲明的電子簽名程序,從區塊鏈中讀取與該簽約用戶對應的CA證書;以及基於該CA證書對該目標電子文書進行電子簽名操作,其中,該目標電子文書被預先儲存至區塊鏈,該區塊鏈中儲存的該目標電子文書,被預設了限制該智慧型合約以外的用戶帳戶進行存取的存取權限,該區塊鏈包括主鏈以及若干子鏈,該若干子鏈包括用於儲存該目標電子文書的存取位址的第一子鏈,以及用於儲存該目標電子文書的原始內容的第二子鏈,該基於該CA證書對該目標電子文書進行電子簽名操作,包括:從該區塊鏈中讀取該目標電子文書;以及基於該CA證書對讀取到的該目標電子文書進行電子簽名操作,其中,該從該區塊鏈中讀取該目標電子文書,包括: 從該第一子鏈中讀取該目標電子文書的存取位址;以及基於該目標電子文書的存取位址從該第二子鏈中讀取該目標電子文書的原始內容。 An electronic device, including: a processor; and a memory for storing machine executable instructions, Among them, by reading and executing the storage machine executable instructions stored in the memory corresponding to the control logic of the blockchain-based electronic signature based on the blockchain, the processor is prompted to: receive the Target transaction, where the target transaction is used to trigger an electronic signature operation on the target electronic document; the CA (Certificate Authority) certificate corresponding to the contracted user is pre-stored in the blockchain; in response to the target transaction, call and electronic The smart contract corresponding to the signature, execute the electronic signature program declared in the smart contract, read the CA certificate corresponding to the contracted user from the blockchain; and perform the electronic signature operation on the target electronic document based on the CA certificate, Among them, the target electronic document is pre-stored in the blockchain, and the target electronic document stored in the blockchain is preset with access rights that restrict access to user accounts other than the smart contract, the block The chain includes a main chain and several sub-chains including a first sub-chain for storing the access address of the target electronic document and a second sub-chain for storing the original content of the target electronic document, the Performing an electronic signature operation on the target electronic document based on the CA certificate includes: reading the target electronic document from the blockchain; and performing an electronic signature operation on the read target electronic document based on the CA certificate, wherein, The target electronic document read from the blockchain includes: Reading the access address of the target electronic document from the first sub-chain; and reading the original content of the target electronic document from the second sub-chain based on the access address of the target electronic document.
TW108107759A 2018-06-26 2019-03-08 Blockchain-based electronic signature method and device, and electronic equipment TWI694709B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810672943.7 2018-06-26
CN201810672943.7A CN108960825A (en) 2018-06-26 2018-06-26 Electric endorsement method and device, electronic equipment based on block chain

Publications (2)

Publication Number Publication Date
TW202002570A TW202002570A (en) 2020-01-01
TWI694709B true TWI694709B (en) 2020-05-21

Family

ID=64487103

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108107759A TWI694709B (en) 2018-06-26 2019-03-08 Blockchain-based electronic signature method and device, and electronic equipment

Country Status (3)

Country Link
CN (1) CN108960825A (en)
TW (1) TWI694709B (en)
WO (1) WO2020001103A1 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108960825A (en) * 2018-06-26 2018-12-07 阿里巴巴集团控股有限公司 Electric endorsement method and device, electronic equipment based on block chain
CN109818957B (en) * 2019-01-25 2020-12-22 上海淳麒金融信息服务有限公司 Intelligent contract calling method, device and system based on visual interface
CN111901402A (en) * 2019-02-19 2020-11-06 创新先进技术有限公司 Method, node and storage medium for implementing privacy protection in block chain
CN111612613B (en) * 2019-02-26 2023-11-10 傲为有限公司 Block chain network with centralized system
CN109948351B (en) * 2019-02-28 2023-12-05 深圳市元征科技股份有限公司 Information processing method and device
CN110520883B (en) 2019-03-04 2023-08-22 创新先进技术有限公司 Method and apparatus for processing certificates in a blockchain system
CN110086608B (en) * 2019-03-21 2022-03-25 深圳壹账通智能科技有限公司 User authentication method, device, computer equipment and computer readable storage medium
CN109978543B (en) * 2019-04-03 2022-03-22 恒生电子股份有限公司 Contract signing method and device, electronic equipment and storage medium
CN110059136A (en) * 2019-04-17 2019-07-26 江苏全链通信息科技有限公司 Information storage means, equipment and storage medium based on domain name block chain
CN110287739B (en) * 2019-06-17 2020-12-29 西安纸贵互联网科技有限公司 Data security management method and system based on hardware private key storage technology
CN110598460B (en) * 2019-09-27 2022-08-05 腾讯科技(深圳)有限公司 Block chain-based electronic signature method and device and storage medium
CN110601858B (en) * 2019-09-27 2021-05-28 腾讯科技(深圳)有限公司 Certificate management method and device
CN111010367B (en) * 2019-11-07 2022-11-29 深圳市电子商务安全证书管理有限公司 Data storage method and device, computer equipment and storage medium
CN111626731A (en) * 2020-04-10 2020-09-04 南京优物链科技有限公司 Contract signing identity authentication and signature system based on block chain technology
CN111460509B (en) * 2020-04-16 2024-02-02 福建首众信息科技有限公司 Electronic signature application method based on blockchain
CN112258189A (en) * 2020-12-03 2021-01-22 支付宝(杭州)信息技术有限公司 Block chain-based subscription management method and device and electronic equipment
CN112597545B (en) * 2020-12-28 2024-04-12 山西云时代研发创新中心有限公司 Medical electronic contract evidence-preserving method based on blockchain technology
CN113609527A (en) * 2021-07-06 2021-11-05 微易签(杭州)科技有限公司 Method, system and equipment for creating digital signature based on block chain
CN114897527B (en) * 2022-05-20 2023-03-14 西南交通大学 Authentication method for realizing commercial warranty claim value based on workload certification

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506552A (en) * 2015-01-05 2015-04-08 四川中时代科技有限公司 Safe monitoring and access control method of information system
US20160275461A1 (en) * 2015-03-20 2016-09-22 Rivetz Corp. Automated attestation of device integrity using the block chain
CN106372941A (en) * 2016-08-31 2017-02-01 江苏通付盾科技有限公司 CA authentication management method, device and system based on block chain
CN107203368A (en) * 2016-03-16 2017-09-26 蓝树荣 A kind of method for setting up intelligent Contract Model
CN107347008A (en) * 2017-06-30 2017-11-14 上海策赢网络科技有限公司 Electronic document verification method, equipment and system
WO2018087836A1 (en) * 2016-11-09 2018-05-17 株式会社日立製作所 Blockchain transaction system and blockchain transaction method
CN108197913A (en) * 2017-12-18 2018-06-22 深圳前海微众银行股份有限公司 Method of payment, system and computer readable storage medium based on block chain

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105893042A (en) * 2016-03-31 2016-08-24 北京航空航天大学 Intelligent contract implementation method based on block chain
CN107122673A (en) * 2017-03-09 2017-09-01 深圳市金立通信设备有限公司 A kind of information ciphering method and terminal
CN106960165B (en) * 2017-03-13 2020-12-22 广东网金控股股份有限公司 Method for realizing multi-party electronic contract countersigning based on block chain intelligent contract
CN107171794B (en) * 2017-06-27 2019-10-22 葛峰 A kind of electronic document signature method based on block chain and intelligent contract
CN112865982A (en) * 2017-07-26 2021-05-28 创新先进技术有限公司 Digital certificate management method and device and electronic equipment
CN107592293A (en) * 2017-07-26 2018-01-16 阿里巴巴集团控股有限公司 The means of communication, digital certificate management method, device and electronic equipment between block chain node
CN108960825A (en) * 2018-06-26 2018-12-07 阿里巴巴集团控股有限公司 Electric endorsement method and device, electronic equipment based on block chain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506552A (en) * 2015-01-05 2015-04-08 四川中时代科技有限公司 Safe monitoring and access control method of information system
US20160275461A1 (en) * 2015-03-20 2016-09-22 Rivetz Corp. Automated attestation of device integrity using the block chain
CN107203368A (en) * 2016-03-16 2017-09-26 蓝树荣 A kind of method for setting up intelligent Contract Model
CN106372941A (en) * 2016-08-31 2017-02-01 江苏通付盾科技有限公司 CA authentication management method, device and system based on block chain
WO2018087836A1 (en) * 2016-11-09 2018-05-17 株式会社日立製作所 Blockchain transaction system and blockchain transaction method
CN107347008A (en) * 2017-06-30 2017-11-14 上海策赢网络科技有限公司 Electronic document verification method, equipment and system
CN108197913A (en) * 2017-12-18 2018-06-22 深圳前海微众银行股份有限公司 Method of payment, system and computer readable storage medium based on block chain

Also Published As

Publication number Publication date
CN108960825A (en) 2018-12-07
TW202002570A (en) 2020-01-01
WO2020001103A1 (en) 2020-01-02

Similar Documents

Publication Publication Date Title
TWI694709B (en) Blockchain-based electronic signature method and device, and electronic equipment
TW202001654A (en) Block chain-based content verification method and device, and electronic device
TWI701573B (en) Data storage method and device based on blockchain, and electronic equipment
US11171782B2 (en) Identity and electronic signature verification in blockchain
TWI717028B (en) Block chain-based invoice taking method and device, electronic equipment
TWI736809B (en) Asset management method and device, electronic equipment
TWI741314B (en) Block chain-based data storage method and device, and electronic equipment
EP3312756B1 (en) Establishing cryptographic identity for an electronic device
US11170092B1 (en) Document authentication certification with blockchain and distributed ledger techniques
US20200119904A1 (en) Tamper-proof privileged user access system logs
TW202018571A (en) Data storage method and device based on block chain and electronic equipment
WO2020108114A1 (en) Blockchain-based data attestation method and apparatus, and electronic device
CN109241726B (en) User authority control method and device
TWI623904B (en) Confirmation system based on blockchain smart contract and method thereof
WO2020108130A1 (en) Blockchain-based service processing method and apparatus, and electronic device
US20220300962A1 (en) Authenticator App for Consent Architecture
CN109388923B (en) Program execution method and device
CN111178896B (en) Bus taking payment method, device and storage medium
JP7262328B2 (en) Asset backup process and program
US20230281585A1 (en) Systems and Methods for Managing Network-Agnostic Smart Contracts