WO2020147489A1 - 区块链交易的生成方法和装置 - Google Patents
区块链交易的生成方法和装置 Download PDFInfo
- Publication number
- WO2020147489A1 WO2020147489A1 PCT/CN2019/126047 CN2019126047W WO2020147489A1 WO 2020147489 A1 WO2020147489 A1 WO 2020147489A1 CN 2019126047 W CN2019126047 W CN 2019126047W WO 2020147489 A1 WO2020147489 A1 WO 2020147489A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication module
- blockchain
- processing result
- business
- digital signature
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
Definitions
- This specification relates to the field of data processing technology, and in particular to a method and device for generating blockchain transactions.
- Blockchain technology also known as distributed ledger technology, is an emerging technology in which several computing devices participate in "bookkeeping" and jointly maintain a complete distributed database. Because the blockchain technology has the characteristics of decentralization, openness and transparency, each computing device can participate in database records, and the rapid data synchronization between computing devices, the blockchain technology has been widely used in many fields. To apply.
- This specification provides a data processing method, which is applied to blockchain member nodes; the blockchain member nodes include multiple service servers, and each service server runs at least one authentication module; wherein the authentication module
- the public key is authenticated by the blockchain; the method includes:
- the downstream service server obtains the first service processing result and the first digital signature generated by the upstream service server; the first digital signature is made by an authentication module run by the upstream service server based at least on the first service processing result;
- the authentication module operated by the downstream service server is used to perform a digital signature based at least on the second service processing result to generate a second digital signature.
- the method further includes:
- At least the second digital signature is stored in a distributed manner on the blockchain member node.
- the method further includes:
- the target transaction is sent to the blockchain, so that the target transaction is included in the distributed database of the blockchain after being verified by the node consensus of the blockchain.
- the authentication module operated by the upstream service server and the authentication module operated by the downstream service server are the same authentication module; the first service processing result is encrypted by the public key of the authentication module Ciphertext
- the obtaining the first service processing result generated by the upstream service server includes: decrypting the first service processing result based on the authentication module to obtain the plaintext of the first service processing result;
- the method further includes: encrypting the second service processing result based on the public key of the authentication module.
- the public key of the authentication module is authenticated by the blockchain, including:
- the identity certificate of the authentication module is backed up in the distributed database of the blockchain; the identity certificate includes the public key of the authentication module, and the authentication node of the blockchain is based on at least the public key of the authentication module. Electronic signature made by the key.
- this specification also provides a data processing device applied to a blockchain member node;
- the blockchain member node includes a plurality of business servers, and each business server runs at least one authentication module; wherein, all The public key of the authentication module is authenticated by the blockchain;
- the device includes:
- the obtaining unit is configured to obtain a first service processing result and a first digital signature generated by an upstream service server; the first digital signature is made by an authentication module run by the upstream service server based at least on the first service processing result ;
- a verification unit configured to verify the first digital signature based on the public key of the authentication module running on the upstream service server;
- a business processing unit configured to perform business processing based on the first business processing result after the verification is passed, to generate a second business processing result
- the digital signature unit is configured to use the authentication module operated by the downstream service server to perform a digital signature based at least on the second service processing result to generate a second digital signature.
- the device further includes:
- the storage unit is used for at least distributed storage of the second digital signature on the blockchain member node.
- the device further includes:
- a transaction generating unit configured to generate a target transaction based on a preset blockchain transaction format, at least based on the second business processing result and the second digital signature;
- the transaction sending unit is configured to send the target transaction to the blockchain, so that the target transaction is included in the distributed database of the blockchain after being verified by the node consensus of the blockchain.
- the authentication module operated by the upstream service server and the authentication module operated by the downstream service server are the same authentication module; the first service processing result is encrypted by the public key of the authentication module Ciphertext
- the obtaining unit is further configured to: decrypt the first service processing result based on the authentication module to obtain the plaintext of the first service processing result;
- the device also includes a decryption unit, configured to encrypt the second service processing result based on the public key of the authentication module.
- the public key of the authentication module is authenticated by the blockchain, including:
- the identity certificate of the authentication module is backed up in the distributed database of the blockchain; the identity certificate includes the public key of the authentication module, and the authentication node of the blockchain is based on at least the public key of the authentication module. Electronic signature made by the key.
- This specification also provides a computer device, including: a memory and a processor; the memory stores a computer program that can be run by the processor; when the processor runs the computer program, the above-mentioned blockchain member node Perform the steps described in the data processing method.
- This specification also provides a computer-readable storage medium on which a computer program is stored.
- the computer program is run by a processor, the steps described in the data processing method performed by the blockchain member node.
- the data processing method and device provided in this specification are applied to blockchain member nodes that include multiple business servers, and the authentication module registered on the blockchain is used to perform business processing on each business server.
- the generated business data is authenticated by digital signature to prevent the data from being tampered with and other security risks in the circulation between servers within the blockchain member nodes.
- FIG. 1 is a schematic diagram of a blockchain node system according to an embodiment provided in this specification
- FIG. 3 is a schematic diagram of a data processing device provided by an embodiment provided in this specification.
- Fig. 4 is a hardware structure diagram for running an embodiment of the data processing device provided in this specification.
- the steps of the corresponding method are not necessarily performed in the order shown and described in this specification.
- the method may include more or fewer steps than described in this specification.
- a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. description.
- the blockchain mentioned in this specification can specifically refer to a P2P network system with a distributed data storage structure reached by each node through a consensus mechanism.
- the data in the blockchain is distributed in time-connected "zones”.
- the next block contains the data summary of the previous block, and according to the specific consensus mechanism (such as POW, POS, DPOS or PBFT, etc.), a full backup of all or part of the node data is achieved .
- the specific consensus mechanism such as POW, POS, DPOS or PBFT, etc.
- blockchains exist in a variety of deployment forms such as private chains, alliance chains, and public chains, although they can rely on the decentralized distributed ledger feature to prevent the underlying data of the blockchain nodes from ultimately being sent to the distributed database of the blockchain. Tampering and repudiation, but because the anti-tampering mechanism of the blockchain system cannot cover the scenario end of the blockchain node application, even if the blockchain technology used at the bottom of the blockchain node (or the most downstream business server) is There are still information security risks in writing or reading data on the multi-service layer (or multiple upstream servers) starting from the top level of the scene side.
- an embodiment of this specification provides a data processing method applied to blockchain member nodes.
- the blockchain member node 100 of this embodiment can set multiple business servers 101-104 based on its business processing flow, and each business server is used to execute a corresponding business processing sub-process; technology in this field It is well known that the downstream business server among the above-mentioned multiple business servers will receive the business processing result of its upstream business server to execute its own corresponding business processing sub-process based on the upstream business processing result.
- this specification does not limit the specific server connected to the blockchain network among the above-mentioned blockchain member nodes. It can be a server included in the blockchain member node, or the zone Multiple servers included in the block chain member nodes.
- Each service server shown in FIG. 1 runs at least one authentication module, and the public key of the authentication module is authenticated by the blockchain; accordingly, the authentication module can use the public key authenticated by the blockchain to correspond to The private key of each business server digitally signs (or "marking") the business processing results of each business server to prevent the business processing results of each business server from being tampered with during storage or transmission.
- the authentication module described in this embodiment may be a functional module implemented by software (such as a modular SDK), or a functional module implemented by a combination of software and hardware.
- the blockchain includes an authentication node that has authentication authority for the identity of the authentication module, and the authentication node may be the above
- the authentication module issues an identity certificate to authenticate the identity of the authentication module (or a public key or private key representing its identity), and backs up the aforementioned identity certificate in the distributed database of the aforementioned blockchain; those skilled in the art will know that,
- the above-mentioned identity certificate should at least include the public key of the authentication module, and an electronic signature made by the authentication node of the blockchain at least based on the public key of the authentication module.
- a smart contract used to authenticate the public key of the authentication module can be deployed in the above-mentioned blockchain, and the member nodes of the blockchain send a target authentication transaction to the blockchain, and the target authentication transaction may include a block
- the public key of the authentication module selected by the chain member node executes the authentication logic of the identity verification logic of the blockchain member node and the public key of the authentication module by invoking the smart contract, thereby outputting the and The public key of the authentication module available to the blockchain member node.
- the authentication module is given a legal identity that cannot be tampered with. It is worth noting that the above-mentioned blockchain member nodes can correspond to one legal and effective authentication module, or to multiple legal and effective authentication modules (having different public keys authenticated by the blockchain), which is not limited in this specification .
- the data processing method described in this implementation includes:
- Step 202 The downstream business server included in the blockchain member node obtains the first business processing result and the first digital signature of the upstream business server;
- the first business processing result is a business generated by the upstream business server based on business processing Processing result;
- the first digital signature is made by an authentication module run by the upstream service server based at least on the first service processing result.
- This embodiment does not limit the specific manner in which the downstream service server obtains the first service processing result and the first digital signature of the upstream service server.
- the upstream service server may directly send the first digital signature/and the first digital signature after the service processing ends.
- the service processing result is transmitted to the downstream service server, so that the downstream service server obtains the first digital signature/and the first service processing result in the communication with the upstream service server.
- the upstream business server may also store the first digital signature/and the first business processing result in the storage device or storage server set by the blockchain member node after the business processing ends, so that the downstream business server can download Invoke the first digital signature/and the first service processing result in the storage device or storage server.
- the upstream service server may directly transmit the above-mentioned first service processing result to the downstream server after the service processing ends, and store the above-mentioned first digital signature in the above-mentioned storage device or storage server, so that the downstream service server can communicate with the upstream server.
- the first service processing result is obtained, and the first digital signature is called from the storage device or the storage server when necessary to complete the verification of whether the first service processing result has been tampered with.
- the upstream business server stores the first digital signature or the first digital signature and the first business processing result in the storage device or memory of the blockchain member node, in order to prevent the first business processing result or the first digital signature If it is maliciously tampered with or damaged during storage, the above-mentioned blockchain member node can adopt a distributed storage method, that is, the above-mentioned first business processing result or the first digital signature is repeatedly stored in multiple servers of the blockchain member node To protect data security.
- the authentication module operated by the upstream service server and the authentication module operated by the downstream service server are the same authentication module, that is, the authentication module operated by the upstream service server and the authentication module operated by the downstream service server
- the modules have the same public/private key; in order to protect the data security of the first service processing result and prevent the leakage of key information (such as private information) after the first service processing result is stolen, the first service processing result is
- the ciphertext encrypted by the public key of the authentication module; accordingly, obtaining the first service processing result generated by the upstream service server includes: decrypting the first service processing result based on the private key of the authentication module to Obtain the plaintext of the first service processing result.
- Step 204 Verify the first digital signature based on the public key of the authentication module running on the upstream service server.
- the specific process of verifying the first digital signature may include using the public key of the authentication module to decrypt the first digital signature to obtain a hash digest of the original first service processing result; In the hope of digest calculation, by comparing whether the two hash digests are completely consistent, it can be verified whether the first service processing result is the original text signed by the first digital signature. When the above verification is passed, it means that the above first service processing result is the original text signed by the first digital signature.
- Step 206 Perform business processing based on the first business processing result after the verification is passed to generate a second business processing result.
- the downstream business server performs business processing based on the first business processing result according to a preset business processing sub-process to generate a second business processing result.
- Step 208 Use the authentication module operated by the downstream service server to perform a digital signature based at least on the second service processing result to generate a second digital signature.
- the authentication module operated by the downstream service server and the authentication module operated by the upstream service server in this embodiment may be the same authentication module (having the same public key/identity), or may be different authentication modules. Module (with different public key/identity)
- the above-mentioned downstream business server has completed the process from data acquisition to business processing, and completed the verification of the acquired data (first business processing result) and the storage of the generated data (second business processing result) using the authentication module , Data security is ensured in the multi-service processing flow run by multiple downstream business servers included in the blockchain node.
- the downstream service server needs to perform large-scale parallel service processing calculations, multiple authentication modules can be run to improve the efficiency of data processing.
- downstream business server described in the above embodiment can be used as the upstream business server of another business server determined by the business process, so that the method described in step 202 to step 208 can be applied to the other business server.
- the other business server described above has completed the verification of the acquired data (the second business processing result) and the storage of the generated data using the authentication module.
- the upstream and downstream relationships between the multiple business servers included in the blockchain member node can change with the specific business processes performed by the blockchain member node. It is not limited.
- the downstream server may send the second digital signature/and the second service processing result Distributed storage is performed on the blockchain member node, that is, the above-mentioned second service processing result/and the second digital signature are repeatedly stored in multiple servers of the blockchain member node as described above.
- the downstream business server described in the above embodiment is a business server that can publish transactions to the blockchain
- the data processing method performed by it further includes: based on preset blockchain transactions Format, generating a target transaction based on at least the second processing result and the second digital signature; sending the target transaction to the blockchain so that the target transaction is verified by the node consensus of the blockchain Later included in the distributed database of the blockchain.
- the transaction described in this specification refers to a piece of data that is created by the terminal device through the blockchain client and needs to be finally released to the distributed database of the blockchain.
- transactions in the blockchain are divided into narrow transactions and broad transactions.
- a transaction in a narrow sense refers to a value transfer issued by a user or server terminal to the blockchain; for example, in a traditional Bitcoin blockchain network, a transaction can be a transfer initiated by a user in the blockchain.
- a transaction refers to a piece of business data with business intent released by a user or a server terminal to the blockchain; for example, in the embodiment provided in this specification, the target transaction can be that a blockchain member node passes through multiple business servers.
- a business message or business request obtained by the executed business processing process (for example, renting a house, vehicle dispatching business, insurance claims business, credit service, medical service, etc.) with business intent.
- recording the target transaction in the distributed database of the blockchain includes:
- the consensus accounting node broadcasts the candidate block to the nodes of the blockchain
- the candidate block After the candidate block is verified and approved by the blockchain in accordance with the preset number of nodes, the candidate block is regarded as the latest block and added to the distributed database of the blockchain.
- the node with the accounting authority refers to the node with the authority to generate candidate blocks.
- the consensus accounting node can be determined from the nodes with accounting authority in the candidate block.
- the above-mentioned consensus mechanism may include a proof of work mechanism (PoW) or a proof of right mechanism (PoS) , Or Share Authorization Proof Mechanism (DPoS), etc.
- the PoS or DPoS consensus mechanism is similar to PoW, and both belong to the consensus algorithm commonly used by the consensus accounting node in the public blockchain.
- the embodiments provided in this specification can also use the alliance chain architecture to construct the block chain.
- the above-mentioned blockchain member node, or the government supervisory agency node for business processing run by the above-mentioned blockchain member node, etc. can be used as a pre-selected node of the alliance chain to participate in the accounting of the block.
- the consensus process of the alliance chain is also controlled by the pre-selected node. When there are more than a set ratio (such as 2/3) of nodes on the network to confirm a block, the transaction or data recorded in the block will be confirmed by the entire network.
- PBFT and RAFT proof of rights or consensus algorithms
- a master node can be elected from each node in the blockchain, that is, the consensus accounting node described in the above embodiment (for example, each round
- the consensus is to re-elect a master node, and other node devices act as slave nodes.
- the master node further initiates transaction verification and consensus, and is responsible for creating the latest zone for the blockchain based on the transaction data (or target data) passed by the consensus. Piece.
- the PBFT algorithm is due to the high efficiency of adopting this algorithm consensus and can meet the needs of high-frequency transaction volume.
- the above-mentioned block Chain member nodes can be used as business acceptance platform institutions to generate corresponding target transactions based on frequently accepted user business processing applications; and the consensus delay is very low, which basically meets the requirements of real-time processing, and can quickly and in real time in the new area of the blockchain
- the above-mentioned target transaction is included in the block; moreover, the trusted node in the alliance chain network is used as the pre-selected accounting node, which takes into account security and stability; in addition, the use of the PBFT algorithm will not consume too much computer computing resources, nor Token must be circulated, so it has good usability.
- the data processing method provided in this manual is based on the authentication module running in the business processor included in the blockchain member node, which can improve the overall process of the business processing run by the blockchain member node.
- Data security For the front-end server in the business process, the front-end business server 101 included in the blockchain member node as shown in Figure 1 is used to receive the business sent by the user based on the mobile terminal, PC terminal or IoT device terminal data.
- the authentication module operated by the above-mentioned front-end service server can digitally sign the service data sent by the above-mentioned user, so as to provide tamper-proof evidence for the processing of the service data by the downstream service server.
- This specification does not limit the public key-private key calculation and generation algorithm of the above authentication module, and the specific algorithm for data encryption based on the public key of the above authentication module or digital signature based on the private key of the above authentication module.
- ECDSA elliptic curve digital signature algorithm
- ECC elliptic curve encryption algorithm
- the embodiment of this specification also provides a data processing device 30.
- the device 30 can be implemented by software, or can be implemented by hardware or a combination of software and hardware. Taking software implementation as an example, as a logical device, it is formed by reading the corresponding computer program instructions into the memory through the CPU (Central Process Unit) of the device where it is located. From a hardware perspective, in addition to the CPU, memory, and storage shown in Figure 4, the equipment where the network risk business implementation device is located usually includes other hardware such as chips for wireless signal transmission and reception, and/or implementation Other hardware such as boards with network communication functions.
- CPU Central Process Unit
- Figure 3 shows that this specification also provides a data processing device, which is applied to a blockchain member node;
- the blockchain member node includes multiple business servers, and each business server runs at least one authentication module; wherein , The public key of the authentication module is authenticated by the blockchain;
- the device 30 includes:
- the obtaining unit 302 is configured to obtain a first service processing result and a first digital signature of the upstream service server; the first service processing result is the service processing result of the upstream service server; the first digital signature is the upstream.
- the authentication module operated by the business server is made based on at least the first business processing result;
- the verification unit 304 is configured to verify the first digital signature based on the public key of the authentication module running on the upstream service server;
- the business processing unit 306 is configured to perform business processing based on the first business processing result after the verification is passed, to generate a second business processing result;
- the digital signature unit 308 is configured to use the authentication module operated by the downstream service server to perform a digital signature based at least on the second service processing result to generate a second digital signature.
- the device 30 further includes:
- the storage unit 310 (not shown in the figure) is configured to at least store the second digital signature on the blockchain member nodes in a distributed manner.
- the device further includes:
- the transaction generating unit 312 (not shown in the figure) is configured to generate a target transaction based on a preset blockchain transaction format, at least based on the second service processing result and the second digital signature;
- the transaction sending unit 314 (not shown in the figure) is used to send the target transaction to the blockchain so that the target transaction is included in the blockchain after being verified by the node consensus of the blockchain Distributed database.
- the authentication module operated by the upstream service server and the authentication module operated by the downstream service server are the same authentication module; the first service processing result is encrypted by the public key of the authentication module Ciphertext
- the obtaining unit is further configured to: decrypt the first service processing result based on the authentication module to obtain the plaintext of the first service processing result;
- the device also includes a decryption unit 316 (not shown in the figure), which is configured to encrypt the second service processing result based on the public key of the authentication module.
- a decryption unit 316 (not shown in the figure), which is configured to encrypt the second service processing result based on the public key of the authentication module.
- the public key of the authentication module is authenticated by the blockchain, including:
- the identity certificate of the authentication module is backed up in the distributed database of the blockchain; the identity certificate includes the public key of the authentication module, and the authentication node of the blockchain is based on at least the public key of the authentication module.
- the implementation process of the functions and roles of each unit in the above-mentioned device for the electronic signature by the key please refer to the implementation process of the corresponding steps in the above-mentioned method.
- the device embodiments described above are merely illustrative.
- the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical modules, that is, they may be located in One place, or it can be distributed to multiple network modules. Some or all of the units or modules can be selected according to actual needs to achieve the purpose of the solution in this specification. Those of ordinary skill in the art can understand and implement it without creative work.
- a typical implementation device is a computer, and the specific form of the computer may be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email sending and receiving device, and a game control Desk, tablet computer, wearable device, or any combination of these devices.
- the embodiments of this specification also provide a computer device, which includes a memory and a processor.
- the memory stores a computer program that can be run by the processor; when the processor runs the stored computer program, each step of the data processing method executed by the blockchain member node in the embodiment of this specification is executed.
- the steps of the data processing method performed by the blockchain member nodes please refer to the previous content and will not be repeated.
- the embodiments of this specification also provide a computer-readable storage medium on which computer programs are stored. When these computer programs are run by a processor, they execute the areas in the embodiments of this specification.
- Each step of the data processing method performed by the member nodes of the block chain For a detailed description of the steps of the data processing method performed by the blockchain member nodes, please refer to the previous content and will not be repeated.
- the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
- processors CPU
- input/output interfaces network interfaces
- memory volatile and non-volatile memory
- the memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
- RAM random access memory
- ROM read-only memory
- flash RAM flash memory
- Computer-readable media including permanent and non-permanent, removable and non-removable media, can store information by any method or technology.
- the information can be computer-readable instructions, data structures, program modules, or other data.
- Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, read-only compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. As defined in this article, computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carrier waves.
- PRAM phase change memory
- SRAM static random access memory
- DRAM dynamic random access memory
- RAM random access memory
- ROM read-only memory
- EEPROM electrically erasable programmable read-only memory
- flash memory or other memory technologies
- CD-ROM compact disc read-only memory
- DVD digital versatile disc
- the embodiments of the present specification may be provided as methods, systems, or computer program products. Therefore, the embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the embodiments of this specification can be in the form of computer program products implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. .
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Development Economics (AREA)
- Marketing (AREA)
- Economics (AREA)
- Computing Systems (AREA)
- Technology Law (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Electrotherapy Devices (AREA)
- Memory System Of A Hierarchy Structure (AREA)
- Advance Control (AREA)
Abstract
一种数据处理方法和装置,应用于区块链成员节点;所述区块链成员节点包括多个业务服务器,每个业务服务器均运行有至少一个认证模块;其中,所述认证模块的公钥被所述区块链认证;所述方法包括:下游业务服务器获取上游业务服务器生成的第一业务处理结果和第一数字签名;基于所述上游业务服务器运行的认证模块的公钥验证所述第一数字签名;在所述验证通过后基于所述第一业务处理结果进行业务处理,以生成第二业务处理结果;使用所述下游业务服务器运行的认证模块,至少基于所述第二业务处理结果进行数字签名,以生成第二数字签名。
Description
本说明书涉及数据处理技术领域,尤其涉及一种区块链交易的生成方法和装置。
区块链技术,也被称之为分布式账本技术,是一种由若干台计算设备共同参与“记账”,共同维护一份完整的分布式数据库的新兴技术。由于区块链技术具有去中心化、公开透明、每台计算设备可以参与数据库记录、并且各计算设备之间可以快速的进行数据同步的特性,使得区块链技术已在众多的领域中广泛的进行应用。
发明内容
本说明书提供了一种数据处理方法,应用于区块链成员节点;所述区块链成员节点包括多个业务服务器,每个业务服务器均运行有至少一个认证模块;其中,所述认证模块的公钥被所述区块链认证;所述方法包括:
下游业务服务器获取上游业务服务器生成的第一业务处理结果和第一数字签名;所述第一数字签名是所述上游业务服务器运行的认证模块至少基于所述第一业务处理结果所作出的;
基于所述上游业务服务器运行的认证模块的公钥验证所述第一数字签名;
在所述验证通过后基于所述第一业务处理结果进行业务处理,以生成第二业务处理结果;
使用所述下游业务服务器运行的认证模块,至少基于所述第二业务处理结果进行数字签名,以生成第二数字签名。
在又一示出的实施方式中,所述的方法还包括:
至少将所述第二数字签名在所述区块链成员节点进行分布式存储。
在又一示出的实施方式中,所述的方法还包括:
基于预设的区块链交易格式,至少基于所述第二业务处理结果和所述第二数字签名生成目标交易;
将所述目标交易发送到所述区块链,以使所述目标交易被所述区块链的节点共识验证后收录于所述区块链的分布式数据库。
在又一示出的实施方式中,所述上游业务服务器运行的认证模块和下游业务服务器运行的认证模块为相同的认证模块;所述第一业务处理结果为被所述认证模块的公钥加密的密文;
所述获取上游业务服务器生成的第一业务处理结果,包括:基于所述认证模块对所述第一业务处理结果进行解密,以获得所述第一业务处理结果的明文;
所述方法还包括:基于所述认证模块的公钥对所述第二业务处理结果进行加密。
在又一示出的实施方式中,所述认证模块的公钥被所述区块链认证,包括:
所述区块链的分布式数据库中备份有所述认证模块的身份证书;所述身份证书包括所述认证模块的公钥,和所述区块链的认证节点至少基于所述认证模块的公钥所作的电子签名。
相应地,本说明书还提供了一种数据处理装置,应用于区块链成员节点;所述区块链成员节点包括多个业务服务器,每个业务服务器均运行有至少一个认证模块;其中,所述认证模块的公钥被所述区块链认证;所述装置包括:
获取单元,用于获取上游业务服务器生成的第一业务处理结果和第一数字签名;所述第一数字签名是所述上游业务服务器运行的认证模块至少基于所述第一业务处理结果所作出的;
验证单元,用于基于所述上游业务服务器运行的认证模块的公钥验证所述第一数字签名;
业务处理单元,用于在所述验证通过后基于所述第一业务处理结果进行业务处理,以生成第二业务处理结果;
数字签名单元,用于使用所述下游业务服务器运行的认证模块,至少基于所述第二业务处理结果进行数字签名,以生成第二数字签名。
在又一示出的实施方式中,所述的装置还包括:
存储单元,用于至少将所述第二数字签名在所述区块链成员节点进行分布式存储。
在又一示出的实施方式中,所述的装置还包括:
交易生成单元,用于基于预设的区块链交易格式,至少基于所述第二业务处理结果和所述第二数字签名生成目标交易;
交易发送单元,用于将所述目标交易发送到所述区块链,以使所述目标交易被所述区块链的节点共识验证后收录于所述区块链的分布式数据库。
在又一示出的实施方式中,所述上游业务服务器运行的认证模块和下游业务服务器运行的认证模块为相同的认证模块;所述第一业务处理结果为被所述认证模块的公钥加密的密文;
所述获取单元进一步用于:基于所述认证模块对所述第一业务处理结果进行解密,以获得所述第一业务处理结果的明文;
所述装置还包括解密单元,用于基于所述认证模块的公钥对所述第二业务处理结果进行加密。
在又一示出的实施方式中,所述认证模块的公钥被所述区块链认证,包括:
所述区块链的分布式数据库中备份有所述认证模块的身份证书;所述身份证书包括所述认证模块的公钥,和所述区块链的认证节点至少基于所述认证模块的公钥所作的电子签名。
本说明书还提供了一种计算机设备,包括:存储器和处理器;所述存储器上存储有可由处理器运行的计算机程序;所述处理器运行所述计算机程序时,执行上述区块链成员节点所执行的数据处理方法所述的步骤。
本说明书还提供了一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器运行时,上述区块链成员节点所执行的数据处理方法所述的步骤。
由以上技术方案可见,本说明书提供的数据处理方法及装置,应用于包括多个业务服务器的区块链成员节点,利用在区块链上注册认证的认证模块对每个业务服务器进行业务处理所产生的业务数据进行数字签名认证,以防止数据在区块链成员节点内部的服务器间流转中发生被篡改等安全风险。
图1为本说明书所提供的一实施例所示的区块链节点的系统示意图;
图2为本说明书所提供的一实施例提供的数据处理方法的流程图;
图3为本说明书所提供的一实施例提供的数据处理装置的示意图;
图4为运行本说明书所提供的数据处理装置实施例的一种硬件结构图。
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本说明书一个或多个实施例相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本说明书一个或多个实施例的一些方面相一致的装置和方法的例子。
需要说明的是:在其他实施例中并不一定按照本说明书示出和描述的顺序来执行相应方法的步骤。在一些其他实施例中,其方法所包括的步骤可以比本说明书所描述的更多或更少。此外,本说明书中所描述的单个步骤,在其他实施例中可能被分解为多个步骤进行描述;而本说明书中所描述的多个步骤,在其他实施例中也可能被合并为单个步骤进行描述。
本说明书中所述的区块链,具体可指一个各节点通过共识机制达成的、具有分布式数据存储结构的P2P网络系统,该区块链内的数据分布在时间上相连的一个个“区块(block)”之内,后一区块包含前一区块的数据摘要,且根据具体的共识机制(如POW、POS、DPOS或PBFT等)的不同,达成全部或部分节点的数据全备份。本领域的技术人员熟知,由于区块链系统在相应共识机制下运行,已收录至区块链数据库内的数据很难被任意的节点篡改,例如采用Pow共识的区块链,至少需要全网51%算力的攻击才有可能篡改已有数据,因此区块链系统有着其他中心化数据库系统所法比拟的保证数据安全、防攻击篡改的特性。
目前,区块链以私有链、联盟链、公有链等多种部署形态存在,尽管能够依托于去中心化分布账本特性避免区块链节点最终发送至区块链的分布式数据库的底层数据被篡改和抵赖,但由于区块链系统的防篡改机制无法覆盖到区块链节点所应用的场景端,使得即使区块链节点底层(或最下游业务服务器)使用的区块链技术,但在从场景端的顶层开始的多业务层(或多个上游服务器)上写入或读出数据仍存在信息安全风险。
基于以上的现有技术问题,本说明书的一实施例提供了一种数据处理方法,应用于区块链成员节点。如图1所示,本实施所述区块链成员节点100基于其业务处理流程 可设置多个业务服务器101-104,每个业务服务器用于分别执行相应的业务处理子流程;本领域的技术人员熟知,上述多个业务服务器中的下游业务服务器会接收其上游业务服务器的业务处理结果,以基于上游业务处理结果执行自身对应的业务处理子流程。
值得注意的是,本说明书中并不限定上述区块链成员节点中与区块链网络连接的具体的服务器,可为所述区块链成员节点所包括的一台服务器,也可是所述区块链成员节点所包括的多台服务器。
图1所示的每个业务服务器均运行有至少一个认证模块,所述认证模块的公钥被所述区块链认证;相应地,所述认证模块可以利用被区块链认证的公钥对应的私钥,对每个业务服务器的业务处理结果进行数字签名(或称“打标”),以防止每个业务服务器的业务处理结果在存储或传输过程中被篡改。
本实施例所述的认证模块可以是通过软件实现的功能模块(如模块化的SDK),也可以是通过软件和硬件的结合以实现的功能模块。关于上述认证模块的公钥被所述区块链认证的具体实现方式可以由多种:例如,所述区块链包括对上述认证模块的身份具有认证权限的认证节点,上述认证节点可以为上述认证模块颁发身份证书以对该认证模块的身份(或代表其身份的公钥或私钥)进行认证,并将上述身份证书备份于上述区块链的分布式数据库中;本领域技术人员可知,上述身份证书至少应包括所述认证模块的公钥,和所述区块链的认证节点至少基于所述认证模块的公钥所作的电子签名。
又如,上述区块链中可部署用于对上述认证模块的公钥进行认证的智能合约,区块链成员节点通过向区块链中发送目标认证交易,该目标认证交易中可包含区块链成员节点选用的认证模块的公钥,通过调用上述智能合约执行对上述区块链成员节点的身份验证逻辑和上述认证模块的公钥的认证逻辑,从而输出被所述智能合约认证的、与所述区块链成员节点可用的认证模块的公钥。
通过以上各实施例所述的在区块链中对认证模块的公钥进行认证,基于区块链的共识机制,赋予上述认证模块不可篡改的合法身份。值得注意的是,上述区块链成员节点可以对应一个合法有效的认证模块,也可以对应多个合法有效的认证模块(具有不同的被区块链认证的公钥),本说明书中不做限定。
如图2所示,本实施所述的数据处理方法包括:
步骤202,区块链成员节点所包括的下游业务服务器获取上游业务服务器的第一业务处理结果和第一数字签名;所述第一业务处理结果是所述上游业务服务器基于业务处 理而生成的业务处理结果;所述第一数字签名是所述上游业务服务器运行的认证模块至少基于所述第一业务处理结果所作出的。
本实施例并不限定下游业务服务器获取其上游业务服务器的第一业务处理结果和第一数字签名的具体方式,上游业务服务器可以在业务处理结束后直接将上述第一数字签名/和上述第一业务处理结果传输至下游业务服务器,以使下游业务服务器在与上游业务服务器的通信中,获取上述第一数字签名/和上述第一业务处理结果。
或者,上游业务服务器也可以在业务处理结束后将上述第一数字签名/和上述第一业务处理结果存储于上述区块链成员节点设置的存储装置或存储服务器中,以使下游业务服务器可以从上述存储装置或存储服务器中调用上述第一数字签名/和上述第一业务处理结果。
又或者,上游业务服务器可以在业务处理结束后直接将上述第一业务处理结果传输至下游服务器,而将上述第一数字签名存储在上述存储装置或存储服务器中,以供下游业务服务器在与上游业务服务器的通信中,获取上述第一业务处理结果,并在需要时从上述存储装置或存储服务器中调用上述第一数字签名以完成对上述第一业务处理结果是否被篡改的验证。
当上游业务服务器将上述第一数字签名或第一数字签名和第一业务处理结果存储在所述区块链成员节点的存储装置或存储器中时,为了防止第一业务处理结果或第一数字签名在存储时被恶意篡改或损坏,上述区块链成员节点可采用分布式存储方式,即将上述第一业务处理结果或第一数字签名在所述区块链成员节点的多个服务器中进行重复存储,以保护数据安全。
在又一示出的实施方式中,所述上游业务服务器运行的认证模块和下游业务服务器运行的认证模块为相同的认证模块,亦即述上游业务服务器运行的认证模块和下游业务服务器运行的认证模块具有相同的公钥/私钥;为保护第一业务处理结果的数据安全,防止上述第一业务处理结果在被盗用后发生关键信息(如隐私信息)泄露,上述第一业务处理结果为被所述认证模块的公钥加密的密文;相应地,上述获取上游业务服务器生成的第一业务处理结果,包括:基于所述认证模块的私钥对所述第一业务处理结果进行解密,以获得所述第一业务处理结果的明文。
步骤204,基于所述上游业务服务器运行的认证模块的公钥验证所述第一数字签名。
验证上述第一数字签名的具体过程可包括利用所述认证模块的公钥解密上述第一 数字签名以获得原始第一业务处理结果的哈希摘要;对上述步骤所得的第一业务处理结果进行哈希摘要计算,通过对比上述两个哈希摘要是否完全吻合,可验证上述第一业务处理结果是否为所述第一数字签名所签署的原文。当上述验证通过时,表示上述第一业务处理结果为所述第一数字签名所签署的原文。
步骤206,在所述验证通过后基于所述第一业务处理结果进行业务处理,以生成第二业务处理结果。
下游业务服务器根据预设的业务处理子流程,基于所述第一业务处理结果进行业务处理,以生成第二业务处理结果。
步骤208,使用所述下游业务服务器运行的认证模块,至少基于所述第二业务处理结果进行数字签名,以生成第二数字签名。
值得注意的是,本实施例中所述下游业务服务器运行的认证模块与所述上游业务服务器运行的认证模块可以为相同的认证模块(具有相同的公钥/身份),也可为不同的认证模块(具有不同的公钥/身份)
至此,上述下游业务服务器完成了从数据获取到业务处理的过程,并利用认证模块完成了对所获取数据(第一业务处理结果)的验证和所生成数据(第二业务处理结果)的存证,在区块链节点所包括的多个下游业务服务器运行的多业务处理流程中保证了数据安全性。当所述下游业务服务器需进行大规模并行业务处理计算时,可以运行多个认证模块以提高数据处理的效率。
本领域的技术人员应知,上述实施例所述的下游业务服务器可作为业务流程所决定的另一业务服务器的上游业务服务器,从而将上述步骤202至步骤208所述的方法应用于上述另一业务服务器上,以保证上述另一业务服务器利用认证模块完成了对所获取数据(第二业务处理结果)的验证和所生成数据的存证。经过将上述步骤202至步骤208所述的方法应用于上述区块链成员设备所包含的全流程业务处理服务器上,即可在区块链成员节点所运行的全业务处理流程中保证数据安全。
另外值得注意的是,如图1所示,区块链成员节点所包括的多个业务服务器之间的上下游关系可随着区块链成员节点所进行的具体的业务流程发生改变,本说明书中并不做限定。
在又一示出的实施方式中,为保证上述下游服务器生成的第二数字签名/和第二业务处理结果的数据安全性,上述下游服务器可将上述第二数字签名/和第二业务处理结果 在所述区块链成员节点进行分布式存储,即如上所述的将上述第二业务处理结果/和第二数字签名在所述区块链成员节点的多个服务器中进行重复存储。
在又一示出的实施方式中,当上述实施例所述的下游业务服务器为可向区块链发布交易的业务服务器时,其执行的数据处理方法还包括:基于预设的区块链交易格式,至少基于所述第二处理结果和所述第二数字签名生成目标交易;将所述目标交易发送到所述区块链,以使所述目标交易被所述区块链的节点共识验证后收录于所述区块链的分布式数据库。
在本说明书中所描述的交易(transaction),是指终端设备通过区块链客户端创建,并需要最终发布至区块链的分布式数据库中的一笔数据。其中,区块链中的交易,存在狭义的交易以及广义的交易之分。狭义的交易是指用户或服务器终端向区块链发布的一笔价值转移;例如,在传统的比特币区块链网络中,交易可以是用户在区块链中发起的一笔转账。而广义的交易是指用户或服务器终端向区块链发布的一笔具有业务意图的业务数据;例如,在本说明书提供的实施例中,目标交易可以是区块链成员节点经过多个业务服务器执行的业务处理流程所获得的一笔具有业务意图的业务(比如,租房业务、车辆调度业务、保险理赔业务、信用服务、医疗服务等)消息或者业务请求。
上述实施例所述的将所述目标交易收录到所述区块链的分布式数据库中的详细过程,可依据所述区块链的共识机制及交易规则而具体设定。在一示出的实施例中,将所述目标交易收录到所述区块链的分布式数据库中,包括:
所述区块链中具有记账权限的节点将所述目标交易加入到候选区块;
从所述具有记账权限的节点设备中确定满足所述区块链共识机制的共识记账节点;
所述共识记账节点向所述区块链的节点广播所述候选区块;
在所述候选区块通过所述区块链符合预设数量的节点的验证认可后,所述候选区块被视为最新区块,加入到所述区块链的分布式数据库中。
在上述的实施例中,具有记账权限的节点是指具有生成候选区块权限的节点。根据所述区块链的共识机制,可从所述候选区块具有记账权限的节点中确定共识记账节点,上述共识机制可以包括工作量证明机制(PoW)、或权利证明机制(PoS)、或股份授权证明机制(DPoS)等。
PoS或DPoS共识机制与PoW类似,均属于公有区块链中确认共识记账节点所常选用的共识算法。在又一示出的实施例中,为降低交易或数据的确认时间、提高交易吞 吐量、满足对安全和性能的需求,本说明书所提供的实施例还可选用联盟链架构来构建该区块链。上述区块链成员节点、或上述区块链成员节点所运行的业务处理的政府监督机构节点等可作为该联盟链的预选的节点,参与区块的记账。联盟链的共识过程也由该预选的节点控制,当网络上有超过设定比例(如2/3)的节点确认一个区块,该区块记录的交易或数据将得到全网确认。
联盟链通常多采用权益证明或PBFT、RAFT等共识算法。在实现时,在区块链的每一轮共识开始之前,可以在区块链中的各节点中选举出一台主节点,即上述实施例所述的共识记账节点(比如,每一轮共识都重新选举出一主节点,其它节点设备作为从节点),由主节点进一步向发起交易的验证和共识,并负责基于共识通过的交易数据(或目标数据)为区块链创建最新的区块。
PBFT算法作为本说明书所提供的联盟链的共识算法的一种优选的实施方式,是由于采用该种算法共识的效率高,可满足高频交易量的需求,例如在本实施例中上述区块链成员节点可作为业务受理平台机构基于频繁受理的用户业务处理申请而生成相应的目标交易;且共识的时延很低,基本达到实时处理的要求,能快速实时地在区块链的新生区块中收录上述目标交易;而且,将联盟链网络中可信节点作为预选的记账节点,兼顾了安全性与稳定性;另外,采用PBFT算法不会消耗过多的计算机算力资源,也不一定需要代币流通,因此具有良好的可使用性。
另外,值得注意的是,本说明书所提供的数据处理方法,基于区块链成员节点所包括的业务处理器中运行的认证模块,可以提高区块链成员节点所运行的业务处理全流程中的数据安全,对于业务处理流程中最前端的服务器,如图1示意的区块链成员节点所包括的前端业务服务器101,用于接收用户基于移动端、PC端或物联设备端所发送的业务数据。上述前端业务服务器所运行的认证模块,可对上述用户发送的业务数据进行数字签名,以为其下游业务服务器进行业务数据的处理提供防篡改证据。
本说明书中并不限定上述认证模块的公钥-私钥计算生成算法,及基于上述认证模块的公钥进行数据加密、或基于上述认证模块的私钥进行数字签名的具体算法。本领域的技术人员熟知,椭圆曲线数字签名算法(ECDSA)及椭圆曲线加密算法(ECC)通常作为优选的实施方式,因为其相比于其他算法(如RSA算法)具有更高级的安全强度。
与上述流程实现对应,本说明书的实施例还提供了一种数据处理装置30。该装置30可以通过软件实现,也可以通过硬件或者软硬件结合的方式实现。以软件实现为例,作为逻辑意义上的装置,是通过所在设备的CPU(Central Process Unit,中央处理器)将对 应的计算机程序指令读取到内存中运行形成的。从硬件层面而言,除了图4所示的CPU、内存以及存储器之外,网络风险业务的实现装置所在的设备通常还包括用于进行无线信号收发的芯片等其他硬件,和/或用于实现网络通信功能的板卡等其他硬件。
图3所示为本说明书还提供了一种数据处理装置,应用于区块链成员节点;所述区块链成员节点包括多个业务服务器,每个业务服务器均运行有至少一个认证模块;其中,所述认证模块的公钥被所述区块链认证;所述装置30包括:
获取单元302,用于获取上游业务服务器的第一业务处理结果和第一数字签名;所述第一业务处理结果是所述上游业务服务器的业务处理结果;所述第一数字签名是所述上游业务服务器运行的认证模块至少基于所述第一业务处理结果所作出的;
验证单元304,用于基于所述上游业务服务器运行的认证模块的公钥验证所述第一数字签名;
业务处理单元306,用于在所述验证通过后基于所述第一业务处理结果进行业务处理,以生成第二业务处理结果;
数字签名单元308,用于使用所述下游业务服务器运行的认证模块,至少基于所述第二业务处理结果进行数字签名,以生成第二数字签名。
在又一示出的实施方式中,所述的装置30还包括:
存储单元310(图中未示),用于至少将所述第二数字签名在所述区块链成员节点进行分布式存储。
在又一示出的实施方式中,所述的装置还包括:
交易生成单元312(图中未示),用于基于预设的区块链交易格式,至少基于所述第二业务处理结果和所述第二数字签名生成目标交易;
交易发送单元314(图中未示),用于将所述目标交易发送到所述区块链,以使所述目标交易被所述区块链的节点共识验证后收录于所述区块链的分布式数据库。
在又一示出的实施方式中,所述上游业务服务器运行的认证模块和下游业务服务器运行的认证模块为相同的认证模块;所述第一业务处理结果为被所述认证模块的公钥加密的密文;
所述获取单元进一步用于:基于所述认证模块对所述第一业务处理结果进行解密,以获得所述第一业务处理结果的明文;
所述装置还包括解密单元316(图中未示),用于基于所述认证模块的公钥对所述第二业务处理结果进行加密。
在又一示出的实施方式中,所述认证模块的公钥被所述区块链认证,包括:
所述区块链的分布式数据库中备份有所述认证模块的身份证书;所述身份证书包括所述认证模块的公钥,和所述区块链的认证节点至少基于所述认证模块的公钥所作的电子签名上述装置中各个单元的功能和作用的实现过程具体详见上述方法中对应步骤的实现过程,相关之处参见方法实施例的部分说明即可,在此不再赘述。
以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理模块,即可以位于一个地方,或者也可以分布到多个网络模块上。可以根据实际的需要选择其中的部分或者全部单元或模块来实现本说明书方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。
上述实施例阐明的装置、单元、模块,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机,计算机的具体形式可以是个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件收发设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任意几种设备的组合。
与上述方法实施例相对应,本说明书的实施例还提供了一种计算机设备,该计算机设备包括存储器和处理器。其中,存储器上存储有能够由处理器运行的计算机程序;处理器在运行存储的计算机程序时,执行本说明书实施例中区块链成员节点所执行的数据处理方法的各个步骤。对区块链成员节点所执行的数据处理方法的各个步骤的详细描述请参见之前的内容,不再重复。
与上述方法实施例相对应,本说明书的实施例还提供了一种计算机可读存储介质,该存储介质上存储有计算机程序,这些计算机程序在被处理器运行时,执行本说明书实施例中区块链成员节点所执行的数据处理方法的各个步骤。对区块链成员节点所执行的数据处理方法的各个步骤的详细描述请参见之前的内容,不再重复。
以上所述仅为本说明书的较佳实施例而已,并不用以限制本说明书,凡在本说明书的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本说明书保护的范围之内。
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。
计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。
本领域技术人员应明白,本说明书的实施例可提供为方法、系统或计算机程序产品。因此,本说明书的实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书的实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。
Claims (12)
- 一种数据处理方法,应用于区块链成员节点;所述区块链成员节点包括多个业务服务器,每个业务服务器均运行有至少一个认证模块;其中,所述认证模块的公钥被所述区块链认证;所述方法包括:下游业务服务器获取上游业务服务器生成的第一业务处理结果和第一数字签名;所述第一数字签名是所述上游业务服务器运行的认证模块至少基于所述第一业务处理结果所作出的;基于所述上游业务服务器运行的认证模块的公钥验证所述第一数字签名;在所述验证通过后基于所述第一业务处理结果进行业务处理,以生成第二业务处理结果;使用所述下游业务服务器运行的认证模块,至少基于所述第二业务处理结果进行数字签名,以生成第二数字签名。
- 根据权利要求1所述的方法,还包括:至少将所述第二数字签名在所述区块链成员节点进行分布式存储。
- 根据权利要求1所述的方法,还包括:基于预设的区块链交易格式,至少基于所述第二业务处理结果和所述第二数字签名生成目标交易;将所述目标交易发送到所述区块链,以使所述目标交易被所述区块链的节点共识验证后收录于所述区块链的分布式数据库。
- 根权利要求1所述的方法,所述上游业务服务器运行的认证模块和下游业务服务器运行的认证模块为相同的认证模块;所述第一业务处理结果为被所述认证模块的公钥加密的密文;所述获取上游业务服务器生成的第一业务处理结果,包括:基于所述认证模块的私钥对所述第一业务处理结果进行解密,以获得所述第一业务处理结果的明文;所述方法还包括:基于所述认证模块的公钥对所述第二业务处理结果进行加密。
- 根据权利要求1至4中任一权利要求所述的方法,所述认证模块的公钥被所述区块链认证,包括:所述区块链的分布式数据库中备份有所述认证模块的身份证书;所述身份证书包括所述认证模块的公钥,和所述区块链的认证节点至少基于所述认证模块的公钥所作的电子签名。
- 一种数据处理装置,应用于区块链成员节点;所述区块链成员节点包括多个业 务服务器,每个业务服务器均运行有至少一个认证模块;其中,所述认证模块的公钥被所述区块链认证;所述装置包括:获取单元,用于获取上游业务服务器生成的第一业务处理结果和第一数字签名;所述第一数字签名是所述上游业务服务器运行的认证模块至少基于所述第一业务处理结果所作出的;验证单元,用于基于所述上游业务服务器运行的认证模块的公钥验证所述第一数字签名;业务处理单元,用于在所述验证通过后基于所述第一业务处理结果进行业务处理,以生成第二业务处理结果;数字签名单元,用于使用所述下游业务服务器运行的认证模块,至少基于所述第二业务处理结果进行数字签名,以生成第二数字签名。
- 根据权利要求6所述的装置,还包括:存储单元,用于至少将所述第二数字签名在所述区块链成员节点进行分布式存储。
- 根据权利要求6所述的装置,还包括:交易生成单元,用于基于预设的区块链交易格式,至少基于所述第二业务处理结果和所述第二数字签名生成目标交易;交易发送单元,用于将所述目标交易发送到所述区块链,以使所述目标交易被所述区块链的节点共识验证后收录于所述区块链的分布式数据库。
- 根权利要求6所述的装置,所述上游业务服务器运行的认证模块和下游业务服务器运行的认证模块为相同的认证模块;所述第一业务处理结果为被所述认证模块的公钥加密的密文;所述获取单元进一步用于:基于所述认证模块对所述第一业务处理结果进行解密,以获得所述第一业务处理结果的明文;所述装置还包括解密单元,用于基于所述认证模块的公钥对所述第二业务处理结果进行加密。
- 根据权利要求6至9中任一权利要求所述的装置,所述认证模块的公钥被所述区块链认证,包括:所述区块链的分布式数据库中备份有所述认证模块的身份证书;所述身份证书包括所述认证模块的公钥,和所述区块链的认证节点至少基于所述认证模块的公钥所作的电子签名。
- 一种计算机设备,包括:存储器和处理器;所述存储器上存储有可由处理器运 行的计算机程序;所述处理器运行所述计算机程序时,执行如权利要求1到5任意一项所述的方法。
- 一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器运行时,执行如权利要求1到5任意一项所述的方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19909739.5A EP3859647B1 (en) | 2019-01-18 | 2019-12-17 | Blockchain transaction generation method and device |
US17/323,903 US11283627B2 (en) | 2019-01-18 | 2021-05-18 | Method and apparatus for generating blockchain transaction |
US17/667,472 US11895248B2 (en) | 2019-01-18 | 2022-02-08 | Method and apparatus for generating blockchain transaction |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910046918.2A CN110046996B (zh) | 2019-01-18 | 2019-01-18 | 数据处理方法和装置 |
CN201910046918.2 | 2019-01-18 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/323,903 Continuation US11283627B2 (en) | 2019-01-18 | 2021-05-18 | Method and apparatus for generating blockchain transaction |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020147489A1 true WO2020147489A1 (zh) | 2020-07-23 |
Family
ID=67274168
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/126047 WO2020147489A1 (zh) | 2019-01-18 | 2019-12-17 | 区块链交易的生成方法和装置 |
Country Status (5)
Country | Link |
---|---|
US (2) | US11283627B2 (zh) |
EP (1) | EP3859647B1 (zh) |
CN (2) | CN110046996B (zh) |
TW (1) | TWI798483B (zh) |
WO (1) | WO2020147489A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112364388A (zh) * | 2020-10-28 | 2021-02-12 | 中车工业研究院有限公司 | 基于区块链实现的传感器数据认证方法及装置 |
CN112541763A (zh) * | 2020-12-11 | 2021-03-23 | 军工保密资格审查认证中心 | 一种区块链管理器的区块共识审批的方法及装置 |
CN112911018A (zh) * | 2021-03-10 | 2021-06-04 | 杭州宇链科技有限公司 | 一种基于区块链的网络社区征信管理方法 |
CN113570321A (zh) * | 2021-04-29 | 2021-10-29 | 国家能源集团新能源有限责任公司 | 氢能数据管理系统 |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109617698B (zh) * | 2019-01-09 | 2021-08-03 | 腾讯科技(深圳)有限公司 | 发放数字证书的方法、数字证书颁发中心和介质 |
CN110046996B (zh) * | 2019-01-18 | 2020-09-15 | 阿里巴巴集团控股有限公司 | 数据处理方法和装置 |
CN111062059B (zh) * | 2019-11-06 | 2021-05-25 | 支付宝(杭州)信息技术有限公司 | 用于业务处理的方法和装置 |
CN113128998B (zh) * | 2019-12-31 | 2024-04-12 | 航天信息股份有限公司 | 一种区块链系统的业务处理方法、装置及系统 |
CN112669147B (zh) * | 2019-12-31 | 2023-09-26 | 蚂蚁区块链科技(上海)有限公司 | 基于区块链的服务请求方法及装置 |
CN111598696B (zh) * | 2020-05-19 | 2023-04-07 | 京东科技信息技术有限公司 | 基于区块链的交易追溯方法和装置 |
EP3957025B1 (en) * | 2020-07-03 | 2022-12-28 | Alipay (Hangzhou) Information Technology Co., Ltd. | System and method for providing privacy and security protection in blockchain-based private transactions |
CN111652617B (zh) * | 2020-07-07 | 2023-09-22 | 中国银行股份有限公司 | 跨区块链平台的业务处理系统 |
CN113221191B (zh) * | 2021-05-10 | 2022-05-31 | 支付宝(杭州)信息技术有限公司 | 基于区块链的数据存证方法、装置、设备和存储介质 |
TWI828055B (zh) * | 2022-01-28 | 2024-01-01 | 林楠桂 | 車輛交易智能程序存證方法 |
CN115085909B (zh) * | 2022-05-09 | 2024-06-25 | 北京红洞科技有限公司 | 一种随机数生成方法、装置、计算机设备及介质 |
CN114780982A (zh) * | 2022-05-11 | 2022-07-22 | 中国工商银行股份有限公司 | 一种流程业务流转方法、装置和系统 |
CN114844719B (zh) * | 2022-06-06 | 2023-09-22 | 广东电网有限责任公司 | 一种通信网络的跨网络终端身份认证方法、装置以及系统 |
CN115497188B (zh) * | 2022-09-08 | 2023-12-22 | 国网福建省电力有限公司 | 基于区块链的配电线路无人机自主巡检系统及方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180082290A1 (en) * | 2016-09-16 | 2018-03-22 | Kountable, Inc. | Systems and Methods that Utilize Blockchain Digital Certificates for Data Transactions |
CN108259467A (zh) * | 2017-12-13 | 2018-07-06 | 晖保智能科技(上海)有限公司 | 一种区块链通信系统的加密认证方法 |
US10114969B1 (en) * | 2015-08-04 | 2018-10-30 | Jordan White Chaney | Ultra-secure blockchain-based electronic information transfer system |
CN108737436A (zh) * | 2018-05-31 | 2018-11-02 | 西安电子科技大学 | 基于信任联盟区块链的跨域服务器身份认证方法 |
CN110046996A (zh) * | 2019-01-18 | 2019-07-23 | 阿里巴巴集团控股有限公司 | 区块链交易的生成方法和装置 |
Family Cites Families (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8010779B2 (en) * | 2007-09-19 | 2011-08-30 | Novell Inc. | Techniques for secure network searching |
ITMI20081064A1 (it) * | 2008-06-12 | 2009-12-13 | Sara Renata Marceglia | Sistema e metodo per il controllo del processo di prescrizione e somministrazione di trattamenti neuromodulatori sull'uomo mediante stimolazione elettrica a correnti dirette |
US8904172B2 (en) * | 2009-06-17 | 2014-12-02 | Motorola Mobility Llc | Communicating a device descriptor between two devices when registering onto a network |
WO2013151851A2 (en) * | 2012-04-01 | 2013-10-10 | Authentify, Inc. | Secure authentication in a multi-party system |
US9118467B2 (en) * | 2013-03-13 | 2015-08-25 | Atmel Corporation | Generating keys using secure hardware |
US9331856B1 (en) * | 2014-02-10 | 2016-05-03 | Symantec Corporation | Systems and methods for validating digital signatures |
US9949115B2 (en) * | 2014-06-10 | 2018-04-17 | Qualcomm Incorporated | Common modulus RSA key pairs for signature generation and encryption/decryption |
US9935950B2 (en) * | 2015-01-12 | 2018-04-03 | Verisign, Inc. | Systems and methods for establishing ownership and delegation ownership of IOT devices using domain name system services |
US10915891B1 (en) * | 2015-03-16 | 2021-02-09 | Winklevoss Ip, Llc | Autonomous devices |
JP6358658B2 (ja) * | 2015-11-09 | 2018-07-18 | 日本電信電話株式会社 | ブロックチェーン生成装置、ブロックチェーン生成方法、ブロックチェーン検証装置、ブロックチェーン検証方法およびプログラム |
US9948467B2 (en) * | 2015-12-21 | 2018-04-17 | Mastercard International Incorporated | Method and system for blockchain variant using digital signatures |
US10693658B2 (en) * | 2016-02-12 | 2020-06-23 | Visa International Service Association | Methods and systems for using digital signatures to create trusted digital asset transfers |
WO2018049656A1 (zh) * | 2016-09-18 | 2018-03-22 | 深圳前海达闼云端智能科技有限公司 | 基于区块链的身份认证方法、装置、节点及系统 |
CN106549933B (zh) * | 2016-09-22 | 2020-11-03 | 中金云金融(北京)大数据科技股份有限公司 | 区块链的数据传输系统及方法 |
CN107016267B (zh) * | 2016-12-19 | 2020-09-29 | 创新先进技术有限公司 | 离线状态下的资源操作方法及系统 |
US10382485B2 (en) * | 2016-12-23 | 2019-08-13 | Vmware, Inc. | Blockchain-assisted public key infrastructure for internet of things applications |
CN107196900B (zh) * | 2017-03-24 | 2020-04-24 | 创新先进技术有限公司 | 一种共识校验的方法及装置 |
CN107395659B (zh) * | 2017-03-28 | 2021-08-24 | 创新先进技术有限公司 | 一种业务受理及共识的方法及装置 |
TW201837797A (zh) * | 2017-04-13 | 2018-10-16 | 數金科技有限公司 | 透過執行區塊鏈技術的具可追蹤功能的供應鏈記錄方法 |
CN107257340B (zh) * | 2017-06-19 | 2019-10-01 | 阿里巴巴集团控股有限公司 | 一种认证方法、基于区块链的认证数据处理方法及设备 |
CN107292621B (zh) * | 2017-06-22 | 2020-10-27 | 丁江 | 海量数据确权存证方法和节点 |
CN111866008B (zh) * | 2017-07-14 | 2022-05-31 | 创新先进技术有限公司 | 一种业务数据处理方法、业务处理方法及设备 |
WO2019027889A1 (en) * | 2017-08-02 | 2019-02-07 | Bae Systems Information And Electronic Systems Integration Inc. | SYSTEM AND METHOD FOR INCIDENT RECONSTRUCTION USING V2X COMMUNICATIONS |
CN108055236A (zh) * | 2017-11-03 | 2018-05-18 | 深圳市轱辘车联数据技术有限公司 | 一种数据处理方法、车载设备及电子设备 |
US11057352B2 (en) * | 2018-02-28 | 2021-07-06 | Xaptum, Inc. | Communication system and method for machine data routing |
US10250383B1 (en) * | 2018-03-20 | 2019-04-02 | Mocana Corporation | Dynamic domain key exchange for authenticated device to device communications |
US11134071B2 (en) * | 2018-04-23 | 2021-09-28 | Oracle International Corporation | Data exchange during multi factor authentication |
CN109064120A (zh) * | 2018-07-10 | 2018-12-21 | 马上游科技股份有限公司 | 基于区域链的旅游电子合同数字存证系统及存证方法 |
CN109003083A (zh) * | 2018-07-27 | 2018-12-14 | 山东渔翁信息技术股份有限公司 | 一种基于区块链的ca认证方法、装置及电子设备 |
US10841100B2 (en) * | 2018-08-07 | 2020-11-17 | The Toronto-Dominion Bank | Dynamically managing exchanges of data using a distributed ledger and homomorphic commitments |
CN109118223A (zh) * | 2018-08-21 | 2019-01-01 | 上海点融信息科技有限责任公司 | 用于在区块链中管理电子数据的方法、装置及介质 |
CN109190409B (zh) * | 2018-09-14 | 2020-09-01 | 京东数字科技控股有限公司 | 记录信息传播路径的方法、装置、设备及可读存储介质 |
US10936337B2 (en) * | 2018-11-09 | 2021-03-02 | Citrix Systems, Inc. | Rendering content of service providers via web page having dynamically-loaded plugins |
US10506104B1 (en) * | 2018-11-28 | 2019-12-10 | Sap Se | Identity verification using blockchain technology |
US11017090B2 (en) * | 2018-12-17 | 2021-05-25 | Hewlett Packard Enterprise Development Lp | Verification of a state of a platform |
US10535062B1 (en) * | 2019-03-20 | 2020-01-14 | Capital One Services, Llc | Using a contactless card to securely share personal data stored in a blockchain |
-
2019
- 2019-01-18 CN CN201910046918.2A patent/CN110046996B/zh active Active
- 2019-01-18 CN CN202011194091.9A patent/CN112215608B/zh active Active
- 2019-08-29 TW TW108131000A patent/TWI798483B/zh active
- 2019-12-17 WO PCT/CN2019/126047 patent/WO2020147489A1/zh unknown
- 2019-12-17 EP EP19909739.5A patent/EP3859647B1/en active Active
-
2021
- 2021-05-18 US US17/323,903 patent/US11283627B2/en active Active
-
2022
- 2022-02-08 US US17/667,472 patent/US11895248B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10114969B1 (en) * | 2015-08-04 | 2018-10-30 | Jordan White Chaney | Ultra-secure blockchain-based electronic information transfer system |
US20180082290A1 (en) * | 2016-09-16 | 2018-03-22 | Kountable, Inc. | Systems and Methods that Utilize Blockchain Digital Certificates for Data Transactions |
CN108259467A (zh) * | 2017-12-13 | 2018-07-06 | 晖保智能科技(上海)有限公司 | 一种区块链通信系统的加密认证方法 |
CN108737436A (zh) * | 2018-05-31 | 2018-11-02 | 西安电子科技大学 | 基于信任联盟区块链的跨域服务器身份认证方法 |
CN110046996A (zh) * | 2019-01-18 | 2019-07-23 | 阿里巴巴集团控股有限公司 | 区块链交易的生成方法和装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3859647A4 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112364388A (zh) * | 2020-10-28 | 2021-02-12 | 中车工业研究院有限公司 | 基于区块链实现的传感器数据认证方法及装置 |
CN112541763A (zh) * | 2020-12-11 | 2021-03-23 | 军工保密资格审查认证中心 | 一种区块链管理器的区块共识审批的方法及装置 |
CN112541763B (zh) * | 2020-12-11 | 2024-04-30 | 军工保密资格审查认证中心 | 一种区块链管理器的区块共识审批的方法及装置 |
CN112911018A (zh) * | 2021-03-10 | 2021-06-04 | 杭州宇链科技有限公司 | 一种基于区块链的网络社区征信管理方法 |
CN113570321A (zh) * | 2021-04-29 | 2021-10-29 | 国家能源集团新能源有限责任公司 | 氢能数据管理系统 |
Also Published As
Publication number | Publication date |
---|---|
US11895248B2 (en) | 2024-02-06 |
CN110046996B (zh) | 2020-09-15 |
US11283627B2 (en) | 2022-03-22 |
US20220166634A1 (en) | 2022-05-26 |
EP3859647A4 (en) | 2021-11-24 |
US20210273818A1 (en) | 2021-09-02 |
CN112215608B (zh) | 2024-08-09 |
TWI798483B (zh) | 2023-04-11 |
CN112215608A (zh) | 2021-01-12 |
CN110046996A (zh) | 2019-07-23 |
EP3859647B1 (en) | 2024-06-12 |
EP3859647A1 (en) | 2021-08-04 |
TW202029044A (zh) | 2020-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020147489A1 (zh) | 区块链交易的生成方法和装置 | |
TWI701623B (zh) | 基於區塊鏈的物流資訊傳輸方法、系統和裝置 | |
TWI724391B (zh) | 基於區塊鏈的節點管理方法和裝置 | |
CN111095899B (zh) | 针对可信执行环境的分布式密钥管理 | |
TWI746949B (zh) | 基於區塊鏈的隱私交易及其應用方法和裝置 | |
US10839070B1 (en) | Securely executing smart contract operations in a trusted execution environment | |
WO2020147568A1 (zh) | 基于区块链的存证方法和装置 | |
US11483161B2 (en) | Method for information processing and non-transitory computer readable storage medium | |
TW202016818A (zh) | 區塊鏈的交易方法和裝置 | |
CN109614813B (zh) | 基于区块链的隐私交易方法、装置及其应用方法、装置 | |
CN110800250A (zh) | 受控加密私钥的发布 | |
CN111241557B (zh) | 基于区块链的服务请求方法及装置 | |
CN110881063A (zh) | 一种隐私数据的存储方法、装置、设备及介质 | |
CN111127021B (zh) | 基于区块链的服务请求方法及装置 | |
TW202027457A (zh) | 基於區塊鏈的資料處理方法和裝置 | |
WO2021057124A1 (zh) | 基于fpga实现隐私区块链的方法及装置 | |
CN112381646B (zh) | 基于区块链的隐私交易及其应用方法和装置 | |
Wang et al. | Ensuring Cross-Chain Transmission Technique Utilizing TPM and Establishing Cross-Trusted Root Security via SM Algorithm | |
Huang et al. | A Digital Media Subscription Management System Combined with Blockchain and Proxy Re-encryption Mechanisms. Symmetry 2022, 14, 2167 | |
CN117997559A (zh) | 基于区块链的身份验证方法、装置和计算机设备 | |
CN112258169A (zh) | 基于密钥生成的并行签名系统和方法 | |
CN117455661A (zh) | 一种基于区块链的数据处理方法、装置、设备及介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19909739 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2019909739 Country of ref document: EP Effective date: 20210426 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |