WO2020172760A1 - Method, server, client and system for processing digital currency transaction data - Google Patents

Method, server, client and system for processing digital currency transaction data Download PDF

Info

Publication number
WO2020172760A1
WO2020172760A1 PCT/CN2019/076017 CN2019076017W WO2020172760A1 WO 2020172760 A1 WO2020172760 A1 WO 2020172760A1 CN 2019076017 W CN2019076017 W CN 2019076017W WO 2020172760 A1 WO2020172760 A1 WO 2020172760A1
Authority
WO
WIPO (PCT)
Prior art keywords
private key
data
service client
transaction
secret key
Prior art date
Application number
PCT/CN2019/076017
Other languages
French (fr)
Chinese (zh)
Inventor
陈岱
谢翔
傅志敬
孙立林
Original Assignee
云图有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 云图有限公司 filed Critical 云图有限公司
Priority to PCT/CN2019/076017 priority Critical patent/WO2020172760A1/en
Publication of WO2020172760A1 publication Critical patent/WO2020172760A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • This manual belongs to the field of digital currency technology, and in particular relates to a digital currency transaction data processing method, server, client and system.
  • Digital currency refers to the digitization of currency, which can be understood as an alternative currency in the form of electronic currency.
  • Electronic currency can be understood as an encrypted sequence number representing cash, which can be used to represent the currency value of various amounts in reality.
  • Both digital gold coins and cryptocurrencies belong to digital currencies.
  • Digital currency is different from virtual currency in the virtual world because it can be used for real goods and service transactions, not limited to online games.
  • Digital currency transactions can include: digital currency buying or selling, digital currency withdrawal, digital currency asset management, digital currency hot and cold wallet transfers, etc.
  • data currency transactions can be through digital currency trading platforms (such as: Exchange). How to ensure the security of users' transactions during digital currency transactions and ensure the security of users or exchange assets is a technical problem that needs to be solved urgently in this field.
  • the purpose of the embodiments of this specification is to provide a digital currency transaction data processing method, server, client and system to improve transaction security.
  • the embodiments of this specification provide a digital currency transaction data processing method, including:
  • the data to be signed is signed to obtain the signature data, wherein:
  • the sum of the first private key component and the second private key component is the private key of the transaction account;
  • the signature data is sent to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
  • this manual provides a digital currency transaction data processing server, including:
  • a transaction request receiving module configured to receive transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed;
  • a signed data forwarding module configured to send the data to be signed to the second secret key service client
  • the first signature module is configured to sign the data to be signed according to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client , Obtain the signature data, wherein the sum of the first private key component and the second private key component is the private key of the transaction account;
  • the first transfer processing module is configured to send the signature data to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
  • this manual provides a digital currency transaction data processing method, including:
  • the data to be signed is signed to obtain signature data, wherein the first private key component and the second private key
  • the sum of the weights is the private key of the trading account
  • this manual provides a digital currency transaction data processing client, including:
  • the transaction request sending module is configured to send transaction request data to the secret key management server, so that the secret key management server sends the transaction request data to the second secret key service client, and the transaction request data includes the data to be signed;
  • a secret key receiving module configured to receive the second private key component saved by the second secret key service client and sent by the secret key management server;
  • the second signature module is configured to sign the data to be signed according to the first private key component stored by itself and the received second private key component to obtain signature data, wherein the first private key component The sum of the second private key component is the private key of the transaction account;
  • the second transfer processing module is used to perform transaction transfer processing according to the signature data.
  • this manual provides a digital currency transaction data processing method, including:
  • the sum of the first private key component and the second private key component is the private key of the transaction account.
  • this manual provides a digital currency transaction data processing terminal, including:
  • the transaction request query module is configured to receive transaction request data sent by the secret key management server, the transaction request data is sent by the first secret key service client, and the transaction request data includes data to be signed;
  • the signature confirmation module is used to return confirmation signature information to the secret key management server, and send the second private key component stored by itself to the secret key management server, so that the secret key management server and the first
  • the secret key service client signs the data to be signed according to the second private key component and the first private key component saved by the first secret key service client to obtain signature data, and the The secret key service client performs transaction transfer processing according to the signature data;
  • the sum of the first private key component and the second private key component is the private key of the transaction account.
  • this specification provides a digital currency transaction data processing device, including: at least one processor and a memory for storing processor-executable instructions.
  • the processor implements the first aspect or The method of the third or fifth aspect.
  • this specification provides a computer-readable storage medium on which computer instructions are stored, and when executed, the instructions implement the method described in the first aspect, the third aspect, or the fifth aspect.
  • this specification provides a digital currency transaction data processing system, including: a secret key management server, a first secret key service client, and a second secret key service client;
  • the digital currency transaction data processing system is used to perform at least one of the buying and selling of digital currency, the withdrawal of digital currency, the cold wallet transfer of digital currency in the exchange system, and the investment management of digital currency.
  • the secret key The management server is configured to execute the method described in the first aspect
  • the first secret key service client is configured to execute the method described in the second aspect
  • the second secret key service client is configured to execute the third aspect. The method described in the aspect;
  • the first secret key service client is a buyer user transaction client or a seller user transaction client
  • the second secret The key service client is the exchange client
  • the first secret key service client is a withdrawal user client
  • the second secret key service client is an exchange client
  • the second secret key service client includes one or more;
  • the first secret key service client and the second secret key service client are both exchange clients, where ,
  • the second secret key service client includes one or more;
  • the first secret key service client is a wealth management user client
  • the second secret key service client is an asset management client
  • the digital currency transaction data processing method, server, client, terminal, processing equipment, and system provided in this manual split the private key of the transaction account into different private key components, which are stored in different secret keys corresponding to the digital currency transaction.
  • the service client is in the hands of different users.
  • the private key component saved by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect.
  • the sum of the private key components saved by each secret key service client is the private key of the transaction account.
  • the signature data is essentially obtained by signing with the private key of the transaction account to complete the signature transfer of the transaction account.
  • FIG. 1 is a schematic diagram of a transaction flow of buying and selling digital currency in an embodiment of this specification
  • FIG. 2 is a schematic diagram of a process of a user withdrawing digital currency in an embodiment of this specification
  • FIG. 3 is a schematic diagram of a flow of digital currency withdrawal performed by an exchange in an embodiment of this specification
  • FIG. 4 is a schematic diagram of the creation process of a cold wallet of an exchange in an embodiment of this specification
  • FIG. 5 is a schematic diagram of a flow of creating a wealth management account in an embodiment of this specification
  • FIG. 6 is a schematic flowchart of a method for processing digital currency transaction data in an embodiment of this specification
  • FIG. 7 is a schematic flowchart of a method for processing digital currency transaction data in another embodiment of this specification.
  • FIG. 8 is a schematic flowchart of a method for processing digital currency transaction data in another embodiment of this specification.
  • FIG. 9 is a schematic diagram of the data processing flow of transferring funds from the exchange cold wallet to the hot wallet in an embodiment of this specification.
  • FIG. 10 is a schematic diagram of the data processing flow of digital currency buying or digital currency selling or user withdrawal in the embodiment of this specification;
  • FIG. 11 is a schematic diagram of a processing flow of digital currency investment management data in an embodiment of this specification.
  • FIG. 12 is a schematic diagram of a data processing flow of digital currency withdrawal performed by an exchange in an embodiment of this specification
  • FIG. 13 is a schematic diagram of the module structure of an embodiment of the digital currency transaction data processing server provided in this specification.
  • FIG. 14 is a schematic diagram of the structure of a digital currency transaction data processing client in an embodiment of this specification.
  • 15 is a schematic diagram of the structure of a digital currency transaction data processing terminal in an embodiment of this specification.
  • 16 is a block diagram of the hardware structure of the server applying the digital currency transaction data processing method in the embodiment of this specification.
  • the transaction of digital currency in the embodiment of this specification may include: buying and selling of digital currency, withdrawal of digital currency (including user withdrawal and exchange withdrawal), cold wallet transfer of exchange digital currency, and digital currency investment Management, etc., of course, other digital currency transactions can also be conducted according to actual needs, and the embodiments of this specification do not specifically limit it.
  • Figure 1 is a schematic diagram of the transaction flow of digital currency buying and selling in an embodiment of this specification.
  • the numbers on the lines in Figure 1 can indicate the steps of digital currency buying and selling.
  • the digital currency buying and selling The export process can include the following:
  • a buying order user submits a buying order commission, which can indicate a buying order initiated by the user, such as buying digital currency.
  • the exchange system can perform operations such as authentication, risk control, and freezing of account balances. If there is no corresponding matching sell order, the exchange system can entrust the buy order to the market.
  • authentication can refer to judging whether the user has the right to operate
  • risk control can refer to judging the risk probability of the current digital currency transaction, and freezing the account balance for subsequent corresponding operations on the user's account.
  • a sell order user initiates a sell order commission, which can indicate a sell order initiated by the user, such as selling digital currency.
  • the exchange system can perform operations such as authentication, risk control, and freezing of account balances. If there is a corresponding matching buy order, a transaction record will be generated.
  • the user of the buy and sell order can inquire whether his entrusted record is executed. After the transaction is completed, users (including users who buy orders and users who sell orders) and the exchange can perform transaction settlement, that is, transfer.
  • the private key corresponding to the user account can be divided into a first private key component and a second private key component. It is kept by the user and the exchange respectively, and the buying and selling of digital currency requires the user and the exchange to sign together.
  • the key management server (kms, Key Management Service) can also be used to manage and use the secret key.
  • the process of transferring can refer to the process of the digital currency transaction data processing method in the embodiment of this specification to complete the digital currency transaction. Buy and sell.
  • FIG. 2 is a schematic diagram of the user's digital currency withdrawal process in an embodiment of this specification.
  • the numbers on the lines in Figure 2 can indicate the steps of the user's digital currency withdrawal.
  • the user performs digital currency withdrawal
  • the transaction can include the following processes:
  • the withdrawal user initiates a withdrawal application.
  • the exchange system can perform operations such as authentication, risk control, and freezing of account balances.
  • the key management server (kms, Key Management Service) can also be used to manage and use the key, and the process of withdrawing money can refer to the process of the digital currency transaction data processing method in the embodiment of this specification.
  • Fig. 3 is a schematic diagram of the process of digital currency withdrawal performed by the exchange in an embodiment of this specification.
  • the numbers on the lines in Fig. 3 can indicate the steps of the exchange’s digital currency withdrawal.
  • the exchange performs digital currency withdrawal.
  • the withdrawal of coins can include the following processes:
  • the operator initiates a withdrawal application. Operators can be understood as financial administrators or other staff of the exchange.
  • the exchange system can perform authentication, risk control, and freeze account balances.
  • the administrator of the exchange can perform coin withdrawal operations.
  • the private key corresponding to the exchange account can be divided into the first private key component and the second private key component, which are managed by the exchange separately
  • multiple administrators of the exchange need to sign together to realize the withdrawal.
  • the process of withdrawal can refer to the process of the digital currency transaction data processing method in the embodiment of this specification.
  • the internal digital currency management of the exchange In the internal digital currency management of the exchange, it is generally divided into hot and cold wallets, cold wallets for offline storage, and hot wallets online to process user withdrawals.
  • the transfer amount usually involved is relatively large.
  • the exchange will have multiple management users, similar to the shareholders or managers of the company.
  • the private key of the cold wallet corresponding to the exchange can be split into multiple private key components, which are stored in different Of administrative users.
  • the management and use of the secret key can also be performed through a secret key management server (kms, Key Management Service).
  • the secret key management server is used to obtain the information that each management user agrees to the transfer, and the private key component in the hands of each management user is used to sign, then the transfer process from the cold wallet to the hot wallet can be realized.
  • FIG. 4 is a schematic diagram of the creation process of a cold wallet of an exchange in an embodiment of this specification.
  • a transaction in an embodiment of this specification It can include 2 administrators, each administrator corresponds to a key service client, the key service client corresponding to administrator 1 can be called the first key service client, and the key service corresponding to administrator 2
  • the client can represent the second key service client, and the numbers on the lines in the figure can represent the steps of cold wallet creation.
  • the process of creating a cold wallet can include the following processes:
  • Administrator 1 can use the first secret key service client to locally generate the private key component and the public key sk1+pk1 corresponding to the private key component: (sk1 represents the private key component generated by administrator 1, and pk1 represents the private key of administrator 1. The public key corresponding to the key component), and obtain the pk2 of administrator 2 offline (pk2 represents the public key corresponding to the private key component of administrator 2), call kms to create the wallet interface, and act as a participant of the wallet.
  • the administrator 2 can use the second secret key service client to locally generate the private key component and the public key corresponding to the private key component: sk2+pk2 (sk2 represents the private key component generated by the administrator 2, and pk2 represents the private key of the administrator 2.
  • Administrator 1 obtains partial private key fragments sk2-2 of administrator 2 through kms, and decrypts them with sk1.
  • Administrator 1 and kms perform an MPC (Secure Muti-Party Computation) calculation to generate the public key of the cold wallet.
  • MPC Secure Muti-Party Computation
  • the digital currency transactions in the embodiments of this specification can also include digital currency investment management.
  • the investment process can be expressed in the digital asset management system. The user first needs to register a wealth management user and then purchase wealth management products.
  • Figure 5 is a schematic diagram of the process of creating a wealth management account in an embodiment of this specification. The numbers on the lines in Figure 5 can indicate the steps of creating a wealth management account. As shown in Figure 5, the process of creating a wealth management account can include:
  • Wealth management users can use the first secret key service client to locally generate the private key component and the public key sk1+pk1 corresponding to the private key component (sk1 represents the private key component generated by the wealth management user, and pk1 represents the corresponding private key component generated by the wealth management user Public key) and through the pk2 of the asset manager obtained offline (pk2 represents the public key corresponding to the private key component of the wealth management user), call kms to create the wallet interface and act as a participant of the wallet. Financial users can represent investors.
  • the asset manager can use the second secret key service client to locally generate the private key component sk2+pk2 (sk2 represents the private key component generated by the asset manager, and pk2 represents the public key corresponding to the asset manager’s private key component).
  • sk2 represents the private key component generated by the asset manager
  • pk2 represents the public key corresponding to the asset manager’s private key component.
  • Split sk2 into 2 parts sk2 sk2-1+sk2-2 (sk2-2 is encrypted by pk1), and call kms's wallet join interface as a participant of the wallet.
  • the asset manager may refer to an institution that provides investment management services.
  • the wealth management user obtains part of the private key fragment sk2-2 of the asset manager through kms, and decrypts it with sk1.
  • Wealth management users and kms do an MPC calculation to generate the public key of the financial user account.
  • Wealth management users provide sk1+sk2-2, and kms provides sk2-1.
  • the embodiment of this specification provides a method for processing digital currency transaction data.
  • the private key of the transaction account By dividing the private key of the transaction account into a first private key component and a second private key component, they are stored in different secret key service clients.
  • the private key components stored in each secret key service client are used to sign the transferred data.
  • Each secret key service client agrees to sign and agree to transfer to realize transaction transfer, which ensures the security of exchange digital currency transactions.
  • the digital currency transaction data processing method in this manual can be applied to the client or server.
  • the client can be a smart phone, a tablet computer, a smart wearable device (smart watch, virtual reality glasses, virtual reality helmet, etc.), smart car equipment, etc. Electronic equipment.
  • FIG. 6 is a schematic flow diagram of a digital currency transaction data processing method in an embodiment of this specification.
  • the digital currency transaction data processing method in this embodiment of this specification may represent a transaction management process performed on the key management server side.
  • the overall process of the digital currency transaction data processing method provided in an embodiment of this specification may include:
  • Step 602 Receive transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed.
  • the first key service client can be understood as a user's client in the digital currency transaction process. For example, if the digital currency is purchased, the first key service client can represent the buyer's client; For the sale of digital currency, the first key service client can represent the client of the seller user; if the user withdraws the digital currency, the first key service client can represent the client of the withdrawing user; For the withdrawal of digital currency, the first secret key service client can represent the client of the administrator who made the withdrawal request in the exchange; if the exchange cold wallet transfer transaction is performed, the first secret key service client can Represents the client of the administrator who requested the cold wallet transfer. For example, the client corresponding to the administrator 1 in Figure 4 can be called the first secret key service client; if the investment management of digital currency is performed, the first secret The key service client can represent the client of a wealth management user.
  • the transaction request data may include at least one of digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, and wealth management request data.
  • users can send transaction request data to the key management server through the first secret key service client, such as: request data for buying digital currency, request data for selling digital currency, and user withdrawal Request data, request data of exchange currency withdrawal, cold wallet transfer request data, or purchase request data of wealth management products, etc.
  • the transaction request data can include data to be signed, and the data to be signed can indicate the specific information of the transaction request, such as: the amount of currency bought, the amount of currency sold, the amount of money withdrawn, the amount of cold wallet transfer, and the amount of money purchased And type.
  • Step 604 Send the data to be signed to the second secret key service client.
  • the key management server may send the data to be signed to the second key service client, and the second key service client will confirm whether the transfer is allowed.
  • the second secret key service client can represent the client corresponding to the other user of the digital currency transaction.
  • the second secret key service client can represent the exchange client.
  • the client can be understood as an exchange system or an exchange platform, or as a client corresponding to the management personnel designated by the exchange; if the user withdraws digital currency, the second secret key service client can represent the exchange customer End; if the exchange performs digital currency withdrawals, the second secret key service client can represent the clients of other administrators in the exchange excluding the first secret key service client.
  • the number can be one or more, according to The actual setting is required, and the embodiment of this specification does not make specific restrictions; if the exchange cold wallet transfer transaction is performed, the second secret key service client can represent the clients other than the administrator of the first secret key service client, and the number can be One or more, set according to actual needs, the embodiment of this specification does not specifically limit; if the investment management of digital currency, the second secret key service client can represent the client corresponding to the asset manager, which can be understood as asset management Managed system or organization.
  • the user corresponding to the second key service client can judge whether the transaction is completed according to the data to be signed. If the transaction is completed, it can return signature confirmation information to the key management server. If there is no transaction, you can return the rejection signature information.
  • Step 606 Sign the data to be signed according to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client to obtain signature data , Wherein the sum of the first private key component and the second private key component is the private key of the transaction account.
  • the first secret key service client and the second secret key service client in the embodiment of this specification may respectively store the first private key component and the second private key component, where the first private key component
  • the sum of the components of the second private key can be the private key of the transaction account.
  • the transaction account can represent the account that needs to be transferred in the current digital currency transaction, such as a user account or an exchange account.
  • the sum of the first private key component and the second private key component can be the private key of the user account; if the cold wallet transfer of the exchange is performed, Then the sum of the first private key component and the second private key component can be the private key of the exchange cold wallet; if the exchange is withdrawn, the sum of the first private key component and the second private key component can be the exchange account The corresponding private key.
  • the secret key management server and the first secret key service client can be based on the first private key component and the second private key component. Perform signature calculation, sign the data to be signed, and obtain the signature data.
  • the sum of the private key components saved by each secret key service client is the private key of the transaction account, and the signature data is essentially obtained by signing the private key of the transaction account, completing the secure transaction of digital currency.
  • the signature data can indicate that digital currency transactions are allowed, such as the purchase of digital currency, the signature data can indicate the amount of digital currency that needs to be paid for the buyer user’s account and the amount of digital currency purchased, so as to be transferred from the buyer user’s account Corresponding digital currency, and transfer the amount of digital currency purchased.
  • secure multi-party calculation when signing data to be signed, secure multi-party calculation can be used, that is, the first secret key service client and the key management server respectively provide part of the private key components to perform signature calculation on the data to be signed to obtain the signature data. Improve the security of digital currency transactions.
  • signature methods can also be used according to actual needs, and the embodiment of this specification does not specifically limit it.
  • Step 608 Send the signature data to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
  • the key management server can return the signature data to the first key service client, and the first key service client can send the signature data to the blockchain for transfer processing of digital currency transactions.
  • Blockchain is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
  • User A needs to buy digital currency.
  • User A sends digital currency buying request data to the key management server through his client, the first key service client, and the key management server will buy digital currency request data Sent to the exchange, the second secret key service client, when there is a corresponding matching sell order, the exchange confirms that the transaction can be carried out, and can return the confirmation signature information.
  • the key management server can obtain the second private key component corresponding to the account of user A stored in the exchange, and perform signature calculation with the first key management client.
  • the first secret key service client stores the first private key component of the user A account, and uses the first private key component and the second private key component to perform signature calculation to obtain signature data.
  • the first secret key service client sends the signature data to the blockchain, and the blockchain can be used to perform corresponding transfer processing to user A’s account, such as the amount of digital currency bought and the corresponding amount of digital currency that needs to be paid. Such as: the amount of bitcoin to buy, the amount of ether that needs to be paid, etc.
  • the second secret key service client can be multiple, for example: exchange cold wallet transfer transaction, exchange currency withdrawal transaction, take the exchange cold wallet transfer transaction as an example,
  • exchange cold wallet transfer transaction exchange currency withdrawal transaction
  • exchange cold wallet transfer transaction take the exchange cold wallet transfer transaction as an example
  • the exchange includes three administrators: administrator 1, administrator 2, administrator 3, administrator 1 is responsible for the financial management of the exchange, administrator 2 is the boss, administrator 3 is the shareholder, and the client corresponding to administrator 1 It can represent the first key service client, and the clients corresponding to the administrator 2 and administrator 3 can represent the second key service client.
  • Administrator 1, administrator 2, and administrator 3 respectively store the private key components sk1, sk2, and sk3 of the private key of the cold wallet corresponding to the exchange.
  • the administrator 1 can send a cold wallet transfer request to the key management server through its first key service client.
  • the key management server After the key management server receives the request, it can The request is sent to the second key service client corresponding to the administrator 2 and the administrator 3, and the administrator 2 and the administrator 3 confirm whether to approve the transfer. If both the administrator 2 and the administrator 3 agree to the transfer, the confirmation signature information can be returned through the corresponding second key service client.
  • the key management server receives the confirmation signature information returned by the administrator 2 and the administrator 3, it can obtain the private key components saved by the administrator 2 and the administrator 3, and then use each of the administrator 1, administrator 2, and administrator 3.
  • the saved private key component signs the data to be signed in the cold wallet transfer request and obtains the signature data, indicating that the exchange agrees to the transfer information.
  • the key management server can also return the obtained signature data to the first key service client, such as sending it to the administrator 1, and the administrator 1 can send the signature data to the blockchain, and the blockchain will perform the transfer processing.
  • each secret key service client in the embodiments of this specification can be generated when the trading account is created. Modular addition and subtraction algorithms can be used to split the private key corresponding to the account into different The private key component is then saved to each secret key service client.
  • Modular addition and subtraction algorithms can be used to split the private key corresponding to the account into different The private key component is then saved to each secret key service client.
  • other methods can also be used to split and combine the private keys of the cold wallet, which is not specifically limited in the embodiment of this specification.
  • the digital currency transaction data processing method splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients corresponding to the digital currency transaction, that is, different users.
  • the private key component saved by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect.
  • the sum of the private key components saved by each secret key service client is the private key of the transaction account.
  • the signature data is essentially obtained by signing with the private key of the transaction account to complete the signature transfer of the transaction account.
  • the second private key component includes a first private key fragment and a second private key fragment
  • the said data to be signed is signed according to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client to obtain Signature data, including:
  • the data to be signed is signed to obtain the signature data.
  • the second secret key service client can split the second private key component stored by itself into the first private key fragment and the second private key fragment.
  • the split of the secret key component can also be adopted
  • the mode of addition and subtraction is not specifically limited in the embodiment of this specification.
  • the key management server receives the confirmation signature information returned by the second key service client, it can obtain the first private key fragments saved by the second key service client, and divide the second key management service client's second The private key fragments are sent to the first key service client.
  • the key management server can use the obtained first private key fragment, combined with the first private key component and the second private key fragment saved by the first secret key service client to sign the signature data, obtain the signature data, and perform Transfer processing.
  • a secure multi-party computing mpc may be used to sign the data to be signed to obtain the signature data.
  • mpc is mainly aimed at the problem of how to safely calculate an agreed function without a trusted third party.
  • the mpc can include multiple parties that hold their own private data to jointly execute a calculation logic (eg, maximum calculation) and obtain the calculation result, but in the process, each party participating in the calculation will not leak their data.
  • a calculation logic eg, maximum calculation
  • the MPC calculation is generally two parties participating.
  • the key management server can provide the acquired second secret key service client's first private key fragment and For the data to be signed, the first private key component saved by the first secret key service client, the second private key fragments saved by the second secret key service client obtained, and the data to be signed are provided to ensure the signature data safety.
  • the first secret key service client stores the private key component sk1 of the transaction account
  • the second secret key service client stores the private key component sk2 of the transaction account
  • the second secret key service client splits sk2 into The first private key fragment sk2-1 and the second private key fragment sk2-2.
  • the secret key management server can obtain the first private key of the second secret key service client to slice sk2-1 and divide the second The second private key fragment sk2-2 of the key service client is sent to the first key service client.
  • the first secret key service client and the secret key management server can use mpc to sign the data to be signed.
  • the secret key management server can provide data including: sk2-1 and the data to be signed, the first secret key service
  • the data that the client can provide includes: sk1, sk2-2, and data to be signed.
  • sk1+sk2-1+sk2-2 the private key of the transaction account, which realizes the signature confirmation transfer of the transaction account.
  • the private key component of the second secret key service client is split into two parts, one part is sent to the secret key management server, and the other part is sent to the first secret key service client.
  • the secret key management server and the first The key service client uses the corresponding private key component to sign data. No party has obtained the complete private key of the transaction account, ensuring the security of the transaction.
  • multi-signature relies on the characteristics of the underlying chain, different chains have different ways and increase the complexity of the code.
  • the embodiment of this specification utilizes the signature transmission technology of the secret key management server kms, which can quickly realize the signature of the transaction data, the method is simple, and the data processing speed is improved.
  • the first private key component corresponds to a public key
  • the second private key segment is encrypted using the public key corresponding to the first private key component
  • the sending the second private key fragments to the first secret key service client includes:
  • the encrypted second private key fragments are sent to the first secret key service client, so that the first secret key service client uses the first private key component to decrypt to obtain the second private key Key fragmentation.
  • the first private key component in the first secret key service client corresponds to a public key.
  • the public key can be calculated based on the private key
  • the second secret key service client can obtain the first secret key service client.
  • the key management server receives the confirmation signature information returned by the second key service client, it can obtain the second private key component in the second key service client.
  • the second private key component is split into the first private key fragment and the second private key fragment, and the second private key fragment is encrypted with the public key of the private key component of the first secret key service client, and the secret key management server Only the first private key fragment in the second secret key service client can be obtained, and the encrypted second private key fragment cannot be decrypted.
  • the key management server can send the encrypted second private key fragments to the first key service client, and the first key service client can use the first private key component stored by itself to perform the encrypted second private key.
  • the key fragment is decrypted to obtain the second private key fragment of the second secret key service client.
  • the secret key management server and the first secret key service client can use the private key component of the transaction account obtained or saved by each to sign the signature data and perform transaction processing.
  • the private key component in the second secret key service client is split, and the split second private key is divided into the first private key component saved by the first secret key service client.
  • the public key is encrypted.
  • the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account.
  • no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of digital currency transactions.
  • FIG. 7 is a schematic flow diagram of the digital currency transaction data processing method in another embodiment of this specification, as shown in Figure 7. As shown, the flow of the digital currency transaction data processing method executed by the first secret key service client provided in the embodiment of this specification may include:
  • Step 702 Send transaction request data to the secret key management server, so that the secret key management server sends transaction request data to the second secret key service client, where the transaction request data includes data to be signed.
  • the digital currency transaction data processing method in the embodiment of this specification can be executed in the first secret key service client, for example, it can be a user who conducts digital currency trading, digital currency financial management, and digital currency withdrawal Client, or the client of the administrator responsible for financial management in the exchange system.
  • the first secret key service client can locally generate a transaction message according to the specific information of the digital currency transaction, hash the transaction message to obtain the data to be signed, and send it to the secret key management server Send transaction request data, the transaction request data includes the data to be signed.
  • the key management server may send the transaction request data to the second key service client, so that the second key service client confirms whether to agree to the transfer.
  • the transaction request data may include at least one of digital currency trading transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, and wealth management request data. That is, the digital currency transaction data processing method in the embodiment of this specification can be applied to a variety of digital currency transaction scenarios.
  • the user can send transaction request data to the secret key management server through the first secret key service client. , Such as: request data for buying digital currency, request data for selling digital currency, request data for user withdrawal, request data for exchange withdrawal, request data for cold wallet transfer or request data for buying wealth management products, etc.
  • the first secret key service client and the second secret key service client in the embodiment of this specification are both clients corresponding to users of both parties to the transaction, and the difference may lie in different specific functions.
  • the first secret key service client can be understood as a client responsible for financial management and actively initiate transaction requests
  • the second secret key service client can be understood as a transaction Clients of other administrators except the first key management client.
  • the number of the first secret key service client is one, and the number of the second secret key service client may be one or more, which can be specifically set according to actual conditions, which is not specifically limited in the embodiment of this specification.
  • Step 704 Receive the second private key component saved by the second key service client and sent by the key management server.
  • the key management server When the key management server receives the confirmation signature information returned by the second key service client, the key management server can obtain the second private key component of the transaction account saved by the second key service client, and can transfer the second The private key component is sent to the first key service client.
  • the first secret key service client and the second secret key service client can respectively generate the corresponding private key components of the transaction account according to the private key of the transaction account.
  • the private key component generated by the key service client can be called the first private key component
  • the private key component generated by the second key service client private key component can be called the second private key component.
  • the sum of the second private key components is the private key of the transaction account.
  • the private key component can be generated by the algorithm of modular addition and subtraction, or generated in other ways, and the embodiment of this specification does not specifically limit it.
  • Step 706 Sign the data to be signed according to the first private key component stored by itself and the received second private key component to obtain signature data, wherein the first private key component and the second private key component The sum of the two private key components is the private key of the transaction account.
  • the first key service client After the first key service client receives the second private key component saved by the second key service client sent by the key management server, it can use the first private key component stored by itself and the received second private key
  • the component together with the secret key management server, signs the data to be signed to obtain signature data.
  • the signature data includes information such as the transaction amount.
  • Step 708 Perform transaction transfer processing according to the signature data.
  • the first secret key service client can perform cold wallet transfer processing based on the signature data.
  • the first secret key service client can send the signature data to the blockchain for transaction transfer processing.
  • the specific transfer processing method please refer to the record in the foregoing embodiment, which will not be repeated here.
  • the digital currency transaction data processing method splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients, that is, users.
  • the private key component of the cold wallet stored by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect.
  • the sum of the private key components of the cold wallet stored by each secret key service client is the private key of the transaction account.
  • the signature data is essentially obtained by signing the transaction account's private key to complete the signature transfer of the transaction account.
  • the second private key component includes: a first private key fragment, a second private key fragment, and the second private key fragment uses the first private key fragment.
  • a public key corresponding to a private key component is encrypted;
  • the receiving the second private key component saved by the second key service client sent by the key management server includes:
  • the signing the data to be signed to obtain the signature data includes:
  • the second secret key service client can split the second private key component stored by itself into the first private key fragment and the second private key fragment.
  • the split of the secret key component can also be adopted
  • the mode of addition and subtraction is not specifically limited in the embodiment of this specification.
  • the first private key component in the first secret key service client corresponds to a public key, and the public key can be calculated based on the private key.
  • the second secret key service client may obtain the public key of the first private key component of the first secret key service client to encrypt the second private key segment.
  • the secret key management server may obtain the second private key component in the second secret key service client.
  • the private key component in the second secret key service client is split into the first private key fragment and the second private key fragment, and the second private key fragment uses the first private key of the first secret key service client
  • the public key of the key component is encrypted, and the key management server can only obtain the first private key fragment in the second secret key service client, and cannot decrypt the encrypted second private key fragment.
  • the key management server can send the encrypted second private key fragments to the first key service client, and the first key service client can use its own first private key component to encrypt the second private key
  • the fragments are decrypted to obtain the second private key fragments of the second secret key service client.
  • the secret key management server and the first secret key service client can use the private key components obtained or saved respectively to sign the data to be signed, and then perform transaction processing.
  • secure multi-party computing mpc may be used to sign the data to be signed to obtain the signature data.
  • the MPC calculation is generally two parties participating.
  • the key management server can provide the acquired second secret key service client's first private key fragment and For the data to be signed, the first private key component saved by the first secret key service client, the second private key fragments saved by the second secret key service client obtained, and the data to be signed are provided to ensure the signature data safety.
  • the first secret key service client stores the first private key component sk1 of the transaction account
  • the second secret key service client stores the private key component sk2 of the transaction account
  • the second secret key service client splits sk2 It becomes the first private key segment sk2-1 and the second private key segment sk2-2, where the second private key segment sk2-2 is encrypted using the public key pk1 of the first private key component sk1.
  • the secret key management server can obtain the first private key of the second secret key service client to slice sk2-1 and divide the second The encrypted second private key segment sk2-2 of the key service client is sent to the first key service client.
  • the first key service client can use sk1 to decrypt the encrypted sk2-2 to obtain sk2-2.
  • the first secret key service client and secret key management server can use mpc to perform signature calculation on the data to be signed.
  • the key management server can provide data including: sk2-1 and the data to be signed, the first secret key
  • the data that the service client can provide includes: sk1, sk2-2, and data to be signed.
  • sk1+sk2-1+sk2-2 the private key of the transaction account, which realizes the signature confirmation of the transaction account, and can further process the transaction transfer according to the signature data.
  • the private key component in the second secret key service client is split, and the split second private key fragments are encrypted with the public key of the private key component of the first secret key service client .
  • the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account.
  • no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of the transaction.
  • the method for generating the first private key component and the second private key component may include:
  • the second secret key service client generates respective first private key components and second private key components
  • the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data
  • the exchange account when the exchange account is created, according to the private key of the exchange account, serve the customer with the second secret key
  • the terminals respectively generate their first private key component and second private key component.
  • the first private key component and the second private key component can be generated when the transaction account is created.
  • the first secret key service client and the second secret key service client can The first private key component and the second private key component are generated according to the private key corresponding to the user account.
  • the sum of the first private key component and the second private key component may be the private key corresponding to the user account.
  • the private key component can be generated by the algorithm of modular addition and subtraction of the private key of the user account to generate the private key component, or it can be generated in other ways, which is not specifically limited in the embodiment of this specification.
  • the first secret key service client may be a client corresponding to the user and store the first private key component
  • the second secret key service client may be an exchange client and store the second private key component.
  • the first secret key service client and the second secret key service client can use the same method to generate the first private key component and the second private key component.
  • the sum of the first private key component and the second private key component may be the private key corresponding to the wealth management account.
  • the first secret key service client may refer to the client of a wealth management user who needs to conduct financial management
  • the second secret key service client may refer to the client of an asset management party that is an institution that conducts asset management.
  • the first secret key service client and the second secret key service client can use the same method to generate the first private key component and the second private key component.
  • the sum of the first private key component and the second private key component may be the private key corresponding to the cold wallet.
  • the first key service client can represent the client corresponding to the financial administrator of the exchange
  • the second key service client can represent the clients of other administrators
  • the second key service client can have Multiple such as: clients corresponding to all shareholders of the exchange.
  • the first secret key service client and the second secret key service client can use the same method to generate the first private key component and the second private key component.
  • the sum of the first private key component and the second private key component may be the private key corresponding to the exchange account.
  • the first key service client can represent the client of the exchange system or the financial administrator of the exchange or other designated administrators
  • the second key service client can represent the clients of other administrators
  • the second secret key service client can have multiple clients, such as clients corresponding to all shareholders of the exchange.
  • all administrators who have the private key component of the exchange account must agree, that is, the first secret key service client and the second secret key service client jointly sign and confirm before the transaction can be carried out. Transfer processing improves the security of exchange assets.
  • FIG. 8 is a schematic flowchart of a digital currency transaction data processing method in another embodiment of this specification, as shown in FIG. 8 As shown, the process of the digital currency transaction data processing method executed by the second secret key service client provided in the embodiment of this specification may include:
  • Step 802 Receive transaction request data sent by the key management server, where the transaction request data is sent by the first key service client, and the transaction request data includes data to be signed.
  • the digital currency transaction data processing method in the embodiment of this specification can be executed in the second secret key service client, for example, it can be the exchange system, the client corresponding to the asset manager, and the exchange’s The client corresponding to the administrator, etc.
  • the first secret key service client can generate a transaction message locally according to the specific information of the digital currency transaction, hash the transaction message to obtain the data to be signed, and send it to the secret key management server Send transaction request data, the transaction request data includes the data to be signed.
  • the key management server can send the transaction request data to the second key service client, and the second key service client can receive the transaction request data sent by the key management server.
  • the transaction request data may include at least one of digital currency trading transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, and wealth management request data. That is, the digital currency transaction data processing method in the embodiment of this specification can be applied to a variety of digital currency transaction scenarios.
  • the user can send transaction request data to the secret key management server through the first secret key service client. , Such as: request data for buying digital currency, request data for selling digital currency, request data for user withdrawal, request data for exchange withdrawal, request data for cold wallet transfer or request data for buying wealth management products, etc.
  • request data for buying digital currency request data for selling digital currency
  • request data for user withdrawal request data for exchange withdrawal
  • request data for cold wallet transfer or request data for buying wealth management products etc.
  • Step 804 Return the confirmation signature information to the key management server, and send the second private key component saved by itself to the key management server, so that the key management server and the first key service
  • the client signs the data to be signed according to the second private key component and the first private key component saved by the first secret key service client to obtain signature data, which is served by the first secret key
  • the client terminal performs transaction transfer processing according to the signature data;
  • the sum of the first private key component and the second private key component is the private key of the transaction account.
  • the second secret key service client after the second secret key service client receives the transaction request data sent by the secret key management server, it can judge whether the transaction request is passed, that is, whether the transaction is completed, if the transaction is completed, it can report to the key management The server returns confirmation signature information. After the second key service client confirms the signature, it can send the second private key component saved by itself to the key management server, and the key management server can obtain the second private key component of the transaction account saved by the second key service client , And can send the second private key component to the first key service client.
  • the first key service client After the first key service client receives the second private key component saved by the second key service client sent by the key management server, it can use the first private key component stored by itself and the received second private key
  • the component together with the secret key management server, signs the data to be signed to obtain signature data.
  • the signature data includes information such as the transaction amount.
  • the first secret key service client can perform cold wallet transfer processing based on the signature data.
  • the first secret key service client can send the signature data to the blockchain for transaction transfer processing.
  • the specific transfer processing method please refer to the record in the foregoing embodiment, which will not be repeated here.
  • some embodiments of this specification provide methods for generating private key components.
  • the methods for generating the first private key component and the second private key component may include:
  • the first secret key service client generates respective second private key components and first private key components
  • the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data
  • the exchange account when the exchange account is created, according to the private key of the exchange account, serve the customer with the first secret key
  • the terminals respectively generate their second private key component and first private key component.
  • the first secret key service client and the second secret key service client can respectively generate the private key components of the corresponding transaction account when the transaction account is created.
  • the private key component generated by the key service client can be called the first private key component
  • the private key component generated by the second key service client private key component can be called the second private key component.
  • the sum of the second private key components is the private key of the transaction account.
  • the private key component can be generated through the algorithm of modular addition and subtraction, or generated in other ways, which is not specifically limited in the embodiment of this specification.
  • the digital currency transaction data processing method splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients, that is, users.
  • the private key component of the cold wallet stored by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect.
  • the sum of the private key components of the cold wallet stored by each secret key service client is the private key of the transaction account.
  • the signature data is essentially obtained by signing the transaction account's private key to complete the signature transfer of the transaction account.
  • the sending the first private key component stored by itself to the secret key management server includes:
  • the secret key management server and the first secret key service client perform the signature on the to-be-signed according to the second private key component and the first private key component stored by the first secret key service client Data is signed, including:
  • the key management server sends the encrypted second private key fragments to the first key service client;
  • the first secret key service client uses the first private key component to decrypt the encrypted second private key fragment to obtain the second private key fragment;
  • the key management server and the first key service client use secure multi-party computing to compare the data to be signed Sign and obtain the signature data.
  • the second secret key service client can split the second private key component stored by itself into the first private key fragment and the second private key fragment.
  • the split of the secret key component can also be adopted
  • the mode of addition and subtraction is not specifically limited in the embodiment of this specification.
  • the first private key component in the first secret key service client corresponds to a public key, and the public key can be calculated based on the private key.
  • the second secret key service client may obtain the public key of the first private key component of the first secret key service client to encrypt the second private key segment.
  • the key management server When the key management server receives the confirmation signature information returned by the second key service client, it can obtain the second private key component in the second key service client, and send the second private key component to the first signature Service client.
  • the key management server and the first key service client can use the private key components obtained or saved by each to sign the data to be signed, and then perform transaction processing.
  • For the specific signature calculation process please refer to the record in the above-mentioned embodiment. Repeat.
  • secure multi-party computing mpc may be used to sign the data to be signed to obtain the signature data.
  • the MPC calculation is generally two parties participating.
  • the key management server can provide the acquired second secret key service client's first private key fragment and For the data to be signed, the first private key component saved by the first secret key service client, the second private key fragments saved by the second secret key service client obtained, and the data to be signed are provided to ensure the signature data safety.
  • the second private key component is split in the second secret key service client, and the split second private key is divided into pieces using the public key of the private key component of the first secret key service client. encryption.
  • the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account.
  • no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of the transaction.
  • Figure 9 is a schematic diagram of the data processing flow of the exchange’s cold wallet transfer to the hot wallet in an embodiment of this specification.
  • the numbers on the lines in the figure can indicate the steps of the cold wallet transfer, as shown in Figure 9, when you create it with reference to Figure 4 above
  • the process of transferring the cold wallet of the exchange in an embodiment of this specification may include:
  • Administrator 1 generates transaction messages locally through the first secret key service client, hashes the transaction messages to obtain the data to be signed, and calls kms to initiate the signature interface.
  • the parameter is pk1 (pk1 is the administrator The public key corresponding to the first private key component of the cold wallet stored in 1) + data to be signed.
  • the administrator 2 can query the data to be signed through the second secret key service client.
  • the administrator 1 obtains the partial private key fragment sk2-2 of the administrator 2 through kms, and decrypts it with sk1 (sk1 represents the first private key component of the cold wallet saved by the administrator 1).
  • Administrator 1 and kms do an MPC calculation to generate signature data. Administrator 1 provides sk1+sk2-2+ data to be signed, and kms provides sk2-1+ data to be signed.
  • the administrator 1 sends the data to be signed to the blockchain to perform the transfer.
  • FIG 10 is a schematic diagram of the data processing flow of digital currency buying or digital currency selling or user withdrawal in the embodiment of this specification.
  • the numbers on the lines in the figure can indicate the steps of the transaction. Refer to Figure 1 or Figure 3 above. After the transaction is completed or the digital currency withdrawal submitted by the user is approved, as shown in Figure 10, the following methods can be used to perform digital currency transaction transfers:
  • the user generates the transaction message locally through the first secret key service client, hashes the transaction message to obtain the data to be signed, and calls the interface of kms to initiate the signature.
  • the parameter is pk1 (pk1 is the saved in the user The public key corresponding to the first private key component of the user account) + data to be signed.
  • the user may be a user who purchases digital currency.
  • the transaction message submitted by the user may be a digital currency purchase order commission.
  • the user can also be a user who sells digital currency.
  • the transaction message submitted by the user can be a digital currency sell order commission.
  • the user may also be a user who performs digital currency withdrawal.
  • the transaction message data submitted by the user may be a withdrawal request.
  • the client corresponding to the buying user stores the first private key component of the buying user account
  • the client corresponding to the selling user stores the first private key component of the selling user
  • the second secret key service client is the exchange
  • the second private key component for buying the user account and the second private key component for selling the user account are stored.
  • the exchange can query the data to be signed through the second secret key service client.
  • the user obtains partial private key fragments sk2-2 of the exchange through kms, and decrypts them with sk1 (sk1 represents the first private key component of the cold wallet saved by the user).
  • the user and kms do an MPC calculation to generate signature data.
  • the user provides sk1+sk2-2+ data to be signed, and kms provides sk2-1+ data to be signed.
  • the user sends the data to be signed to the blockchain to perform the transfer.
  • the client corresponding to the buying user or the client corresponding to the selling user performs transaction transfer processing according to the signature data.
  • the method for generating the first private key component and the second private key component can be generated with reference to the above-mentioned methods of FIG. 4 and FIG. 5 when the user account is created.
  • the user and the exchange each hold a private key component.
  • the operation of the account requires two people to complete together, ensuring the security of user assets.
  • Figure 11 is a schematic diagram of the digital currency investment management data processing flow diagram in an embodiment of this specification.
  • the numbers on the lines in the figure can indicate the steps of digital currency investment management.
  • Figure 11 when referring to Figure 5 above, a wealth management account is created Later, the data processing process for users buying wealth management products can refer to the following:
  • Wealth management users generate transaction messages locally through the first secret key service client, hash the transaction messages to obtain the data to be signed, call kms to initiate the signature interface, the parameter is pk1 (pk1 is the wealth management user The public key corresponding to the first private key component of the saved wealth management account) + data to be signed.
  • the asset management party can query the data to be signed through the second secret key service client.
  • the wealth management user obtains part of the exchange's private key fragment sk2-2 through kms, and decrypts it with sk1 (sk1 represents the first private key component of the cold wallet saved by the wealth management user).
  • Wealth management users and kms do an MPC calculation to generate signature data.
  • Wealth management users provide sk1+sk2-2+ data to be signed, and kms provides sk2-1+ data to be signed.
  • the user sends the data to be signed to the blockchain to perform the transfer.
  • the wealth management user and the asset management party each hold a private key component, and the user's purchase of the wealth management product requires two individuals to complete it, ensuring the security of the user's assets.
  • user assets are stored on the chain, so it is safe and account flow is transparent, ensuring the transparency of the use of user assets.
  • Figure 12 is a schematic diagram of the data processing flow of digital currency withdrawals performed by the exchange in an embodiment of this specification.
  • the numbers on the lines in the figure can indicate the steps of the exchange withdrawing coins.
  • the transaction After the submitted withdrawal application is approved the data processing process of the exchange withdrawal can be referred to as follows:
  • An exchange After the withdrawal is approved, the exchange will generate transaction messages locally through the first secret key service client, hash the transaction messages to obtain the data to be signed, call kms to initiate the signature interface, the parameter is pk1 (pk1 is the public key corresponding to the first private key component of the cold wallet saved in the administrator 1) + data to be signed.
  • An exchange can represent an exchange system or an exchange platform, and can be managed by an administrator of the exchange.
  • the administrator can query the data to be signed through the second secret key service client.
  • the exchange obtains partial private key sk2-2 of the administrator through kms, and decrypts it with sk1 (sk1 represents the first private key component of the exchange account saved by the exchange).
  • the exchange and kms do an MPC calculation to generate signature data.
  • the exchange provides sk1+sk2-2+ data to be signed, and kms provides sk2-1+ data to be signed.
  • the exchange sends the data to be signed to the blockchain to perform the transfer.
  • the private key of the exchange account is stored in multiple managers. When transferring funds, multiple people need to sign together to complete the transaction, ensuring the security of the exchange's assets.
  • the signature calculation process in the embodiments of this specification uses mpc calculation.
  • the mpc calculation method can be integrated in the key management server or the first key service client, or it can be integrated in the signature calculation module separately.
  • the embodiments are not specifically limited.
  • one or more embodiments of this specification also provide a digital currency transaction data processing server, a digital currency transaction data processing client, and a digital currency transaction data processing terminal.
  • the servers, clients, and terminals may include systems (including distributed systems), software (applications), modules, components, servers, clients, etc. that use the methods described in the embodiments of this specification, combined with necessary implementation hardware Device.
  • the server in one or more embodiments provided in the embodiments of this specification is as described in the following embodiments. Since the implementation scheme and method of the server to solve the problem are similar, the specific implementation of the server, client, and terminal in the embodiment of this specification can participate in the implementation of the foregoing method, and the repetition will not be repeated.
  • unit or “module” can be a combination of software and/or hardware that implements predetermined functions.
  • devices described in the following embodiments are preferably implemented by software, hardware or a combination of software and hardware is also possible and conceived.
  • FIG. 13 is a schematic diagram of the module structure of an embodiment of the digital currency transaction data processing server provided in this specification.
  • the digital currency transaction data processing server provided in this specification can be understood as the secret in the above embodiment.
  • the key management server may include: a transaction request receiving module 131, a signature data forwarding module 132, a first signature module 133, and a first transfer processing module 134, where:
  • the transaction request receiving module 131 may be used to receive transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed;
  • the signed data forwarding module 132 may be used to send the data to be signed to the second secret key service client;
  • the first signature module 133 may be used to perform a signature on the data to be signed according to the first private key component stored by the first secret key service client and the second private key component stored by the second secret key service client. Sign to obtain signature data, wherein the sum of the first private key component and the second private key component is the private key of the transaction account;
  • the first transfer processing module 134 may be configured to send the signature data to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
  • the digital currency transaction data processing server splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients corresponding to the digital currency transaction, that is, different users.
  • the private key component saved by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect.
  • the sum of the private key components saved by each secret key service client is the private key of the transaction account.
  • the signature data is essentially obtained by signing with the private key of the transaction account to complete the signature transfer of the transaction account.
  • the second private key component includes a first private key fragment and a second private key fragment
  • the first signature module is specifically used for:
  • the data to be signed is signed to obtain the signature data.
  • the digital currency transaction data processing server provided by the embodiment of this specification splits the private key component of the second secret key service client into two parts, one part is sent to the secret key management server, and the other part is sent to the first secret key service client.
  • the key management server and the first key service client use the corresponding private key component to sign data. No party has obtained the complete private key of the transaction account, ensuring the security of the transaction.
  • multi-signature relies on the characteristics of the underlying chain, different chains have different ways and increase the complexity of the code.
  • the embodiment of this specification utilizes the signature transmission technology of the secret key management server kms, which can quickly realize the signature of the transaction data, the method is simple, and the data processing speed is improved.
  • the first private key component corresponds to a public key
  • the second private key segment is encrypted using the public key corresponding to the first private key component
  • the first signature module is specifically used for:
  • the encrypted second private key fragments are sent to the first secret key service client, so that the first secret key service client uses the first private key component to decrypt to obtain the second private key Key fragmentation.
  • the digital currency transaction data processing server provided by the embodiment of this specification splits the private key component in the second secret key service client, and uses the first secret key service client to slice the split second private key
  • the public key of the stored first private key component is encrypted.
  • the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account.
  • no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of digital currency transactions.
  • the first signature module is specifically configured to:
  • the first private key component and the second private key component and the first secret key service client, use secure multi-party computing to sign the data to be signed to obtain the signature data.
  • the digital currency transaction data processing server provided by the embodiment of this specification separately stores the private key components of the transaction account in different clients, and uses multi-party secure calculation to perform signature calculation to ensure the security of the signature data.
  • the transaction request data received by the transaction request receiving module includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, At least one of financial request data.
  • the digital currency transaction data processing server provided in the embodiments of this specification provides security guarantees for digital currency transactions in different scenarios, and ensures the security of user assets or exchange assets.
  • the foregoing server may also include other implementation manners according to the description of the method embodiment.
  • reference may be made to the description of the method embodiment executed by the key manager, which will not be repeated here.
  • FIG. 14 is a schematic diagram of the structure of the digital currency transaction data processing client in the embodiment of this specification.
  • the digital currency transaction data processing client in the embodiment of this specification can execute the data processing process corresponding to the first secret key service client in the above embodiment, and may include: a transaction request sending module 141, a secret key receiving module 142.
  • the second signature module 143 and the second transfer processing module 144 wherein:
  • the transaction request sending module 141 may be used to send transaction request data to the secret key management server, so that the secret key management server sends transaction request data to the second secret key service client, where the transaction request data includes data to be signed;
  • the secret key receiving module 142 may be configured to receive the second private key component saved by the second secret key service client and sent by the secret key management server;
  • the second signature module 143 can be used to sign the data to be signed according to the first private key component stored by itself and the received second private key component to obtain signature data, wherein the first private key component The sum of the key component and the second private key component is the private key of the transaction account;
  • the second transfer processing module 144 may be used to perform transaction transfer processing according to the signature data.
  • the digital currency transaction data processing client splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients, that is, the user.
  • the private key component of the cold wallet stored by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect.
  • the sum of the private key components of the cold wallet stored by each secret key service client is the private key of the transaction account.
  • the signature data is essentially obtained by signing the transaction account's private key to complete the signature transfer of the transaction account.
  • the second private key component includes: a first private key fragment, a second private key fragment, and the second private key fragment uses the first private key fragment.
  • a public key corresponding to a private key component is encrypted;
  • the secret key receiving module is specifically used for:
  • the second signature module is specifically used for:
  • the digital currency transaction data processing client provided by the embodiment of this specification splits the private key component in the second secret key service client, and uses the split second private key to serve the client with the first secret key.
  • the public key of the private key component of the end is encrypted.
  • the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account.
  • no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of the transaction.
  • the second signature module is specifically used for:
  • the key management server use secure multi-party computing to sign the data to be signed to obtain the signature data.
  • the digital currency transaction data processing client provided by the embodiment of this specification separately stores the private key components of the transaction account in different clients, and uses multi-party secure calculation to perform signature calculation to ensure the security of the signature data.
  • the transaction request data sent by the transaction request sending module includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, transaction At least one of the withdrawal request data and the financial management request data.
  • the digital currency transaction data processing client provided in the embodiments of this specification provides security guarantees for digital currency transactions in different scenarios, and ensures the security of user assets or exchange assets.
  • the client further includes a first private key component generating module, configured to:
  • the second secret key service client generates respective first private key components and second private key components
  • the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data
  • the exchange account when the exchange account is created, according to the private key of the exchange account, serve the customer with the second secret key
  • the terminals respectively generate their first private key component and second private key component.
  • the digital currency transaction data processing client when a transaction account is created, multiple private key components are generated according to the private key of the transaction account.
  • the private key components are stored by multiple users, which provides a secure transaction for subsequent digital currency transactions. Data basis.
  • FIG. 15 is a schematic diagram of the structure of the digital currency transaction data processing terminal in the embodiment of this specification, as shown in FIG.
  • the digital currency transaction data processing terminal in the embodiment of this specification can execute the data processing process corresponding to the second secret key service client in the above embodiment, and can include: a transaction request query module 151 and a signature confirmation module 152. :
  • the transaction request query module 151 may be used to receive transaction request data sent by the key management server, the transaction request data being sent by the first key service client, and the transaction request data including data to be signed;
  • the signature confirmation module 152 may be used to return confirmation signature information to the key management server, and send the second private key component stored by itself to the key management server, so that the secret key management server and the The first secret key service client signs the data to be signed according to the second private key component and the first private key component saved by the first secret key service client to obtain the signature data, and the The first secret key service client performs transaction transfer processing according to the signature data;
  • the sum of the first private key component and the second private key component is the private key of the transaction account.
  • the digital currency transaction data processing terminal splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients, that is, users.
  • the private key component of the cold wallet stored by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect.
  • the sum of the private key components of the cold wallet stored by each secret key service client is the private key of the transaction account.
  • the signature data is essentially obtained by signing the transaction account's private key to complete the signature transfer of the transaction account.
  • the signature confirmation module is specifically used for:
  • the secret key management server and the first secret key service client perform the signature on the to-be-signed according to the second private key component and the first private key component stored by the first secret key service client Data is signed, including:
  • the key management server sends the encrypted second private key fragments to the first key service client;
  • the first secret key service client uses the first private key component to decrypt the encrypted second private key fragment to obtain the second private key fragment;
  • the key management server and the first key service client use secure multi-party computing to compare the data to be signed Sign and obtain the signature data.
  • the second private key component is split in the second secret key service client, and the split second private key is used to serve the client with the first secret key.
  • the public key of the private key component of the end is encrypted.
  • the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account.
  • no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of the transaction.
  • the transaction request data received by the transaction request query module includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, At least one of exchange withdrawal request data and wealth management request data.
  • the digital currency transaction data processing terminal provided in the embodiments of this specification provides security guarantees for digital currency transactions in different scenarios, and ensures the security of user assets or exchange assets.
  • the terminal further includes a second private key component generating module, configured to:
  • the first secret key service client generates respective second private key components and first private key components
  • the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data
  • the exchange account when the exchange account is created, according to the private key of the exchange account, serve the customer with the first secret key
  • the terminals respectively generate their second private key component and first private key component.
  • the digital currency transaction data processing terminal provided by the embodiment of this specification generates multiple private key components according to the private key of the transaction account during transaction account creation.
  • the private key components are stored by multiple users and provide data for subsequent secure transactions of digital currency basis.
  • the foregoing terminal may also include other implementation manners according to the description of the method embodiment.
  • reference may be made to the description of the method embodiment executed by the second secret key service client, which is not repeated here.
  • the embodiment of the present specification also provides a digital currency transaction data processing device, including: at least one processor and a memory for storing processor-executable instructions, and the processor implements the digital currency transaction of the foregoing embodiment when the processor executes the instructions
  • Data processing methods such as:
  • the data to be signed is signed to obtain the signature data, wherein:
  • the sum of the first private key component and the second private key component is the private key of the transaction account;
  • the signature data is sent to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
  • the data to be signed is signed to obtain signature data, wherein the first private key component and the second private key
  • the sum of the weights is the private key of the trading account
  • the sum of the first private key component and the second private key component is the private key of the transaction account.
  • an embodiment of this specification may also provide a computer-readable storage medium on which computer instructions are stored, which when executed, realize the digital currency transaction data processing method of the above-mentioned embodiment, such as :
  • the data to be signed is signed to obtain the signature data, wherein:
  • the sum of the first private key component and the second private key component is the private key of the transaction account;
  • the signature data is sent to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
  • the data to be signed is signed to obtain signature data, wherein the first private key component and the second private key
  • the sum of the weights is the private key of the trading account
  • the sum of the first private key component and the second private key component is the private key of the transaction account.
  • the storage medium may include a physical device for storing information, and usually the information is digitized and then stored in an electric, magnetic, or optical medium.
  • the storage medium may include: devices that use electrical energy to store information, such as various types of memory, such as RAM, ROM, etc.; devices that use magnetic energy to store information, such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk; a device that uses optical means to store information, such as CD or DVD.
  • devices that use electrical energy to store information such as various types of memory, such as RAM, ROM, etc.
  • devices that use magnetic energy to store information such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk
  • a device that uses optical means to store information such as CD or DVD.
  • quantum memory graphene memory, and so on.
  • processing device and computer-readable storage medium may further include other implementation manners according to the description of the method embodiment.
  • specific implementation manners reference may be made to the description of the related method embodiments, which will not be repeated here.
  • an embodiment of this specification may also provide a digital currency transaction data processing system, which may include: a secret key management server, a first secret key service client, and a second secret key service client;
  • the digital currency transaction data processing system is used to perform at least one of the buying and selling of digital currency, the withdrawal of digital currency, the cold wallet transfer of digital currency in the exchange system, and the investment management of digital currency.
  • the secret key The management server, the first secret key service client, and the second secret key service client execute the corresponding methods in the foregoing embodiments.
  • the first secret key service client and the second secret key service client correspond to different Terminal, such as:
  • the first secret key service client is a buyer user transaction client or a seller user transaction client
  • the second secret key service The client is the exchange client, that is, the exchange.
  • the first secret key service client is a withdrawal user client
  • the second secret key service client is an exchange client
  • the first secret key service client may be the client where the administrator responsible for submitting the withdrawal application in the exchange is located
  • the second secret key serves the customer
  • the client includes one or more, which can be the client corresponding to other administrators in the exchange. If the user withdraws coins, the first secret key service client may be the client corresponding to the user who submitted the withdrawal application, and the second secret key service client is the exchange.
  • the first secret key service client and the second secret key service client are both exchange clients, that is, the transaction The client corresponding to the administrator, wherein the second secret key service client includes one or more.
  • the first secret key service client is a wealth management user client
  • the second secret key service client is an asset management client
  • FIG. 16 is a hardware structural block diagram of the server applying the digital currency transaction data processing method in the embodiment of this specification.
  • Figure 16 can show the structural block diagram of the secret key management server or the first secret key service.
  • the server 10 may include one or more (only one is shown in the figure) processor 100 (the processor 100 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA),
  • the memory 200 for storing data
  • the transmission module 300 for communication functions.
  • the structure shown in FIG. 16 is only for illustration, and it does not limit the structure of the above electronic device.
  • the server 10 may also include more or fewer components than those shown in FIG. 16, for example, may also include other processing hardware, such as a database or multi-level cache, GPU, or have a configuration different from that shown in FIG.
  • the memory 200 can be used to store software programs and modules of application software, such as the program instructions/modules corresponding to the digital currency transaction data processing method in the embodiment of this specification.
  • the processor 100 runs the software programs and modules stored in the memory 200, thereby Perform various functional applications and data processing.
  • the memory 200 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory.
  • the memory 200 may further include a memory remotely provided with respect to the processor 100, and these remote memories may be connected to a computer terminal through a network. Examples of the aforementioned networks include but are not limited to the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
  • the transmission module 300 is used to receive or send data via a network.
  • the foregoing specific examples of the network may include a wireless network provided by a communication provider of a computer terminal.
  • the transmission module 300 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through a base station to communicate with the Internet.
  • the transmission module 300 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner.
  • RF radio frequency
  • the above-mentioned digital currency transaction data processing method or device provided by the embodiments of this specification can be implemented in a computer by a processor executing corresponding program instructions, such as using the c++ language of the windows operating system on the PC side, linux system implementation, or other examples Use android, iOS system programming language to realize in intelligent terminal, and realize the processing logic based on quantum computer, etc.
  • the device, computer storage medium, and system described above in the specification may also include other implementation manners according to the description of the related method embodiments.
  • specific implementation manners please refer to the description of the corresponding method embodiments, which will not be repeated here. .
  • a programmable logic device Programmable Logic Device, PLD
  • FPGA Field Programmable Gate Array
  • HDL Hardware Description Language
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • HDCal JHDL
  • Lava Lava
  • Lola MyHDL
  • PALASM RHDL
  • VHDL Very-High-Speed Integrated Circuit Hardware Description Language
  • Verilog Verilog
  • the controller can be implemented in any suitable manner.
  • the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers.
  • controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as a part of the memory control logic.
  • controller in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for implementing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
  • a typical implementation device is a computer.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • Computers, wearable devices, or any combination of these devices may be specifically implemented by computer chips or entities, or implemented by products with certain functions.
  • the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet.
  • the functions are divided into various modules and described separately.
  • the function of each module can be realized in the same one or more software and/or hardware, or the module that realizes the same function can be realized by a combination of multiple sub-modules or sub-units, etc. .
  • the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated To another system, or some features can be ignored, or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM).
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt a computer program implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • One or more embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules.
  • program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types.
  • One or more embodiments of this specification can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

Abstract

A method, a server, a client and a system for processing digital currency transaction data. A private key of a transaction account is divided into different private key components respectively possessed by different secret key service clients corresponding to digital currency transactions, namely different users. Execution of a digital currency transaction requires agreement of the respective secret key service clients on a transfer transaction, and then the private key components stored in the respective secret key service clients are used to perform signature computation to obtain signed data for validation of transfer information. A sum of the private key components stored in the respective secret key service clients is the private key of the transaction account. The signed data is obtained by using the private key of the transaction account to affix a signature, thereby completing a signed transfer associated with the transaction account. Since private key components of a transaction account are separately stored, completion of a transfer transaction requires a signature formed from the private key components stored in multiple secret key service clients, thereby ensuring secure digital currency transactions.

Description

数字货币交易数据处理方法、服务器、客户端及系统Digital currency transaction data processing method, server, client and system 技术领域Technical field
本说明书属于数字货币技术领域,尤其涉及一种数字货币交易数据处理方法、服务器、客户端及系统。This manual belongs to the field of digital currency technology, and in particular relates to a digital currency transaction data processing method, server, client and system.
背景技术Background technique
数字货币是指对货币进行数字化,可以理解为电子货币形式的替代货币,电子货币可以理解为一种表示现金的加密序列数,它可以用来表示现实中各种金额的币值。数字金币和密码货币都属于数字货币。数字货币不同于虚拟世界中的虚拟货币,因为它能被用于真实的商品和服务交易,而不局限在网络游戏中。Digital currency refers to the digitization of currency, which can be understood as an alternative currency in the form of electronic currency. Electronic currency can be understood as an encrypted sequence number representing cash, which can be used to represent the currency value of various amounts in reality. Both digital gold coins and cryptocurrencies belong to digital currencies. Digital currency is different from virtual currency in the virtual world because it can be used for real goods and service transactions, not limited to online games.
数字货币的交易可以包括:数字货币的买入或卖出、数字货币的提币、数字货币的资产管理、数字货币的冷热钱包转账等,数据货币的交易可以通过数字货币交易平台(如:交易所)进行。如何确保用户在进行数字货币交易时交易的安全性,保证用户或交易所的资产安全,是本领域亟需解决的技术问题。Digital currency transactions can include: digital currency buying or selling, digital currency withdrawal, digital currency asset management, digital currency hot and cold wallet transfers, etc., data currency transactions can be through digital currency trading platforms (such as: Exchange). How to ensure the security of users' transactions during digital currency transactions and ensure the security of users or exchange assets is a technical problem that needs to be solved urgently in this field.
发明内容Summary of the invention
本说明书实施例目的在于提供一种数字货币交易数据处理方法、服务器、客户端及系统,提高了交易的安全性。The purpose of the embodiments of this specification is to provide a digital currency transaction data processing method, server, client and system to improve transaction security.
第一方面本说明书实施例提供了一种数字货币交易数据处理方法,包括:In the first aspect, the embodiments of this specification provide a digital currency transaction data processing method, including:
接收第一秘钥服务客户端发送的交易请求数据,所述交易请求数据包括待签名数据;Receiving transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed;
将所述待签名数据发送至第二秘钥服务客户端;Sending the data to be signed to the second secret key service client;
根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;According to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client, the data to be signed is signed to obtain the signature data, wherein: The sum of the first private key component and the second private key component is the private key of the transaction account;
将所述签名数据发送至所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端进行交易转账处理。The signature data is sent to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
第二方面,本说明书提供了一种数字货币交易数据处理服务器,包括:In the second aspect, this manual provides a digital currency transaction data processing server, including:
交易请求接收模块,用于接收第一秘钥服务客户端发送的交易请求数据,所述交易请求数据包括待签名数据;A transaction request receiving module, configured to receive transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed;
签名数据转发模块,用于将所述待签名数据发送至第二秘钥服务客户端;A signed data forwarding module, configured to send the data to be signed to the second secret key service client;
第一签名模块,用于根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;The first signature module is configured to sign the data to be signed according to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client , Obtain the signature data, wherein the sum of the first private key component and the second private key component is the private key of the transaction account;
第一转账处理模块,用于将所述签名数据发送至所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端进行交易转账处理。The first transfer processing module is configured to send the signature data to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
第三方面,本说明书提供了一种数字货币交易数据处理方法,包括:In the third aspect, this manual provides a digital currency transaction data processing method, including:
向秘钥管理服务器发送交易请求数据,以使得所述秘钥管理服务器向第二秘钥服务客户端发送交易请求数据,所述交易请求数据包括待签名数据;Sending transaction request data to the secret key management server, so that the secret key management server sends transaction request data to the second secret key service client, where the transaction request data includes data to be signed;
接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量;Receiving the second private key component saved by the second key service client and sent by the key management server;
根据自身保存的第一私钥分量以及接收到的所述第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;According to the first private key component stored by itself and the received second private key component, the data to be signed is signed to obtain signature data, wherein the first private key component and the second private key The sum of the weights is the private key of the trading account;
根据所述签名数据进行交易转账处理。Perform transaction transfer processing according to the signature data.
第四方面,本说明书提供了一种数字货币交易数据处理客户端,包括:In the fourth aspect, this manual provides a digital currency transaction data processing client, including:
交易请求发送模块,用于向秘钥管理服务器发送交易请求数据,以使得所述秘钥管理服务器向第二秘钥服务客户端发送交易请求数据,所述交易请求数据包括待签名数据;The transaction request sending module is configured to send transaction request data to the secret key management server, so that the secret key management server sends the transaction request data to the second secret key service client, and the transaction request data includes the data to be signed;
秘钥接收模块,用于接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量;A secret key receiving module, configured to receive the second private key component saved by the second secret key service client and sent by the secret key management server;
第二签名模块,用于根据自身保存的第一私钥分量以及接收到的所述第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;The second signature module is configured to sign the data to be signed according to the first private key component stored by itself and the received second private key component to obtain signature data, wherein the first private key component The sum of the second private key component is the private key of the transaction account;
第二转账处理模块,用于根据所述签名数据进行交易转账处理。The second transfer processing module is used to perform transaction transfer processing according to the signature data.
第五方面,本说明书提供了一种数字货币交易数据处理方法,包括:In the fifth aspect, this manual provides a digital currency transaction data processing method, including:
接收秘钥管理服务器发送的交易请求数据,所述交易请求数据由第一秘钥服务客户端发送,所述交易请求数据包括待签名数据;Receiving transaction request data sent by the secret key management server, the transaction request data being sent by the first secret key service client, and the transaction request data including data to be signed;
向所述秘钥管理服务器返回确认签名信息,并将自身保存的第二私钥分量发送给所述秘钥管理服务器,以使得所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,获得签名数据,且由所述第一秘钥服务客户端根据所述签名数据进行交易转账处理;Return confirmation signature information to the key management server, and send the second private key component stored by itself to the key management server, so that the key management server and the first key service client The second private key component and the first private key component saved by the first secret key service client sign the data to be signed to obtain the signature data, and the first secret key service client is based on The signature data is processed for transaction transfer;
其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Wherein, the sum of the first private key component and the second private key component is the private key of the transaction account.
第六方面,本说明书提供了一种数字货币交易数据处理终端,包括:In the sixth aspect, this manual provides a digital currency transaction data processing terminal, including:
交易请求查询模块,用于接收秘钥管理服务器发送的交易请求数据,所述交易请求数据由第一秘钥服务客户端发送,所述交易请求数据包括待签名数据;The transaction request query module is configured to receive transaction request data sent by the secret key management server, the transaction request data is sent by the first secret key service client, and the transaction request data includes data to be signed;
签名确认模块,用于向所述秘钥管理服务器返回确认签名信息,并将自身保存的第二私钥分量发送给所述秘钥管理服务器,以使得所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,获得签名数据,且由所述第一秘钥服务客户端根据所述签名数据进行交易转账处理;The signature confirmation module is used to return confirmation signature information to the secret key management server, and send the second private key component stored by itself to the secret key management server, so that the secret key management server and the first The secret key service client signs the data to be signed according to the second private key component and the first private key component saved by the first secret key service client to obtain signature data, and the The secret key service client performs transaction transfer processing according to the signature data;
其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Wherein, the sum of the first private key component and the second private key component is the private key of the transaction account.
第七方面,本说明书提供了一种数字货币交易数据处理设备,包括:至少一个处理器以及用于存储处理器可执行指令的存储器,所述处理器执行所述指令时实现上述第一方面或第三方面或第五方面所述的方法。In a seventh aspect, this specification provides a digital currency transaction data processing device, including: at least one processor and a memory for storing processor-executable instructions. The processor implements the first aspect or The method of the third or fifth aspect.
第八方面,本说明书提供了一种计算机可读存储介质,其上存储有计算机指令,所述指令被执行时实现上述第一方面或第三方面或第五方面所述的方法。In an eighth aspect, this specification provides a computer-readable storage medium on which computer instructions are stored, and when executed, the instructions implement the method described in the first aspect, the third aspect, or the fifth aspect.
第九方面,本说明书提供了一种一种数字货币交易数据处理系统,包括:秘钥管理服务器、第一秘钥服务客户端、第二秘钥服务客户端;In a ninth aspect, this specification provides a digital currency transaction data processing system, including: a secret key management server, a first secret key service client, and a second secret key service client;
所述数字货币交易数据处理系统用于进行数字货币的买入卖出、数字货币的提币、交易所系统数字货币的冷钱包转账、数字货币的投资管理中的至少一种,所述秘钥管理服务器用于执行上述第一方面所述的方法,所述第一秘钥服务客户端用于执行上述第二方面所述的方法,所述第二秘钥服务客户端用于执行上述第三方面所述的方法;The digital currency transaction data processing system is used to perform at least one of the buying and selling of digital currency, the withdrawal of digital currency, the cold wallet transfer of digital currency in the exchange system, and the investment management of digital currency. The secret key The management server is configured to execute the method described in the first aspect, the first secret key service client is configured to execute the method described in the second aspect, and the second secret key service client is configured to execute the third aspect. The method described in the aspect;
其中,若所述数字货币交易数据处理系统用于进行数字货币的买入卖出,则所述第一秘钥服务客户端为买方用户交易客户端或卖方用户交易客户端,所述第二秘钥服务客户端为交易所客户端;Wherein, if the digital currency transaction data processing system is used for buying and selling digital currency, the first secret key service client is a buyer user transaction client or a seller user transaction client, and the second secret The key service client is the exchange client;
若所述数字货币交易数据处理系统用于进行数字货币的提币,则所述第一秘钥服务客户端为提币用户客户端,所述第二秘钥服务客户端为交易所客户端,其中,若所述数字货币的提币为交易所提币,则所述第二秘钥服务客户端包括一个或多个;If the digital currency transaction data processing system is used to withdraw digital currency, the first secret key service client is a withdrawal user client, and the second secret key service client is an exchange client, Wherein, if the withdrawal of the digital currency is an exchange withdrawal, the second secret key service client includes one or more;
若所述数字货币交易数据处理系统用于进行交易所系统数字货币的冷钱包转账,则所述第一秘钥服务客户端、所述第二秘钥服务客户端均为交易所客户端,其中,所述第二秘钥服务客户端包括一个或多个;If the digital currency transaction data processing system is used for cold wallet transfer of digital currency of the exchange system, the first secret key service client and the second secret key service client are both exchange clients, where , The second secret key service client includes one or more;
若所述数字货币交易数据处理系统用于进行数字货币的投资管理,则所述第一秘钥服务客户端为理财用户客户端,所述第二秘钥服务客户端为资产管理客户端。If the digital currency transaction data processing system is used for digital currency investment management, the first secret key service client is a wealth management user client, and the second secret key service client is an asset management client.
本说明书提供的数字货币交易数据处理方法、服务器、客户端、终端、处理设备、系统,将交易账户的私钥拆分成不同的私钥分量,分别保存在数字货币交易对应的不同的秘钥服务客户端即不同的用户手中。在需要进行数字货币的交易时,需要各个秘钥服务客户端均同意交易转账后,利用各个秘钥服务客户端保存的私钥分量进行签名计算,获得签名数据,转账信息才能生效。各秘钥服务客户端保存的私钥分量之和为交易账户的私钥,签名数据实质上是利用交易账户的私钥进行签名获得的,完成交易账户的签名转账。通过将交易账户的私钥分量进行分开保存,转账时,需要多个秘钥服务客户端的私钥分量一起签名才能完成交易,确保了数字货币交易的安全性。The digital currency transaction data processing method, server, client, terminal, processing equipment, and system provided in this manual split the private key of the transaction account into different private key components, which are stored in different secret keys corresponding to the digital currency transaction. The service client is in the hands of different users. When a digital currency transaction is required, after each secret key service client agrees to the transaction transfer, the private key component saved by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect. The sum of the private key components saved by each secret key service client is the private key of the transaction account. The signature data is essentially obtained by signing with the private key of the transaction account to complete the signature transfer of the transaction account. By separately storing the private key components of the transaction account, when transferring funds, the private key components of multiple secret key service clients need to be signed together to complete the transaction, which ensures the security of digital currency transactions.
附图说明Description of the drawings
为了更清楚地说明本说明书实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the technical solutions in the embodiments of this specification or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments described in this specification. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative labor.
图1是本说明书一个实施例中数字货币买入卖出的交易流程示意图;FIG. 1 is a schematic diagram of a transaction flow of buying and selling digital currency in an embodiment of this specification;
图2是本说明书一个实施例中用户进行数字货币提币的流程示意图;FIG. 2 is a schematic diagram of a process of a user withdrawing digital currency in an embodiment of this specification;
图3是本说明书一个实施例中交易所进行数字货币提币的流程示意图;FIG. 3 is a schematic diagram of a flow of digital currency withdrawal performed by an exchange in an embodiment of this specification;
图4是本说明书一个实施例中交易所的冷钱包的创建流程示意图;FIG. 4 is a schematic diagram of the creation process of a cold wallet of an exchange in an embodiment of this specification;
图5是本说明书一个实施例中理财账户创建的流程示意图;FIG. 5 is a schematic diagram of a flow of creating a wealth management account in an embodiment of this specification;
图6是本说明书一个实施例中数字货币交易数据处理方法的流程示意图;FIG. 6 is a schematic flowchart of a method for processing digital currency transaction data in an embodiment of this specification;
图7是本说明书又一实施例中数字货币交易数据处理方法的流程示意图;FIG. 7 is a schematic flowchart of a method for processing digital currency transaction data in another embodiment of this specification;
图8是本说明书又一实施例中数字货币交易数据处理方法的流程示意图;FIG. 8 is a schematic flowchart of a method for processing digital currency transaction data in another embodiment of this specification;
图9是本说明书一个实施例中交易所冷钱包转账到热钱包的数据处理流程示意图;FIG. 9 is a schematic diagram of the data processing flow of transferring funds from the exchange cold wallet to the hot wallet in an embodiment of this specification;
图10是本说明书实施例中数字货币买入或数字货币卖出或用户提币的数据处理流程示意图;10 is a schematic diagram of the data processing flow of digital currency buying or digital currency selling or user withdrawal in the embodiment of this specification;
图11是本说明书一个实施例中数字货币的投资管理数据处理流程示意图;FIG. 11 is a schematic diagram of a processing flow of digital currency investment management data in an embodiment of this specification;
图12是本说明书一个实施例中交易所进行数字货币提币的数据处理流程示意图;FIG. 12 is a schematic diagram of a data processing flow of digital currency withdrawal performed by an exchange in an embodiment of this specification;
图13是本说明书提供的数字货币交易数据处理服务器一个实施例的模块结构示意 图;Figure 13 is a schematic diagram of the module structure of an embodiment of the digital currency transaction data processing server provided in this specification;
图14是本说明书实施例中的数字货币交易数据处理客户端的结构示意图;14 is a schematic diagram of the structure of a digital currency transaction data processing client in an embodiment of this specification;
图15是本说明书实施例中的数字货币交易数据处理终端的结构示意图;15 is a schematic diagram of the structure of a digital currency transaction data processing terminal in an embodiment of this specification;
图16是应用本说明书实施例中数字货币交易数据处理方法的服务器的硬件结构框图。16 is a block diagram of the hardware structure of the server applying the digital currency transaction data processing method in the embodiment of this specification.
具体实施方式detailed description
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below in conjunction with the drawings in the embodiments of this specification. Obviously, the described The embodiments are only a part of the embodiments in this specification, rather than all the embodiments. Based on the embodiments in this specification, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this specification.
随着基于纸张的经济向数字经济的转变,电子现金将成为主流,电子货币形式的替代货币。现如今通过交易所进行数字货币交易的应用场景越来越多,交易所可以理解为一种管理数据货币交易的网络平台。With the transition from a paper-based economy to a digital economy, electronic cash will become the mainstream, an alternative currency in the form of electronic money. Nowadays, there are more and more application scenarios for digital currency transactions through exchanges. Exchanges can be understood as a network platform for managing data currency transactions.
本说明书实施例中数字货币的交易可以包括:数字货币的买入卖出、数字货币的提币(包括用户提币和交易所提币)、交易所数字货币的冷钱包转账、数字货币的投资管理等,当然,根据实际需要,还可以进行其他的数字货币的交易,本说明书实施例不作具体限定。The transaction of digital currency in the embodiment of this specification may include: buying and selling of digital currency, withdrawal of digital currency (including user withdrawal and exchange withdrawal), cold wallet transfer of exchange digital currency, and digital currency investment Management, etc., of course, other digital currency transactions can also be conducted according to actual needs, and the embodiments of this specification do not specifically limit it.
图1是本说明书一个实施例中数字货币买入卖出的交易流程示意图,图1中线条上的数字可以表示数字货币买入卖出的步骤,如图1所示,数字货币的买入卖出过程可以包括如下:Figure 1 is a schematic diagram of the transaction flow of digital currency buying and selling in an embodiment of this specification. The numbers on the lines in Figure 1 can indicate the steps of digital currency buying and selling. As shown in Figure 1, the digital currency buying and selling The export process can include the following:
1、买单用户提交一个买单委托,买单委托可以表示用户发起的买单,如买入数字货币。1. A buying order user submits a buying order commission, which can indicate a buying order initiated by the user, such as buying digital currency.
2、交易所系统收到委托后,可以进行鉴权、风控、冻结账户余额等操作,如果没有相应匹配的卖单,交易所系统可以将该买单委托挂在盘口中。其中,鉴权可以表示判断用户是否有相应操作的权利,风控可以表示判断当前的数字货币交易存在的风险概率,冻结账户余额以便后续对用户的账户进行相应的操作。2. After receiving the commission, the exchange system can perform operations such as authentication, risk control, and freezing of account balances. If there is no corresponding matching sell order, the exchange system can entrust the buy order to the market. Among them, authentication can refer to judging whether the user has the right to operate, and risk control can refer to judging the risk probability of the current digital currency transaction, and freezing the account balance for subsequent corresponding operations on the user's account.
3、卖单用户发起一个卖单委托,卖单委托可以表示用户发起的卖单,如卖出数字货币。3. A sell order user initiates a sell order commission, which can indicate a sell order initiated by the user, such as selling digital currency.
4、交易所系统收到委托后,可以进行鉴权、风控、冻结账户余额等操作,若有相应匹配的买单,则生成成交记录。4. After receiving the commission, the exchange system can perform operations such as authentication, risk control, and freezing of account balances. If there is a corresponding matching buy order, a transaction record will be generated.
5、买卖单用户可以查询自己的委托记录是否成交。成交后,用户(包括:买单用户和卖单用户)和交易所可以进行成交结算即转账,本说明书实施例中可以将用户账户对应的私钥分为第一私钥分量、第二私钥分量,分别由用户和交易所保存,进行数字货币的买入和卖出需要用户和交易所一起进行签名才能实现。本说明书实施例中还可以通过秘钥管理服务器(kms,Key Management Service)进行秘钥的管理和使用,转账的过程可以参考本说明书实施例中数字货币交易数据处理方法的过程,完成数字货币的买入和卖出。5. The user of the buy and sell order can inquire whether his entrusted record is executed. After the transaction is completed, users (including users who buy orders and users who sell orders) and the exchange can perform transaction settlement, that is, transfer. In the embodiments of this specification, the private key corresponding to the user account can be divided into a first private key component and a second private key component. It is kept by the user and the exchange respectively, and the buying and selling of digital currency requires the user and the exchange to sign together. In the embodiment of this specification, the key management server (kms, Key Management Service) can also be used to manage and use the secret key. The process of transferring can refer to the process of the digital currency transaction data processing method in the embodiment of this specification to complete the digital currency transaction. Buy and sell.
图2是本说明书一个实施例中用户进行数字货币提币的流程示意图,图2中线条上的数字可以表示用户进行数字货币提币的步骤,如图2所示,用户进行数字货币的提币交易可以包括以下流程:Figure 2 is a schematic diagram of the user's digital currency withdrawal process in an embodiment of this specification. The numbers on the lines in Figure 2 can indicate the steps of the user's digital currency withdrawal. As shown in Figure 2, the user performs digital currency withdrawal The transaction can include the following processes:
1、提币用户发起提币申请。1. The withdrawal user initiates a withdrawal application.
2、交易所系统收到申请后,可以进行鉴权、风控、冻结账户余额等操作。2. After receiving the application, the exchange system can perform operations such as authentication, risk control, and freezing of account balances.
3、提币用户可以查询审核结果。审核通过后,提币用户和交易所可以进行提币操作,本说明书实施例中可以将用户账户对应的私钥分为第一私钥分量、第二私钥分量,分别由用户和交易所保存,进行用户提币操作时,需要用户和交易所一起进行签名才能实现。本说明书实施例中还可以通过秘钥管理服务器(kms,Key Management Service)进行秘钥的管理和使用,提币的过程可以参考本说明书实施例中数字货币交易数据处理方法的过程。3. Withdrawal users can query the audit results. After the review is passed, the withdrawal user and the exchange can perform the withdrawal operation. In the embodiment of this manual, the private key corresponding to the user account can be divided into the first private key component and the second private key component, which are respectively saved by the user and the exchange , When the user withdraws money, the user and the exchange must sign together to achieve it. In the embodiment of this specification, the key management server (kms, Key Management Service) can also be used to manage and use the key, and the process of withdrawing money can refer to the process of the digital currency transaction data processing method in the embodiment of this specification.
图3是本说明书一个实施例中交易所进行数字货币提币的流程示意图,图3中线条上的数字可以表示交易所进行数字货币提币的步骤,如图3所示,交易所进行数字货币的提币可以包括以下流程:Fig. 3 is a schematic diagram of the process of digital currency withdrawal performed by the exchange in an embodiment of this specification. The numbers on the lines in Fig. 3 can indicate the steps of the exchange’s digital currency withdrawal. As shown in Fig. 3, the exchange performs digital currency withdrawal. The withdrawal of coins can include the following processes:
1、操作人员发起提币申请。操作人员可以理解为交易所的财务管理员或其他工作人员。1. The operator initiates a withdrawal application. Operators can be understood as financial administrators or other staff of the exchange.
2、交易所系统收到申请后,可以进行做鉴权、风控、冻结账户余额。审核通过后,交易所的管理员可以进行提币操作,本说明书实施例中可以将交易所账户对应的私钥分为第一私钥分量、第二私钥分量,分别由交易所不同的管理员保存,交易所进行提币时,需要交易所多个管理员一起进行签名才能实现,提币的过程可以参考本说明书实施例中数字货币交易数据处理方法的过程。2. After receiving the application, the exchange system can perform authentication, risk control, and freeze account balances. After the review is passed, the administrator of the exchange can perform coin withdrawal operations. In the embodiment of this manual, the private key corresponding to the exchange account can be divided into the first private key component and the second private key component, which are managed by the exchange separately When the exchange performs the withdrawal, multiple administrators of the exchange need to sign together to realize the withdrawal. The process of withdrawal can refer to the process of the digital currency transaction data processing method in the embodiment of this specification.
交易所内部数字货币管理时,一般会分为冷热钱包,冷钱包进行离线存储,热钱包在线的,处理用户的提币。交易所在冷钱包向热钱包转账时,通常涉及的转账金额比较大。通常情况下交易所会有多个管理用户,类似于公司的股东或管理者,本说明书实施例中可以将交易所对应的冷钱包的私钥拆分成多个私钥分量,分别保存在不同的管理用户中。本说明书实施例中还可以通过秘钥管理服务器(kms,Key Management Service)进行秘钥的管理和使用。在需要冷钱包向热钱包转账时,利用秘钥管理服务器获得各个管理用户同意转账的信息,并使用各管理用户手中的私钥分量进行签名后,才能实现冷钱包向热钱包的转账过程。In the internal digital currency management of the exchange, it is generally divided into hot and cold wallets, cold wallets for offline storage, and hot wallets online to process user withdrawals. When an exchange transfers funds from a cold wallet to a hot wallet, the transfer amount usually involved is relatively large. Under normal circumstances, the exchange will have multiple management users, similar to the shareholders or managers of the company. In the embodiment of this manual, the private key of the cold wallet corresponding to the exchange can be split into multiple private key components, which are stored in different Of administrative users. In the embodiments of the present specification, the management and use of the secret key can also be performed through a secret key management server (kms, Key Management Service). When a cold wallet is required to transfer money to a hot wallet, the secret key management server is used to obtain the information that each management user agrees to the transfer, and the private key component in the hands of each management user is used to sign, then the transfer process from the cold wallet to the hot wallet can be realized.
本说明书一些实施例还提供了一种交易所冷钱包的创建方法,图4是本说明书一个实施例中交易所的冷钱包的创建流程示意图,如图4所示,本说明书一个实施例中交易所可以包括2个管理员,每个管理员对应有一个秘钥服务客户端,管理员1对应的秘钥服务客户端可以称为第一秘钥服务客户端,管理员2对应的秘钥服务客户端可以表示第二秘钥服务客户端,图中线条上的数字可以表示冷钱包创建的步骤。如图4所示,冷钱包的创建过程可以包括如下过程:Some embodiments of this specification also provide a method for creating a cold wallet of an exchange. FIG. 4 is a schematic diagram of the creation process of a cold wallet of an exchange in an embodiment of this specification. As shown in FIG. 4, a transaction in an embodiment of this specification It can include 2 administrators, each administrator corresponds to a key service client, the key service client corresponding to administrator 1 can be called the first key service client, and the key service corresponding to administrator 2 The client can represent the second key service client, and the numbers on the lines in the figure can represent the steps of cold wallet creation. As shown in Figure 4, the process of creating a cold wallet can include the following processes:
1、管理员1可以利用第一秘钥服务客户端本地生成私钥分量以及私钥分量对应的公钥sk1+pk1:(sk1表示管理员1生成的私钥分量,pk1表示管理员1的私钥分量对应的公钥),并通过线下获得管理员2的pk2(pk2表示管理员2的私钥分量对应的公钥),调用kms创建钱包接口,并作为钱包的一个参与者。1. Administrator 1 can use the first secret key service client to locally generate the private key component and the public key sk1+pk1 corresponding to the private key component: (sk1 represents the private key component generated by administrator 1, and pk1 represents the private key of administrator 1. The public key corresponding to the key component), and obtain the pk2 of administrator 2 offline (pk2 represents the public key corresponding to the private key component of administrator 2), call kms to create the wallet interface, and act as a participant of the wallet.
2、管理员2可以利用第二秘钥服务客户端本地生成私钥分量以及私钥分量对应的公钥:sk2+pk2(sk2表示管理员2生成的私钥分量,pk2表示管理员2的私钥分量对应的公钥),再将sk2拆分成2部分sk2=sk2-1+sk2-2(其中,sk2-2被pk1加密),并调用kms的加入钱包接口,作为钱包的一个参与者。2. The administrator 2 can use the second secret key service client to locally generate the private key component and the public key corresponding to the private key component: sk2+pk2 (sk2 represents the private key component generated by the administrator 2, and pk2 represents the private key of the administrator 2. The public key corresponding to the key component), then split sk2 into 2 parts sk2=sk2-1+sk2-2 (where sk2-2 is encrypted by pk1), and call kms's wallet join interface as a participant of the wallet .
3、管理员1通过kms获得管理员2的部分私钥分片sk2-2,并用sk1解密。3. Administrator 1 obtains partial private key fragments sk2-2 of administrator 2 through kms, and decrypts them with sk1.
4、管理员1和kms做一次mpc(Secure Muti-Party Computation,安全多方计算)计算生成冷钱包的公钥,在进行mpc计算时管理员1提供sk1+sk2-2,kms提供sk2-1。4. Administrator 1 and kms perform an MPC (Secure Muti-Party Computation) calculation to generate the public key of the cold wallet. When performing MPC calculation, administrator 1 provides sk1+sk2-2, and kms provides sk2-1.
5、获得公钥,代表冷钱包创建成功,并且每个管理员以及秘钥管理服务器均不会持有完整的秘钥,可以保证冷钱包数字货币交易管理的安全性。5. Obtaining the public key means that the cold wallet is successfully created, and each administrator and the secret key management server will not hold the complete secret key, which can ensure the security of the cold wallet digital currency transaction management.
本说明书实施例的数字货币交易还可以包括数字货币的投资管理,投资过程可以表示在数字资管系统中,用户首先需要注册理财用户,然后购买理财产品。图5是本说明书一个实施例中理财账户创建的流程示意图,图5中线条上的数字可以表示理财账户创 建的步骤,如图5所示,理财账户创建的过程可以包括:The digital currency transactions in the embodiments of this specification can also include digital currency investment management. The investment process can be expressed in the digital asset management system. The user first needs to register a wealth management user and then purchase wealth management products. Figure 5 is a schematic diagram of the process of creating a wealth management account in an embodiment of this specification. The numbers on the lines in Figure 5 can indicate the steps of creating a wealth management account. As shown in Figure 5, the process of creating a wealth management account can include:
1、理财用户可以利用第一秘钥服务客户端本地生成私钥分量以及私钥分量对应的公钥sk1+pk1(sk1表示理财用户生成的私钥分量,pk1表示理财用户生成的私钥分量对应的公钥)并通过线下获得的资管方的pk2(pk2表示理财用户的私钥分量对应的公钥),调用kms创建钱包接口,并作为钱包的一个参与者。理财用户可以表示投资者。1. Wealth management users can use the first secret key service client to locally generate the private key component and the public key sk1+pk1 corresponding to the private key component (sk1 represents the private key component generated by the wealth management user, and pk1 represents the corresponding private key component generated by the wealth management user Public key) and through the pk2 of the asset manager obtained offline (pk2 represents the public key corresponding to the private key component of the wealth management user), call kms to create the wallet interface and act as a participant of the wallet. Financial users can represent investors.
2、资管方可以利用第二秘钥服务客户端本地生成私钥分量sk2+pk2(sk2表示资管方生成的私钥分量,pk2表示资管方的私钥分量对应的公钥),在将sk2拆分成2部分sk2=sk2-1+sk2-2(其中,sk2-2被pk1加密),并调用kms的加入钱包接口,作为钱包的一个参与者。资管方可以表示提供投资管理服务的机构。2. The asset manager can use the second secret key service client to locally generate the private key component sk2+pk2 (sk2 represents the private key component generated by the asset manager, and pk2 represents the public key corresponding to the asset manager’s private key component). Split sk2 into 2 parts sk2=sk2-1+sk2-2 (sk2-2 is encrypted by pk1), and call kms's wallet join interface as a participant of the wallet. The asset manager may refer to an institution that provides investment management services.
3、理财用户通过kms获得资管方的部分私钥分片sk2-2,并用sk1解密。3. The wealth management user obtains part of the private key fragment sk2-2 of the asset manager through kms, and decrypts it with sk1.
4、理财用户和kms做一次mpc计算生成理财用户账户的公钥,理财用户提供sk1+sk2-2,kms提供sk2-1。4. Wealth management users and kms do an MPC calculation to generate the public key of the financial user account. Wealth management users provide sk1+sk2-2, and kms provides sk2-1.
5、获得公钥,代表理财用户的账户钱包创建成功,并且每个用户以及秘钥管理服务器均不会持有完整的秘钥,可以保证理财用户的数字货币交易管理的安全性。理财用户账户创建完成后,可以利用理财账户买入理财产品,其中理财产品的买入需要理财用户和资管方分别利用各自保存的理财账户的私钥分量进行签名计算,理财产品的买入过程可以参考本说明书实施例中数字货币交易数据处理方法的过程。5. Obtain the public key, which represents the successful creation of the account wallet of the wealth management user, and each user and the secret key management server will not hold the complete secret key, which can ensure the security of the digital currency transaction management of the wealth management user. After the wealth management user account is created, you can use the wealth management account to buy wealth management products. The purchase of the wealth management product requires the wealth management user and the asset manager to use the private key components of their respective wealth management accounts to perform signature calculations. The process of buying wealth management products You can refer to the process of the digital currency transaction data processing method in the embodiment of this specification.
本说明书实施例中提供了一种数字货币交易数据处理方法,通过将交易账户的私钥分为第一私钥分量和第二私钥分量,分别保存在不同的秘钥服务客户端中,在进行数字货币的交易转账时,利用各个秘钥服务客户端中保存的私钥分量对转账的数据进行签名。各个秘钥服务客户端均同意签名即同意转账才能实现交易转账,保证了交易所数字货币交易的安全性。The embodiment of this specification provides a method for processing digital currency transaction data. By dividing the private key of the transaction account into a first private key component and a second private key component, they are stored in different secret key service clients. When performing digital currency transaction transfers, the private key components stored in each secret key service client are used to sign the transferred data. Each secret key service client agrees to sign and agree to transfer to realize transaction transfer, which ensures the security of exchange digital currency transactions.
本说明书中数字货币交易数据处理方法可以应用在客户端或服务器中,客户端可以是智能手机、平板电脑、智能可穿戴设备(智能手表、虚拟现实眼镜、虚拟现实头盔等)、智能车载设备等电子设备。The digital currency transaction data processing method in this manual can be applied to the client or server. The client can be a smart phone, a tablet computer, a smart wearable device (smart watch, virtual reality glasses, virtual reality helmet, etc.), smart car equipment, etc. Electronic equipment.
具体的,图6是本说明书一个实施例中数字货币交易数据处理方法的流程示意图,本说明书实施例中的数字货币交易数据处理方法可以表示秘钥管理服务器侧执行的交易管理过程。如图6所示,本说明书一个实施例中提供的数字货币交易数据处理方法的整体过程可以包括:Specifically, FIG. 6 is a schematic flow diagram of a digital currency transaction data processing method in an embodiment of this specification. The digital currency transaction data processing method in this embodiment of this specification may represent a transaction management process performed on the key management server side. As shown in Figure 6, the overall process of the digital currency transaction data processing method provided in an embodiment of this specification may include:
步骤602、接收第一秘钥服务客户端发送的交易请求数据,所述交易请求数据包括待签名数据。Step 602: Receive transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed.
第一秘钥服务客户端可以理解为数字货币交易过程中的一个用户的客户端,如:若进行数字货币的买入,则第一秘钥服务客户端可以表示买方用户的客户端;若进行数字货币的卖出,则第一秘钥服务客户端可以表示卖方用户的客户端;若用户进行数字货币的提币,则第一秘钥服务客户端可以表示提币用户的客户端;若交易所进行数字货币的提币,则第一秘钥服务客户端可以表示交易所中提出提币申请的管理员的客户端;若进行交易所冷钱包转账交易,则第一秘钥服务客户端可以表示提出冷钱包转账请求的管理员的客户端,如:上述图4中的管理员1对应的客户端可以称为第一秘钥服务客户端;若进行数字货币的投资管理,则第一秘钥服务客户端可以表示理财用户的客户端。The first key service client can be understood as a user's client in the digital currency transaction process. For example, if the digital currency is purchased, the first key service client can represent the buyer's client; For the sale of digital currency, the first key service client can represent the client of the seller user; if the user withdraws the digital currency, the first key service client can represent the client of the withdrawing user; For the withdrawal of digital currency, the first secret key service client can represent the client of the administrator who made the withdrawal request in the exchange; if the exchange cold wallet transfer transaction is performed, the first secret key service client can Represents the client of the administrator who requested the cold wallet transfer. For example, the client corresponding to the administrator 1 in Figure 4 can be called the first secret key service client; if the investment management of digital currency is performed, the first secret The key service client can represent the client of a wealth management user.
本说明书一些实施例中,交易请求数据可以包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。在进行数字货币的交易时,用户可以通过第一秘钥服务客户端向秘钥管理服务器发送交易请求数据,如:买入数字货币的请求数据、卖出数字货币的请求数据、用户提币的请求数据、交易所提币的请求数据、冷钱包转账请求数据或买入理财产品的请求数据等。其中,交易请求数据中可以包括待签名数据,待签名数据可以表示交易请求具体信息如:买入货币的金额、卖出货币的金额、提币金额、冷钱包转账金额、买入理财产品的金额和类型等信息。In some embodiments of this specification, the transaction request data may include at least one of digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, and wealth management request data. When conducting digital currency transactions, users can send transaction request data to the key management server through the first secret key service client, such as: request data for buying digital currency, request data for selling digital currency, and user withdrawal Request data, request data of exchange currency withdrawal, cold wallet transfer request data, or purchase request data of wealth management products, etc. Among them, the transaction request data can include data to be signed, and the data to be signed can indicate the specific information of the transaction request, such as: the amount of currency bought, the amount of currency sold, the amount of money withdrawn, the amount of cold wallet transfer, and the amount of money purchased And type.
步骤604、将所述待签名数据发送至第二秘钥服务客户端。Step 604: Send the data to be signed to the second secret key service client.
秘钥管理服务器接收到第一秘钥管理客户端发送的交易请求数据后,可以将其中的待签名数据发送至第二秘钥服务客户端,由第二秘钥服务客户端确认是否允许转账。其中,第二秘钥服务客户端可以表示数字货币交易的另一方用户对应的客户端,如:若进行数字货币的卖出,则第二秘钥服务客户端可以表示交易所客户端,交易所客户端可以理解为交易所系统或交易所平台,也可以理解为交易所指定的管理人员对应的客户端;若用户进行数字货币的提币,则第二秘钥服务客户端可以表示交易所客户端;若交易所进行数字货币的提币,则第二秘钥服务客户端可以表示交易所中除去第一秘钥服务客户端的其他管理员的客户端,其数量可以是一个或多个,根据实际需要进行设置,本说明书实施例不作具体限定;若进行交易所冷钱包转账交易,则第二秘钥服务客户端可以表示除第一秘钥服务客户端的管理员的客户端,其数量可以是一个或多个,根据实际需要 进行设置,本说明书实施例不作具体限定;若进行数字货币的投资管理,则第二秘钥服务客户端可以表示资管方对应的客户端,可以理解为进行资产管理的系统或机构。After receiving the transaction request data sent by the first key management client, the key management server may send the data to be signed to the second key service client, and the second key service client will confirm whether the transfer is allowed. Among them, the second secret key service client can represent the client corresponding to the other user of the digital currency transaction. For example, if the digital currency is sold, the second secret key service client can represent the exchange client. The client can be understood as an exchange system or an exchange platform, or as a client corresponding to the management personnel designated by the exchange; if the user withdraws digital currency, the second secret key service client can represent the exchange customer End; if the exchange performs digital currency withdrawals, the second secret key service client can represent the clients of other administrators in the exchange excluding the first secret key service client. The number can be one or more, according to The actual setting is required, and the embodiment of this specification does not make specific restrictions; if the exchange cold wallet transfer transaction is performed, the second secret key service client can represent the clients other than the administrator of the first secret key service client, and the number can be One or more, set according to actual needs, the embodiment of this specification does not specifically limit; if the investment management of digital currency, the second secret key service client can represent the client corresponding to the asset manager, which can be understood as asset management Managed system or organization.
第二秘钥服务客户端接收到待签名数据后,第二秘钥服务客户端对应的用户可以根据待签名数据判断交易是否成交,若成交,则可以向秘钥管理服务器返回签名确认信息,若不成交,则可以返回拒绝签名信息。After the second key service client receives the data to be signed, the user corresponding to the second key service client can judge whether the transaction is completed according to the data to be signed. If the transaction is completed, it can return signature confirmation information to the key management server. If there is no transaction, you can return the rejection signature information.
步骤606、根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Step 606: Sign the data to be signed according to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client to obtain signature data , Wherein the sum of the first private key component and the second private key component is the private key of the transaction account.
在具体的实施过程中,本说明书实施例中第一秘钥服务客户端和第二秘钥服务客户端可以分别保存有第一私钥分量和第二私钥分量,其中,第一私钥分量和第二私钥分量之和可以为交易账户的私钥。交易账户可以表示当前数字货币交易需要进行转账的账户,如:用户账户或交易所账户等。若进行数字货币的买卖交易、用户提币交易、数字货币的投资管理等,第一私钥分量和第二私钥分量之和可以为用户账户的私钥;若进行交易所的冷钱包转账,则第一私钥分量和第二私钥分量之和可以为交易所冷钱包的私钥;若进行交易所提币,则第一私钥分量和第二私钥分量之和可以为交易所账户对应的私钥。In a specific implementation process, the first secret key service client and the second secret key service client in the embodiment of this specification may respectively store the first private key component and the second private key component, where the first private key component The sum of the components of the second private key can be the private key of the transaction account. The transaction account can represent the account that needs to be transferred in the current digital currency transaction, such as a user account or an exchange account. For digital currency trading, user withdrawal transactions, digital currency investment management, etc., the sum of the first private key component and the second private key component can be the private key of the user account; if the cold wallet transfer of the exchange is performed, Then the sum of the first private key component and the second private key component can be the private key of the exchange cold wallet; if the exchange is withdrawn, the sum of the first private key component and the second private key component can be the exchange account The corresponding private key.
当第一秘钥服务客户端和第二秘钥服务客户端均同意进行数字货币的交易后,秘钥管理服务器和第一秘钥服务客户端可以根据第一私钥分量、第二私钥分量进行签名计算,对待签名数据进行签名,获得签名数据。各秘钥服务客户端保存的私钥分量之和为交易账户的私钥,签名数据实质上是利用交易账户的私钥签名获得的,完成了数字货币的安全交易。签名数据可以表示允许进行数字货币的交易如:数字货币的买入,则签名数据可以表示买方用户的账户需要支付的数字货币金额以及买入的数字货币金额,以便从买方用户的账户中转出对应的数字货币,并转入买入的数字货币金额。After the first secret key service client and the second secret key service client both agree to conduct digital currency transactions, the secret key management server and the first secret key service client can be based on the first private key component and the second private key component. Perform signature calculation, sign the data to be signed, and obtain the signature data. The sum of the private key components saved by each secret key service client is the private key of the transaction account, and the signature data is essentially obtained by signing the private key of the transaction account, completing the secure transaction of digital currency. The signature data can indicate that digital currency transactions are allowed, such as the purchase of digital currency, the signature data can indicate the amount of digital currency that needs to be paid for the buyer user’s account and the amount of digital currency purchased, so as to be transferred from the buyer user’s account Corresponding digital currency, and transfer the amount of digital currency purchased.
本说明书实施例中,对待签名数据进行签名时,可以采用安全多方计算,即第一秘钥服务客户端和秘钥管理服务器分别提供部分私钥分量对待签名数据进行签名计算,获得签名数据,以提高数字货币交易的安全性。当然,根据实际需要,还可以采用其他的签名方法,本说明书实施例不作具体限定。In the embodiment of this specification, when signing data to be signed, secure multi-party calculation can be used, that is, the first secret key service client and the key management server respectively provide part of the private key components to perform signature calculation on the data to be signed to obtain the signature data. Improve the security of digital currency transactions. Of course, other signature methods can also be used according to actual needs, and the embodiment of this specification does not specifically limit it.
步骤608、将所述签名数据发送至所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端进行交易转账处理。Step 608: Send the signature data to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
获得签名数据后,秘钥管理服务器可以将签名数据返回至第一秘钥服务客户端,第一秘钥服务客户端可以将签名数据发送至区块链上,进行数字货币交易的转账处理。区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。After obtaining the signature data, the key management server can return the signature data to the first key service client, and the first key service client can send the signature data to the blockchain for transfer processing of digital currency transactions. Blockchain is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
例如:用户A需要买入数字货币,用户A通过自己所在的客户端即第一秘钥服务客户端向秘钥管理服务器发送买入数字货币请求数据,秘钥管理服务器将买入数字货币请求数据发送给交易所即第二秘钥服务客户端,当有相应匹配的卖单委托,交易所确认可以进行交易后,可以返回确认签名信息。秘钥管理服务器可以获取到交易所保存的用户A的账户对应的第二私钥分量,并与第一秘钥管理客户端进行签名计算。其中,第一秘钥服务客户端保存有用户A账户的第一私钥分量,利用第一私钥分量和第二私钥分量进行签名计算,获得签名数据。第一秘钥服务客户端将签名数据发送到区块链上,利用区块链可以对用户A的账户进行相应的转账处理如:买入数字货币的金额以及对应的需要支付数字货币的金额,如:买入比特币的金额,需要支付以太币的金额等。For example: User A needs to buy digital currency. User A sends digital currency buying request data to the key management server through his client, the first key service client, and the key management server will buy digital currency request data Sent to the exchange, the second secret key service client, when there is a corresponding matching sell order, the exchange confirms that the transaction can be carried out, and can return the confirmation signature information. The key management server can obtain the second private key component corresponding to the account of user A stored in the exchange, and perform signature calculation with the first key management client. Wherein, the first secret key service client stores the first private key component of the user A account, and uses the first private key component and the second private key component to perform signature calculation to obtain signature data. The first secret key service client sends the signature data to the blockchain, and the blockchain can be used to perform corresponding transfer processing to user A’s account, such as the amount of digital currency bought and the corresponding amount of digital currency that needs to be paid. Such as: the amount of bitcoin to buy, the amount of ether that needs to be paid, etc.
其他的数字货币的交易如:数字货币的卖出、用户进行数字货币提币、交易所提币、交易所冷钱包转账、数字货币投资管理交易等数字货币的交易过程,可以参考数字货币买入的交易处理过程,此处不再赘述。Other digital currency transactions such as: digital currency sales, users' digital currency withdrawals, exchange withdrawals, exchange cold wallet transfers, digital currency investment management transactions and other digital currency transaction processes, you can refer to digital currency buying The transaction processing process is not repeated here.
本说明书一些实施例中的数字货币的交易过程,第二秘钥服务客户端可以是多个,例如:交易所冷钱包转账交易,交易所提币交易,以交易所冷钱包转账交易为例,第二秘钥服务客户端有2个时,数字货币交易的数据处理过程可以参考如下:For the digital currency transaction process in some embodiments of this specification, the second secret key service client can be multiple, for example: exchange cold wallet transfer transaction, exchange currency withdrawal transaction, take the exchange cold wallet transfer transaction as an example, When there are two second key service clients, the data processing process of digital currency transactions can be referred to as follows:
假设交易所包括三个管理员:管理员1、管理员2、管理员3,管理员1负责交易所的财务管理,管理员2为老板,管理员3为股东,管理员1对应的客户端可以表示第一秘钥服务客户端,管理员2、管理员3对应的客户端可以表示第二秘钥服务客户端。管理员1、管理员2、管理员3分别保存有交易所对应的冷钱包的私钥的私钥分量sk1、sk2、sk3,其中,管理员1、管理员2、管理员3保存的私钥分量之和等于冷钱包的私钥,即sk1+sk2+sk3=冷钱包的私钥。当交易所需要从冷钱包向热钱包转账时,管理员1可以通过自己的第一秘钥服务客户端向秘钥管理服务器发送冷钱包转账请求,秘钥管理服务器接收到请求后,可以将该请求发送至管理员2、管理员3对应的第二秘钥服务客户端,由管理员2、管理员3确认是否同意转账。若管理员2、管理员3均同意转账,则可以通过对应的第二秘钥服务客户端返回确认签名信息。秘钥管理服务器接收到管理员2、管理员3返回的确认签名信息后,可以获取到管理员2、管理员3保存的私钥分量,再利 用管理员1、管理员2、管理员3各自保存的私钥分量,对冷钱包转账请求中的待签名数据进行签名,获得签名数据,表示交易所同意该笔转账信息。秘钥管理服务器还可以将获得的签名数据返回至第一秘钥服务客户端,如发送至管理员1,管理员1可以将签名数据发送至区块链,由区块链执行转账处理。Suppose that the exchange includes three administrators: administrator 1, administrator 2, administrator 3, administrator 1 is responsible for the financial management of the exchange, administrator 2 is the boss, administrator 3 is the shareholder, and the client corresponding to administrator 1 It can represent the first key service client, and the clients corresponding to the administrator 2 and administrator 3 can represent the second key service client. Administrator 1, administrator 2, and administrator 3 respectively store the private key components sk1, sk2, and sk3 of the private key of the cold wallet corresponding to the exchange. Among them, the private keys saved by administrator 1, administrator 2, and administrator 3 The sum of the components is equal to the private key of the cold wallet, that is, sk1+sk2+sk3=the private key of the cold wallet. When the exchange needs to transfer money from a cold wallet to a hot wallet, the administrator 1 can send a cold wallet transfer request to the key management server through its first key service client. After the key management server receives the request, it can The request is sent to the second key service client corresponding to the administrator 2 and the administrator 3, and the administrator 2 and the administrator 3 confirm whether to approve the transfer. If both the administrator 2 and the administrator 3 agree to the transfer, the confirmation signature information can be returned through the corresponding second key service client. After the key management server receives the confirmation signature information returned by the administrator 2 and the administrator 3, it can obtain the private key components saved by the administrator 2 and the administrator 3, and then use each of the administrator 1, administrator 2, and administrator 3. The saved private key component signs the data to be signed in the cold wallet transfer request and obtains the signature data, indicating that the exchange agrees to the transfer information. The key management server can also return the obtained signature data to the first key service client, such as sending it to the administrator 1, and the administrator 1 can send the signature data to the blockchain, and the blockchain will perform the transfer processing.
需要说明的是,本说明书实施例中各个秘钥服务客户端的私钥分量的生成可以在交易账户创建时生成,可以采用模相加、相减的算法将账户对应的私钥拆分成不同的私钥分量,再保存到各个秘钥服务客户端。具体可以参考图4、图5中交易所冷钱包创建或理财账户创建的过程中,私钥分量的生成方式。当然,也可以采用其他的方法将冷钱包的私钥进行拆分组合,本说明书实施例不作具体限定。It should be noted that the private key components of each secret key service client in the embodiments of this specification can be generated when the trading account is created. Modular addition and subtraction algorithms can be used to split the private key corresponding to the account into different The private key component is then saved to each secret key service client. For details, refer to the method of generating the private key component in the process of creating the exchange cold wallet or wealth management account in Figure 4 and Figure 5. Of course, other methods can also be used to split and combine the private keys of the cold wallet, which is not specifically limited in the embodiment of this specification.
本说明书实施例提供的数字货币交易数据处理方法,将交易账户的私钥拆分成不同的私钥分量,分别保存在数字货币交易对应的不同的秘钥服务客户端即不同的用户手中。在需要进行数字货币的交易时,需要各个秘钥服务客户端均同意交易转账后,利用各个秘钥服务客户端保存的私钥分量进行签名计算,获得签名数据,转账信息才能生效。各秘钥服务客户端保存的私钥分量之和为交易账户的私钥,签名数据实质上是利用交易账户的私钥进行签名获得的,完成交易账户的签名转账。通过将交易账户的私钥分量进行分开保存,转账时,需要多个秘钥服务客户端的私钥分量一起签名才能完成交易,确保了数字货币交易的安全性。The digital currency transaction data processing method provided by the embodiment of this specification splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients corresponding to the digital currency transaction, that is, different users. When a digital currency transaction is required, after each secret key service client agrees to the transaction transfer, the private key component saved by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect. The sum of the private key components saved by each secret key service client is the private key of the transaction account. The signature data is essentially obtained by signing with the private key of the transaction account to complete the signature transfer of the transaction account. By separately storing the private key components of the transaction account, when transferring funds, the private key components of multiple secret key service clients need to be signed together to complete the transaction, which ensures the security of digital currency transactions.
在上述实施例的基础上,本说明书一个实施例中,所述第二私钥分量包括第一私钥分片、第二私钥分片;On the basis of the foregoing embodiment, in an embodiment of this specification, the second private key component includes a first private key fragment and a second private key fragment;
相应地,所述根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,包括:Correspondingly, the said data to be signed is signed according to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client to obtain Signature data, including:
获取所述第一私钥分片,并将所述第二私钥分片发送给所述第一秘钥服务客户端;Acquiring the first private key fragment, and sending the second private key fragment to the first secret key service client;
根据所述第一私钥分片,与所述第一秘钥服务客户端中保存的第一私钥分量、所述第一秘钥服务客户端接收到的所述第二私钥分片对所述待签名数据进行签名,获得所述签名数据。According to the first private key shard, pair with the first private key component stored in the first secret key service client and the second private key shard received by the first secret key service client The data to be signed is signed to obtain the signature data.
在具体的实施过程中,第二秘钥服务客户端可以将自身保存的第二私钥分量拆分成第一私钥分片和第二私钥分片,秘钥分量的拆分也可以采用模相加、相减的方式,本说明书实施例不作具体限定。秘钥管理服务器在接收第二秘钥服务客户端返回的确认签名信息时,可以获取第二秘钥服务客户端保存的第一私钥分片,并将第二秘钥管理服务客户端的第二私钥分片发送给第一秘钥服务客户端。秘钥管理服务器可以利用获取到的第 一私钥分片,结合第一秘钥服务客户端保存的第一私钥分量、第二私钥分片对待签名数据进行签名,获得签名数据,再进行转账处理。In the specific implementation process, the second secret key service client can split the second private key component stored by itself into the first private key fragment and the second private key fragment. The split of the secret key component can also be adopted The mode of addition and subtraction is not specifically limited in the embodiment of this specification. When the key management server receives the confirmation signature information returned by the second key service client, it can obtain the first private key fragments saved by the second key service client, and divide the second key management service client's second The private key fragments are sent to the first key service client. The key management server can use the obtained first private key fragment, combined with the first private key component and the second private key fragment saved by the first secret key service client to sign the signature data, obtain the signature data, and perform Transfer processing.
本说明书一个实施例中,可以采用安全多方计算mpc对待签名数据进行签名,获得所述签名数据。mpc主要是针对无可信第三方的情况下,如何安全地计算一个约定函数的问题。mpc可以包括多个持有各自私有数据的参与方,共同执行一个计算逻辑(如,求最大值计算),并获得计算结果,但过程中,参与的每一方均不会泄漏各自数据的计算。In an embodiment of this specification, a secure multi-party computing mpc may be used to sign the data to be signed to obtain the signature data. mpc is mainly aimed at the problem of how to safely calculate an agreed function without a trusted third party. The mpc can include multiple parties that hold their own private data to jointly execute a calculation logic (eg, maximum calculation) and obtain the calculation result, but in the process, each party participating in the calculation will not leak their data.
本说明书一个实施例中,mpc计算一般是两方参与,在利用mpc计算进行数据签名时,可以由秘钥管理服务器提供获取到的第二秘钥服务客户端保存的第一私钥分片和待签名数据,由第一秘钥服务客户端提供自身保存的第一私钥分量、获取到的第二秘钥服务客户端保存的第二私钥分片、待签名数据,以确保签名数据的安全性。In an embodiment of this specification, the MPC calculation is generally two parties participating. When using the MPC calculation to sign data, the key management server can provide the acquired second secret key service client's first private key fragment and For the data to be signed, the first private key component saved by the first secret key service client, the second private key fragments saved by the second secret key service client obtained, and the data to be signed are provided to ensure the signature data safety.
例如:第一秘钥服务客户端保存有交易账户的私钥分量sk1,第二秘钥服务客户端保存有交易账户的私钥分量sk2,并且第二秘钥服务客户端将sk2拆分成了第一私钥分片sk2-1和第二私钥分片sk2-2。在进行数字货币交易时,秘钥管理服务器接收到第二秘钥服务客户端返回的确认签名信息后,可以获取第二秘钥服务客户端的第一私钥分片sk2-1,并将第二秘钥服务客户端的第二私钥分片sk2-2发送给第一秘钥服务客户端。第一秘钥服务客户端和秘钥管理服务器可以利用mpc对待签名数据进行签名,在进行签名计算时,秘钥管理服务器可以提供的数据包括:sk2-1和待签名数据,第一秘钥服务客户端可以提供的数据包括:sk1、sk2-2、待签名数据。其中,sk1+sk2-1+sk2-2=交易账户的私钥,实现了交易账户的签名确认转账。For example: the first secret key service client stores the private key component sk1 of the transaction account, the second secret key service client stores the private key component sk2 of the transaction account, and the second secret key service client splits sk2 into The first private key fragment sk2-1 and the second private key fragment sk2-2. When performing digital currency transactions, after receiving the confirmation signature information returned by the second secret key service client, the secret key management server can obtain the first private key of the second secret key service client to slice sk2-1 and divide the second The second private key fragment sk2-2 of the key service client is sent to the first key service client. The first secret key service client and the secret key management server can use mpc to sign the data to be signed. During the signature calculation, the secret key management server can provide data including: sk2-1 and the data to be signed, the first secret key service The data that the client can provide includes: sk1, sk2-2, and data to be signed. Among them, sk1+sk2-1+sk2-2=the private key of the transaction account, which realizes the signature confirmation transfer of the transaction account.
本说明书实施例,通过将第二秘钥服务客户端的私钥分量拆分成两部分,一部分发送给秘钥管理服务器,一部分发送给第一秘钥服务客户端,由秘钥管理服务器和第一秘钥服务客户端利用对应的私钥分量进行数据签名。任何一方都没有获得交易账户的完整的私钥,确保了交易的安全性。并且,相对于现有技术中多重签名依赖于底层链的特性,不同的链不同的方式,增加的代码的复杂度。本说明书实施例利用秘钥管理服务器kms的传签技术,可以快速的实现交易数据的签名,方法简单,提高了数据处理的速度。In the embodiment of this specification, the private key component of the second secret key service client is split into two parts, one part is sent to the secret key management server, and the other part is sent to the first secret key service client. The secret key management server and the first The key service client uses the corresponding private key component to sign data. No party has obtained the complete private key of the transaction account, ensuring the security of the transaction. Moreover, compared with the prior art multi-signature relies on the characteristics of the underlying chain, different chains have different ways and increase the complexity of the code. The embodiment of this specification utilizes the signature transmission technology of the secret key management server kms, which can quickly realize the signature of the transaction data, the method is simple, and the data processing speed is improved.
在上述实施例的基础上,本说明书一个实施例中,所述第一私钥分量对应有公钥,所述第二私钥分片采用所述第一私钥分量对应的公钥进行加密;On the basis of the foregoing embodiment, in an embodiment of this specification, the first private key component corresponds to a public key, and the second private key segment is encrypted using the public key corresponding to the first private key component;
相应地,所述将所述第二私钥分片发送给所述第一秘钥服务客户端,包括:Correspondingly, the sending the second private key fragments to the first secret key service client includes:
接收所述第二秘钥服务客户端的签名确认信息,获取所述第一私钥分片和加密后的 第二私钥分片;Receiving the signature confirmation information of the second secret key service client, and obtaining the first private key fragment and the encrypted second private key fragment;
将所述加密后的第二私钥分片发送给所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端利用所述第一私钥分量解密获得所述第二私钥分片。The encrypted second private key fragments are sent to the first secret key service client, so that the first secret key service client uses the first private key component to decrypt to obtain the second private key Key fragmentation.
在具体的实施过程中,第一秘钥服务客户端中的第一私钥分量对应有公钥,公钥可以根据私钥计算获得,第二秘钥服务客户端可以获取第一秘钥服务客户端的第一私钥分量的公钥。并利用该公钥对第二私钥分片进行加密。秘钥管理服务器在接收到第二秘钥服务客户端返回的确认签名信息时,可以获取第二秘钥服务客户端中的第二私钥分量,但是,由于第二秘钥服务客户端中的第二私钥分量拆分成第一私钥分片、第二私钥分片,并且第二私钥分片利用第一秘钥服务客户端的私钥分量的公钥加密了,秘钥管理服务器只能获取到第二秘钥服务客户端中的第一私钥分片,无法对加密的第二私钥分片进行解密。秘钥管理服务器可以将加密后的第二私钥分片发送给第一秘钥服务客户端,第一秘钥服务客户端可以利用其自身保存的第一私钥分量对加密后的第二私钥分片进行解密,获得第二秘钥服务客户端的第二私钥分片。秘钥管理服务器和第一秘钥服务客户端可以利用各自获得或保存的交易账户的私钥分量对待签名数据进行签名,在进行交易处理。In the specific implementation process, the first private key component in the first secret key service client corresponds to a public key. The public key can be calculated based on the private key, and the second secret key service client can obtain the first secret key service client. The public key of the first private key component of the end. And use the public key to encrypt the second private key fragments. When the key management server receives the confirmation signature information returned by the second key service client, it can obtain the second private key component in the second key service client. However, due to the The second private key component is split into the first private key fragment and the second private key fragment, and the second private key fragment is encrypted with the public key of the private key component of the first secret key service client, and the secret key management server Only the first private key fragment in the second secret key service client can be obtained, and the encrypted second private key fragment cannot be decrypted. The key management server can send the encrypted second private key fragments to the first key service client, and the first key service client can use the first private key component stored by itself to perform the encrypted second private key. The key fragment is decrypted to obtain the second private key fragment of the second secret key service client. The secret key management server and the first secret key service client can use the private key component of the transaction account obtained or saved by each to sign the signature data and perform transaction processing.
本说明书实施例,将第二秘钥服务客户端中的私钥分量进行拆分,并将拆分后的第二私钥分片用第一秘钥服务客户端保存的第一私钥分量的公钥进行加密。使得秘钥管理服务器无法获得第二秘钥服务客户端的完整的私钥分量,进一步无法获得交易账户的完整的私钥。整个签名过程,没有一方可以获得交易账户的全部私钥,交易过程需要多方完成,提高了数字货币交易的安全性。In the embodiment of this specification, the private key component in the second secret key service client is split, and the split second private key is divided into the first private key component saved by the first secret key service client. The public key is encrypted. As a result, the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account. During the entire signing process, no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of digital currency transactions.
本说明书中上述方法的各个实施例均采用递进的方式描述,步骤并表示严格的先后顺序,根据实际需要可以调整各个步骤的顺序。各个实施例之间相同相似的部分互相参加即可,每个实施例重点说明的都是与其他实施例的不同之处。相关之处参加方法实施例的部分说明即可。The various embodiments of the above methods in this specification are described in a progressive manner, and the steps indicate a strict sequence, and the sequence of the steps can be adjusted according to actual needs. The same and similar parts between the various embodiments can be mutually participated, and each embodiment focuses on the differences from other embodiments. Part of the description of the method embodiment can be used for relevant points.
本说明书一些实施例中还提供了基于第一秘钥服务客户端执行的数字货币交易数据处理方法,图7是本说明书又一实施例中数字货币交易数据处理方法的流程示意图,如图7所示,本说明书实施例提供的第一秘钥服务客户端执行的数字货币交易数据处理方法的流程可以包括:Some embodiments of this specification also provide a digital currency transaction data processing method based on the first secret key service client. Figure 7 is a schematic flow diagram of the digital currency transaction data processing method in another embodiment of this specification, as shown in Figure 7. As shown, the flow of the digital currency transaction data processing method executed by the first secret key service client provided in the embodiment of this specification may include:
步骤702、向秘钥管理服务器发送交易请求数据,以使得所述秘钥管理服务器向第二秘钥服务客户端发送交易请求数据,所述交易请求数据包括待签名数据。Step 702: Send transaction request data to the secret key management server, so that the secret key management server sends transaction request data to the second secret key service client, where the transaction request data includes data to be signed.
在具体的实施过程中,本说明书实施例中的数字货币交易数据处理方法可以在第一秘钥服务客户端中执行,如:可以是进行数字货币买卖、数字货币理财、数字货币提币的用户客户端、或交易所系统中负责财务管理的管理员的客户端。当需要进行数字货币交易时,第一秘钥服务客户端可以根据数字货币交易的具体信息在本地生成交易报文,对交易报文进行哈希计算后获得待签名数据,并向秘钥管理服务器发送交易请求数据,交易请求数据中包括待签名数据。秘钥管理服务器可以将交易请求数据发送给第二秘钥服务客户端,以使得第二秘钥服务客户端确认是否同意转账。In the specific implementation process, the digital currency transaction data processing method in the embodiment of this specification can be executed in the first secret key service client, for example, it can be a user who conducts digital currency trading, digital currency financial management, and digital currency withdrawal Client, or the client of the administrator responsible for financial management in the exchange system. When a digital currency transaction is required, the first secret key service client can locally generate a transaction message according to the specific information of the digital currency transaction, hash the transaction message to obtain the data to be signed, and send it to the secret key management server Send transaction request data, the transaction request data includes the data to be signed. The key management server may send the transaction request data to the second key service client, so that the second key service client confirms whether to agree to the transfer.
本说明书一些实施例中,所述交易请求数据可以包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。即本说明书实施例中的数字货币交易数据处理方法可以应用在多种数字货币交易场景,在进行数字货币的交易时,用户可以通过第一秘钥服务客户端向秘钥管理服务器发送交易请求数据,如:买入数字货币的请求数据、卖出数字货币的请求数据、用户提币的请求数据、交易所提币的请求数据、冷钱包转账请求数据或买入理财产品的请求数据等。In some embodiments of this specification, the transaction request data may include at least one of digital currency trading transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, and wealth management request data. That is, the digital currency transaction data processing method in the embodiment of this specification can be applied to a variety of digital currency transaction scenarios. When performing digital currency transactions, the user can send transaction request data to the secret key management server through the first secret key service client. , Such as: request data for buying digital currency, request data for selling digital currency, request data for user withdrawal, request data for exchange withdrawal, request data for cold wallet transfer or request data for buying wealth management products, etc.
需要说明的是,本说明书实施例中的第一秘钥服务客户端和第二秘钥服务客户端均是交易双方用户对应的客户端,区别可以在于具体的职能不同。具体可以参考上述实施例的记载,此处不再赘述。如:在进行交易所冷钱包转账或交易所提币时,可以将第一秘钥服务客户端理解为负责财务管理,主动发起交易请求的客户端,第二秘钥服务客户端可以理解为交易所中除第一秘钥管理客户端之外的其他管理员的客户端。通常情况下,第一秘钥服务客户端的数量是一个,第二秘钥服务客户端的数量可以是一个或多个,具体可以根据实际情况设置,本说明书实施例不作具体限定。It should be noted that the first secret key service client and the second secret key service client in the embodiment of this specification are both clients corresponding to users of both parties to the transaction, and the difference may lie in different specific functions. For details, reference may be made to the record in the foregoing embodiment, which will not be repeated here. For example, when conducting cold wallet transfers or exchange withdrawals, the first secret key service client can be understood as a client responsible for financial management and actively initiate transaction requests, and the second secret key service client can be understood as a transaction Clients of other administrators except the first key management client. Generally, the number of the first secret key service client is one, and the number of the second secret key service client may be one or more, which can be specifically set according to actual conditions, which is not specifically limited in the embodiment of this specification.
步骤704、接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量。Step 704: Receive the second private key component saved by the second key service client and sent by the key management server.
当秘钥管理服务器接收到第二秘钥服务客户端返回的确认签名信息时,秘钥管理服务器可以获取第二秘钥服务客户端保存的交易账户的第二私钥分量,并且可以将第二私钥分量发送给第一秘钥服务客户端。When the key management server receives the confirmation signature information returned by the second key service client, the key management server can obtain the second private key component of the transaction account saved by the second key service client, and can transfer the second The private key component is sent to the first key service client.
本说明书一个实施例中,可以在交易账户创建时,根据交易账户的私钥,第一秘钥服务客户端和第二秘钥服务客户端分别生成对应的交易账户的私钥分量,第一秘钥服务 客户端生成的私钥分量可以称为第一私钥分量,第二秘钥服务客户端私钥分量的生成的私钥分量可以称为第二私钥分量,第一私钥分量和所述第二私钥分量之和为交易账户的私钥。可以通过模相加、相减的算法生成私钥分量,或者采用其他的方式生成,本说明书实施例不作具体限定。In an embodiment of this specification, when the transaction account is created, the first secret key service client and the second secret key service client can respectively generate the corresponding private key components of the transaction account according to the private key of the transaction account. The private key component generated by the key service client can be called the first private key component, and the private key component generated by the second key service client private key component can be called the second private key component. The sum of the second private key components is the private key of the transaction account. The private key component can be generated by the algorithm of modular addition and subtraction, or generated in other ways, and the embodiment of this specification does not specifically limit it.
步骤706、根据自身保存的第一私钥分量以及接收到的所述第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Step 706: Sign the data to be signed according to the first private key component stored by itself and the received second private key component to obtain signature data, wherein the first private key component and the second private key component The sum of the two private key components is the private key of the transaction account.
第一秘钥服务客户端接收到秘钥管理服务器发送的第二秘钥服务客户端保存的第二私钥分量后,可以根据其自身保存的第一私钥分量和接收到的第二私钥分量,与秘钥管理服务器一起对待签名数据进行签名,获得签名数据,签名数据包括交易金额等信息。After the first key service client receives the second private key component saved by the second key service client sent by the key management server, it can use the first private key component stored by itself and the received second private key The component, together with the secret key management server, signs the data to be signed to obtain signature data. The signature data includes information such as the transaction amount.
步骤708、根据所述签名数据进行交易转账处理。Step 708: Perform transaction transfer processing according to the signature data.
获得签名数据后,第一秘钥服务客户端可以根据签名数据进行冷钱包的转账处理。如:第一秘钥服务客户端可以将签名数据发送至区块链上,进行交易转账处理。具体转账处理方式可以参考上述实施例的记载,此处不再赘述。After obtaining the signature data, the first secret key service client can perform cold wallet transfer processing based on the signature data. For example, the first secret key service client can send the signature data to the blockchain for transaction transfer processing. For the specific transfer processing method, please refer to the record in the foregoing embodiment, which will not be repeated here.
本说明书实施例提供的数字货币交易数据处理方法,将交易账户的私钥拆分成不同的私钥分量,分别保存在不同的秘钥服务客户端即用户手中。在需要进行数字货币交易时,需要各个秘钥服务客户端均同意转账后,利用各个秘钥服务客户端保存的冷钱包的私钥分量进行签名计算,获得签名数据,转账信息才能生效。各秘钥服务客户端保存的冷钱包的私钥分量之和为交易账户的私钥,签名数据实质上是利用交易账户的私钥签名获得的,完成交易账户的签名转账。通过将交易账户的私钥分量进行分开保存,转账时,需要多个秘钥服务客户端的私钥分量一起签名才能完成交易,确保了交易的安全性。The digital currency transaction data processing method provided in the embodiment of this specification splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients, that is, users. When digital currency transactions are required, after each secret key service client agrees to transfer, the private key component of the cold wallet stored by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect. The sum of the private key components of the cold wallet stored by each secret key service client is the private key of the transaction account. The signature data is essentially obtained by signing the transaction account's private key to complete the signature transfer of the transaction account. By separately storing the private key components of the transaction account, when transferring funds, the private key components of multiple secret key service clients need to be signed together to complete the transaction, ensuring the security of the transaction.
在上述实施例的基础上,本说明书一个实施例中,所述第二私钥分量包括:第一私钥分片、第二私钥分片,所述第二私钥分片使用所述第一私钥分量对应的公钥进行加密;On the basis of the above-mentioned embodiment, in an embodiment of this specification, the second private key component includes: a first private key fragment, a second private key fragment, and the second private key fragment uses the first private key fragment. A public key corresponding to a private key component is encrypted;
相应地,所述接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量,包括:Correspondingly, the receiving the second private key component saved by the second key service client sent by the key management server includes:
接收所述秘钥管理服务器发送的加密后的第二私钥分片,并利用所述第一私钥分量对所述加密后的第二私钥分片进行解密,获得所述第二私钥分片;Receive the encrypted second private key segment sent by the key management server, and use the first private key component to decrypt the encrypted second private key segment to obtain the second private key Fragmentation;
相应地,所述对所述待签名数据进行签名,获得签名数据,包括:Correspondingly, the signing the data to be signed to obtain the signature data includes:
根据所述第一私钥分量、获得的所述第二私钥分片,以及所述秘钥管理服务器获得的所述第一私钥分片对所述待签名数据进行签名,获得签名数据。Sign the data to be signed according to the first private key component, the obtained second private key fragment, and the first private key fragment obtained by the key management server to obtain signature data.
在具体的实施过程中,第二秘钥服务客户端可以将自身保存的第二私钥分量拆分成第一私钥分片和第二私钥分片,秘钥分量的拆分也可以采用模相加、相减的方式,本说明书实施例不作具体限定。第一秘钥服务客户端中第一私钥分量对应有公钥,公钥可以根据私钥计算获得。第二秘钥服务客户端可以获取第一秘钥服务客户端的第一私钥分量的公钥对第二私钥分片进行加密。In the specific implementation process, the second secret key service client can split the second private key component stored by itself into the first private key fragment and the second private key fragment. The split of the secret key component can also be adopted The mode of addition and subtraction is not specifically limited in the embodiment of this specification. The first private key component in the first secret key service client corresponds to a public key, and the public key can be calculated based on the private key. The second secret key service client may obtain the public key of the first private key component of the first secret key service client to encrypt the second private key segment.
秘钥管理服务器在接收到第二秘钥服务客户端返回的确认签名信息时,可以获取第二秘钥服务客户端中的第二私钥分量。但是,由于第二秘钥服务客户端中的私钥分量拆分成第一私钥分片、第二私钥分片,并且第二私钥分片利用第一秘钥服务客户端的第一私钥分量的公钥加密了,秘钥管理服务器只能获取到第二秘钥服务客户端中的第一私钥分片,无法对加密的第二私钥分片进行解密。秘钥管理服务器可以将加密后的第二私钥分片发送给第一秘钥服务客户端,第一秘钥服务客户端可以利用其自身的第一私钥分量对加密后的第二私钥分片进行解密,获得第二秘钥服务客户端的第二私钥分片。秘钥管理服务器和第一秘钥服务客户端可以利用各自获得或保存的私钥分量对待签名数据进行签名,再进行交易处理。When receiving the confirmation signature information returned by the second secret key service client, the secret key management server may obtain the second private key component in the second secret key service client. However, since the private key component in the second secret key service client is split into the first private key fragment and the second private key fragment, and the second private key fragment uses the first private key of the first secret key service client The public key of the key component is encrypted, and the key management server can only obtain the first private key fragment in the second secret key service client, and cannot decrypt the encrypted second private key fragment. The key management server can send the encrypted second private key fragments to the first key service client, and the first key service client can use its own first private key component to encrypt the second private key The fragments are decrypted to obtain the second private key fragments of the second secret key service client. The secret key management server and the first secret key service client can use the private key components obtained or saved respectively to sign the data to be signed, and then perform transaction processing.
本说明书一个实施例中,可以采用安全多方计算mpc对所述待签名数据进行签名,获得所述签名数据。本说明书一个实施例中,mpc计算一般是两方参与,在利用mpc计算进行数据签名时,可以由秘钥管理服务器提供获取到的第二秘钥服务客户端保存的第一私钥分片和待签名数据,由第一秘钥服务客户端提供自身保存的第一私钥分量、获取到的第二秘钥服务客户端保存的第二私钥分片、待签名数据,以确保签名数据的安全性。In an embodiment of this specification, secure multi-party computing mpc may be used to sign the data to be signed to obtain the signature data. In an embodiment of this specification, the MPC calculation is generally two parties participating. When using the MPC calculation to sign data, the key management server can provide the acquired second secret key service client's first private key fragment and For the data to be signed, the first private key component saved by the first secret key service client, the second private key fragments saved by the second secret key service client obtained, and the data to be signed are provided to ensure the signature data safety.
例如:第一秘钥服务客户端保存有交易账户的第一私钥分量sk1,第二秘钥服务客户端保存有交易账户的私钥分量sk2,并且第二秘钥服务客户端将sk2拆分成了第一私钥分片sk2-1和第二私钥分片sk2-2,其中,第二私钥分片sk2-2采用第一私钥分量sk1的公钥pk1进行加密。在进行数字货币交易时,秘钥管理服务器接收到第二秘钥服务客户端返回的确认签名信息后,可以获取第二秘钥服务客户端的第一私钥分片sk2-1,并将第二秘钥服务客户端的加密的第二私钥分片sk2-2发送给第一秘钥服务客户端。第一秘钥服务客户端可以利用sk1对加密后的sk2-2进行解密,获得sk2-2。第一秘钥服务客户端和秘钥管理服务器可以利用mpc对待签名数据进行签名计算,在进行签名计算时,秘钥管理服务器可以提供的数据包括:sk2-1和待签名数据,第一秘钥服务客户端可以提供的数 据包括:sk1、sk2-2、待签名数据。其中,sk1+sk2-1+sk2-2=交易账户的私钥,实现了交易账户的签名确认,进一步可以根据签名数据进行交易转账处理。For example: the first secret key service client stores the first private key component sk1 of the transaction account, the second secret key service client stores the private key component sk2 of the transaction account, and the second secret key service client splits sk2 It becomes the first private key segment sk2-1 and the second private key segment sk2-2, where the second private key segment sk2-2 is encrypted using the public key pk1 of the first private key component sk1. When performing digital currency transactions, after receiving the confirmation signature information returned by the second secret key service client, the secret key management server can obtain the first private key of the second secret key service client to slice sk2-1 and divide the second The encrypted second private key segment sk2-2 of the key service client is sent to the first key service client. The first key service client can use sk1 to decrypt the encrypted sk2-2 to obtain sk2-2. The first secret key service client and secret key management server can use mpc to perform signature calculation on the data to be signed. When performing signature calculation, the key management server can provide data including: sk2-1 and the data to be signed, the first secret key The data that the service client can provide includes: sk1, sk2-2, and data to be signed. Among them, sk1+sk2-1+sk2-2=the private key of the transaction account, which realizes the signature confirmation of the transaction account, and can further process the transaction transfer according to the signature data.
本说明书实施例,将第二秘钥服务客户端中的私钥分量进行拆分,并将拆分后的第二私钥分片用第一秘钥服务客户端的私钥分量的公钥进行加密。使得秘钥管理服务器无法获得第二秘钥服务客户端的完整的私钥分量,进一步无法获得交易账户的完整的私钥。整个签名过程,没有一方可以获得交易账户的全部私钥,交易过程需要多方完成,提高了交易的安全性。In the embodiment of this specification, the private key component in the second secret key service client is split, and the split second private key fragments are encrypted with the public key of the private key component of the first secret key service client . As a result, the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account. During the entire signing process, no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of the transaction.
在上述实施例的基础上,本说明书一个实施例中,所述第一私钥分量和所述第二私钥分量的生成方法可以包括:On the basis of the foregoing embodiment, in an embodiment of this specification, the method for generating the first private key component and the second private key component may include:
若所述交易请求数据为所述数字货币买卖交易请求数据或所述用户提币请求数据或所述理财请求数据,在所述用户账户创建时,根据所述用户账户对应的私钥,与所述第二秘钥服务客户端分别生成各自的第一私钥分量、第二私钥分量;If the transaction request data is the digital currency transaction request data or the user withdrawal request data or the wealth management request data, when the user account is created, the private key corresponding to the user account will be The second secret key service client generates respective first private key components and second private key components;
若所述交易请求数据为所述冷钱包转账请求数据或交易所提币请求数据,在所述交易所账户创建时,根据所述交易所账户的私钥,与所述第二秘钥服务客户端分别生成各自的第一私钥分量、第二私钥分量。If the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data, when the exchange account is created, according to the private key of the exchange account, serve the customer with the second secret key The terminals respectively generate their first private key component and second private key component.
在具体的实施过程中,第一私钥分量和第二私钥分量可以在交易账户创建时生成,如:在用户账户创建时,第一秘钥服务客户端和第二秘钥服务客户端可以根据用户账户对应的私钥生成第一私钥分量和第二私钥分量。第一私钥分量和第二私钥分量之和可以为用户账户对应的私钥。私钥分量的生成可以通过对用户账户的私钥进行模相加、相减的算法生成私钥分量,或者采用其他的方式生成,本说明书实施例不作具体限定。其中,第一秘钥服务客户端可以是用户对应的客户端,保存有第一私钥分量,第二秘钥服务客户端可以是交易所客户端,保存有第二私钥分量。当用户需要进行数字货币的买入、卖出、提币等交易时,需要用户和交易所共同签名确认,才能进行交易转账处理,提高了用户资产的安全性。In the specific implementation process, the first private key component and the second private key component can be generated when the transaction account is created. For example, when the user account is created, the first secret key service client and the second secret key service client can The first private key component and the second private key component are generated according to the private key corresponding to the user account. The sum of the first private key component and the second private key component may be the private key corresponding to the user account. The private key component can be generated by the algorithm of modular addition and subtraction of the private key of the user account to generate the private key component, or it can be generated in other ways, which is not specifically limited in the embodiment of this specification. Wherein, the first secret key service client may be a client corresponding to the user and store the first private key component, and the second secret key service client may be an exchange client and store the second private key component. When a user needs to conduct transactions such as buying, selling, and withdrawing digital currency, the user and the exchange are required to jointly sign and confirm before the transaction can be transferred, which improves the security of user assets.
在用户的理财账户创建时,第一秘钥服务客户端和第二秘钥服务客户端可以采用相同的方法生成第一私钥分量和第二私钥分量。第一私钥分量和第二私钥分量之和可以为理财账户对应的私钥。此时,第一秘钥服务客户端可以表示需要进行理财的理财用户的客户端,第二秘钥服务客户端则可以表示资管方即进行资产管理的机构的客户端。当用户需要进行理财投资时,需要理财用户和资产方均同意,即第一秘钥服务客户端和第二秘钥服务客户端共同进行签名确认,才能进行交易转账处理,提高了交易所资产的安全 性。When the user's financial account is created, the first secret key service client and the second secret key service client can use the same method to generate the first private key component and the second private key component. The sum of the first private key component and the second private key component may be the private key corresponding to the wealth management account. At this time, the first secret key service client may refer to the client of a wealth management user who needs to conduct financial management, and the second secret key service client may refer to the client of an asset management party that is an institution that conducts asset management. When a user needs to make a financial investment, both the financial user and the asset party need to agree, that is, the first secret key service client and the second secret key service client jointly sign and confirm, then the transaction transfer can be processed, which improves the exchange asset safety.
在交易所的冷钱包创建时,第一秘钥服务客户端和第二秘钥服务客户端可以采用相同的方法生成第一私钥分量和第二私钥分量。第一私钥分量和第二私钥分量之和可以为冷钱包对应的私钥。此时,第一秘钥服务客户端可以表示交易所的财务管理员对应的客户端,第二秘钥服务客户端则可以表示其他管理员的客户端,并且第二秘钥服务客户端可以有多个如:交易所所有的股东对应的客户端。当需要进行冷钱包向热钱包转账时,需要拥有冷钱包的私钥分量的所有的管理员均同意,即第一秘钥服务客户端和第二秘钥服务客户端共同进行签名确认,才能进行交易转账处理,提高了用户投资理财的安全性。When the cold wallet of the exchange is created, the first secret key service client and the second secret key service client can use the same method to generate the first private key component and the second private key component. The sum of the first private key component and the second private key component may be the private key corresponding to the cold wallet. At this time, the first key service client can represent the client corresponding to the financial administrator of the exchange, the second key service client can represent the clients of other administrators, and the second key service client can have Multiple such as: clients corresponding to all shareholders of the exchange. When it is necessary to transfer from a cold wallet to a hot wallet, all administrators who have the private key component of the cold wallet must agree, that is, the first secret key service client and the second secret key service client jointly sign and confirm it before proceeding. Transaction transfer processing improves the security of user investment and financial management.
同样的,在交易所账户创建时,第一秘钥服务客户端和第二秘钥服务客户端可以采用相同的方法生成第一私钥分量和第二私钥分量。第一私钥分量和第二私钥分量之和可以为交易所账户对应的私钥。此时,第一秘钥服务客户端可以表示交易所系统或交易所的财务管理员或其他指定管理员对应的客户端,第二秘钥服务客户端则可以表示其他管理员的客户端,并且第二秘钥服务客户端可以有多个如:交易所所有的股东对应的客户端。当需要进行交易所提币时,需要拥有交易所账户的私钥分量的所有的管理员均同意,即第一秘钥服务客户端和第二秘钥服务客户端共同进行签名确认,才能进行交易转账处理,提高了交易所资产的安全性。Similarly, when the exchange account is created, the first secret key service client and the second secret key service client can use the same method to generate the first private key component and the second private key component. The sum of the first private key component and the second private key component may be the private key corresponding to the exchange account. At this time, the first key service client can represent the client of the exchange system or the financial administrator of the exchange or other designated administrators, and the second key service client can represent the clients of other administrators, and The second secret key service client can have multiple clients, such as clients corresponding to all shareholders of the exchange. When it is necessary to withdraw money from the exchange, all administrators who have the private key component of the exchange account must agree, that is, the first secret key service client and the second secret key service client jointly sign and confirm before the transaction can be carried out. Transfer processing improves the security of exchange assets.
本说明书中上述方法的各个实施例均采用递进的方式描述,步骤并表示严格的先后顺序,根据实际需要可以调整各个步骤的顺序。各个实施例之间相同相似的部分互相参加即可,每个实施例重点说明的都是与其他实施例的不同之处。相关之处参加方法实施例的部分说明即可。The various embodiments of the above methods in this specification are described in a progressive manner, and the steps indicate a strict sequence, and the sequence of the steps can be adjusted according to actual needs. The same and similar parts between the various embodiments can be mutually participated, and each embodiment focuses on the differences from other embodiments. Part of the description of the method embodiment can be used for relevant points.
本说明书一些实施例中还提供了基于第二秘钥服务客户端执行的数字货币交易数据处理方法,图8是本说明书又一实施例中数字货币交易数据处理方法的流程示意图,如图8所示,本说明书实施例提供的第二秘钥服务客户端执行的数字货币交易数据处理方法的流程可以包括:Some embodiments of this specification also provide a digital currency transaction data processing method based on a second secret key service client. FIG. 8 is a schematic flowchart of a digital currency transaction data processing method in another embodiment of this specification, as shown in FIG. 8 As shown, the process of the digital currency transaction data processing method executed by the second secret key service client provided in the embodiment of this specification may include:
步骤802、接收秘钥管理服务器发送的交易请求数据,所述交易请求数据由第一秘钥服务客户端发送,所述交易请求数据包括待签名数据。Step 802: Receive transaction request data sent by the key management server, where the transaction request data is sent by the first key service client, and the transaction request data includes data to be signed.
在具体的实施过程中,本说明书实施例中的数字货币交易数据处理方法可以在第二秘钥服务客户端中执行,如:可以是交易所系统、资管方对应的客户端、交易所的管理员对应的客户端等。当需要进行数字货币交易时,第一秘钥服务客户端可以根据数字货币交易的具体信息在本地生成交易报文,对交易报文进行哈希计算后获得待签名数据, 并向秘钥管理服务器发送交易请求数据,交易请求数据中包括待签名数据。秘钥管理服务器可以将交易请求数据发送给第二秘钥服务客户端,第二秘钥服务客户端则可以接收秘钥管理服务器发送的交易请求数据。In the specific implementation process, the digital currency transaction data processing method in the embodiment of this specification can be executed in the second secret key service client, for example, it can be the exchange system, the client corresponding to the asset manager, and the exchange’s The client corresponding to the administrator, etc. When a digital currency transaction is required, the first secret key service client can generate a transaction message locally according to the specific information of the digital currency transaction, hash the transaction message to obtain the data to be signed, and send it to the secret key management server Send transaction request data, the transaction request data includes the data to be signed. The key management server can send the transaction request data to the second key service client, and the second key service client can receive the transaction request data sent by the key management server.
本说明书一些实施例中,所述交易请求数据可以包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。即本说明书实施例中的数字货币交易数据处理方法可以应用在多种数字货币交易场景,在进行数字货币的交易时,用户可以通过第一秘钥服务客户端向秘钥管理服务器发送交易请求数据,如:买入数字货币的请求数据、卖出数字货币的请求数据、用户提币的请求数据、交易所提币的请求数据、冷钱包转账请求数据或买入理财产品的请求数据等。交易请求数据的具体含义可以参考上述实施例的记载,此处不再赘述。In some embodiments of this specification, the transaction request data may include at least one of digital currency trading transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, and wealth management request data. That is, the digital currency transaction data processing method in the embodiment of this specification can be applied to a variety of digital currency transaction scenarios. When performing digital currency transactions, the user can send transaction request data to the secret key management server through the first secret key service client. , Such as: request data for buying digital currency, request data for selling digital currency, request data for user withdrawal, request data for exchange withdrawal, request data for cold wallet transfer or request data for buying wealth management products, etc. For the specific meaning of the transaction request data, reference may be made to the record in the foregoing embodiment, which will not be repeated here.
步骤804、向所述秘钥管理服务器返回确认签名信息,并将自身保存的第二私钥分量发送给所述秘钥管理服务器,以使得所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,获得签名数据,且由所述第一秘钥服务客户端根据所述签名数据进行交易转账处理;Step 804: Return the confirmation signature information to the key management server, and send the second private key component saved by itself to the key management server, so that the key management server and the first key service The client signs the data to be signed according to the second private key component and the first private key component saved by the first secret key service client to obtain signature data, which is served by the first secret key The client terminal performs transaction transfer processing according to the signature data;
其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Wherein, the sum of the first private key component and the second private key component is the private key of the transaction account.
在具体的实施过程中,第二秘钥服务客户端接收到秘钥管理服务器发送的交易请求数据后,可以判断交易请求是否通过,即该笔交易是否成交,若成交,则可以向秘钥管理服务器返回确认签名信息。第二秘钥服务客户端确认签名后,可以向秘钥管理服务器发送自身保存的第二私钥分量,秘钥管理服务器可以获取第二秘钥服务客户端保存的交易账户的第二私钥分量,并且可以将第二私钥分量发送给第一秘钥服务客户端。In the specific implementation process, after the second secret key service client receives the transaction request data sent by the secret key management server, it can judge whether the transaction request is passed, that is, whether the transaction is completed, if the transaction is completed, it can report to the key management The server returns confirmation signature information. After the second key service client confirms the signature, it can send the second private key component saved by itself to the key management server, and the key management server can obtain the second private key component of the transaction account saved by the second key service client , And can send the second private key component to the first key service client.
第一秘钥服务客户端接收到秘钥管理服务器发送的第二秘钥服务客户端保存的第二私钥分量后,可以根据其自身保存的第一私钥分量和接收到的第二私钥分量,与秘钥管理服务器一起对待签名数据进行签名,获得签名数据,签名数据包括交易金额等信息。After the first key service client receives the second private key component saved by the second key service client sent by the key management server, it can use the first private key component stored by itself and the received second private key The component, together with the secret key management server, signs the data to be signed to obtain signature data. The signature data includes information such as the transaction amount.
获得签名数据后,第一秘钥服务客户端可以根据签名数据进行冷钱包的转账处理。如:第一秘钥服务客户端可以将签名数据发送至区块链上,进行交易转账处理。具体转账处理方式可以参考上述实施例的记载,此处不再赘述。After obtaining the signature data, the first secret key service client can perform cold wallet transfer processing based on the signature data. For example, the first secret key service client can send the signature data to the blockchain for transaction transfer processing. For the specific transfer processing method, please refer to the record in the foregoing embodiment, which will not be repeated here.
在上述实施例的基础上,本说明书一些实施例中提供了私钥分量的生成方法,所述第一私钥分量和所述第二私钥分量的生成方法可以包括:On the basis of the above-mentioned embodiments, some embodiments of this specification provide methods for generating private key components. The methods for generating the first private key component and the second private key component may include:
若所述交易请求数据为所述数字货币买卖交易请求数据或所述用户提币请求数据或所述理财请求数据,在所述用户账户创建时,根据所述用户账户对应的私钥,与所述第一秘钥服务客户端分别生成各自的第二私钥分量、第一私钥分量;If the transaction request data is the digital currency transaction request data or the user withdrawal request data or the wealth management request data, when the user account is created, the private key corresponding to the user account will be The first secret key service client generates respective second private key components and first private key components;
若所述交易请求数据为所述冷钱包转账请求数据或交易所提币请求数据,在所述交易所账户创建时,根据所述交易所账户的私钥,与所述第一秘钥服务客户端分别生成各自的第二私钥分量、第一私钥分量。If the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data, when the exchange account is created, according to the private key of the exchange account, serve the customer with the first secret key The terminals respectively generate their second private key component and first private key component.
在具体的实施过程中,可以在交易账户创建时,根据交易账户的私钥,第一秘钥服务客户端和第二秘钥服务客户端分别生成对应的交易账户的私钥分量,第一秘钥服务客户端生成的私钥分量可以称为第一私钥分量,第二秘钥服务客户端私钥分量的生成的私钥分量可以称为第二私钥分量,第一私钥分量和所述第二私钥分量之和为交易账户的私钥。私钥分量具体创建过程可以参考上述实施例的记载,此处不再赘述。如:可以通过模相加、相减的算法生成私钥分量,或者采用其他的方式生成,本说明书实施例不作具体限定。In the specific implementation process, according to the private key of the transaction account, the first secret key service client and the second secret key service client can respectively generate the private key components of the corresponding transaction account when the transaction account is created. The private key component generated by the key service client can be called the first private key component, and the private key component generated by the second key service client private key component can be called the second private key component. The sum of the second private key components is the private key of the transaction account. For the specific creation process of the private key component, reference may be made to the record in the foregoing embodiment, which will not be repeated here. For example, the private key component can be generated through the algorithm of modular addition and subtraction, or generated in other ways, which is not specifically limited in the embodiment of this specification.
本说明书实施例提供的数字货币交易数据处理方法,将交易账户的私钥拆分成不同的私钥分量,分别保存在不同的秘钥服务客户端即用户手中。在需要进行数字货币交易时,需要各个秘钥服务客户端均同意转账后,利用各个秘钥服务客户端保存的冷钱包的私钥分量进行签名计算,获得签名数据,转账信息才能生效。各秘钥服务客户端保存的冷钱包的私钥分量之和为交易账户的私钥,签名数据实质上是利用交易账户的私钥签名获得的,完成交易账户的签名转账。通过将交易账户的私钥分量进行分开保存,转账时,需要多个秘钥服务客户端的私钥分量一起签名才能完成交易,确保了交易的安全性。The digital currency transaction data processing method provided in the embodiment of this specification splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients, that is, users. When digital currency transactions are required, after each secret key service client agrees to transfer, the private key component of the cold wallet stored by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect. The sum of the private key components of the cold wallet stored by each secret key service client is the private key of the transaction account. The signature data is essentially obtained by signing the transaction account's private key to complete the signature transfer of the transaction account. By separately storing the private key components of the transaction account, when transferring funds, the private key components of multiple secret key service clients need to be signed together to complete the transaction, ensuring the security of the transaction.
在上述实施例的基础上,本说明书一个实施例中,所述将自身保存的第一私钥分量发送给所述秘钥管理服务器,包括:On the basis of the foregoing embodiment, in an embodiment of this specification, the sending the first private key component stored by itself to the secret key management server includes:
将所述第二私钥分量拆分成第一私钥分片和第二私钥分片,并采用所述第一私钥分量对应的公钥对所述第二私钥分片进行加密;Split the second private key component into a first private key fragment and a second private key fragment, and encrypt the second private key fragment by using a public key corresponding to the first private key component;
将所述第一私钥分片和所述加密后的第二私钥分片发送给所述秘钥管理服务器;Sending the first private key fragment and the encrypted second private key fragment to the secret key management server;
相应地,所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,包括:Correspondingly, the secret key management server and the first secret key service client perform the signature on the to-be-signed according to the second private key component and the first private key component stored by the first secret key service client Data is signed, including:
所述秘钥管理服务器将所述加密后的第二私钥分片发送给所述第一秘钥服务客户端;The key management server sends the encrypted second private key fragments to the first key service client;
所述第一秘钥服务客户端采用所述第一私钥分量对所述加密后的第二私钥分片进行 解密,获得所述第二私钥分片;The first secret key service client uses the first private key component to decrypt the encrypted second private key fragment to obtain the second private key fragment;
基于所述第一私钥分片、第一私钥分量、第二私钥分片,所述秘钥管理服务器与所述第一秘钥服务客户端,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。Based on the first private key fragment, the first private key component, and the second private key fragment, the key management server and the first key service client use secure multi-party computing to compare the data to be signed Sign and obtain the signature data.
在具体的实施过程中,第二秘钥服务客户端可以将自身保存的第二私钥分量拆分成第一私钥分片和第二私钥分片,秘钥分量的拆分也可以采用模相加、相减的方式,本说明书实施例不作具体限定。第一秘钥服务客户端中第一私钥分量对应有公钥,公钥可以根据私钥计算获得。第二秘钥服务客户端可以获取第一秘钥服务客户端的第一私钥分量的公钥对第二私钥分片进行加密。In the specific implementation process, the second secret key service client can split the second private key component stored by itself into the first private key fragment and the second private key fragment. The split of the secret key component can also be adopted The mode of addition and subtraction is not specifically limited in the embodiment of this specification. The first private key component in the first secret key service client corresponds to a public key, and the public key can be calculated based on the private key. The second secret key service client may obtain the public key of the first private key component of the first secret key service client to encrypt the second private key segment.
秘钥管理服务器在接收到第二秘钥服务客户端返回的确认签名信息时,可以获取第二秘钥服务客户端中的第二私钥分量,并将第二私钥分量发送给第一签名服务客户端。秘钥管理服务器和第一秘钥服务客户端可以利用各自获得或保存的私钥分量对待签名数据进行签名,再进行交易处理,具体签名计算的过程可以参考上述实施例的记载,此处不再赘述。When the key management server receives the confirmation signature information returned by the second key service client, it can obtain the second private key component in the second key service client, and send the second private key component to the first signature Service client. The key management server and the first key service client can use the private key components obtained or saved by each to sign the data to be signed, and then perform transaction processing. For the specific signature calculation process, please refer to the record in the above-mentioned embodiment. Repeat.
本说明书一个实施例中,可以采用安全多方计算mpc对所述待签名数据进行签名,获得所述签名数据。本说明书一个实施例中,mpc计算一般是两方参与,在利用mpc计算进行数据签名时,可以由秘钥管理服务器提供获取到的第二秘钥服务客户端保存的第一私钥分片和待签名数据,由第一秘钥服务客户端提供自身保存的第一私钥分量、获取到的第二秘钥服务客户端保存的第二私钥分片、待签名数据,以确保签名数据的安全性。In an embodiment of this specification, secure multi-party computing mpc may be used to sign the data to be signed to obtain the signature data. In an embodiment of this specification, the MPC calculation is generally two parties participating. When using the MPC calculation to sign data, the key management server can provide the acquired second secret key service client's first private key fragment and For the data to be signed, the first private key component saved by the first secret key service client, the second private key fragments saved by the second secret key service client obtained, and the data to be signed are provided to ensure the signature data safety.
本说明书实施例,第二秘钥服务客户端中将第二私钥分量进行拆分,并将拆分后的第二私钥分片用第一秘钥服务客户端的私钥分量的公钥进行加密。使得秘钥管理服务器无法获得第二秘钥服务客户端的完整的私钥分量,进一步无法获得交易账户的完整的私钥。整个签名过程,没有一方可以获得交易账户的全部私钥,交易过程需要多方完成,提高了交易的安全性。In the embodiment of this specification, the second private key component is split in the second secret key service client, and the split second private key is divided into pieces using the public key of the private key component of the first secret key service client. encryption. As a result, the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account. During the entire signing process, no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of the transaction.
图9是本说明书一个实施例中交易所冷钱包转账到热钱包的数据处理流程示意图,图中线条上的数字可以表示冷钱包转账的步骤,如图9所示,当参考上述图4创建出交易所的冷钱包后,本说明书一个实施例中交易所冷钱包转账的处理过程可以包括:Figure 9 is a schematic diagram of the data processing flow of the exchange’s cold wallet transfer to the hot wallet in an embodiment of this specification. The numbers on the lines in the figure can indicate the steps of the cold wallet transfer, as shown in Figure 9, when you create it with reference to Figure 4 above After the cold wallet of the exchange, the process of transferring the cold wallet of the exchange in an embodiment of this specification may include:
1、管理员1通过第一秘钥服务客户端在本地生成交易报文,对交易报文进行哈希计算后获得待签名的数据,调用kms发起签名的接口,参数为pk1(pk1为管理员1中保 存的冷钱包的第一私钥分量对应的公钥)+待签名数据。1. Administrator 1 generates transaction messages locally through the first secret key service client, hashes the transaction messages to obtain the data to be signed, and calls kms to initiate the signature interface. The parameter is pk1 (pk1 is the administrator The public key corresponding to the first private key component of the cold wallet stored in 1) + data to be signed.
2、管理员2可以通过第二秘钥服务客户端查询待签名数据。2. The administrator 2 can query the data to be signed through the second secret key service client.
3、管理员2同意后,将sk2(sk2表示管理员2保存的冷钱包的第二私钥分量)拆分成2部分sk2=sk2-1+sk2-2(sk2-2被pk1加密),调用kms的签名确认接口。3. After administrator 2 agrees, split sk2 (sk2 represents the second private key component of the cold wallet saved by administrator 2) into 2 parts sk2=sk2-1+sk2-2 (sk2-2 is encrypted by pk1), Call the signature confirmation interface of kms.
4、管理员1通过kms获得管理员2的部分私钥分片sk2-2,并用sk1(sk1表示管理员1保存的冷钱包的第一私钥分量)解密。4. The administrator 1 obtains the partial private key fragment sk2-2 of the administrator 2 through kms, and decrypts it with sk1 (sk1 represents the first private key component of the cold wallet saved by the administrator 1).
5、管理员1和kms做一次mpc计算生成签名数据。管理员1提供sk1+sk2-2+待签名数据,kms提供sk2-1+待签名数据。5. Administrator 1 and kms do an MPC calculation to generate signature data. Administrator 1 provides sk1+sk2-2+ data to be signed, and kms provides sk2-1+ data to be signed.
6、管理员1将待签名数据发送到区块链执行转账。6. The administrator 1 sends the data to be signed to the blockchain to perform the transfer.
需要说明的是,在实际应用中,管理员2可以是多个,当管理员2有多个时,所有的管理员均保存有冷钱包的私钥分量,并且所有管理员的私钥分量之和为冷钱包的私钥。It should be noted that in practical applications, there can be multiple administrators 2. When there are multiple administrators 2, all administrators store the private key component of the cold wallet, and the private key components of all administrators And is the private key of the cold wallet.
将冷钱包的私钥保存在多个人身上,转账时需要多个人一起签名才可以完成交易,确保了交易所资产的安全保证。并且,传统的多重签名依赖于底层链的特性,不同的链不同的方式,增加的代码的复杂度,本说明书实施例中的签名方法简单易用。Keep the private key of the cold wallet in multiple people. When transferring money, multiple people need to sign together to complete the transaction, which ensures the security of exchange assets. Moreover, the traditional multi-signature depends on the characteristics of the underlying chain, different ways of different chains, and increased code complexity. The signature method in the embodiment of this specification is simple and easy to use.
图10是本说明书实施例中数字货币买入或数字货币卖出或用户提币的数据处理流程示意图,图中线条上的数字可以表示交易的步骤,参考上述图1或图3,数字货币的买卖成交后或用户提交的数字货币提币审核通过后,如图10所示,可以采用如下方法进行数字货币的交易转账:Figure 10 is a schematic diagram of the data processing flow of digital currency buying or digital currency selling or user withdrawal in the embodiment of this specification. The numbers on the lines in the figure can indicate the steps of the transaction. Refer to Figure 1 or Figure 3 above. After the transaction is completed or the digital currency withdrawal submitted by the user is approved, as shown in Figure 10, the following methods can be used to perform digital currency transaction transfers:
1、用户通过第一秘钥服务客户端在本地生成交易报文,对交易报文进行哈希计算后获得待签名的数据,调用kms发起签名的接口,参数为pk1(pk1为用户中保存的用户账户的第一私钥分量对应的公钥)+待签名数据。1. The user generates the transaction message locally through the first secret key service client, hashes the transaction message to obtain the data to be signed, and calls the interface of kms to initiate the signature. The parameter is pk1 (pk1 is the saved in the user The public key corresponding to the first private key component of the user account) + data to be signed.
其中,用户可以是进行数字货币买入的用户,此时,用户提交的交易报文可以是数字货币的买单委托。用户还可以是卖出数字货币的用户,此时,用户提交的交易报文可以是数字货币的卖单委托。用户还可以是进行数字货币提币的用户,此时,用户提交的交易报文数据可以是提币请求。Among them, the user may be a user who purchases digital currency. At this time, the transaction message submitted by the user may be a digital currency purchase order commission. The user can also be a user who sells digital currency. At this time, the transaction message submitted by the user can be a digital currency sell order commission. The user may also be a user who performs digital currency withdrawal. At this time, the transaction message data submitted by the user may be a withdrawal request.
即买入用户对应的客户端保存有买入用户账户的第一私钥分量,卖出用户对应的客户端保存有卖出用户的第一私钥分量,第二秘钥服务客户端即交易所保存有买入用户账户的第二私钥分量和卖出用户账户的第二私钥分量。That is, the client corresponding to the buying user stores the first private key component of the buying user account, the client corresponding to the selling user stores the first private key component of the selling user, and the second secret key service client is the exchange The second private key component for buying the user account and the second private key component for selling the user account are stored.
2、交易所可以通过第二秘钥服务客户端查询待签名数据。2. The exchange can query the data to be signed through the second secret key service client.
3、交易所同意后,将sk2(sk2表示交易所保存的冷钱包的第二私钥分量)拆分成2部分sk2=sk2-1+sk2-2(sk2-2被pk1加密),调用kms的签名确认接口。3. After the exchange agrees, split sk2 (sk2 represents the second private key component of the cold wallet saved by the exchange) into 2 parts sk2=sk2-1+sk2-2 (sk2-2 is encrypted by pk1), call kms The signature confirmation interface.
4、用户通过kms获得交易所的部分私钥分片sk2-2,并用sk1(sk1表示用户保存的冷钱包的第一私钥分量)解密。4. The user obtains partial private key fragments sk2-2 of the exchange through kms, and decrypts them with sk1 (sk1 represents the first private key component of the cold wallet saved by the user).
5、用户和kms做一次mpc计算生成签名数据。用户提供sk1+sk2-2+待签名数据,kms提供sk2-1+待签名数据。5. The user and kms do an MPC calculation to generate signature data. The user provides sk1+sk2-2+ data to be signed, and kms provides sk2-1+ data to be signed.
6、用户将待签名数据发送到区块链执行转账。买入用户对应的客户端或卖出用户对应的客户端根据所述签名数据进行交易转账处理。6. The user sends the data to be signed to the blockchain to perform the transfer. The client corresponding to the buying user or the client corresponding to the selling user performs transaction transfer processing according to the signature data.
需要说明的是,其中第一私钥分量、第二私钥分量的生成方式可以在用户账户创建时,参考上述图4、图5的方式生成。It should be noted that the method for generating the first private key component and the second private key component can be generated with reference to the above-mentioned methods of FIG. 4 and FIG. 5 when the user account is created.
用户和交易所各持有一个私钥分量,提币或数字货币的买卖时,对该账户的操作需要2个人共同完成,确保了用户资产的安全性。The user and the exchange each hold a private key component. When withdrawing coins or buying and selling digital currencies, the operation of the account requires two people to complete together, ensuring the security of user assets.
图11是本说明书一个实施例中数字货币的投资管理数据处理流程示意图,图中线条上的数字可以表示数字货币投资管理的步骤,如图11所示,当参考上述图5,创建出理财账户后,用户买入理财产品的数据处理过程可以参考如下:Figure 11 is a schematic diagram of the digital currency investment management data processing flow diagram in an embodiment of this specification. The numbers on the lines in the figure can indicate the steps of digital currency investment management. As shown in Figure 11, when referring to Figure 5 above, a wealth management account is created Later, the data processing process for users buying wealth management products can refer to the following:
1、理财用户通过第一秘钥服务客户端在本地生成交易报文,对交易报文进行哈希计算后获得待签名的数据,调用kms发起签名的接口,参数为pk1(pk1为理财用户中保存的理财账户的第一私钥分量对应的公钥)+待签名数据。1. Wealth management users generate transaction messages locally through the first secret key service client, hash the transaction messages to obtain the data to be signed, call kms to initiate the signature interface, the parameter is pk1 (pk1 is the wealth management user The public key corresponding to the first private key component of the saved wealth management account) + data to be signed.
2、资管方可以通过第二秘钥服务客户端查询待签名数据。2. The asset management party can query the data to be signed through the second secret key service client.
3、资管方同意后,将sk2(sk2表示资管方保存的冷钱包的第二私钥分量)拆分成2部分sk2=sk2-1+sk2-2(sk2-2被pk1加密),调用kms的签名确认接口。3. After the asset manager agrees, split sk2 (sk2 represents the second private key component of the cold wallet stored by the asset manager) into 2 parts sk2=sk2-1+sk2-2 (sk2-2 is encrypted by pk1), Call the signature confirmation interface of kms.
4、理财用户通过kms获得交易所的部分私钥分片sk2-2,并用sk1(sk1表示理财用户保存的冷钱包的第一私钥分量)解密。4. The wealth management user obtains part of the exchange's private key fragment sk2-2 through kms, and decrypts it with sk1 (sk1 represents the first private key component of the cold wallet saved by the wealth management user).
5、理财用户和kms做一次mpc计算生成签名数据。理财用户提供sk1+sk2-2+待签名数据,kms提供sk2-1+待签名数据。5. Wealth management users and kms do an MPC calculation to generate signature data. Wealth management users provide sk1+sk2-2+ data to be signed, and kms provides sk2-1+ data to be signed.
6、用户将待签名数据发送到区块链执行转账。6. The user sends the data to be signed to the blockchain to perform the transfer.
理财用户和资管方各持有一个私钥分量,用户的买入理财产品需要2个人共同完成,确保了用户资产的安全性。并且,用户资产是保存在链上面的,所以是安全、账户流水 透明,确保了用户资产使用的透明性。The wealth management user and the asset management party each hold a private key component, and the user's purchase of the wealth management product requires two individuals to complete it, ensuring the security of the user's assets. In addition, user assets are stored on the chain, so it is safe and account flow is transparent, ensuring the transparency of the use of user assets.
图12是本说明书一个实施例中交易所进行数字货币提币的数据处理流程示意图,图中线条上的数字可以表示交易所提币的步骤,如图12所示,当参考上述图3,交易所提交的提币申请审核通过后,交易所提币的数据处理过程可以参考如下:Figure 12 is a schematic diagram of the data processing flow of digital currency withdrawals performed by the exchange in an embodiment of this specification. The numbers on the lines in the figure can indicate the steps of the exchange withdrawing coins. As shown in Figure 12, when referring to the above figure 3, the transaction After the submitted withdrawal application is approved, the data processing process of the exchange withdrawal can be referred to as follows:
1、当提币审核通过后交易所通过第一秘钥服务客户端在本地生成交易报文,对交易报文进行哈希计算后获得待签名的数据,调用kms发起签名的接口,参数为pk1(pk1为管理员1中保存的冷钱包的第一私钥分量对应的公钥)+待签名数据。交易所可以表示交易所系统或交易所平台,可以由交易所的管理员负责管理。1. After the withdrawal is approved, the exchange will generate transaction messages locally through the first secret key service client, hash the transaction messages to obtain the data to be signed, call kms to initiate the signature interface, the parameter is pk1 (pk1 is the public key corresponding to the first private key component of the cold wallet saved in the administrator 1) + data to be signed. An exchange can represent an exchange system or an exchange platform, and can be managed by an administrator of the exchange.
2、管理员可以通过第二秘钥服务客户端查询待签名数据。2. The administrator can query the data to be signed through the second secret key service client.
3、管理员同意后,将sk2(sk2表示管理员保存的冷钱包的第二私钥分量)拆分成2部分sk2=sk2-1+sk2-2(sk2-2被pk1加密),调用kms的签名确认接口。3. After the administrator agrees, split sk2 (sk2 represents the second private key component of the cold wallet saved by the administrator) into 2 parts sk2=sk2-1+sk2-2 (sk2-2 is encrypted by pk1), call kms The signature confirmation interface.
4、交易所通过kms获得管理员的部分私钥分片sk2-2,并用sk1(sk1表示交易所保存的交易所账户的第一私钥分量)解密。4. The exchange obtains partial private key sk2-2 of the administrator through kms, and decrypts it with sk1 (sk1 represents the first private key component of the exchange account saved by the exchange).
5、交易所和kms做一次mpc计算生成签名数据。交易所提供sk1+sk2-2+待签名数据,kms提供sk2-1+待签名数据。5. The exchange and kms do an MPC calculation to generate signature data. The exchange provides sk1+sk2-2+ data to be signed, and kms provides sk2-1+ data to be signed.
6、交易所将待签名数据发送到区块链执行转账。6. The exchange sends the data to be signed to the blockchain to perform the transfer.
需要说明的是,在实际应用中,管理员可以是多个,当管理员有多个时,所有的管理员以及交易所均保存有交易所账户的私钥分量,并且所有管理员的私钥分量之和为交易所账户的私钥。It should be noted that in practical applications, there can be multiple administrators. When there are multiple administrators, all administrators and exchanges store the private key component of the exchange account, and the private keys of all administrators The sum of the weights is the private key of the exchange account.
将交易所账户的私钥保存在多个管理人员身上,转账时需要多个人一起签名才可以完成交易,确保了交易所资产的安全性。The private key of the exchange account is stored in multiple managers. When transferring funds, multiple people need to sign together to complete the transaction, ensuring the security of the exchange's assets.
需要说明的是,本说明书实施例中签名计算过程,使用mpc计算,mpc计算方法可以集成在秘钥管理服务器或第一秘钥服务客户端中,也可以单独集成在签名计算模块中,本说明书实施例不作具体限定。It should be noted that the signature calculation process in the embodiments of this specification uses mpc calculation. The mpc calculation method can be integrated in the key management server or the first key service client, or it can be integrated in the signature calculation module separately. The embodiments are not specifically limited.
本说明书中上述方法的各个实施例均采用递进的方式描述,步骤并表示严格的先后顺序,根据实际需要可以调整各个步骤的顺序。各个实施例之间相同相似的部分互相参加即可,每个实施例重点说明的都是与其他实施例的不同之处。相关之处参加方法实施例的部分说明即可。The various embodiments of the above methods in this specification are described in a progressive manner, and the steps indicate a strict sequence, and the sequence of the steps can be adjusted according to actual needs. The same and similar parts between the various embodiments can be mutually participated, and each embodiment focuses on the differences from other embodiments. Part of the description of the method embodiment can be used for relevant points.
基于上述所述的数字货币交易数据处理方法,本说明书一个或多个实施例还提供一种数字货币交易数据处理服务器、数字货币交易数据处理客户端、数字货币交易数据处理终端。所述的服务器、客户端、终端可以包括使用了本说明书实施例所述方法的系统(包括分布式系统)、软件(应用)、模块、组件、服务器、客户端等并结合必要的实施硬件的装置。基于同一创新构思,本说明书实施例提供的一个或多个实施例中的服务器如下面的实施例所述。由于服务器解决问题的实现方案与方法相似,因此本说明书实施例具体的服务器、客户端、终端的实施可以参加前述方法的实施,重复之处不再赘述。以下所使用的,术语“单元”或者“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。Based on the digital currency transaction data processing method described above, one or more embodiments of this specification also provide a digital currency transaction data processing server, a digital currency transaction data processing client, and a digital currency transaction data processing terminal. The servers, clients, and terminals may include systems (including distributed systems), software (applications), modules, components, servers, clients, etc. that use the methods described in the embodiments of this specification, combined with necessary implementation hardware Device. Based on the same innovative concept, the server in one or more embodiments provided in the embodiments of this specification is as described in the following embodiments. Since the implementation scheme and method of the server to solve the problem are similar, the specific implementation of the server, client, and terminal in the embodiment of this specification can participate in the implementation of the foregoing method, and the repetition will not be repeated. As used below, the term "unit" or "module" can be a combination of software and/or hardware that implements predetermined functions. Although the devices described in the following embodiments are preferably implemented by software, hardware or a combination of software and hardware is also possible and conceived.
具体地,图13是本说明书提供的数字货币交易数据处理服务器一个实施例的模块结构示意图,如图13所示,本说明书中提供的数字货币交易数据处理服务器可以理解为上述实施例中的秘钥管理服务器,可以包括:交易请求接收模块131、签名数据转发模块132、第一签名模块133、第一转账处理模块134,其中:Specifically, FIG. 13 is a schematic diagram of the module structure of an embodiment of the digital currency transaction data processing server provided in this specification. As shown in FIG. 13, the digital currency transaction data processing server provided in this specification can be understood as the secret in the above embodiment. The key management server may include: a transaction request receiving module 131, a signature data forwarding module 132, a first signature module 133, and a first transfer processing module 134, where:
交易请求接收模块131,可以用于接收第一秘钥服务客户端发送的交易请求数据,所述交易请求数据包括待签名数据;The transaction request receiving module 131 may be used to receive transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed;
签名数据转发模块132,可以用于将所述待签名数据发送至第二秘钥服务客户端;The signed data forwarding module 132 may be used to send the data to be signed to the second secret key service client;
第一签名模块133,可以用于根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;The first signature module 133 may be used to perform a signature on the data to be signed according to the first private key component stored by the first secret key service client and the second private key component stored by the second secret key service client. Sign to obtain signature data, wherein the sum of the first private key component and the second private key component is the private key of the transaction account;
第一转账处理模块134,可以用于将所述签名数据发送至所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端进行交易转账处理。The first transfer processing module 134 may be configured to send the signature data to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
本说明书实施例提供的数字货币交易数据处理服务器,将交易账户的私钥拆分成不同的私钥分量,分别保存在数字货币交易对应的不同的秘钥服务客户端即不同的用户手中。在需要进行数字货币的交易时,需要各个秘钥服务客户端均同意交易转账后,利用各个秘钥服务客户端保存的私钥分量进行签名计算,获得签名数据,转账信息才能生效。各秘钥服务客户端保存的私钥分量之和为交易账户的私钥,签名数据实质上是利用交易账户的私钥进行签名获得的,完成交易账户的签名转账。通过将交易账户的私钥分量进行分开保存,转账时,需要多个秘钥服务客户端的私钥分量一起签名才能完成交易,确 保了数字货币交易的安全性。The digital currency transaction data processing server provided by the embodiment of this specification splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients corresponding to the digital currency transaction, that is, different users. When a digital currency transaction is required, after each secret key service client agrees to the transaction transfer, the private key component saved by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect. The sum of the private key components saved by each secret key service client is the private key of the transaction account. The signature data is essentially obtained by signing with the private key of the transaction account to complete the signature transfer of the transaction account. By separately storing the private key components of the transaction account, when transferring funds, the private key components of multiple secret key service clients are required to sign together to complete the transaction, ensuring the security of digital currency transactions.
在上述实施例的基础上,所述第二私钥分量包括第一私钥分片、第二私钥分片;On the basis of the foregoing embodiment, the second private key component includes a first private key fragment and a second private key fragment;
相应地,所述第一签名模块具体用于:Correspondingly, the first signature module is specifically used for:
获取所述第一私钥分片,并将所述第二私钥分片发送给所述第一秘钥服务客户端;Acquiring the first private key fragment, and sending the second private key fragment to the first secret key service client;
根据所述第一私钥分片,与所述第一秘钥服务客户端中保存的第一私钥分量、所述第一秘钥服务客户端接收到的所述第二私钥分片对所述待签名数据进行签名,获得所述签名数据。According to the first private key shard, pair with the first private key component stored in the first secret key service client and the second private key shard received by the first secret key service client The data to be signed is signed to obtain the signature data.
本说明书实施例提供的数字货币交易数据处理服务器,通过将第二秘钥服务客户端的私钥分量拆分成两部分,一部分发送给秘钥管理服务器,一部分发送给第一秘钥服务客户端,由秘钥管理服务器和第一秘钥服务客户端利用对应的私钥分量进行数据签名。任何一方都没有获得交易账户的完整的私钥,确保了交易的安全性。并且,相对于现有技术中多重签名依赖于底层链的特性,不同的链不同的方式,增加的代码的复杂度。本说明书实施例利用秘钥管理服务器kms的传签技术,可以快速的实现交易数据的签名,方法简单,提高了数据处理的速度。The digital currency transaction data processing server provided by the embodiment of this specification splits the private key component of the second secret key service client into two parts, one part is sent to the secret key management server, and the other part is sent to the first secret key service client. The key management server and the first key service client use the corresponding private key component to sign data. No party has obtained the complete private key of the transaction account, ensuring the security of the transaction. Moreover, compared with the prior art multi-signature relies on the characteristics of the underlying chain, different chains have different ways and increase the complexity of the code. The embodiment of this specification utilizes the signature transmission technology of the secret key management server kms, which can quickly realize the signature of the transaction data, the method is simple, and the data processing speed is improved.
在上述实施例的基础上,所述第一私钥分量对应有公钥,所述第二私钥分片采用所述第一私钥分量对应的公钥进行加密;On the basis of the foregoing embodiment, the first private key component corresponds to a public key, and the second private key segment is encrypted using the public key corresponding to the first private key component;
相应地,所述第一签名模块具体用于:Correspondingly, the first signature module is specifically used for:
接收所述第二秘钥服务客户端的签名确认信息,获取所述第一私钥分片和加密后的第二私钥分片;Receiving the signature confirmation information of the second secret key service client, and obtaining the first private key fragment and the encrypted second private key fragment;
将所述加密后的第二私钥分片发送给所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端利用所述第一私钥分量解密获得所述第二私钥分片。The encrypted second private key fragments are sent to the first secret key service client, so that the first secret key service client uses the first private key component to decrypt to obtain the second private key Key fragmentation.
本说明书实施例提供的数字货币交易数据处理服务器,将第二秘钥服务客户端中的私钥分量进行拆分,并将拆分后的第二私钥分片用第一秘钥服务客户端保存的第一私钥分量的公钥进行加密。使得秘钥管理服务器无法获得第二秘钥服务客户端的完整的私钥分量,进一步无法获得交易账户的完整的私钥。整个签名过程,没有一方可以获得交易账户的全部私钥,交易过程需要多方完成,提高了数字货币交易的安全性。The digital currency transaction data processing server provided by the embodiment of this specification splits the private key component in the second secret key service client, and uses the first secret key service client to slice the split second private key The public key of the stored first private key component is encrypted. As a result, the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account. During the entire signing process, no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of digital currency transactions.
在上述实施例的基础上,所述第一签名模块具体用于:On the basis of the foregoing embodiment, the first signature module is specifically configured to:
根据所述第一私钥分量和所述第二私钥分量,与所述第一秘钥服务客户端,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。According to the first private key component and the second private key component, and the first secret key service client, use secure multi-party computing to sign the data to be signed to obtain the signature data.
本说明书实施例提供的数字货币交易数据处理服务器,将交易账户的私钥分量分别 保存在不同的客户端中,利用多方安全计算,进行签名计算,以确保签名数据的安全性。The digital currency transaction data processing server provided by the embodiment of this specification separately stores the private key components of the transaction account in different clients, and uses multi-party secure calculation to perform signature calculation to ensure the security of the signature data.
在上述实施例的基础上,所述交易请求接收模块接收到的所述交易请求数据包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。On the basis of the foregoing embodiment, the transaction request data received by the transaction request receiving module includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, At least one of financial request data.
本说明书实施例提供的数字货币交易数据处理服务器,为不同场景的数字货币的交易提供了安全保证,确保了用户资产或交易所资产的安全性。The digital currency transaction data processing server provided in the embodiments of this specification provides security guarantees for digital currency transactions in different scenarios, and ensures the security of user assets or exchange assets.
需要说明的,上述所述的服务器根据方法实施例的描述还可以包括其他的实施方式。具体的实现方式可以参照上述秘钥管理器执行的方法实施例的描述,在此不作一一赘述。It should be noted that the foregoing server may also include other implementation manners according to the description of the method embodiment. For a specific implementation manner, reference may be made to the description of the method embodiment executed by the key manager, which will not be repeated here.
本说明书实施例还提供可一种数字货币交易数据处理客户端即上述实施例中的第一秘钥服务客户端,图14是本说明书实施例中的数字货币交易数据处理客户端的结构示意图,如图14所示,本说明书实施例中的数字货币交易数据处理客户端可以执行上述实施例中第一秘钥服务客户端对应的数据处理过程,可以包括:交易请求发送模块141、秘钥接收模块142、第二签名模块143、第二转账处理模块144,其中:The embodiment of this specification also provides a digital currency transaction data processing client, that is, the first secret key service client in the above embodiment. FIG. 14 is a schematic diagram of the structure of the digital currency transaction data processing client in the embodiment of this specification. As shown in FIG. 14, the digital currency transaction data processing client in the embodiment of this specification can execute the data processing process corresponding to the first secret key service client in the above embodiment, and may include: a transaction request sending module 141, a secret key receiving module 142. The second signature module 143 and the second transfer processing module 144, wherein:
交易请求发送模块141,可以用于向秘钥管理服务器发送交易请求数据,以使得所述秘钥管理服务器向第二秘钥服务客户端发送交易请求数据,所述交易请求数据包括待签名数据;The transaction request sending module 141 may be used to send transaction request data to the secret key management server, so that the secret key management server sends transaction request data to the second secret key service client, where the transaction request data includes data to be signed;
秘钥接收模块142,可以用于接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量;The secret key receiving module 142 may be configured to receive the second private key component saved by the second secret key service client and sent by the secret key management server;
第二签名模块143,可以用于根据自身保存的第一私钥分量以及接收到的所述第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;The second signature module 143 can be used to sign the data to be signed according to the first private key component stored by itself and the received second private key component to obtain signature data, wherein the first private key component The sum of the key component and the second private key component is the private key of the transaction account;
第二转账处理模块144,可以用于根据所述签名数据进行交易转账处理。The second transfer processing module 144 may be used to perform transaction transfer processing according to the signature data.
本说明书实施例提供的数字货币交易数据处理客户端,将交易账户的私钥拆分成不同的私钥分量,分别保存在不同的秘钥服务客户端即用户手中。在需要进行数字货币交易时,需要各个秘钥服务客户端均同意转账后,利用各个秘钥服务客户端保存的冷钱包的私钥分量进行签名计算,获得签名数据,转账信息才能生效。各秘钥服务客户端保存的冷钱包的私钥分量之和为交易账户的私钥,签名数据实质上是利用交易账户的私钥签名获得的,完成交易账户的签名转账。通过将交易账户的私钥分量进行分开保存,转账时,需要多个秘钥服务客户端的私钥分量一起签名才能完成交易,确保了交易的安全性。The digital currency transaction data processing client provided by the embodiment of this specification splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients, that is, the user. When digital currency transactions are required, after each secret key service client agrees to transfer, the private key component of the cold wallet stored by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect. The sum of the private key components of the cold wallet stored by each secret key service client is the private key of the transaction account. The signature data is essentially obtained by signing the transaction account's private key to complete the signature transfer of the transaction account. By separately storing the private key components of the transaction account, when transferring funds, the private key components of multiple secret key service clients need to be signed together to complete the transaction, ensuring the security of the transaction.
在上述实施例的基础上,本说明书一个实施例中,所述第二私钥分量包括:第一私钥分片、第二私钥分片,所述第二私钥分片使用所述第一私钥分量对应的公钥进行加密;On the basis of the above-mentioned embodiment, in an embodiment of this specification, the second private key component includes: a first private key fragment, a second private key fragment, and the second private key fragment uses the first private key fragment. A public key corresponding to a private key component is encrypted;
相应地,所述秘钥接收模块具体用于:Correspondingly, the secret key receiving module is specifically used for:
接收所述秘钥管理服务器发送的加密后的第二私钥分片,并利用所述第一私钥分量对所述加密后的第二私钥分片进行解密,获得所述第二私钥分片;Receive the encrypted second private key segment sent by the key management server, and use the first private key component to decrypt the encrypted second private key segment to obtain the second private key Fragmentation;
相应地,所述第二签名模块具体用于:Correspondingly, the second signature module is specifically used for:
根据所述第一私钥分量、获得的所述第二私钥分片,以及所述秘钥管理服务器获得的所述第一私钥分片对所述待签名数据进行签名,获得签名数据。Sign the data to be signed according to the first private key component, the obtained second private key fragment, and the first private key fragment obtained by the key management server to obtain signature data.
本说明书实施例提供的数字货币交易数据处理客户端,将第二秘钥服务客户端中的私钥分量进行拆分,并将拆分后的第二私钥分片用第一秘钥服务客户端的私钥分量的公钥进行加密。使得秘钥管理服务器无法获得第二秘钥服务客户端的完整的私钥分量,进一步无法获得交易账户的完整的私钥。整个签名过程,没有一方可以获得交易账户的全部私钥,交易过程需要多方完成,提高了交易的安全性。The digital currency transaction data processing client provided by the embodiment of this specification splits the private key component in the second secret key service client, and uses the split second private key to serve the client with the first secret key. The public key of the private key component of the end is encrypted. As a result, the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account. During the entire signing process, no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of the transaction.
在上述实施例的基础上,本说明书一个实施例中,所述第二签名模块具体用于:On the basis of the foregoing embodiment, in an embodiment of this specification, the second signature module is specifically used for:
根据所述第一私钥分量和所述第二私钥分量,与所述秘钥管理服务器,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。According to the first private key component and the second private key component, and the key management server, use secure multi-party computing to sign the data to be signed to obtain the signature data.
本说明书实施例提供的数字货币交易数据处理客户端,将交易账户的私钥分量分别保存在不同的客户端中,利用多方安全计算,进行签名计算,以确保签名数据的安全性。The digital currency transaction data processing client provided by the embodiment of this specification separately stores the private key components of the transaction account in different clients, and uses multi-party secure calculation to perform signature calculation to ensure the security of the signature data.
在上述实施例的基础上,本说明书一个实施例中,所述交易请求发送模块发送的所述交易请求数据包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。On the basis of the above-mentioned embodiment, in an embodiment of this specification, the transaction request data sent by the transaction request sending module includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, transaction At least one of the withdrawal request data and the financial management request data.
本说明书实施例提供的数字货币交易数据处理客户端,为不同场景的数字货币的交易提供了安全保证,确保了用户资产或交易所资产的安全性。The digital currency transaction data processing client provided in the embodiments of this specification provides security guarantees for digital currency transactions in different scenarios, and ensures the security of user assets or exchange assets.
在上述实施例的基础上,本说明书一个实施例中,所述客户端还包括第一私钥分量生成模块,用于:On the basis of the foregoing embodiment, in an embodiment of this specification, the client further includes a first private key component generating module, configured to:
若所述交易请求数据为所述数字货币买卖交易请求数据或所述用户提币请求数据或所述理财请求数据,在所述用户账户创建时,根据所述用户账户对应的私钥,与所述第二秘钥服务客户端分别生成各自的第一私钥分量、第二私钥分量;If the transaction request data is the digital currency transaction request data or the user withdrawal request data or the wealth management request data, when the user account is created, the private key corresponding to the user account will be The second secret key service client generates respective first private key components and second private key components;
若所述交易请求数据为所述冷钱包转账请求数据或交易所提币请求数据,在所述交易所账户创建时,根据所述交易所账户的私钥,与所述第二秘钥服务客户端分别生成各 自的第一私钥分量、第二私钥分量。If the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data, when the exchange account is created, according to the private key of the exchange account, serve the customer with the second secret key The terminals respectively generate their first private key component and second private key component.
本说明书实施例提供的数字货币交易数据处理客户端,在交易账户创建是根据交易账户的私钥生成多个私钥分量,私钥分量由多个用户保存,为后续数字货币的安全交易提供了数据基础。In the digital currency transaction data processing client provided by the embodiment of this specification, when a transaction account is created, multiple private key components are generated according to the private key of the transaction account. The private key components are stored by multiple users, which provides a secure transaction for subsequent digital currency transactions. Data basis.
需要说明的,上述所述的客户端根据方法实施例的描述还可以包括其他的实施方式。具体的实现方式可以参照上述第一秘钥服务客户端执行的方法实施例的描述,在此不作一一赘述。It should be noted that the foregoing description of the client according to the method embodiment may also include other implementation manners. For the specific implementation manner, refer to the description of the method embodiment executed by the first secret key service client, which will not be repeated here.
本说明书实施例还提供可一种数字货币交易数据处理终端即上述实施例中的第二秘钥服务客户端,图15是本说明书实施例中的数字货币交易数据处理终端的结构示意图,如图15所示,本说明书实施例中的数字货币交易数据处理终端可以执行上述实施例中第二秘钥服务客户端对应的数据处理过程,可以包括:交易请求查询模块151、签名确认模块152,其中:The embodiment of this specification also provides a digital currency transaction data processing terminal, that is, the second secret key service client in the above embodiment. FIG. 15 is a schematic diagram of the structure of the digital currency transaction data processing terminal in the embodiment of this specification, as shown in FIG. As shown in 15, the digital currency transaction data processing terminal in the embodiment of this specification can execute the data processing process corresponding to the second secret key service client in the above embodiment, and can include: a transaction request query module 151 and a signature confirmation module 152. :
交易请求查询模块151,可以用于接收秘钥管理服务器发送的交易请求数据,所述交易请求数据由第一秘钥服务客户端发送,所述交易请求数据包括待签名数据;The transaction request query module 151 may be used to receive transaction request data sent by the key management server, the transaction request data being sent by the first key service client, and the transaction request data including data to be signed;
签名确认模块152,可以用于向所述秘钥管理服务器返回确认签名信息,并将自身保存的第二私钥分量发送给所述秘钥管理服务器,以使得所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,获得签名数据,且由所述第一秘钥服务客户端根据所述签名数据进行交易转账处理;The signature confirmation module 152 may be used to return confirmation signature information to the key management server, and send the second private key component stored by itself to the key management server, so that the secret key management server and the The first secret key service client signs the data to be signed according to the second private key component and the first private key component saved by the first secret key service client to obtain the signature data, and the The first secret key service client performs transaction transfer processing according to the signature data;
其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Wherein, the sum of the first private key component and the second private key component is the private key of the transaction account.
本说明书实施例提供的数字货币交易数据处理终端,将交易账户的私钥拆分成不同的私钥分量,分别保存在不同的秘钥服务客户端即用户手中。在需要进行数字货币交易时,需要各个秘钥服务客户端均同意转账后,利用各个秘钥服务客户端保存的冷钱包的私钥分量进行签名计算,获得签名数据,转账信息才能生效。各秘钥服务客户端保存的冷钱包的私钥分量之和为交易账户的私钥,签名数据实质上是利用交易账户的私钥签名获得的,完成交易账户的签名转账。通过将交易账户的私钥分量进行分开保存,转账时,需要多个秘钥服务客户端的私钥分量一起签名才能完成交易,确保了交易的安全性。The digital currency transaction data processing terminal provided by the embodiment of this specification splits the private key of the transaction account into different private key components, which are respectively stored in the hands of different secret key service clients, that is, users. When digital currency transactions are required, after each secret key service client agrees to transfer, the private key component of the cold wallet stored by each secret key service client is used for signature calculation to obtain the signature data, and the transfer information can take effect. The sum of the private key components of the cold wallet stored by each secret key service client is the private key of the transaction account. The signature data is essentially obtained by signing the transaction account's private key to complete the signature transfer of the transaction account. By separately storing the private key components of the transaction account, when transferring funds, the private key components of multiple secret key service clients need to be signed together to complete the transaction, ensuring the security of the transaction.
在上述实施例的基础上,本说明书一个实施例中,所述签名确认模块具体用于:On the basis of the foregoing embodiment, in an embodiment of this specification, the signature confirmation module is specifically used for:
将所述第二私钥分量拆分成第一私钥分片和第二私钥分片,并采用所述第一私钥分量对应的公钥对所述第二私钥分片进行加密;Split the second private key component into a first private key fragment and a second private key fragment, and encrypt the second private key fragment by using a public key corresponding to the first private key component;
将所述第一私钥分片和所述加密后的第二私钥分片发送给所述秘钥管理服务器;Sending the first private key fragment and the encrypted second private key fragment to the secret key management server;
相应地,所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,包括:Correspondingly, the secret key management server and the first secret key service client perform the signature on the to-be-signed according to the second private key component and the first private key component stored by the first secret key service client Data is signed, including:
所述秘钥管理服务器将所述加密后的第二私钥分片发送给所述第一秘钥服务客户端;The key management server sends the encrypted second private key fragments to the first key service client;
所述第一秘钥服务客户端采用所述第一私钥分量对所述加密后的第二私钥分片进行解密,获得所述第二私钥分片;The first secret key service client uses the first private key component to decrypt the encrypted second private key fragment to obtain the second private key fragment;
基于所述第一私钥分片、第一私钥分量、第二私钥分片,所述秘钥管理服务器与所述第一秘钥服务客户端,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。Based on the first private key fragment, the first private key component, and the second private key fragment, the key management server and the first key service client use secure multi-party computing to compare the data to be signed Sign and obtain the signature data.
本说明书实施例提供的数字货币交易数据处理终端,第二秘钥服务客户端中将第二私钥分量进行拆分,并将拆分后的第二私钥分片用第一秘钥服务客户端的私钥分量的公钥进行加密。使得秘钥管理服务器无法获得第二秘钥服务客户端的完整的私钥分量,进一步无法获得交易账户的完整的私钥。整个签名过程,没有一方可以获得交易账户的全部私钥,交易过程需要多方完成,提高了交易的安全性。In the digital currency transaction data processing terminal provided by the embodiment of this specification, the second private key component is split in the second secret key service client, and the split second private key is used to serve the client with the first secret key. The public key of the private key component of the end is encrypted. As a result, the key management server cannot obtain the complete private key component of the second key service client, and further cannot obtain the complete private key of the transaction account. During the entire signing process, no one party can obtain all the private keys of the transaction account, and the transaction process needs to be completed by multiple parties, which improves the security of the transaction.
在上述实施例的基础上,本说明书一个实施例中,所述交易请求查询模块接收到的所述交易请求数据包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。Based on the foregoing embodiment, in an embodiment of this specification, the transaction request data received by the transaction request query module includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, At least one of exchange withdrawal request data and wealth management request data.
本说明书实施例提供的数字货币交易数据处理终端,为不同场景的数字货币的交易提供了安全保证,确保了用户资产或交易所资产的安全性。The digital currency transaction data processing terminal provided in the embodiments of this specification provides security guarantees for digital currency transactions in different scenarios, and ensures the security of user assets or exchange assets.
在上述实施例的基础上,本说明书一个实施例中,所述终端还包括第二私钥分量生成模块,用于:On the basis of the foregoing embodiment, in an embodiment of this specification, the terminal further includes a second private key component generating module, configured to:
若所述交易请求数据为所述数字货币买卖交易请求数据或所述用户提币请求数据或所述理财请求数据,在所述用户账户创建时,根据所述用户账户对应的私钥,与所述第一秘钥服务客户端分别生成各自的第二私钥分量、第一私钥分量;If the transaction request data is the digital currency transaction request data or the user withdrawal request data or the wealth management request data, when the user account is created, the private key corresponding to the user account will be The first secret key service client generates respective second private key components and first private key components;
若所述交易请求数据为所述冷钱包转账请求数据或交易所提币请求数据,在所述交易所账户创建时,根据所述交易所账户的私钥,与所述第一秘钥服务客户端分别生成各自的第二私钥分量、第一私钥分量。If the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data, when the exchange account is created, according to the private key of the exchange account, serve the customer with the first secret key The terminals respectively generate their second private key component and first private key component.
本说明书实施例提供的数字货币交易数据处理终端,在交易账户创建是根据交易账户的私钥生成多个私钥分量,私钥分量由多个用户保存,为后续数字货币的安全交易提 供了数据基础。The digital currency transaction data processing terminal provided by the embodiment of this specification generates multiple private key components according to the private key of the transaction account during transaction account creation. The private key components are stored by multiple users and provide data for subsequent secure transactions of digital currency basis.
需要说明的,上述所述的终端根据方法实施例的描述还可以包括其他的实施方式。具体的实现方式可以参照上述第二秘钥服务客户端执行的方法实施例的描述,在此不作一一赘述。It should be noted that the foregoing terminal may also include other implementation manners according to the description of the method embodiment. For the specific implementation manner, reference may be made to the description of the method embodiment executed by the second secret key service client, which is not repeated here.
本说明书实施例还提供一种数字货币交易数据处理设备,包括:至少一个处理器以及用于存储处理器可执行指令的存储器,所述处理器执行所述指令时实现上述实施例的数字货币交易数据处理方法,如:The embodiment of the present specification also provides a digital currency transaction data processing device, including: at least one processor and a memory for storing processor-executable instructions, and the processor implements the digital currency transaction of the foregoing embodiment when the processor executes the instructions Data processing methods, such as:
接收第一秘钥服务客户端发送的交易请求数据,所述交易请求数据包括待签名数据;Receiving transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed;
将所述待签名数据发送至第二秘钥服务客户端;Sending the data to be signed to the second secret key service client;
根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;According to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client, the data to be signed is signed to obtain the signature data, wherein: The sum of the first private key component and the second private key component is the private key of the transaction account;
将所述签名数据发送至所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端进行交易转账处理。The signature data is sent to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
或,or,
向秘钥管理服务器发送交易请求数据,以使得所述秘钥管理服务器向第二秘钥服务客户端发送交易请求数据,所述交易请求数据包括待签名数据;Sending transaction request data to the secret key management server, so that the secret key management server sends transaction request data to the second secret key service client, where the transaction request data includes data to be signed;
接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量;Receiving the second private key component saved by the second key service client and sent by the key management server;
根据自身保存的第一私钥分量以及接收到的所述第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;According to the first private key component stored by itself and the received second private key component, the data to be signed is signed to obtain signature data, wherein the first private key component and the second private key The sum of the weights is the private key of the trading account;
根据所述签名数据进行交易转账处理。Perform transaction transfer processing according to the signature data.
或,or,
接收秘钥管理服务器发送的交易请求数据,所述交易请求数据由第一秘钥服务客户端发送,所述交易请求数据包括待签名数据;Receiving transaction request data sent by the secret key management server, the transaction request data being sent by the first secret key service client, and the transaction request data including data to be signed;
向所述秘钥管理服务器返回确认签名信息,并将自身保存的第二私钥分量发送给所述秘钥管理服务器,以使得所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,获得签名数据,且由所述第一秘钥服务客户端根据所述签名数据进行交易转账处理;Return confirmation signature information to the key management server, and send the second private key component stored by itself to the key management server, so that the key management server and the first key service client The second private key component and the first private key component saved by the first secret key service client sign the data to be signed to obtain the signature data, and the first secret key service client is based on The signature data is processed for transaction transfer;
其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Wherein, the sum of the first private key component and the second private key component is the private key of the transaction account.
在上述实施例的基础上,本说明书一个实施例中还可以提供一种计算机可读存储介质,其上存储有计算机指令,所述指令被执行时实现上述实施例数字货币交易数据处理方法,如:On the basis of the above-mentioned embodiment, an embodiment of this specification may also provide a computer-readable storage medium on which computer instructions are stored, which when executed, realize the digital currency transaction data processing method of the above-mentioned embodiment, such as :
接收第一秘钥服务客户端发送的交易请求数据,所述交易请求数据包括待签名数据;Receiving transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed;
将所述待签名数据发送至第二秘钥服务客户端;Sending the data to be signed to the second secret key service client;
根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;According to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client, the data to be signed is signed to obtain the signature data, wherein: The sum of the first private key component and the second private key component is the private key of the transaction account;
将所述签名数据发送至所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端进行交易转账处理。The signature data is sent to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
或,or,
向秘钥管理服务器发送交易请求数据,以使得所述秘钥管理服务器向第二秘钥服务客户端发送交易请求数据,所述交易请求数据包括待签名数据;Sending transaction request data to the secret key management server, so that the secret key management server sends transaction request data to the second secret key service client, where the transaction request data includes data to be signed;
接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量;Receiving the second private key component saved by the second key service client and sent by the key management server;
根据自身保存的第一私钥分量以及接收到的所述第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;According to the first private key component stored by itself and the received second private key component, the data to be signed is signed to obtain signature data, wherein the first private key component and the second private key The sum of the weights is the private key of the trading account;
根据所述签名数据进行交易转账处理。Perform transaction transfer processing according to the signature data.
或,or,
接收秘钥管理服务器发送的交易请求数据,所述交易请求数据由第一秘钥服务客户端发送,所述交易请求数据包括待签名数据;Receiving transaction request data sent by the secret key management server, the transaction request data being sent by the first secret key service client, and the transaction request data including data to be signed;
向所述秘钥管理服务器返回确认签名信息,并将自身保存的第二私钥分量发送给所述秘钥管理服务器,以使得所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,获得签名数据,且由所述第一秘钥服务客户端根据所述签名数据进行交易转账处理;Return confirmation signature information to the key management server, and send the second private key component stored by itself to the key management server, so that the key management server and the first key service client The second private key component and the first private key component saved by the first secret key service client sign the data to be signed to obtain the signature data, and the first secret key service client is based on The signature data is processed for transaction transfer;
其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Wherein, the sum of the first private key component and the second private key component is the private key of the transaction account.
所述存储介质可以包括用于存储信息的物理装置,通常是将信息数字化后再以利用 电、磁或者光学等方式的媒体加以存储。所述存储介质有可以包括:利用电能方式存储信息的装置如,各式存储器,如RAM、ROM等;利用磁能方式存储信息的装置如,硬盘、软盘、磁带、磁芯存储器、磁泡存储器、U盘;利用光学方式存储信息的装置如,CD或DVD。当然,还有其他方式的可读存储介质,例如量子存储器、石墨烯存储器等等。The storage medium may include a physical device for storing information, and usually the information is digitized and then stored in an electric, magnetic, or optical medium. The storage medium may include: devices that use electrical energy to store information, such as various types of memory, such as RAM, ROM, etc.; devices that use magnetic energy to store information, such as hard disks, floppy disks, magnetic tapes, magnetic core memory, bubble memory, U disk; a device that uses optical means to store information, such as CD or DVD. Of course, there are other ways of readable storage media, such as quantum memory, graphene memory, and so on.
需要说明的,上述所述的处理设备以及计算机可读存储介质根据方法实施例的描述还可以包括其他的实施方式。具体的实现方式可以参照相关方法实施例的描述,在此不作一一赘述。It should be noted that the above-mentioned processing device and computer-readable storage medium may further include other implementation manners according to the description of the method embodiment. For specific implementation manners, reference may be made to the description of the related method embodiments, which will not be repeated here.
在上述实施例的基础上,本说明书一个实施例中还可以提供一种数字货币交易数据处理系统,可以包括:秘钥管理服务器、第一秘钥服务客户端、第二秘钥服务客户端;On the basis of the foregoing embodiment, an embodiment of this specification may also provide a digital currency transaction data processing system, which may include: a secret key management server, a first secret key service client, and a second secret key service client;
所述数字货币交易数据处理系统用于进行数字货币的买入卖出、数字货币的提币、交易所系统数字货币的冷钱包转账、数字货币的投资管理中的至少一种,所述秘钥管理服务器、所述第一秘钥服务客户端、所述第二秘钥服务客户端执行上述实施例中对应的方法。The digital currency transaction data processing system is used to perform at least one of the buying and selling of digital currency, the withdrawal of digital currency, the cold wallet transfer of digital currency in the exchange system, and the investment management of digital currency. The secret key The management server, the first secret key service client, and the second secret key service client execute the corresponding methods in the foregoing embodiments.
如图9-图12所示,本说明书实施例中的数字货币交易数据处理系统在进行不同场景的数字货币交易时,第一秘钥服务客户端和第二秘钥服务客户端对应于不同的终端,如:As shown in Figures 9-12, when the digital currency transaction data processing system in the embodiment of this specification performs digital currency transactions in different scenarios, the first secret key service client and the second secret key service client correspond to different Terminal, such as:
若所述数字货币交易数据处理系统用于进行数字货币的买入卖出,则所述第一秘钥服务客户端为买方用户交易客户端或卖方用户交易客户端,所述第二秘钥服务客户端为交易所客户端即交易所。If the digital currency transaction data processing system is used for buying and selling digital currency, the first secret key service client is a buyer user transaction client or a seller user transaction client, and the second secret key service The client is the exchange client, that is, the exchange.
若所述数字货币交易数据处理系统用于进行数字货币的提币,则所述第一秘钥服务客户端为提币用户客户端,所述第二秘钥服务客户端为交易所客户端。其中,若所述数字货币的提币为交易所提币,则第一秘钥服务客户端可以为交易所中负责提交提币申请的管理员所在的客户端,所述第二秘钥服务客户端包括一个或多个,具体可以是交易所中其他管理员对应的客户端。若为用户提币,则第一秘钥服务客户端可以为提交提币申请的用户对应的客户端,第二秘钥服务客户端为交易所。If the digital currency transaction data processing system is used to withdraw digital currency, the first secret key service client is a withdrawal user client, and the second secret key service client is an exchange client. Wherein, if the withdrawal of the digital currency is an exchange withdrawal, the first secret key service client may be the client where the administrator responsible for submitting the withdrawal application in the exchange is located, and the second secret key serves the customer The client includes one or more, which can be the client corresponding to other administrators in the exchange. If the user withdraws coins, the first secret key service client may be the client corresponding to the user who submitted the withdrawal application, and the second secret key service client is the exchange.
若所述数字货币交易数据处理系统用于进行交易所系统数字货币的冷钱包转账,则所述第一秘钥服务客户端、所述第二秘钥服务客户端均为交易所客户端即交易所的管理员对应的客户端,其中,所述第二秘钥服务客户端包括一个或多个。If the digital currency transaction data processing system is used for cold wallet transfer of digital currency of the exchange system, the first secret key service client and the second secret key service client are both exchange clients, that is, the transaction The client corresponding to the administrator, wherein the second secret key service client includes one or more.
若所述数字货币交易数据处理系统用于进行数字货币的投资管理,则所述第一秘钥服务客户端为理财用户客户端,所述第二秘钥服务客户端为资产管理客户端。If the digital currency transaction data processing system is used for digital currency investment management, the first secret key service client is a wealth management user client, and the second secret key service client is an asset management client.
不同的应用场景对应的客户端,可以参考上述实施例的记载,此处不再赘述。For clients corresponding to different application scenarios, reference may be made to the records in the foregoing embodiment, which will not be repeated here.
本说明书实施例所提供的方法实施例可以在移动终端、计算机终端、服务器或者类似的运算装置中执行。以运行在服务器上为例,图16是应用本说明书实施例中数字货币交易数据处理方法的服务器的硬件结构框图,图16可以表示秘钥管理服务器的结构框图,也可以表示第一秘钥服务客户端和第二秘钥服务客户端的结构框图。如图16所示,服务器10可以包括一个或多个(图中仅示出一个)处理器100(处理器100可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)、用于存储数据的存储器200、以及用于通信功能的传输模块300。本领域普通技术人员可以理解,图16所示的结构仅为示意,其并不对上述电子装置的结构造成限定。例如,服务器10还可包括比图16中所示更多或者更少的组件,例如还可以包括其他的处理硬件,如数据库或多级缓存、GPU,或者具有与图16所示不同的配置。The method embodiments provided in the embodiments of this specification can be executed in a mobile terminal, a computer terminal, a server or a similar computing device. Take running on a server as an example. Figure 16 is a hardware structural block diagram of the server applying the digital currency transaction data processing method in the embodiment of this specification. Figure 16 can show the structural block diagram of the secret key management server or the first secret key service. The structure diagram of the client and the second key service client. As shown in FIG. 16, the server 10 may include one or more (only one is shown in the figure) processor 100 (the processor 100 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), The memory 200 for storing data, and the transmission module 300 for communication functions. Those of ordinary skill in the art can understand that the structure shown in FIG. 16 is only for illustration, and it does not limit the structure of the above electronic device. For example, the server 10 may also include more or fewer components than those shown in FIG. 16, for example, may also include other processing hardware, such as a database or multi-level cache, GPU, or have a configuration different from that shown in FIG.
存储器200可用于存储应用软件的软件程序以及模块,如本说明书实施例中的数字货币交易数据处理方法对应的程序指令/模块,处理器100通过运行存储在存储器200内的软件程序以及模块,从而执行各种功能应用以及数据处理。存储器200可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器200可进一步包括相对于处理器100远程设置的存储器,这些远程存储器可以通过网络连接至计算机终端。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 200 can be used to store software programs and modules of application software, such as the program instructions/modules corresponding to the digital currency transaction data processing method in the embodiment of this specification. The processor 100 runs the software programs and modules stored in the memory 200, thereby Perform various functional applications and data processing. The memory 200 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 200 may further include a memory remotely provided with respect to the processor 100, and these remote memories may be connected to a computer terminal through a network. Examples of the aforementioned networks include but are not limited to the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
传输模块300用于经由一个网络接收或者发送数据。上述的网络具体实例可包括计算机终端的通信供应商提供的无线网络。在一个实例中,传输模块300包括一个网络适配器(Network Interface Controller,NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输模块300可以为射频(Radio Frequency,RF)模块,其用于通过无线方式与互联网进行通讯。The transmission module 300 is used to receive or send data via a network. The foregoing specific examples of the network may include a wireless network provided by a communication provider of a computer terminal. In one example, the transmission module 300 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through a base station to communicate with the Internet. In an example, the transmission module 300 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims may be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown to achieve the desired result. In certain embodiments, multitasking and parallel processing are also possible or may be advantageous.
本说明书提供的上述实施例所述的方法或装置可以通过计算机程序实现业务逻辑并 记录在存储介质上,所述的存储介质可以计算机读取并执行,实现本说明书实施例所描述方案的效果。The methods or devices described in the above-mentioned embodiments provided in this specification can implement business logic through computer programs and are recorded on a storage medium, and the storage medium can be read and executed by a computer to achieve the effects of the solutions described in the embodiments of this specification.
本说明书实施例提供的上述数字货币交易数据处理方法或装置可以在计算机中由处理器执行相应的程序指令来实现,如使用windows操作系统的c++语言在PC端实现、linux系统实现,或其他例如使用android、iOS系统程序设计语言在智能终端实现,以及基于量子计算机的处理逻辑实现等。The above-mentioned digital currency transaction data processing method or device provided by the embodiments of this specification can be implemented in a computer by a processor executing corresponding program instructions, such as using the c++ language of the windows operating system on the PC side, linux system implementation, or other examples Use android, iOS system programming language to realize in intelligent terminal, and realize the processing logic based on quantum computer, etc.
需要说明的是说明书上述所述的装置、计算机存储介质、系统根据相关方法实施例的描述还可以包括其他的实施方式,具体的实现方式可以参照对应方法实施例的描述,在此不作一一赘述。It should be noted that the device, computer storage medium, and system described above in the specification may also include other implementation manners according to the description of the related method embodiments. For specific implementation manners, please refer to the description of the corresponding method embodiments, which will not be repeated here. .
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参加即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于硬件+程序类实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参加方法实施例的部分说明即可。The various embodiments in this specification are described in a progressive manner, and the same and similar parts between the various embodiments can participate in each other, and each embodiment focuses on the differences from other embodiments. In particular, for the hardware + program embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant points can be part of the description of the method embodiment.
本说明书实施例并不局限于必须是符合行业通信标准、标准计算机数据处理和数据存储规则或本说明书一个或多个实施例所描述的情况。某些行业标准或者使用自定义方式或实施例描述的实施基础上略加修改后的实施方案也可以实现上述实施例相同、等同或相近、或变形后可预料的实施效果。应用这些修改或变形后的数据获取、存储、判断、处理方式等获取的实施例,仍然可以属于本说明书实施例的可选实施方案范围之内。The embodiments of this specification are not limited to the conditions described in one or more embodiments of this specification that must comply with industry communication standards, standard computer data processing and data storage rules. Certain industry standards or implementations described in custom methods or examples with slight modifications can also achieve the same, equivalent or similar implementation effects of the foregoing examples, or predictable implementation effects after modification. Examples obtained by applying these modified or deformed data acquisition, storage, judgment, processing methods, etc., may still fall within the scope of the optional implementation solutions of the examples of this specification.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL 也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow). However, with the development of technology, the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by hardware entity modules. For example, a programmable logic device (Programmable Logic Device, PLD) (for example, a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic function is determined by the user's programming of the device. It is programmed by the designer to "integrate" a digital system on a PLD without requiring the chip manufacturer to design and manufacture a dedicated integrated circuit chip. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly realized by "logic compiler" software, which is similar to the software compiler used in program development and writing. The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL), and there is not only one type of HDL, but many types, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description), etc., currently most commonly used It is VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be clear to those skilled in the art that just a little bit of logic programming of the method flow in the above-mentioned hardware description languages and programming into an integrated circuit can easily obtain the hardware circuit that implements the logic method flow.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller can be implemented in any suitable manner. For example, the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as a part of the memory control logic. Those skilled in the art also know that in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for implementing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、车载人机交互设备、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, and a tablet. Computers, wearable devices, or any combination of these devices.
虽然本说明书一个或多个实施例提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的手段可以包括更多或者更少的操作步骤。实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的装置或终端产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行(例如并行处理器或者多线程处理的环境,甚至为分布式数据处理环境)。术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、产品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是 还包括为这种过程、方法、产品或者设备所固有的要素。在没有更多限制的情况下,并不排除在包括所述要素的过程、方法、产品或者设备中还存在另外的相同或等同要素。第一,第二等词语用来表示名称,而并不表示任何特定的顺序。Although one or more embodiments of this specification provide method operation steps as described in the embodiments or flowcharts, conventional or non-inventive means may include more or fewer operation steps. The sequence of steps listed in the embodiment is only one way of the execution sequence of the steps, and does not represent the only execution sequence. When an actual device or terminal product is executed, it can be executed sequentially or in parallel according to the methods shown in the embodiments or drawings (for example, a parallel processor or multi-threaded processing environment, or even a distributed data processing environment). The terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, product, or device that includes a series of elements includes not only those elements, but also other elements that are not explicitly listed. Elements, or also include elements inherent to such processes, methods, products, or equipment. If there are no more restrictions, it does not exclude that there are other identical or equivalent elements in the process, method, product, or device including the elements. Words such as first and second are used to denote names, but do not denote any specific order.
为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本说明书一个或多个时可以把各模块的功能在同一个或多个软件和/或硬件中实现,也可以将实现同一功能的模块由多个子模块或子单元的组合实现等。以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。For the convenience of description, when describing the above device, the functions are divided into various modules and described separately. Of course, when implementing one or more of this specification, the function of each module can be realized in the same one or more software and/or hardware, or the module that realizes the same function can be realized by a combination of multiple sub-modules or sub-units, etc. . The device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated To another system, or some features can be ignored, or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
本申请是参照根据本申请实施例的方法、装置(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。This application is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of this application. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的 示例。The memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). The memory is an example of a computer readable medium.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储、石墨烯存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
本领域技术人员应明白,本说明书一个或多个实施例可提供为方法、系统或计算机程序产品。因此,本说明书一个或多个实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that one or more embodiments of this specification can be provided as a method, a system, or a computer program product. Therefore, one or more embodiments of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more embodiments of this specification may adopt a computer program implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. The form of the product.
本说明书一个或多个实施例可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本本说明书一个或多个实施例,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。One or more embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. One or more embodiments of this specification can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参加即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参加方法实施例的部分说明即可。在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本说明书的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实 施例或示例以及不同实施例或示例的特征进行结合和组合。The various embodiments in this specification are described in a progressive manner, and the same and similar parts between the various embodiments can participate in each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be described in the method embodiment. In the description of this specification, descriptions with reference to the terms "one embodiment", "some embodiments", "examples", "specific examples", or "some examples" etc. mean specific features described in conjunction with the embodiment or example , Structure, materials or features are included in at least one embodiment or example in this specification. In this specification, the schematic representations of the above terms do not necessarily refer to the same embodiment or example. Moreover, the described specific features, structures, materials or characteristics can be combined in any one or more embodiments or examples in a suitable manner. In addition, those skilled in the art can combine and combine the different embodiments or examples and the features of the different embodiments or examples described in this specification without contradicting each other.
以上所述仅为本说明书一个或多个实施例的实施例而已,并不用于限制本本说明书一个或多个实施例。对于本领域技术人员来说,本说明书一个或多个实施例可以有各种更改和变化。凡在本说明书的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在权利要求范围之内。The above descriptions are only examples of one or more embodiments of this specification, and are not used to limit one or more embodiments of this specification. For those skilled in the art, one or more embodiments of this specification can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this specification shall be included in the scope of the claims.

Claims (31)

  1. 一种数字货币交易数据处理方法,其特征在于,包括:A digital currency transaction data processing method, which is characterized in that it comprises:
    接收第一秘钥服务客户端发送的交易请求数据,所述交易请求数据包括待签名数据;Receiving transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed;
    将所述待签名数据发送至第二秘钥服务客户端;Sending the data to be signed to the second secret key service client;
    根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;According to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client, the data to be signed is signed to obtain the signature data, wherein: The sum of the first private key component and the second private key component is the private key of the transaction account;
    将所述签名数据发送至所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端进行交易转账处理。The signature data is sent to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
  2. 如权利要求1所述的方法,其特征在于,所述第二私钥分量包括第一私钥分片、第二私钥分片;The method of claim 1, wherein the second private key component includes a first private key fragment and a second private key fragment;
    相应地,所述根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,包括:Correspondingly, the said data to be signed is signed according to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client to obtain Signature data, including:
    获取所述第一私钥分片,并将所述第二私钥分片发送给所述第一秘钥服务客户端;Acquiring the first private key fragment, and sending the second private key fragment to the first secret key service client;
    根据所述第一私钥分片,与所述第一秘钥服务客户端中保存的第一私钥分量、所述第一秘钥服务客户端接收到的所述第二私钥分片对所述待签名数据进行签名,获得所述签名数据。According to the first private key shard, pair with the first private key component stored in the first secret key service client and the second private key shard received by the first secret key service client The data to be signed is signed to obtain the signature data.
  3. 如权利要求2所述的方法,其特征在于,所述第一私钥分量对应有公钥,所述第二私钥分片采用所述第一私钥分量对应的公钥进行加密;The method according to claim 2, wherein the first private key component corresponds to a public key, and the second private key segment is encrypted using the public key corresponding to the first private key component;
    相应地,所述将所述第二私钥分片发送给所述第一秘钥服务客户端,包括:Correspondingly, the sending the second private key fragments to the first secret key service client includes:
    接收所述第二秘钥服务客户端的签名确认信息,获取所述第一私钥分片和加密后的第二私钥分片;Receiving the signature confirmation information of the second secret key service client, and obtaining the first private key fragment and the encrypted second private key fragment;
    将所述加密后的第二私钥分片发送给所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端利用所述第一私钥分量解密获得所述第二私钥分片。The encrypted second private key fragments are sent to the first secret key service client, so that the first secret key service client uses the first private key component to decrypt to obtain the second private key Key fragmentation.
  4. 如权利要求1所述的方法,其特征在于,所述对所述待签名数据进行签名,获得签名数据,包括:The method according to claim 1, wherein the signing the data to be signed to obtain the signature data comprises:
    根据所述第一私钥分量和所述第二私钥分量,与所述第一秘钥服务客户端,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。According to the first private key component and the second private key component, and the first secret key service client, use secure multi-party computing to sign the data to be signed to obtain the signature data.
  5. 如权利要求1所述的方法,其特征在于,所述交易请求数据包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。The method of claim 1, wherein the transaction request data includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, and financial management request data. At least one of.
  6. 一种数字货币交易的秘钥管理服务器,其特征在于,包括:A secret key management server for digital currency transactions, which is characterized in that it includes:
    交易请求接收模块,用于接收第一秘钥服务客户端发送的交易请求数据,所述交易请求数据包括待签名数据;A transaction request receiving module, configured to receive transaction request data sent by the first secret key service client, where the transaction request data includes data to be signed;
    签名数据转发模块,用于将所述待签名数据发送至第二秘钥服务客户端;A signed data forwarding module, configured to send the data to be signed to the second secret key service client;
    第一签名模块,用于根据所述第一秘钥服务客户端保存的第一私钥分量和所述第二秘钥服务客户端保存的第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;The first signature module is configured to sign the data to be signed according to the first private key component saved by the first secret key service client and the second private key component saved by the second secret key service client , Obtain the signature data, wherein the sum of the first private key component and the second private key component is the private key of the transaction account;
    第一转账处理模块,用于将所述签名数据发送至所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端进行交易转账处理。The first transfer processing module is configured to send the signature data to the first secret key service client, so that the first secret key service client performs transaction transfer processing.
  7. 如权利要求6所述的秘钥管理服务器,其特征在于,所述第二私钥分量包括第一私钥分片、第二私钥分片;7. The secret key management server according to claim 6, wherein the second private key component includes a first private key fragment and a second private key fragment;
    相应地,所述第一签名模块具体用于:Correspondingly, the first signature module is specifically used for:
    获取所述第一私钥分片,并将所述第二私钥分片发送给所述第一秘钥服务客户端;Acquiring the first private key fragment, and sending the second private key fragment to the first secret key service client;
    根据所述第一私钥分片,与所述第一秘钥服务客户端中保存的第一私钥分量、所述第一秘钥服务客户端接收到的所述第二私钥分片对所述待签名数据进行签名,获得所述签名数据。According to the first private key shard, pair with the first private key component stored in the first secret key service client and the second private key shard received by the first secret key service client The data to be signed is signed to obtain the signature data.
  8. 如权利要求7所述的秘钥管理服务器,其特征在于,所述第一私钥分量对应有公钥,所述第二私钥分片采用所述第一私钥分量对应的公钥进行加密;8. The key management server according to claim 7, wherein the first private key component corresponds to a public key, and the second private key fragment is encrypted using the public key corresponding to the first private key component ;
    相应地,所述第一签名模块具体用于:Correspondingly, the first signature module is specifically used for:
    接收所述第二秘钥服务客户端的签名确认信息,获取所述第一私钥分片和加密后的第二私钥分片;Receiving the signature confirmation information of the second secret key service client, and obtaining the first private key fragment and the encrypted second private key fragment;
    将所述加密后的第二私钥分片发送给所述第一秘钥服务客户端,以使得所述第一秘钥服务客户端利用所述第一私钥分量解密获得所述第二私钥分片。The encrypted second private key fragments are sent to the first secret key service client, so that the first secret key service client uses the first private key component to decrypt to obtain the second private key Key fragmentation.
  9. 如权利要求6所述的秘钥管理服务器,其特征在于,所述第一签名模块具体用于:7. The key management server according to claim 6, wherein the first signature module is specifically configured to:
    根据所述第一私钥分量和所述第二私钥分量,与所述第一秘钥服务客户端,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。According to the first private key component and the second private key component, and the first secret key service client, use secure multi-party computing to sign the data to be signed to obtain the signature data.
  10. 如权利要求6所述的秘钥管理服务器,其特征在于,所述交易请求接收模块接收到的所述交易请求数据包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。The key management server according to claim 6, wherein the transaction request data received by the transaction request receiving module includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data , At least one of exchange withdrawal request data and wealth management request data.
  11. 一种数字货币交易数据处理方法,其特征在于,包括:A digital currency transaction data processing method, which is characterized in that it comprises:
    向秘钥管理服务器发送交易请求数据,以使得所述秘钥管理服务器向第二秘钥服务客户端发送交易请求数据,所述交易请求数据包括待签名数据;Sending transaction request data to the secret key management server, so that the secret key management server sends transaction request data to the second secret key service client, where the transaction request data includes data to be signed;
    接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量;Receiving the second private key component saved by the second key service client and sent by the key management server;
    根据自身保存的第一私钥分量以及接收到的所述第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;According to the first private key component stored by itself and the received second private key component, the data to be signed is signed to obtain signature data, wherein the first private key component and the second private key The sum of the weights is the private key of the trading account;
    根据所述签名数据进行交易转账处理。Perform transaction transfer processing according to the signature data.
  12. 如权利要求11所述的方法,其特征在于,所述第二私钥分量包括:第一私钥分片、第二私钥分片,所述第二私钥分片使用所述第一私钥分量对应的公钥进行加密;The method according to claim 11, wherein the second private key component comprises: a first private key fragment, a second private key fragment, and the second private key fragment uses the first private key fragment. The public key corresponding to the key component is encrypted;
    相应地,所述接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量,包括:Correspondingly, the receiving the second private key component saved by the second key service client sent by the key management server includes:
    接收所述秘钥管理服务器发送的加密后的第二私钥分片,并利用所述第一私钥分量对所述加密后的第二私钥分片进行解密,获得所述第二私钥分片;Receive the encrypted second private key segment sent by the key management server, and use the first private key component to decrypt the encrypted second private key segment to obtain the second private key Fragmentation;
    相应地,所述对所述待签名数据进行签名,获得签名数据,包括:Correspondingly, the signing the data to be signed to obtain the signature data includes:
    根据所述第一私钥分量、获得的所述第二私钥分片,以及所述秘钥管理服务器获得的所述第一私钥分片对所述待签名数据进行签名,获得签名数据。Sign the data to be signed according to the first private key component, the obtained second private key fragment, and the first private key fragment obtained by the key management server to obtain signature data.
  13. 如权利要求11所述的方法,其特征在于,所述对所述待签名数据进行签名,获得签名数据,包括:The method according to claim 11, wherein the signing the data to be signed to obtain the signature data comprises:
    根据所述第一私钥分量和所述第二私钥分量,与所述秘钥管理服务器,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。According to the first private key component and the second private key component, and the key management server, use secure multi-party computing to sign the data to be signed to obtain the signature data.
  14. 如权利要求11所述的方法,其特征在于,所述交易请求数据包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。The method of claim 11, wherein the transaction request data includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, and financial management request data. At least one of.
  15. 如权利要求14所述的方法,其特征在于,所述第一私钥分量和所述第二私钥分量的生成方法包括:The method according to claim 14, wherein the method for generating the first private key component and the second private key component comprises:
    若所述交易请求数据为所述数字货币买卖交易请求数据或所述用户提币请求数据或所述理财请求数据,在所述用户账户创建时,根据所述用户账户对应的私钥,与所述第二秘钥服务客户端分别生成各自的第一私钥分量、第二私钥分量;If the transaction request data is the digital currency transaction request data or the user withdrawal request data or the wealth management request data, when the user account is created, the private key corresponding to the user account will be The second secret key service client generates respective first private key components and second private key components;
    若所述交易请求数据为所述冷钱包转账请求数据或交易所提币请求数据,在所述交易所账户创建时,根据所述交易所账户的私钥,与所述第二秘钥服务客户端分别生成各自的第一私钥分量、第二私钥分量。If the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data, when the exchange account is created, according to the private key of the exchange account, serve the customer with the second secret key The terminals respectively generate their first private key component and second private key component.
  16. 一种数字货币交易数据处理客户端,其特征在于,包括:A digital currency transaction data processing client is characterized in that it includes:
    交易请求发送模块,用于向秘钥管理服务器发送交易请求数据,以使得所述秘钥管理服务器向第二秘钥服务客户端发送交易请求数据,所述交易请求数据包括待签名数据;The transaction request sending module is configured to send transaction request data to the secret key management server, so that the secret key management server sends the transaction request data to the second secret key service client, and the transaction request data includes the data to be signed;
    秘钥接收模块,用于接收所述秘钥管理服务器发送的所述第二秘钥服务客户端保存的第二私钥分量;A secret key receiving module, configured to receive the second private key component saved by the second secret key service client and sent by the secret key management server;
    第二签名模块,用于根据自身保存的第一私钥分量以及接收到的所述第二私钥分量,对所述待签名数据进行签名,获得签名数据,其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥;The second signature module is configured to sign the data to be signed according to the first private key component stored by itself and the received second private key component to obtain signature data, wherein the first private key component The sum of the second private key component is the private key of the transaction account;
    第二转账处理模块,用于根据所述签名数据进行交易转账处理。The second transfer processing module is used to perform transaction transfer processing according to the signature data.
  17. 如权利要求16所述的客户端,其特征在于,所述第二私钥分量包括:第一私钥分片、第二私钥分片,所述第二私钥分片使用所述第一私钥分量对应的公钥进行加密;The client according to claim 16, wherein the second private key component comprises: a first private key fragment, a second private key fragment, and the second private key fragment uses the first private key fragment. Encrypt the public key corresponding to the private key component;
    相应地,所述秘钥接收模块具体用于:Correspondingly, the secret key receiving module is specifically used for:
    接收所述秘钥管理服务器发送的加密后的第二私钥分片,并利用所述第一私钥分量对所述加密后的第二私钥分片进行解密,获得所述第二私钥分片;Receive the encrypted second private key segment sent by the key management server, and use the first private key component to decrypt the encrypted second private key segment to obtain the second private key Fragmentation;
    相应地,所述第二签名模块具体用于:Correspondingly, the second signature module is specifically used for:
    根据所述第一私钥分量、获得的所述第二私钥分片,以及所述秘钥管理服务器获得的所述第一私钥分片对所述待签名数据进行签名,获得签名数据。Sign the data to be signed according to the first private key component, the obtained second private key fragment, and the first private key fragment obtained by the key management server to obtain signature data.
  18. 如权利要求16所述的客户端,其特征在于,所述第二签名模块具体用于:The client according to claim 16, wherein the second signature module is specifically configured to:
    根据所述第一私钥分量和所述第二私钥分量,与所述秘钥管理服务器,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。According to the first private key component and the second private key component, and the key management server, use secure multi-party computing to sign the data to be signed to obtain the signature data.
  19. 如权利要求16所述的客户端,其特征在于,所述交易请求发送模块发送的所述交易请求数据包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。The client according to claim 16, wherein the transaction request data sent by the transaction request sending module includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, and exchange At least one of withdrawal request data and wealth management request data.
  20. 如权利要求19所述的客户端,其特征在于,所述客户端还包括第一私钥分量生成模块,用于:The client according to claim 19, wherein the client further comprises a first private key component generating module, configured to:
    若所述交易请求数据为所述数字货币买卖交易请求数据或所述用户提币请求数据或所述理财请求数据,在所述用户账户创建时,根据所述用户账户对应的私钥,与所述第二秘钥服务客户端分别生成各自的第一私钥分量、第二私钥分量;If the transaction request data is the digital currency transaction request data or the user withdrawal request data or the wealth management request data, when the user account is created, the private key corresponding to the user account will be The second secret key service client generates respective first private key components and second private key components;
    若所述交易请求数据为所述冷钱包转账请求数据或交易所提币请求数据,在所述交易所账户创建时,根据所述交易所账户的私钥,与所述第二秘钥服务客户端分别生成各自的第一私钥分量、第二私钥分量。If the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data, when the exchange account is created, according to the private key of the exchange account, serve the customer with the second secret key The terminals respectively generate their first private key component and second private key component.
  21. 一种数字货币交易数据处理方法,其特征在于,包括:A digital currency transaction data processing method, which is characterized in that it comprises:
    接收秘钥管理服务器发送的交易请求数据,所述交易请求数据由第一秘钥服务客户端发送,所述交易请求数据包括待签名数据;Receiving transaction request data sent by the secret key management server, the transaction request data being sent by the first secret key service client, and the transaction request data including data to be signed;
    向所述秘钥管理服务器返回确认签名信息,并将自身保存的第二私钥分量发送给所 述秘钥管理服务器,以使得所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,获得签名数据,且由所述第一秘钥服务客户端根据所述签名数据进行交易转账处理;Return confirmation signature information to the key management server, and send the second private key component stored by itself to the key management server, so that the key management server and the first key service client The second private key component and the first private key component saved by the first secret key service client sign the data to be signed to obtain the signature data, and the first secret key service client is based on The signature data is processed for transaction transfer;
    其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Wherein, the sum of the first private key component and the second private key component is the private key of the transaction account.
  22. 如权利要求21所述的方法,其特征在于,所述将自身保存的第一私钥分量发送给所述秘钥管理服务器,包括:21. The method of claim 21, wherein the sending the first private key component stored by itself to the secret key management server comprises:
    将所述第二私钥分量拆分成第一私钥分片和第二私钥分片,并采用所述第一私钥分量对应的公钥对所述第二私钥分片进行加密;Split the second private key component into a first private key fragment and a second private key fragment, and encrypt the second private key fragment by using a public key corresponding to the first private key component;
    将所述第一私钥分片和所述加密后的第二私钥分片发送给所述秘钥管理服务器;Sending the first private key fragment and the encrypted second private key fragment to the secret key management server;
    相应地,所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,包括:Correspondingly, the secret key management server and the first secret key service client perform the signature on the to-be-signed according to the second private key component and the first private key component stored by the first secret key service client Data is signed, including:
    所述秘钥管理服务器将所述加密后的第二私钥分片发送给所述第一秘钥服务客户端;The key management server sends the encrypted second private key fragments to the first key service client;
    所述第一秘钥服务客户端采用所述第一私钥分量对所述加密后的第二私钥分片进行解密,获得所述第二私钥分片;The first secret key service client uses the first private key component to decrypt the encrypted second private key fragment to obtain the second private key fragment;
    基于所述第一私钥分片、第一私钥分量、第二私钥分片,所述秘钥管理服务器与所述第一秘钥服务客户端,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。Based on the first private key fragment, the first private key component, and the second private key fragment, the key management server and the first key service client use secure multi-party computing to compare the data to be signed Sign and obtain the signature data.
  23. 如权利要求21所述的方法,其特征在于,所述交易请求数据包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请求数据、交易所提币请求数据、理财请求数据中的至少一种。The method of claim 21, wherein the transaction request data includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, exchange withdrawal request data, and financial management request data. At least one of.
  24. 如权利要求23所述的方法,其特征在于,所述第一私钥分量和所述第二私钥分量的生成方法包括:The method of claim 23, wherein the method for generating the first private key component and the second private key component comprises:
    若所述交易请求数据为所述数字货币买卖交易请求数据或所述用户提币请求数据或所述理财请求数据,在所述用户账户创建时,根据所述用户账户对应的私钥,与所述第一秘钥服务客户端分别生成各自的第二私钥分量、第一私钥分量;If the transaction request data is the digital currency transaction request data or the user withdrawal request data or the wealth management request data, when the user account is created, the private key corresponding to the user account will be The first secret key service client generates respective second private key components and first private key components;
    若所述交易请求数据为所述冷钱包转账请求数据或交易所提币请求数据,在所述交易所账户创建时,根据所述交易所账户的私钥,与所述第一秘钥服务客户端分别生成各自的第二私钥分量、第一私钥分量。If the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data, when the exchange account is created, according to the private key of the exchange account, serve the customer with the first secret key The terminals respectively generate their second private key component and first private key component.
  25. 一种数字货币交易数据处理终端,其特征在于,包括:A digital currency transaction data processing terminal, characterized in that it comprises:
    交易请求查询模块,用于接收秘钥管理服务器发送的交易请求数据,所述交易请求数据由第一秘钥服务客户端发送,所述交易请求数据包括待签名数据;The transaction request query module is configured to receive transaction request data sent by the secret key management server, the transaction request data is sent by the first secret key service client, and the transaction request data includes data to be signed;
    签名确认模块,用于向所述秘钥管理服务器返回确认签名信息,并将自身保存的第二私钥分量发送给所述秘钥管理服务器,以使得所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,获得签名数据,且由所述第一秘钥服务客户端根据所述签名数据进行交易转账处理;The signature confirmation module is used to return confirmation signature information to the secret key management server, and send the second private key component stored by itself to the secret key management server, so that the secret key management server and the first The secret key service client signs the data to be signed according to the second private key component and the first private key component saved by the first secret key service client to obtain signature data, and the The secret key service client performs transaction transfer processing according to the signature data;
    其中,所述第一私钥分量和所述第二私钥分量之和为交易账户的私钥。Wherein, the sum of the first private key component and the second private key component is the private key of the transaction account.
  26. 如权利要求25所述的终端,其特征在于,所述签名确认模块具体用于:The terminal according to claim 25, wherein the signature confirmation module is specifically configured to:
    将所述第二私钥分量拆分成第一私钥分片和第二私钥分片,并采用所述第一私钥分量对应的公钥对所述第二私钥分片进行加密;Split the second private key component into a first private key fragment and a second private key fragment, and encrypt the second private key fragment by using a public key corresponding to the first private key component;
    将所述第一私钥分片和所述加密后的第二私钥分片发送给所述秘钥管理服务器;Sending the first private key fragment and the encrypted second private key fragment to the secret key management server;
    相应地,所述秘钥管理服务器和所述第一秘钥服务客户端根据所述第二私钥分量,以及所述第一秘钥服务客户端保存的第一私钥分量对所述待签名数据进行签名,包括:Correspondingly, the secret key management server and the first secret key service client perform the signature on the to-be-signed according to the second private key component and the first private key component stored by the first secret key service client Data is signed, including:
    所述秘钥管理服务器将所述加密后的第二私钥分片发送给所述第一秘钥服务客户端;The key management server sends the encrypted second private key fragments to the first key service client;
    所述第一秘钥服务客户端采用所述第一私钥分量对所述加密后的第二私钥分片进行解密,获得所述第二私钥分片;The first secret key service client uses the first private key component to decrypt the encrypted second private key fragment to obtain the second private key fragment;
    基于所述第一私钥分片、第一私钥分量、第二私钥分片,所述秘钥管理服务器与所述第一秘钥服务客户端,利用安全多方计算对所述待签名数据进行签名,获得所述签名数据。Based on the first private key fragment, the first private key component, and the second private key fragment, the key management server and the first key service client use secure multi-party computing to compare the data to be signed Sign and obtain the signature data.
  27. 如权利要求25所述的终端,其特征在于,所述交易请求查询模块接收到的所述交易请求数据包括:数字货币买卖交易请求数据、用户提币请求数据、冷钱包转账请 求数据、交易所提币请求数据、理财请求数据中的至少一种。The terminal according to claim 25, wherein the transaction request data received by the transaction request query module includes: digital currency transaction request data, user withdrawal request data, cold wallet transfer request data, exchange At least one of withdrawal request data and wealth management request data.
  28. 如权利要求27所述的终端,其特征在于,所述终端还包括第二私钥分量生成模块,用于:The terminal according to claim 27, wherein the terminal further comprises a second private key component generating module, configured to:
    若所述交易请求数据为所述数字货币买卖交易请求数据或所述用户提币请求数据或所述理财请求数据,在所述用户账户创建时,根据所述用户账户对应的私钥,与所述第一秘钥服务客户端分别生成各自的第二私钥分量、第一私钥分量;If the transaction request data is the digital currency transaction request data or the user withdrawal request data or the wealth management request data, when the user account is created, the private key corresponding to the user account will be The first secret key service client generates respective second private key components and first private key components;
    若所述交易请求数据为所述冷钱包转账请求数据或交易所提币请求数据,在所述交易所账户创建时,根据所述交易所账户的私钥,与所述第一秘钥服务客户端分别生成各自的第二私钥分量、第一私钥分量。If the transaction request data is the cold wallet transfer request data or the exchange currency withdrawal request data, when the exchange account is created, according to the private key of the exchange account, serve the customer with the first secret key The terminals respectively generate their second private key component and first private key component.
  29. 一种数字货币交易数据处理设备,其特征在于,包括:至少一个处理器以及用于存储处理器可执行指令的存储器,所述处理器执行所述指令时实现权利要求1-5任一项所述的方法或权利要求11-15任一项所述的方法或权利要求21-24任一项所述的方法。A digital currency transaction data processing equipment, which is characterized by comprising: at least one processor and a memory for storing executable instructions of the processor. The processor implements the instructions described in any one of claims 1-5 when executing the instructions. The method or the method of any one of claims 11-15 or the method of any one of claims 21-24.
  30. 一种计算机可读存储介质,其特征在于,其上存储有计算机指令,所述指令被执行时实现权利要求1-5任一项所述的方法或权利要求11-15任一项所述的方法或权利要求21-24任一项所述的方法。A computer-readable storage medium, characterized in that computer instructions are stored thereon, and when executed, the instructions implement the method of any one of claims 1-5 or the method of any one of claims 11-15. The method or the method of any one of claims 21-24.
  31. 一种数字货币交易数据处理系统,其特征在于,包括:秘钥管理服务器、第一秘钥服务客户端、第二秘钥服务客户端;A digital currency transaction data processing system, which is characterized by comprising: a secret key management server, a first secret key service client, and a second secret key service client;
    所述数字货币交易数据处理系统用于进行数字货币的买入卖出、数字货币的提币、交易所系统数字货币的冷钱包转账、数字货币的投资管理中的至少一种,所述秘钥管理服务器用于执行上述权利要求1-5任一项所述的方法,所述第一秘钥服务客户端用于执行上述权利要求11-15任一项所述的方法,所述第二秘钥服务客户端用于执行上述权利要求21-24任一项所述的方法;The digital currency transaction data processing system is used to perform at least one of the buying and selling of digital currency, the withdrawal of digital currency, the cold wallet transfer of digital currency in the exchange system, and the investment management of digital currency. The secret key The management server is used to execute the method according to any one of claims 1-5, the first secret key service client is used to execute the method according to any one of claims 11-15, and the second secret The key service client is used to execute the method described in any one of claims 21-24;
    其中,若所述数字货币交易数据处理系统用于进行数字货币的买入卖出,则所述第一秘钥服务客户端为买方用户交易客户端或卖方用户交易客户端,所述第二秘钥服务客户端为交易所客户端;Wherein, if the digital currency transaction data processing system is used for buying and selling digital currency, the first secret key service client is a buyer user transaction client or a seller user transaction client, and the second secret The key service client is the exchange client;
    若所述数字货币交易数据处理系统用于进行数字货币的提币,则所述第一秘钥服务 客户端为提币用户客户端,所述第二秘钥服务客户端为交易所客户端,其中,若所述数字货币的提币为交易所提币,则所述第二秘钥服务客户端包括一个或多个;If the digital currency transaction data processing system is used to withdraw digital currency, the first secret key service client is a withdrawal user client, and the second secret key service client is an exchange client, Wherein, if the withdrawal of the digital currency is an exchange withdrawal, the second secret key service client includes one or more;
    若所述数字货币交易数据处理系统用于进行交易所系统数字货币的冷钱包转账,则所述第一秘钥服务客户端、所述第二秘钥服务客户端均为交易所客户端,其中,所述第二秘钥服务客户端包括一个或多个;If the digital currency transaction data processing system is used for cold wallet transfer of digital currency of the exchange system, the first secret key service client and the second secret key service client are both exchange clients, where , The second secret key service client includes one or more;
    若所述数字货币交易数据处理系统用于进行数字货币的投资管理,则所述第一秘钥服务客户端为理财用户客户端,所述第二秘钥服务客户端为资产管理客户端。If the digital currency transaction data processing system is used for digital currency investment management, the first secret key service client is a wealth management user client, and the second secret key service client is an asset management client.
PCT/CN2019/076017 2019-02-25 2019-02-25 Method, server, client and system for processing digital currency transaction data WO2020172760A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/076017 WO2020172760A1 (en) 2019-02-25 2019-02-25 Method, server, client and system for processing digital currency transaction data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/076017 WO2020172760A1 (en) 2019-02-25 2019-02-25 Method, server, client and system for processing digital currency transaction data

Publications (1)

Publication Number Publication Date
WO2020172760A1 true WO2020172760A1 (en) 2020-09-03

Family

ID=72238774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/076017 WO2020172760A1 (en) 2019-02-25 2019-02-25 Method, server, client and system for processing digital currency transaction data

Country Status (1)

Country Link
WO (1) WO2020172760A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102246181A (en) * 2009-01-07 2011-11-16 上海昂贝电子科技有限公司 Secure method and device of financial transaction
US20140351600A1 (en) * 2009-08-11 2014-11-27 Vesper Marine Limited Method and apparatus for authenticating static transceiver data and method of operating an ais transceiver
US20180323972A1 (en) * 2017-05-02 2018-11-08 PracticalVR Inc. Systems and Methods for Authenticating a User on an Augmented, Mixed and/or Virtual Reality Platform to Deploy Experiences
CN109377360A (en) * 2018-08-31 2019-02-22 西安电子科技大学 Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102246181A (en) * 2009-01-07 2011-11-16 上海昂贝电子科技有限公司 Secure method and device of financial transaction
US20140351600A1 (en) * 2009-08-11 2014-11-27 Vesper Marine Limited Method and apparatus for authenticating static transceiver data and method of operating an ais transceiver
US20180323972A1 (en) * 2017-05-02 2018-11-08 PracticalVR Inc. Systems and Methods for Authenticating a User on an Augmented, Mixed and/or Virtual Reality Platform to Deploy Experiences
CN109377360A (en) * 2018-08-31 2019-02-22 西安电子科技大学 Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm

Similar Documents

Publication Publication Date Title
CN109934582B (en) Digital currency transaction data processing method, server, client and system
Thach et al. technology quality management of the industry 4.0 and cybersecurity risk management on current banking activities in emerging markets-the case in Vietnam
US11961141B2 (en) Global liquidity and settlement system
JP7221546B2 (en) Transaction Privacy in Public Distributed Ledger Systems
US20230351339A1 (en) Cryptographic currency for securities settlement
US11893637B2 (en) Systems and methods for cryptographic trading
KR101852935B1 (en) System and method for transaction of electronic currency
JP6364132B2 (en) Blockchain transaction recording system and method
US20200320623A1 (en) System and method for trading a tradable object
Franco Understanding Bitcoin: Cryptography, engineering and economics
CN107679976A (en) A kind of auction system based on block chain
US20210166221A1 (en) Device and method for providing transaction service of cryptocurrency by means of electronic wallet
CN107730258A (en) Method for processing resource, device and computer-readable recording medium based on block chain
JP2022536485A (en) Identity and Risk Scoring of Treasury Backed Token Assets and Associated Token Transactions
CN106971302A (en) A kind of threedimensional model based on block chain technology is really weighed and method of commerce
WO2020233404A1 (en) Transaction system and method, and nodes in transaction system
Li et al. FAPS: A fair, autonomous and privacy-preserving scheme for big data exchange based on oblivious transfer, Ether cheque and smart contracts
CN109308211A (en) For handling the method, apparatus and storage medium of Transaction Information in block chain
Sankaranarayanan et al. Usage of blockchain technology in banking sector and its implication on Indian economy
US20200242573A1 (en) Cryptographic transactions supporting real world requirements
Khudnev Blockchain: foundational technology to change the world
WO2020172760A1 (en) Method, server, client and system for processing digital currency transaction data
Parkes et al. Achieving trust without disclosure: Dark pools and a role for secrecy-preserving verification
Shu Blockchain for security of a cloud-based online auction system
TWI684932B (en) Token transaction system using blockchain technology and method thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19917057

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19917057

Country of ref document: EP

Kind code of ref document: A1