WO2020233236A1 - Verification method and device of consumable certificates applied to block chain - Google Patents

Verification method and device of consumable certificates applied to block chain Download PDF

Info

Publication number
WO2020233236A1
WO2020233236A1 PCT/CN2020/082204 CN2020082204W WO2020233236A1 WO 2020233236 A1 WO2020233236 A1 WO 2020233236A1 CN 2020082204 W CN2020082204 W CN 2020082204W WO 2020233236 A1 WO2020233236 A1 WO 2020233236A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
certificate
party
user
record
Prior art date
Application number
PCT/CN2020/082204
Other languages
French (fr)
Chinese (zh)
Inventor
胡朝新
张俊麒
陈浩
苏小康
张开翔
范瑞彬
Original Assignee
深圳前海微众银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2020233236A1 publication Critical patent/WO2020233236A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Definitions

  • the embodiments of the present invention relate to the field of Fintech, and in particular, to a method and device for verifying a consumable certificate applied to a blockchain (Blockchain).
  • Blockchain is a way for all people to participate in bookkeeping, which has the characteristics of decentralization and trustlessness. The most important thing about blockchain is to solve the problem of intermediary credit. In the past, it was difficult for two people who did not know and trust each other to achieve collaboration, and it was necessary to rely on a third party. For example, payment behavior, any kind of transfer in the past, must have an institution such as a bank or Alipay. However, through blockchain technology, Bitcoin is the first time that human beings can complete mutual trust transfer behavior without any intermediary institutions. This is a major breakthrough in the blockchain, and the blockchain is becoming more and more important. Get people's attention.
  • the present invention provides a method and device for verifying a consumable certificate applied to a blockchain to solve the problem of untrustworthy and low security of the verification request of the certificate in the prior art.
  • the embodiment of the present invention provides a method for verifying a consumable certificate applied to a blockchain, including:
  • the verifier obtains the certificate provided by the user for verification; the certificate records each valid verification record;
  • the verification party obtains the verification registration of the certificate from the blockchain, and the verification registration records the first hash value; the first hash value is the last time the certificate was verified Generated based on all valid verification records;
  • the verification party generates a second Hash value according to the effective verification records in the certificate
  • the verification party determines that the certificate can be used for verification.
  • the verification record further includes a verification signature for signing the first Hash value by the verification party last verification;
  • determining that the voucher can be used for verification includes:
  • the verification party obtains the verification record of the last verification from the certificate
  • the verification party verifies the verification signature according to the verification institution information in the verification record of the previous verification;
  • the verification party determines that the certificate can be used for verification.
  • the method further includes:
  • the verification returns a lock request for the certificate to the user;
  • the lock request is used by the user to generate a lock signature and upload the lock signature to the blockchain;
  • the lock signature is used to indicate
  • the blockchain sets the lock state in the verification registration to a locked state and records the lock signature in the verification registration;
  • the verification party receives a lock success response sent by the user; the lock success response is used to trigger the verification party to perform verification.
  • the method further includes:
  • the verification party sends the verification party record to the user
  • the verification party obtains the user-side record returned by the user
  • the verification party determines the verification record corresponding to the verification request according to the verification party record and the user record;
  • the verification party generates a third Hash value according to each verification record in the voucher and the verification record corresponding to the verification request;
  • the verification party updates the first Hash value in the verification registration of the certificate in the blockchain to the third Hash value.
  • the method further includes:
  • the verification party changes the writing status of the certificate to unlocked, and writes the locked signature to the blockchain;
  • the verification returns a successful response to the user.
  • the method before the verification party updates the first Hash value on the blockchain to the third Hash value, the method further includes:
  • the verification party queries the writing status of the certificate on the blockchain
  • the method before the verification party obtains the verification registration of the certificate from the blockchain, the method further includes:
  • the verification party obtains the verification request of the certificate sent by the user;
  • the verification request of the certificate includes the attribute signature of the certificate and the number of verifications;
  • the verification party determines the remaining available times of the voucher according to the voucher
  • the verification party verifies whether the verification times of the verification request is less than or equal to the remaining available times of the certificate; the verification party obtains the public key of the certificate issuer from the blockchain, and verifies the Whether the attribute signature of the certificate is legal.
  • the method further includes:
  • the verification value sends the verification value of the verification request of the certificate to the user; the verification value is used by the verification party to generate a verification record of the verification request and verify the verification value for the user The verification record generated by the verification party.
  • the embodiment of the present invention provides a verification device for a consumable certificate applied to a blockchain, including:
  • the transceiver unit is used to obtain the certificate provided by the user for verification; the certificate records each valid verification record; obtain the verification registration of the certificate from the blockchain, the verification registration A first hash value is recorded in, the first hash value is generated based on all valid verification records after the last verification of the voucher;
  • the processing unit is configured to generate a second Hash value according to each valid verification record in the voucher; when it is confirmed that the first Hash value is consistent with the second Hash value, it is determined that the voucher can be used for verification pin.
  • the verification record further includes a verification signature used by the verification party to sign the first Hash value in the last verification; the processing unit is configured to: Obtain the verification record of the last verification; verify the verification signature according to the verification institution information in the verification record of the last verification; verify the first Hash value and the second Hash When the values are consistent and the verification of the verification signature is passed, it is determined that the certificate can be used for verification.
  • the transceiver unit is further configured to: return a lock request for the credential to the user; the lock request is used for the user to generate a lock signature and upload the lock signature to the user.
  • the blockchain the lock signature is used to instruct the blockchain to set the lock state in the verification registration to the locked state and record the lock signature in the verification registration; receive the user's sending The lock successful response; the lock successful response is used to trigger the verification party to write off.
  • the transceiver unit is further configured to: send the verification party record to the user; obtain the user-side record returned by the user;
  • the processing unit is further configured to: after verifying that the lock signature is legal, generate a verification party record corresponding to the verification request; and determine the verification request corresponding to the verification request based on the verification party record and the user record The verification record; the verification record corresponding to the verification request and each valid verification record in the voucher generates a third Hash value; the verification of the voucher in the blockchain is updated The first Hash value in the registration is the third Hash value.
  • the processing unit is further configured to: modify the writing status of the certificate to unlock, and write the lock signature to the blockchain; and return a successful verification response to the user .
  • the processing unit is configured to: query the writing status of the voucher on the blockchain; if it is determined that the writing status is unlocked, return an instruction to relock to the user , And after deleting the second verification record in the voucher, return to the user.
  • the transceiver unit is configured to: obtain a verification request for the voucher sent by the user; the verification request for the voucher includes the attribute signature of the voucher and the number of verifications;
  • the processing unit is configured to verify whether the number of times of verification of the verification request is less than or equal to the available times of the certificate; the verification party obtains the public key of the certificate issuer from the blockchain, and verifies After the attribute signature of the certificate is legal, the verification result of the verification request of the certificate is returned.
  • the processing unit is configured to: send the verification value of the verification request of the voucher to the user; the verification value is used by the verification party to generate the verification request And verify the verification record generated by the verification party for the user.
  • An embodiment of the present invention provides a computer storage medium, where the computer-readable storage medium includes a computer program, and when the computer program runs on a computer, the computer executes the method described in any one of the foregoing embodiments.
  • An embodiment of the present invention provides a computer program product containing instructions, which when the instructions run on a computer, cause the computer to execute the method described in any one of the foregoing embodiments.
  • the embodiment of the present invention provides a computer device, including:
  • At least one memory for storing program instructions
  • At least one processor is configured to invoke program instructions stored in the memory, and execute the method according to any one of the foregoing embodiments according to the obtained program.
  • the verification party compares the hash value in the verification registration on the blockchain with the hash value generated after the verification record in the certificate is serialized to verify whether the verification record of the expendable certificate has been tampered with Over. It only needs to be on the chain when it is written off, and no private data is exposed on the blockchain, which improves the efficiency of verification.
  • Figure 1a is a schematic diagram of a system architecture provided by an embodiment of the present invention.
  • Figure 1b is a schematic diagram of another system architecture provided by an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of a method for expendable credentials provided by an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of a consumable credential device provided by an embodiment of the present invention.
  • Figure 4 is a schematic structural diagram of a computer device provided by an embodiment of the present invention.
  • Verifier This role is used to describe the organization that has the authority to verify the certificate. Other institutions may apply for a verification certificate from the verification party.
  • Issuer This role is used to describe an organization that has the authority to generate certificates and issue them to users.
  • This role can obtain the certificate sent by the issuer, and can apply to the verifier for verification of the certificate.
  • Blockchain All participants have the ability to read and write to the blockchain. Among them, the participants can be the verification party, issuer, and user who have a blockchain account.
  • Block used to record data collections and status results divided according to certain conditions, which are formed after each node reaches a consensus.
  • the data to be recorded is mainly data or user data
  • blocks can be divided by time. For example, a block is generated every 10 seconds (s), then this block is to record all the data in these 10s, or a block is generated every day, then this The block is to record all the data during the day; or, the block can also be divided according to the number of received data or history update information, for example, after receiving a specified number of data or history update information, a Block, then this block is used to record the specified amount of data update information that has been received.
  • a block includes a block header and a block body.
  • the block header includes the previous block address (Prev-block)
  • the previous block address can be stored in the block header in the form of the previous block hash code (pre-Hash)
  • pre-Hash previous block hash code
  • the direction of the address connects all the blocks in series to form a blockchain.
  • the block body is used to store specific data, such as data in the embodiment of the present invention.
  • Blockchain or distributed data recording ledger, is a chained data structure in which data storage blocks are sequentially connected in a certain order. The blocks are connected in sequence to form a blockchain.
  • Node refers to the computing equipment that participates in the process of data recording or verification in the blockchain network.
  • computers, mobile phones, mining machines, desktops, or servers that have computing capabilities can all be used as nodes in the blockchain network.
  • any device in the network can be used as a node of the blockchain and can participate in the recording and storage of the blockchain. Based on the consensus mechanism between nodes, the entire block is jointly maintained through competitive computing. chain. Since any node can have a complete copy of the data of the blockchain, any node fails, and the remaining nodes can still work normally, so the reliability of the blockchain-based storage method is high.
  • each node can have the same authority, so there is no centralized equipment or management organization. All data information in the blockchain is open and transparent, and the modification of its own data by a single node or even multiple nodes cannot affect the data of other nodes unless it can control more than half of the nodes in the entire blockchain network to modify. However, this method is too difficult, and each block in the blockchain is associated with two blocks before and after. If you want to tamper with the data of a block, you need to tamper with multiple blocks related to it. Data is more difficult, so the data stored based on the blockchain is immutable.
  • Hash value An algorithm that generates a hash map value for a certain string, such as sha3.
  • FIG. 1a exemplarily shows a schematic diagram of a system architecture to which an embodiment of the present invention is applicable.
  • the system architecture to which an embodiment of the present invention is applicable includes a user 101, a verification party 102, an issuer 103, and a blockchain Network 104.
  • the certificate issuer 103 is used to issue consumable certificates to users.
  • Certificate holder user 101
  • the credential verification party can be a role such as a merchant. This role can verify the credentials provided by the user and provide services to the user.
  • User 101 sends a certificate verification request to the verification party; the verification party is connected to the blockchain network and sends the data that needs to be chained to the blockchain network; the user is connected to the blockchain network to verify the response returned by the verification party data.
  • the nodes in the blockchain network can be accounting nodes or ordinary nodes.
  • Each participating institution such as the verification party, issuer, and user, uses the agreed asymmetric encryption algorithm, such as ECDSA to generate its own public-private key pair; store the private key in its own private database, and then upload the public key to the chain.
  • ECDSA agreed asymmetric encryption algorithm
  • institution A publishes its public key A to the blockchain
  • institution B publishes its public key B to the blockchain.
  • the consumable certificate needs to be abstracted into a certificate Token on the blockchain, and then the entire life cycle of the issuance of the certificate and the verification of the certificate are on the chain.
  • this approach is very inefficient: merchants may send millions of coupons every day, and their full tokenization will put a huge burden on the blockchain.
  • embodiments of the present invention provide a consumable credential method applied to a blockchain, including:
  • Step 1 The certificate issuer generates a certificate for the user and sends the certificate to the user.
  • the check value may be a character string of variable length.
  • the format of a consumable voucher can be represented by a json string, and its attribute items can include the following fields, as shown in Table 1:
  • the business data determined by the issuer itself can be "full 50-25", “-yuan movie", "prescription” and other data, which are not limited here.
  • the signature generated by the issuer may be the original text generated by the issuer based on the attribute information in the certificate, for example, it may be the original text based on other content that does not include the verification record.
  • the issuer can use its private key to serialize all the attribute items of the certificate to generate a signature.
  • the verification agency or user can verify the signature value through the public key published by the issuer on the blockchain.
  • the recipient can be the user, that is, after the issuer has generated the voucher, the voucher is sent to the user, or it can be sent to the user through a third party, which is not limited here.
  • the write-off record set can be another json string nested in the json of the expendable certificate, which is empty when the certificate is created.
  • the verification record set may include multiple verification records.
  • the format of each verification record can be serialized, that is, the content of a table is converted into a series according to the content of a table. String format. As shown in Table 2, it includes the following fields:
  • each verification record needs to be signed by the user and the verification agency. This is to ensure that both parties use digital signatures to confirm the legal use of the certificate.
  • the verification user signature may be a signature generated by the user based on the verification record as the original text
  • the verification agency signature may be a signature generated by the verification agency using the verification record as the original text.
  • the user signature that can be verified may be a signature generated by the user based on his own private key, the verification time, the verification organization, the remaining times, and the verification value of the original text.
  • the check value is used by the verification party to generate a verification record of the verification request and verify the verification record generated by the verification party for the user.
  • the check value can be a string of unspecified length, which is used as one of the input parameters of the digital signature algorithm.
  • the verification value needs to be provided at the same time. This provides the digital signature with the ability to resist replay attacks, so that the signature can be correctly verified only when the verification value is exchanged between the designated user and the verification party.
  • Step 2 The user sends a verification request of the voucher to the verification party.
  • the verification request of the voucher includes the voucher and the number of verifications.
  • the verification party verifies whether the number of verifications of the verification request is less than or equal to the remaining available times of the voucher according to the certificate; The number of cancellations and the maximum available number of times in the certificate and the last written verification record, confirm the remaining available times of the certificate, and determine that the verifier obtains the public key of the certificate issuer from the blockchain To verify whether the attribute signature of the certificate is legal.
  • an embodiment of the present invention provides a method for verifying a consumable certificate applied to a blockchain, including:
  • Step 201 The verifier obtains the certificate provided by the user for verification; the certificate records each valid verification record;
  • Step 202 The verification party obtains the verification registration of the certificate from the blockchain, and the verification registration records the first hash value; the first hash value is the last verification of the certificate Later generated based on all valid verification records;
  • the verification record of each certificate needs to be stored on the chain.
  • the verification and cancellation registration of the certificate can be established for each certificate. In the specific implementation process, it can be stored through a serialized field. As shown in Table 3, the verification and registration of the voucher includes the first Hash value.
  • Hash The Hash value of the serialized string of the verification record of the certificate Hash signature of verification record The signature generated by the last verification party of the certificate
  • the verification record further includes a verification signature for the verification party that was previously verified to sign the first Hash value.
  • the verification signature may be a signature generated based on the Hash value and the verification value of the verification record generated by the last-level verification party.
  • Step 203 The verification party generates a second Hash value according to the effective verification records in the certificate
  • Step 204 When confirming that the first Hash value is consistent with the second Hash value, the verification party determines that the certificate can be used for verification.
  • the certificate only needs to be chained when the certificate is verified, and only the latest state of the certificate, the hash value and the signature of the verification record are stored on the chain, which effectively guarantees the efficiency and safety of certificate verification.
  • the verification party verifies whether the verification record of the certificate has been tampered with.
  • One possible implementation method includes:
  • the verification party obtains the verification record of the last verification from the certificate
  • the verification party verifies the verification signature according to the verification institution information in the verification record of the previous verification;
  • the verification party determines that the certificate can be used for verification.
  • the verification party will compare the Hash in the verification registration on the chain with the hash value generated after the verification record of the certificate is serialized. If the verification record is not empty and the first Hash value is consistent with the second Hash value, then further, obtain the public key of the last verification party from the chain, and use the first Hash value as the original text to verify whether the verification signature is legitimate. If either of the two is illegal, return failure.
  • the verification party can verify the content of the certificate and the legality of the signature.
  • a possible implementation is to obtain the issuer's public key from the chain according to the address of the certificate issuer, and then use all the attributes of the certificate and the serialized string as the original text to verify whether the signature is legal. If it is not legal, return failure.
  • the verification party enters according to whether the verification record set in the provided certificate is empty:
  • the set of verification records is not empty, for each verification record in the certificate, obtain the verification agency public key and the user public key from the blockchain, and then verify whether the verification agency signature and verification user signature are legal . If any signature in any one of the verification records is illegal, return failure. Otherwise, go to the next step.
  • the set of verification records is empty, it is determined that the certificate has not been verified, and there is no verification registration of the certificate on the blockchain. At this time, add a record of the verification and registration of the certificate in the verification and verification on the chain and fill in the ID of the certificate or the ID of the verification and registration generated for the certificate.
  • a smart contract can be used to perform transactional locks on verification to ensure that neither the holder of the certificate nor the verification party is likely to conduct a double-spending attack.
  • a possible implementation method after the verification party determines that the certificate can be used for verification, further includes:
  • the verification returns a lock request for the certificate to the user;
  • the lock request is used by the user to generate a lock signature and upload the lock signature to the blockchain;
  • the lock signature is used to indicate
  • the blockchain sets the lock state in the verification registration to a locked state and records the lock signature in the verification registration;
  • the verification value of the verification request of the credential may be sent to the user while sending the lock request; the verification value may be used by the user according to the verification The value generates a lock signature to uniquely identify this verification, so that the verification party can trigger the verification process after obtaining the lock success response sent by the user.
  • the verification party receives a lock success response sent by the user; the lock success response is used to trigger the verification party to perform verification.
  • the user uses the Hash and check value in the verification and registration as the original text, and generates the lock signature with his own private key.
  • the user modifies the corresponding entry of the certificate in the verification registration, sets the lock status to Y, and attaches the lock signature.
  • the lock status and the lock signature can be stored in the verification registration of the certificate.
  • serialized fields can be used for storage, as shown in Table 4:
  • Hash The Hash value of the serialized string of the verification record of the certificate
  • Hash signature of verification record The signature generated by the last verification party of the certificate Locked state Y/N Lock signature User-generated signature
  • the verification party is in the blockchain to check whether the certificate is being registered in a locked state. If the credential is currently locked, it will also return a failure.
  • a possible implementation can include:
  • Step 1 After the verification party verifies that the lock signature is legal, a record of the verification party corresponding to the verification request is generated;
  • the user informs the verification party that the lock process has been completed and the verification can be started; the verification party finds the attribute item of the corresponding voucher ID from the voucher status table and the verification value generated corresponding to the verification request , Obtain the user's public key from the chain, check whether the certificate has been correctly locked, and whether the signature is legal. If it is not locked or the signature is invalid, it returns a failure.
  • the verifier generates a record of the verifier based on the verification record set of the certificate.
  • the record of the verifier includes the remaining number of times, the address of the verification institution, the verification time, and the verification value.
  • the verifier can also write the signature of the verification agency in the verifier record. Specifically, the verification time, the address of the verification agency, the remaining number of times, and the verification value can be used as the original text together with its own private key. Generate a signature and fill it in the "Signature of Verification Agency" item recorded by the verification party.
  • Step 2 The verification party sends the record of the verification party to the user;
  • the verification party sends the verification record to the user, asking the user to confirm the implementation of the verification party record and sign.
  • Step 3 The verification party obtains the user record returned by the user
  • the user obtains the public key of the verification agency from the chain to verify whether the verification agency signature is legal. If it is illegal or if there is an error in the verification content, the verification agency is required to regenerate the verification party record. Otherwise, the user approves the signature of the verification agency and generates a signature with its own private key, and fills it in the "Verification of User Signature" item in the verification record.
  • the original text of the signature can be the same original text as the signature of the verification agency, or a different original text, which is not limited here.
  • Step 4 The verification party determines the verification record corresponding to the verification request according to the verification party record and the user side record;
  • the verification party obtains the user's public key from the chain, verifies whether the verification user's signature is legal, and fails if it is not. Otherwise, it means that a complete write-off record has been generated.
  • the verification party updates the verification record set of the certificate, adds a verification record, and fills in the verification party record and the user record.
  • the update of the set of write-off records can also be updated at the second step, and the reviewer does not need to separately generate the record of the write-off party, and only needs to verify and send the updated certificate to the user.
  • Step 5 The verification party generates a third Hash value according to the verification records of each verification in the certificate and the verification records corresponding to the verification request;
  • Step 6 The verification party updates the first Hash value in the verification registration of the certificate in the blockchain to the third Hash value.
  • the verification party serializes all verification records to generate a Hash, and then writes the Hash into the “value of the entry” of the entry corresponding to the certificate ID in the verification registration on the chain.
  • the Hash value as the original text, use your own private key to generate a signature, and write it into the "Into the verification signature item" of the verification registration corresponding entry.
  • the method further includes:
  • the verification party modifies the writing status of the certificate to unlock, and writes the lock signature into the blockchain; the verification party returns a successful verification response to the user.
  • the verification party can modify the locked status in the verification registration to N and delete the locked signature.
  • the lock state can also be modified by the user in this step, which is not limited here.
  • the verification response to the user that the verification is successful may also include providing the user with a business service corresponding to the credential.
  • the method before the verification party updates the first Hash value on the blockchain to the third Hash value, the method further includes:
  • the verification party queries the writing status of the certificate on the blockchain
  • the verification party finds that the lock status is no longer Y, it means that the user may be trying to double-spend the credential.
  • the verification party can immediately terminate the verification process and request the user to enter the credential lock process again.
  • the verification party can also use the blockchain with permissions to ensure that the unlocked state can only be modified by the verification party, further avoiding the possibility of double spending and improving the security of verification.
  • all certificates need to be chained when they are verified, and only the latest state of the certificate, the Hash and signature of the verification record are stored on the chain; even if a certificate is used multiple times, only one chain is required Record; the entire verification process only requires a maximum of four blockchain write operations.
  • the verification process can effectively prevent double-spending attacks by either the user or the verification party, effectively ensuring the efficiency and security of credential verification.
  • an embodiment of the present invention provides a verification device for a consumable certificate applied to a blockchain, including:
  • the transceiving unit 301 is used to obtain a certificate provided by the user for verification; the certificate records each valid verification record; obtains the verification registration of the certificate from the blockchain, and the verification A first hash value is recorded in the registration; the first hash value is generated based on all valid verification records after the last verification of the voucher;
  • the processing unit 302 is configured to generate a second Hash value according to each valid verification record in the voucher; when it is confirmed that the first Hash value is consistent with the second Hash value, it is determined that the voucher can be used Write off.
  • the verification record further includes a verification signature for the verification party that was previously verified to sign the first Hash value;
  • the processing unit 302 is configured to: Obtain the verification record of the last verification; verify the verification signature according to the verification institution information in the verification record of the previous verification; confirm the first Hash value and the second When the Hash value is consistent and the verification of the verification signature is passed, it is determined that the certificate can be used for verification.
  • the transceiver unit 301 is further configured to: return a lock request for the credential to the user; the lock request is used for the user to generate a lock signature and upload the lock signature to The blockchain; the lock signature is used to instruct the blockchain to set the lock state in the verification registration to the locked state and record the lock signature in the verification registration; receive the user The sent lock success response; the lock success response is used to trigger the verification party to perform verification.
  • the transceiver unit is further configured to: send the verification party record to the user; obtain the user-side record returned by the user;
  • the processing unit is further configured to: after verifying that the lock signature is legal, generate a verification party record corresponding to the verification request; and determine the verification request corresponding to the verification request based on the verification party record and the user record The verification record; the verification record corresponding to the verification request and each valid verification record in the voucher generates a third Hash value; the verification of the voucher in the blockchain is updated The first Hash value in the registration is the third Hash value.
  • the processing unit is further configured to: modify the writing status of the certificate to unlock, and write the lock signature to the blockchain; and return a successful verification response to the user .
  • the processing unit is configured to: query the writing status of the voucher on the blockchain; if it is determined that the writing status is unlocked, return an instruction to relock to the user , And after deleting the second verification record in the voucher, return to the user.
  • the transceiver unit is configured to: obtain a verification request for the voucher sent by the user; the verification request for the voucher includes the attribute signature of the voucher and the number of verifications;
  • the processing unit is configured to verify whether the number of times of verification of the verification request is less than or equal to the available times of the certificate; the verification party obtains the public key of the certificate issuer from the blockchain, and verifies After the attribute signature of the certificate is legal, the verification result of the verification request of the certificate is returned.
  • the processing unit is configured to: if it is determined that the verification result is passed, send a check value of the verification request of the voucher to the user; the check value is used for all
  • the verification party generates a verification record of the verification request and verifies the verification record generated by the verification party for the user.
  • an embodiment of the present invention also provides a computer device for executing a method of a user or a verification party in any embodiment of the present invention, and may include a memory 1001 and a processor 1002.
  • the memory 1001 is used to store a computer program executed by the processor 1002.
  • the memory 1001 may mainly include a program storage area and a data storage area.
  • the program storage area may store an operating system, an application program required for at least one function, and the like; the data storage area may store data created according to the use of a computer device.
  • the processor 1002 may be a central processing unit (central processing unit, CPU), or a digital processing unit or the like.
  • the embodiment of the present invention does not limit the specific connection medium between the foregoing memory 1001 and the processor 1002.
  • the memory 1001 and the processor 1002 are connected through a bus 1003, and the bus 1003 is represented by a thick line in FIG. 4.
  • the connection mode between other components is only for schematic illustration, not Limited.
  • the bus 1003 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used to represent in FIG. 4, but it does not mean that there is only one bus or one type of bus.
  • the memory 1001 may be a volatile memory (volatile memory), such as a random-access memory (random-access memory, RAM); the memory 1001 may also be a non-volatile memory (non-volatile memory), such as a read-only memory, flash memory Flash memory, hard disk drive (HDD) or solid-state drive (SSD), or memory 1001 can be used to carry or store desired program codes in the form of instructions or data structures and can be used by Any other medium accessed by the computer, but not limited to this.
  • the memory 1001 may be a combination of the above-mentioned memories.
  • the processor 1002 is configured to execute the block chain-based consumable voucher method provided by the embodiment of the present invention when calling the computer program stored in the memory 1001.
  • An embodiment of the present invention also provides a computer storage medium that stores computer executable instructions required to execute the foregoing processor, and contains a program used to execute the foregoing processor.
  • all aspects of the blockchain-based consumable credential method provided by the present invention can also be implemented in the form of a program product, which includes program code, when the program product runs on a computer device At the time, the program code is used to make the computer device execute the steps in the block chain-based consumable voucher method provided according to various exemplary implementations of the present invention described above in this specification.
  • the computer device can execute The embodiment of the present invention provides a method for verifying a consumable certificate based on a blockchain.
  • the program product can use any combination of one or more readable media.
  • the readable medium may be a readable signal medium or a readable storage medium.
  • the readable storage medium may be, for example, but not limited to, an electric, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any combination of the above. More specific examples (non-exhaustive list) of readable storage media include: electrical connections with one or more wires, portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Type programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
  • the program product based on the block chain-based consumable credential method provided in the embodiment of the present invention can adopt a portable compact disk read-only memory (CD-ROM) and include program code, and can run on a computing device.
  • CD-ROM portable compact disk read-only memory
  • the program product of the present invention is not limited thereto.
  • the readable storage medium can be any tangible medium that contains or stores a program, and the program can be used by or in combination with an instruction execution system, device, or device.
  • the readable signal medium may include a data signal propagated in baseband or as a part of a carrier wave, and readable program code is carried therein. This propagated data signal can take many forms, including, but not limited to, electromagnetic signals, optical signals, or any suitable combination of the foregoing.
  • the readable signal medium may also be any readable medium other than a readable storage medium, and the readable medium may send, propagate, or transmit a program for use by or in combination with the instruction execution system, apparatus, or device.
  • the program code contained on the readable medium can be transmitted by any suitable medium, including, but not limited to, wireless, wired, optical cable, RF, etc., or any suitable combination of the above.
  • the program code used to perform the operations of the present invention can be written in any combination of one or more programming languages.
  • the programming languages include object-oriented programming languages—such as Java, C++, etc., as well as conventional procedural styles. Programming language-such as "C" language or similar programming language.
  • the program code can be executed entirely on the user's computing device, partly on the user's device, executed as an independent software package, partly on the user's computing device and partly executed on the remote computing device, or entirely on the remote computing device or server Executed on.
  • the remote computing device can be connected to the user's computing device through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computing device (for example, using Internet services) Provider to connect via the Internet).
  • LAN local area network
  • WAN wide area network
  • an external computing device for example, using Internet services
  • the embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • a computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

A verification method and device of consumable certificates applied to a block chain. The method comprises: a verification party obtains a certificate provided by a user and used for verification (201), the certificate recording validated verification records; the verification party obtains a verification registration of the certificate from the block chain (202), the verification registration recording a first Hash value, wherein the first Hash value is generated according to all valid verification records after the certificate is verified last time; the verification party generates a second Hash value according to each validated verification record in the certificate (203); and when confirming that the first Hash value and the second Hash value are consistent, the verification party determines that the certificate can be used for verification (204).

Description

一种应用于区块链的可消耗凭证的验证方法和装置Method and device for verifying consumable certificate applied to blockchain
相关申请的交叉引用Cross references to related applications
本申请要求在2019年05月22日提交中国专利局、申请号为201910427763.7、申请名称为“一种应用于区块链的可消耗凭证的验证方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requires the priority of a Chinese patent application filed with the Chinese Patent Office, the application number is 201910427763.7, and the application name is "A method and device for validating a consumable certificate applied to the blockchain" on May 22, 2019. The entire content is incorporated into this application by reference.
技术领域Technical field
本发明实施例涉及科技金融(Fintech)领域,尤其是涉及一种应用于区块链(Block Chain)的可消耗凭证的验证方法和装置。The embodiments of the present invention relate to the field of Fintech, and in particular, to a method and device for verifying a consumable certificate applied to a blockchain (Blockchain).
背景技术Background technique
随着计算机技术的发展,越来越多的技术应用在金融领域,传统金融业正在逐步向金融科技(Finteh)转变,区块链(Block chain)技术也不例外,但由于金融行业的安全性、实时性要求,也对技术提出的更高的要求。With the development of computer technology, more and more technologies are applied in the financial field. The traditional financial industry is gradually changing to Finteh. Blockchain technology is no exception, but due to the security of the financial industry , Real-time requirements, but also higher requirements for technology.
传统的可消耗凭证方案需要中心化的服务端,常有“发券后改规则”的道德诟病。区块链是一种全民参与记账的方式,具有去中心化和去信任的特点。区块链最重要的是解决了中介信用问题。在过去,两个互不认识和信任的人要达成协作是难的,必须要依靠第三方。比如支付行为,在过去任何一种转账,必须要有银行或者支付宝这样的机构存在。但是通过区块链技术,比特币是人类第一次实现在没有任何中介机构参与的情况下,完成双方可以互信的转账行为,这是区块链的重大突破,也因此区块链越来越受到人们的关注。Traditional consumable credential solutions require a centralized server, and there are often moral criticisms of "changing rules after issuing coupons". Blockchain is a way for all people to participate in bookkeeping, which has the characteristics of decentralization and trustlessness. The most important thing about blockchain is to solve the problem of intermediary credit. In the past, it was difficult for two people who did not know and trust each other to achieve collaboration, and it was necessary to rely on a third party. For example, payment behavior, any kind of transfer in the past, must have an institution such as a bank or Alipay. However, through blockchain technology, Bitcoin is the first time that human beings can complete mutual trust transfer behavior without any intermediary institutions. This is a major breakthrough in the blockchain, and the blockchain is becoming more and more important. Get people's attention.
在区块链使用的过程中,对可消耗凭证(如优惠券、处方、门票)的分布式核销是区块链行业的一个热点。但是目前的验证过程仍存在诸多问题导致验证困难。In the process of using the blockchain, the distributed verification of consumable vouchers (such as coupons, prescriptions, and tickets) is a hot spot in the blockchain industry. However, there are still many problems in the current verification process that make verification difficult.
发明内容Summary of the invention
本发明提供一种应用于区块链的可消耗凭证的验证方法和装置,用以解决现有技术中凭证的核销请求不可信安全性低的问题。The present invention provides a method and device for verifying a consumable certificate applied to a blockchain to solve the problem of untrustworthy and low security of the verification request of the certificate in the prior art.
本发明实施例提供一种应用于区块链的可消耗凭证的验证方法,包括:The embodiment of the present invention provides a method for verifying a consumable certificate applied to a blockchain, including:
核销方获取用户提供的用以核销的凭证;所述凭证中记录有已生效的各次核销记录;The verifier obtains the certificate provided by the user for verification; the certificate records each valid verification record;
所述核销方从区块链上获取所述凭证的核销登记,所述核销登记中记录有第一哈希Hash值;所述第一Hash值是所述凭证在上一次核销后根据所有已生效的核销记录生成的;The verification party obtains the verification registration of the certificate from the blockchain, and the verification registration records the first hash value; the first hash value is the last time the certificate was verified Generated based on all valid verification records;
所述核销方根据所述凭证中的已生效的各次核销记录生成第二Hash值;The verification party generates a second Hash value according to the effective verification records in the certificate;
所述核销方在确认所述第一Hash值和所述第二Hash值一致时,确定所述凭证可用于核销。When the verification party confirms that the first Hash value is consistent with the second Hash value, it determines that the certificate can be used for verification.
一种可能的实现方式,所述核销记录中还包括上一次核销的核销方对所述第一Hash值进行签名的核销签名;In a possible implementation manner, the verification record further includes a verification signature for signing the first Hash value by the verification party last verification;
所述核销方在确认所述第一Hash值和所述第二Hash值一致时,确定所述凭证可用于核销,包括:When the verification party confirms that the first Hash value is consistent with the second Hash value, determining that the voucher can be used for verification includes:
所述核销方从所述凭证中获取上一次核销的核销记录;The verification party obtains the verification record of the last verification from the certificate;
所述核销方根据所述上一次核销的核销记录中的核销机构信息对所述核销签名进行验证;The verification party verifies the verification signature according to the verification institution information in the verification record of the previous verification;
所述核销方在确认所述第一Hash值和所述第二Hash值一致且所述核销签名验证通过时,确定所述凭证可用于核销。When the verification party confirms that the first Hash value is consistent with the second Hash value and the verification of the verification signature is passed, the verification party determines that the certificate can be used for verification.
一种可能的实现方式,所述核销方确定所述凭证可用于核销之后,还包括:A possible implementation manner, after the verification party determines that the voucher can be used for verification, the method further includes:
所述核销方向所述用户返回针对所述凭证的锁定请求;所述锁定请求用于所述用户生成锁定签名并将所述锁定签名上传至所述区块链;所述锁定签名用于指示所述区块链将所述核销登记中的锁定状态设置为锁定态并在所述核销登记中记录所述锁定签名;The verification returns a lock request for the certificate to the user; the lock request is used by the user to generate a lock signature and upload the lock signature to the blockchain; the lock signature is used to indicate The blockchain sets the lock state in the verification registration to a locked state and records the lock signature in the verification registration;
所述核销方接收所述用户发送的锁定成功响应;所述锁定成功响应用于触发所述核销方进行核销。The verification party receives a lock success response sent by the user; the lock success response is used to trigger the verification party to perform verification.
一种可能的实现方式,所述核销方接收所述用户发送的锁定成功响应后,还包括:In a possible implementation manner, after the verification party receives the lock success response sent by the user, the method further includes:
所述核销方验证所述锁定签名合法后,生成所述核销请求对应的核销方记录;After the verification party verifies that the lock signature is legal, generate a verification party record corresponding to the verification request;
所述核销方将所述核销方记录发送至所述用户;The verification party sends the verification party record to the user;
所述核销方获取所述用户返回的用户方记录;The verification party obtains the user-side record returned by the user;
所述核销方根据所述核销方记录和所述用户方记录确定所述核销请求对应的核销记录;The verification party determines the verification record corresponding to the verification request according to the verification party record and the user record;
所述核销方根据所述凭证中的已生效的各次核销记录和所述核销请求对应的核销记录,生成第三Hash值;The verification party generates a third Hash value according to each verification record in the voucher and the verification record corresponding to the verification request;
所述核销方更新所述区块链中所述凭证的核销登记中的第一Hash值为所述第三Hash值。The verification party updates the first Hash value in the verification registration of the certificate in the blockchain to the third Hash value.
一种可能的实现方式,所述方法还包括:A possible implementation manner, the method further includes:
所述核销方将所述凭证的写入状态修改为解锁,并将所述锁定签名写入区块链;The verification party changes the writing status of the certificate to unlocked, and writes the locked signature to the blockchain;
所述核销方向所述用户返回核销成功的响应。The verification returns a successful response to the user.
一种可能的实现方式,所述核销方将区块链上的所述第一Hash值,更新为所述第三Hash值之前,还包括:In a possible implementation manner, before the verification party updates the first Hash value on the blockchain to the third Hash value, the method further includes:
所述核销方查询所述区块链上所述凭证的写入状态;The verification party queries the writing status of the certificate on the blockchain;
若确定所述写入状态为解锁,则向所述用户返回重新锁定的指令,并将所述凭证中的所述第二核销记录删除后,返回至所述用户。If it is determined that the writing status is unlocked, return a relocking instruction to the user, delete the second verification record in the voucher, and return to the user.
一种可能的实现方式,所述核销方从区块链上获取所述凭证的核销登记之前,还包括:In a possible implementation, before the verification party obtains the verification registration of the certificate from the blockchain, the method further includes:
所述核销方获取所述用户发送所述凭证的核销请求;所述凭证的核销请求包括所述凭证的属性签名及核销次数;The verification party obtains the verification request of the certificate sent by the user; the verification request of the certificate includes the attribute signature of the certificate and the number of verifications;
所述核销方根据所述凭证,确定所述凭证的剩余可用次数;The verification party determines the remaining available times of the voucher according to the voucher;
所述核销方验证所述核销请求的核销次数是否小于或等于所述凭证的剩余可用次数;所述核销方从区块链获取所述凭证的发行方的公钥,验证所述凭证的属性签名是否合法。The verification party verifies whether the verification times of the verification request is less than or equal to the remaining available times of the certificate; the verification party obtains the public key of the certificate issuer from the blockchain, and verifies the Whether the attribute signature of the certificate is legal.
一种可能的实现方式,所述方法还包括:A possible implementation manner, the method further includes:
所述核销方向所述用户发送所述凭证的核销请求的校验值;所述校验值用于所述核销方生成所述核销请求的核销记录并为所述用户验证所述核销方生成的所述核销记录。The verification value sends the verification value of the verification request of the certificate to the user; the verification value is used by the verification party to generate a verification record of the verification request and verify the verification value for the user The verification record generated by the verification party.
本发明实施例提供一种应用于区块链的可消耗凭证的验证装置,包括:The embodiment of the present invention provides a verification device for a consumable certificate applied to a blockchain, including:
收发单元,用于获取用户提供的用以核销的凭证;所述凭证中记录有已生效的各次核销记录;从区块链上获取所述凭证的核销登记,所述核销登记中记录有第一哈希Hash值;所述第一Hash值是所述凭证在上一次核销后根据所有已生效的核销记录生成的;The transceiver unit is used to obtain the certificate provided by the user for verification; the certificate records each valid verification record; obtain the verification registration of the certificate from the blockchain, the verification registration A first hash value is recorded in, the first hash value is generated based on all valid verification records after the last verification of the voucher;
处理单元,用于根据所述凭证中的已生效的各次核销记录生成第二Hash值;在确认所述第一Hash值和所述第二Hash值一致时,确定所述凭证可用于核销。The processing unit is configured to generate a second Hash value according to each valid verification record in the voucher; when it is confirmed that the first Hash value is consistent with the second Hash value, it is determined that the voucher can be used for verification pin.
一种可能的实现方式,所述核销记录中还包括上一次核销的核销方对所述第一Hash值进行签名的核销签名;所述处理单元,用于:从所述凭证中获取上一次核销的核销记录;根据所述上一次核销的核销记录中的核销机构信息对所述核销签名进行验证;在确认所述第一Hash值和所述第二Hash值一致且所述核销签名验证通过时,确定所述凭证可用于核销。In a possible implementation manner, the verification record further includes a verification signature used by the verification party to sign the first Hash value in the last verification; the processing unit is configured to: Obtain the verification record of the last verification; verify the verification signature according to the verification institution information in the verification record of the last verification; verify the first Hash value and the second Hash When the values are consistent and the verification of the verification signature is passed, it is determined that the certificate can be used for verification.
一种可能的实现方式,所述收发单元,还用于:向所述用户返回针对所述凭证的锁定请求;所述锁定请求用于所述用户生成锁定签名并将所述锁定签名上传至所述区块链;所述锁定签名用于指示所述区块链将所述核销登记中的锁定状态设置为锁定态并在所述核销登记中记录所述锁定签名;接收所述用户发送的锁定成功响应;所述锁定成功响应用于触发所述核销方进行核销。In a possible implementation manner, the transceiver unit is further configured to: return a lock request for the credential to the user; the lock request is used for the user to generate a lock signature and upload the lock signature to the user. The blockchain; the lock signature is used to instruct the blockchain to set the lock state in the verification registration to the locked state and record the lock signature in the verification registration; receive the user's sending The lock successful response; the lock successful response is used to trigger the verification party to write off.
一种可能的实现方式,所述收发单元,还用于:将所述核销方记录发送至所述用户;获取所述用户返回的用户方记录;In a possible implementation manner, the transceiver unit is further configured to: send the verification party record to the user; obtain the user-side record returned by the user;
所述处理单元,还用于:验证所述锁定签名合法后,生成所述核销请求对应的核销方记录;根据所述核销方记录和所述用户方记录确定所述核销请求对应的核销记录;根据所述凭证中的已生效的各次核销记录和所述核销请求对应的核销记录,生成第三Hash值;更新所述区块链中所述凭证的核销登记中的第一Hash值为所述第三Hash值。The processing unit is further configured to: after verifying that the lock signature is legal, generate a verification party record corresponding to the verification request; and determine the verification request corresponding to the verification request based on the verification party record and the user record The verification record; the verification record corresponding to the verification request and each valid verification record in the voucher generates a third Hash value; the verification of the voucher in the blockchain is updated The first Hash value in the registration is the third Hash value.
一种可能的实现方式,所述处理单元,还用于:将所述凭证的写入状态修改为解锁,并将所述锁定签名写入区块链;向所述用户返回核销成功的响应。In a possible implementation manner, the processing unit is further configured to: modify the writing status of the certificate to unlock, and write the lock signature to the blockchain; and return a successful verification response to the user .
一种可能的实现方式,所述处理单元,用于:查询所述区块链上所述凭证的写入状态;若确定所述写入状态为解锁,则向所述用户返回重新锁定的指令,并将所述凭证中的所述第二核销记录删除后,返回至所述用户。In a possible implementation manner, the processing unit is configured to: query the writing status of the voucher on the blockchain; if it is determined that the writing status is unlocked, return an instruction to relock to the user , And after deleting the second verification record in the voucher, return to the user.
一种可能的实现方式,所述收发单元,用于:获取所述用户发送所述凭证的核销请求;所述凭证的核销请求包括所述凭证的属性签名及核销次数;In a possible implementation manner, the transceiver unit is configured to: obtain a verification request for the voucher sent by the user; the verification request for the voucher includes the attribute signature of the voucher and the number of verifications;
所述处理单元,用于:验证所述核销请求的核销次数是否小于或等于所述凭证的可用次数;所述核销方从区块链获取所述凭证的发行方的公钥,验证所述凭证的属性签名是否合法后,返回所述凭证的核销请求的验证结果。The processing unit is configured to verify whether the number of times of verification of the verification request is less than or equal to the available times of the certificate; the verification party obtains the public key of the certificate issuer from the blockchain, and verifies After the attribute signature of the certificate is legal, the verification result of the verification request of the certificate is returned.
一种可能的实现方式,所述处理单元,用于:向所述用户发送所述凭证的核销请求的校验值;所述校验值用于所述核销方生成所述核销请求的核销记录并为所述用户验证所述核销方生成的所述核销记录。In a possible implementation manner, the processing unit is configured to: send the verification value of the verification request of the voucher to the user; the verification value is used by the verification party to generate the verification request And verify the verification record generated by the verification party for the user.
本发明实施例提供一种计算机存储介质,所述计算机可读存储介质包括计算机程序,当计算机程序在计算机上运行时,使得所述计算机执行上述实施例中任一项所述的方法。An embodiment of the present invention provides a computer storage medium, where the computer-readable storage medium includes a computer program, and when the computer program runs on a computer, the computer executes the method described in any one of the foregoing embodiments.
本发明实施例提供一种包含指令的计算机程序产品,当所述指令在计算机上运行时,使得所述计算机执行如上述实施例任一项所述的方法。An embodiment of the present invention provides a computer program product containing instructions, which when the instructions run on a computer, cause the computer to execute the method described in any one of the foregoing embodiments.
本发明实施例提供一种计算机设备,包括:The embodiment of the present invention provides a computer device, including:
至少一个存储器,用于存储程序指令;At least one memory for storing program instructions;
至少一个处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行如上述实施例任一项所述的方法。At least one processor is configured to invoke program instructions stored in the memory, and execute the method according to any one of the foregoing embodiments according to the obtained program.
本发明实施例中,核销方通过在区块链上核销登记中的Hash值和凭证中的核销记录序列化之后生成的Hash值进行对比,验证可消耗凭证的核销记录是否被篡改过。只有在核销的时候才需要上链,且区块链上不暴露任何隐私数据,提高了验证效率。In the embodiment of the present invention, the verification party compares the hash value in the verification registration on the blockchain with the hash value generated after the verification record in the certificate is serialized to verify whether the verification record of the expendable certificate has been tampered with Over. It only needs to be on the chain when it is written off, and no private data is exposed on the blockchain, which improves the efficiency of verification.
附图说明Description of the drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of the present invention, the following will briefly introduce the drawings needed in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings may be obtained from these drawings without creative labor.
图1a为本发明实施例提供的一种系统架构示意图;Figure 1a is a schematic diagram of a system architecture provided by an embodiment of the present invention;
图1b为本发明实施例提供的另一种系统架构示意图;Figure 1b is a schematic diagram of another system architecture provided by an embodiment of the present invention;
图2为本发明实施例提供的一种可消耗凭证方法的流程示意图;FIG. 2 is a schematic flowchart of a method for expendable credentials provided by an embodiment of the present invention;
图3为本发明实施例提供的一种可消耗凭证装置的结构示意图;3 is a schematic structural diagram of a consumable credential device provided by an embodiment of the present invention;
图4为本发明实施例提供的一种计算机设备的结构示意图。Figure 4 is a schematic structural diagram of a computer device provided by an embodiment of the present invention.
具体实施方式Detailed ways
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部份实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. . Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.
核销方:这一角色用来描述了有权限将凭证核销的机构。其他机构可能会向核销方申请核销凭证。Verifier: This role is used to describe the organization that has the authority to verify the certificate. Other institutions may apply for a verification certificate from the verification party.
发行方:这一角色用来描述了有权限生成凭证,并向用户发行的机构。Issuer: This role is used to describe an organization that has the authority to generate certificates and issue them to users.
用户:这一角色可以获得发行方发送的凭证,并可以向核销方申请核销凭证的需求。User: This role can obtain the certificate sent by the issuer, and can apply to the verifier for verification of the certificate.
区块链:所有参与方都具有区块链的读写访问能力,其中,参与方可以为核销方、发行方和用户等具有区块链账户的对象。Blockchain: All participants have the ability to read and write to the blockchain. Among them, the participants can be the verification party, issuer, and user who have a blockchain account.
区块(block):用于记录按照一定条件划分出的数据集合和状态结果,是在各个节点达成共识之后形成的,在本发明实施例中,需要记录的数据主要是数据,或者用户的数据变化后的履历更新信息。具体的,区块可以是以时间进行划分,例如每间隔10秒(s)产生一个区块,那么这个区块即是记录这10s内的所有数据,或者每间隔一天产生一个区块,那么这个区块即是记录这一天内的所有数据;或者,区块还可以是根据接收到的数据或者履历更新信息的数量进行划分,例如,在接收到指定数量的数据或者履历更新信息之后,生成一个区块,那么这个区块即是用于记录已接收到的指定数量的数据更新信息,当然,本发明实施例对区块具体的划分方式并不进行限制。一个区块包括区块头和区块体。其中,区块头中包括前一区块地址(Prev-block),前一区块地址在区块头中可以通过前一区块哈希码(pre-Hash)的形式进行存储,通过前一区块地址的指向将所有的区块串联起来,进而形成一条区块链。区块体中则用于存储具体的数据,例如本发明实施例中的数据。Block: used to record data collections and status results divided according to certain conditions, which are formed after each node reaches a consensus. In the embodiment of the present invention, the data to be recorded is mainly data or user data The history update information after the change. Specifically, blocks can be divided by time. For example, a block is generated every 10 seconds (s), then this block is to record all the data in these 10s, or a block is generated every day, then this The block is to record all the data during the day; or, the block can also be divided according to the number of received data or history update information, for example, after receiving a specified number of data or history update information, a Block, then this block is used to record the specified amount of data update information that has been received. Of course, the embodiment of the present invention does not limit the specific division method of the block. A block includes a block header and a block body. Among them, the block header includes the previous block address (Prev-block), the previous block address can be stored in the block header in the form of the previous block hash code (pre-Hash), and the previous block The direction of the address connects all the blocks in series to form a blockchain. The block body is used to store specific data, such as data in the embodiment of the present invention.
区块链(block chain):或称分布式数据记录账本,是一种按照一定顺序将存储数据的区块以顺序相连的方式组合成的一种链式数据结构。将区块按照顺序串联起来在而形成了一条区块链。Blockchain (blockchain): or distributed data recording ledger, is a chained data structure in which data storage blocks are sequentially connected in a certain order. The blocks are connected in sequence to form a blockchain.
节点:指区块链网络中参与数据的记录或者验证等处理过程的计算设备,例如计算机、手机、矿机、台式机或者服务器等拥有计算能力的设备均可作为区块链网络中的节点。Node: Refers to the computing equipment that participates in the process of data recording or verification in the blockchain network. For example, computers, mobile phones, mining machines, desktops, or servers that have computing capabilities can all be used as nodes in the blockchain network.
另外,本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,在不做特别说明的情 况下,一般表示前后关联对象是一种“或”的关系。In addition, the term "and/or" in this article is only an association relationship describing associated objects, which means that there can be three types of relationships, for example, A and/or B, which can mean: A alone exists, and both A and B exist. There are three cases of B alone. In addition, the character "/" in this text, unless otherwise specified, generally indicates that the associated objects before and after are in an "or" relationship.
为了利于对本发明实施例的技术方案的理解,下面介绍区块链的原理。In order to facilitate the understanding of the technical solutions of the embodiments of the present invention, the principle of the blockchain is introduced below.
在区块链技术中,网络中的任意一个设备都可以作为区块链的一个节点,并且可以参与到区块链的记录和存储中,节点间基于共识机制,通过竞争计算共同维护整个区块链。由于任一节点都可以拥有一份完整的区块链的数据拷贝,因而任一节点失效,其余节点仍能够正常进行工作,从而基于区块链存储的方式可靠性高。In blockchain technology, any device in the network can be used as a node of the blockchain and can participate in the recording and storage of the blockchain. Based on the consensus mechanism between nodes, the entire block is jointly maintained through competitive computing. chain. Since any node can have a complete copy of the data of the blockchain, any node fails, and the remaining nodes can still work normally, so the reliability of the blockchain-based storage method is high.
此外,由于在区块链技术中心通过众多的节点来共同维护整个区块链,每个节点所拥有的权限可以是相同的,因而并不存在中心化的设备或者管理机构。区块链中所有的数据信息都是公开透明的,单个节点甚至多个节点对自身数据的修改无法影响到其他节点的数据,除非能够控制整个区块链网络中超过一半的节点都进行修改,但是这种方式难度太大,并且区块链中的每一个区块都与前后的两个区块进行关联,要想篡改一个区块的数据,就需要篡改与之相关的多个区块的数据,难度较大,从而基于区块链存储的数据具有不可篡改性。In addition, because the blockchain technology center uses many nodes to jointly maintain the entire blockchain, each node can have the same authority, so there is no centralized equipment or management organization. All data information in the blockchain is open and transparent, and the modification of its own data by a single node or even multiple nodes cannot affect the data of other nodes unless it can control more than half of the nodes in the entire blockchain network to modify. However, this method is too difficult, and each block in the blockchain is associated with two blocks before and after. If you want to tamper with the data of a block, you need to tamper with multiple blocks related to it. Data is more difficult, so the data stored based on the blockchain is immutable.
哈希Hash值:对某种字符串生成哈希映射值的算法,例如sha3。Hash value: An algorithm that generates a hash map value for a certain string, such as sha3.
可消耗凭证:可以是电子化证件,使用次数有限,每次核销之时会消耗,用尽便失效。常见的可消耗凭证可以为处方、优惠券、门票等。传统的可消耗凭证方案需要中心化的服务端,常有“发券后改规则”的道德诟病。对此,核销方可以将凭证生成Hash值存证放在区块链上公示。图1a示例性示出了本发明实施例适用的一种系统架构示意图,如图1a所示,本发明实施例适用的系统架构包括用户101,核销方102,发行方103,和区块链网络104。其中,凭证发行方103用于发行可消耗凭证给用户。凭证持有方(用户101):作为持有方,用户可以通过向核销方出示凭证进行凭证的消费。凭证核销方,可以为商户等角色,此角色可以核销用户提供的凭证并为用户提供服务。用户101向核销方发送凭证的核销请求;核销方与区块链网络相连,给区块链网络发送需上链的数据;用户与区块链网络相连,验证核销方返回的响应数 据。区块链网络中的节点可以为记账节点或者普通节点。Consumable certificate: It can be an electronic certificate, the number of times is limited, it will be consumed every time it is written off, and it will become invalid when used up. Common consumable vouchers can be prescriptions, coupons, tickets, etc. Traditional consumable credential solutions require a centralized server, and there are often moral criticisms of "changing rules after issuing coupons". In this regard, the verification party can put the certificate generated Hash value deposit certificate on the blockchain for publicity. Figure 1a exemplarily shows a schematic diagram of a system architecture to which an embodiment of the present invention is applicable. As shown in Figure 1a, the system architecture to which an embodiment of the present invention is applicable includes a user 101, a verification party 102, an issuer 103, and a blockchain Network 104. Among them, the certificate issuer 103 is used to issue consumable certificates to users. Certificate holder (user 101): As the holder, the user can consume the certificate by presenting the certificate to the verifier. The credential verification party can be a role such as a merchant. This role can verify the credentials provided by the user and provide services to the user. User 101 sends a certificate verification request to the verification party; the verification party is connected to the blockchain network and sends the data that needs to be chained to the blockchain network; the user is connected to the blockchain network to verify the response returned by the verification party data. The nodes in the blockchain network can be accounting nodes or ordinary nodes.
核销方、发行方、用户等每个参与方机构使用约定的非对称加密算法,如ECDSA生成自己的公私钥对;将私钥存储到自己的私有数据库里,再将公钥上链。如图1b所示,机构A将自己的公钥A发布至区块链上,机构B将自己的公钥B发布至区块链上。针对现有的凭证的核销,需要将可消耗凭证抽象成区块链上的凭证Token,进而凭证的发行、凭证的核销的整个生命周期都在链上。然而,这种做法效率很低:商家每天可能会发送数以百万计的优惠券,对其全部通证化会对区块链造成巨大的负担。Each participating institution, such as the verification party, issuer, and user, uses the agreed asymmetric encryption algorithm, such as ECDSA to generate its own public-private key pair; store the private key in its own private database, and then upload the public key to the chain. As shown in Figure 1b, institution A publishes its public key A to the blockchain, and institution B publishes its public key B to the blockchain. For the verification of existing certificates, the consumable certificate needs to be abstracted into a certificate Token on the blockchain, and then the entire life cycle of the issuance of the certificate and the verification of the certificate are on the chain. However, this approach is very inefficient: merchants may send millions of coupons every day, and their full tokenization will put a huge burden on the blockchain.
基于上述问题,本发明实施例提供一种应用于区块链的可消耗凭证方法,包括:Based on the foregoing problems, embodiments of the present invention provide a consumable credential method applied to a blockchain, including:
步骤一、凭证发行方为用户生成凭证,并将凭证发送给用户。Step 1. The certificate issuer generates a certificate for the user and sends the certificate to the user.
在一种具体的实施例中,校验值可以为一长度不定的字符串。一种可能的实现方式,一个可消耗凭证的格式可以用一个json字符串来表示,其属性项可以包括以下字段,如表1所示:In a specific embodiment, the check value may be a character string of variable length. A possible implementation is that the format of a consumable voucher can be represented by a json string, and its attribute items can include the following fields, as shown in Table 1:
KeyKey ValueValue
发行方Issuer 发行方链上地址Issuer chain address
发行时间及有效期Issuance time and validity period 发行时间及有效期Issuance time and validity period
IDID UUID字符串UUID string
接收方receiver 接收方链上地址Recipient's on-chain address
内容content 发行方自行确定的业务数据Business data determined by the issuer
最大可用次数Maximum available times 凭证的最大可使用次数Maximum number of times the voucher can be used
签名signature 发行方生成的签名Signature generated by the issuer
核销记录集Write-off record set 多条凭证核销记录的集合,创建时刻为空A collection of multiple voucher write-off records, the creation time is empty
表1Table 1
其中,发行方自行确定的业务数据可以为“满50-25”,“-元观影”,“处方”等数据,在此不做限定。发行方生成的签名可以为发行方根据凭证中的属性信息为原文生成的,例如,可以根据不包括核销记录的其他内容为原文。在 具体实施过程中,发行方可以使用自己的私钥对凭证的所有属性项序列化后字符串生成签名。核销机构或用户可以通过发行方公布在区块链上的公钥,对此签名值进行验证。接收方可以为用户,即发行方将凭证生成完毕后,将该凭证发送至用户,也可以通过第三方发送至用户,在此不做限定。Among them, the business data determined by the issuer itself can be "full 50-25", "-yuan movie", "prescription" and other data, which are not limited here. The signature generated by the issuer may be the original text generated by the issuer based on the attribute information in the certificate, for example, it may be the original text based on other content that does not include the verification record. In the specific implementation process, the issuer can use its private key to serialize all the attribute items of the certificate to generate a signature. The verification agency or user can verify the signature value through the public key published by the issuer on the blockchain. The recipient can be the user, that is, after the issuer has generated the voucher, the voucher is sent to the user, or it can be sent to the user through a third party, which is not limited here.
一种可能的实现方式,核销记录集可以为嵌套在可消耗凭证的json里的另一个json字符串,在凭证的创建时为空。在凭证有核销记录后,核销记录集中可能包括多条核销记录,每条核销记录格式,可以为序列化,即将一个表的内容按照“一个表的内容按照,核用转化成一串字符串的方式。如表2所示,包括以下字段:In a possible implementation, the write-off record set can be another json string nested in the json of the expendable certificate, which is empty when the certificate is created. After the certificate has a verification record, the verification record set may include multiple verification records. The format of each verification record can be serialized, that is, the content of a table is converted into a series according to the content of a table. String format. As shown in Table 2, it includes the following fields:
KeyKey ValueValue
核销时间Write-off time 核销时间Write-off time
核销机构Write-off agency 核销机构链上地址Chain address of verification agency
剩余使用次数Remaining usage 本次所核销后的剩余使用次数The remaining number of uses after the verification
校验值Check value 核销随机值Write off random value
核销用户签名Verify user signature 用户生成的签名User-generated signature
核销机构签名Signature of verification agency 核销机构生成的签名Signature generated by verification agency
表2Table 2
需要说明的是,每次的核销记录需要有用户和核销机构的共同签名,这是为了保证双方都通过数字签名的方式来确认凭证的合法使用。核销用户签名可以是用户根据该条核销记录为原文生成的签名,核销机构签名可以是核销机构根据该条核销记录为原文生成的签名。具体的,可以核销用户签名可以是用户根据自己的私钥,以核销时间,核销机构,剩余次数,校验值为原文生成的签名。一种可能的实现方式,所述校验值用于所述核销方生成所述核销请求的核销记录并为所述用户验证所述核销方生成的所述核销记录。校验值可以为一个不指定长度的字符串,用于数字签名算法的输入参数之一。在用户或核销方进行验证核销记录对应的签名时,需要同时提供此校验值。这提供了数字签名的抗重放攻击能力,使得签名只有在指定的用户和核销方 之间交换校验值的情况下才可以被正确验证。It should be noted that each verification record needs to be signed by the user and the verification agency. This is to ensure that both parties use digital signatures to confirm the legal use of the certificate. The verification user signature may be a signature generated by the user based on the verification record as the original text, and the verification agency signature may be a signature generated by the verification agency using the verification record as the original text. Specifically, the user signature that can be verified may be a signature generated by the user based on his own private key, the verification time, the verification organization, the remaining times, and the verification value of the original text. In a possible implementation manner, the check value is used by the verification party to generate a verification record of the verification request and verify the verification record generated by the verification party for the user. The check value can be a string of unspecified length, which is used as one of the input parameters of the digital signature algorithm. When the user or the verification party verifies the signature corresponding to the verification record, the verification value needs to be provided at the same time. This provides the digital signature with the ability to resist replay attacks, so that the signature can be correctly verified only when the verification value is exchanged between the designated user and the verification party.
步骤二、用户向核销方发送所述凭证的核销请求。Step 2: The user sends a verification request of the voucher to the verification party.
在具体实施过程中,所述凭证的核销请求包括所述凭证及核销次数。In a specific implementation process, the verification request of the voucher includes the voucher and the number of verifications.
在具体实施过程中,可以包括:核销方根据所述凭证验证所述核销请求的核销次数是否小于或等于所述凭证的剩余可用次数;具体的,所述核销方根据所述核销次数与所述凭证中的最大可用次数及最后一次写入的核销记录,确认所述凭证的剩余可用次数,确定所述核销方从区块链获取所述凭证的发行方的公钥,验证所述凭证的属性签名是否合法。In the specific implementation process, it may include: the verification party verifies whether the number of verifications of the verification request is less than or equal to the remaining available times of the voucher according to the certificate; The number of cancellations and the maximum available number of times in the certificate and the last written verification record, confirm the remaining available times of the certificate, and determine that the verifier obtains the public key of the certificate issuer from the blockchain To verify whether the attribute signature of the certificate is legal.
如图2所示,本发明实施例提供一种应用于区块链的可消耗凭证的验证方法,包括:As shown in FIG. 2, an embodiment of the present invention provides a method for verifying a consumable certificate applied to a blockchain, including:
步骤201:核销方获取用户提供的用以核销的凭证;所述凭证中记录有已生效的各次核销记录;Step 201: The verifier obtains the certificate provided by the user for verification; the certificate records each valid verification record;
步骤202:核销方从区块链上获取所述凭证的核销登记,所述核销登记中记录有第一哈希Hash值;所述第一Hash值是所述凭证在上一次核销后根据所有已生效的核销记录生成的;Step 202: The verification party obtains the verification registration of the certificate from the blockchain, and the verification registration records the first hash value; the first hash value is the last verification of the certificate Later generated based on all valid verification records;
为了防止用户篡改凭证的核销记录或直接删掉其内容,在链上,需要存储每个凭证的核销记录。一种可能的实现方式,可以针对每个凭证建立该凭证的核销登记。在具体实施过程中,可以通过序列化字段进行存储,如表3所示,凭证的核销登记包括第一Hash值。In order to prevent users from tampering with the verification record of the certificate or directly deleting its content, the verification record of each certificate needs to be stored on the chain. In a possible implementation, the verification and cancellation registration of the certificate can be established for each certificate. In the specific implementation process, it can be stored through a serialized field. As shown in Table 3, the verification and registration of the voucher includes the first Hash value.
KeyKey ValueValue
IDID UUID字符串,与凭证ID相同UUID string, same as credential ID
核销记录HashWrite-off record Hash 该凭证的核销记录序列化字符串的Hash值The Hash value of the serialized string of the verification record of the certificate
核销记录Hash签名Hash signature of verification record 该凭证最后一次核销方生成的签名The signature generated by the last verification party of the certificate
表3table 3
为加强验证效果,一种可能的实现方式,所述核销记录中还包括上一次核销的核销方对所述第一Hash值进行签名的核销签名。该核销签名可以为根据Hash值及最后一层核销方生成的核销记录的校验值为原文生成的签名。In order to enhance the verification effect, in a possible implementation manner, the verification record further includes a verification signature for the verification party that was previously verified to sign the first Hash value. The verification signature may be a signature generated based on the Hash value and the verification value of the verification record generated by the last-level verification party.
步骤203:核销方根据所述凭证中的已生效的各次核销记录生成第二Hash值;Step 203: The verification party generates a second Hash value according to the effective verification records in the certificate;
步骤204:核销方在确认所述第一Hash值和所述第二Hash值一致时,确定所述凭证可用于核销。Step 204: When confirming that the first Hash value is consistent with the second Hash value, the verification party determines that the certificate can be used for verification.
本发明实施例中,凭证在核销的时候才需要上链,且链上只存储凭证最新状态、核销记录的Hash值及签名,有效保证了凭证验证的效率和安全性。In the embodiment of the present invention, the certificate only needs to be chained when the certificate is verified, and only the latest state of the certificate, the hash value and the signature of the verification record are stored on the chain, which effectively guarantees the efficiency and safety of certificate verification.
核销方验证凭证的核销记录是否被篡改过,一种可能的实现方式,包括:The verification party verifies whether the verification record of the certificate has been tampered with. One possible implementation method includes:
核销方从所述凭证中获取上一次核销的核销记录;The verification party obtains the verification record of the last verification from the certificate;
核销方根据所述上一次核销的核销记录中的核销机构信息对所述核销签名进行验证;The verification party verifies the verification signature according to the verification institution information in the verification record of the previous verification;
核销方在确认所述第一Hash值和所述第二Hash值一致且所述核销签名验证通过时,确定所述凭证可用于核销。When the verification party confirms that the first Hash value is consistent with the second Hash value and the verification of the verification signature is passed, the verification party determines that the certificate can be used for verification.
在具体实施过程中,核销方会在链上核销登记中的Hash和凭证的核销记录序列化之后生成的Hash值进行对比。如果核销记录不为空且第一Hash值和所述第二Hash值一致,则进一步,从链上获取最后一次核销方的公钥,以第一Hash值为原文,验证核销签名是否合法。如果这两者任一不合法,返回失败。In the specific implementation process, the verification party will compare the Hash in the verification registration on the chain with the hash value generated after the verification record of the certificate is serialized. If the verification record is not empty and the first Hash value is consistent with the second Hash value, then further, obtain the public key of the last verification party from the chain, and use the first Hash value as the original text to verify whether the verification signature is legitimate. If either of the two is illegal, return failure.
进一步的,核销方可以验证凭证的内容,及签名的合法性。一种可能的实现方式,可以根据凭证发行方的地址,从链上获取发行方的公钥,然后以凭证所有属性,序列化后的字符串为原文,验证签名是否合法。如果不合法,返回失败。Further, the verification party can verify the content of the certificate and the legality of the signature. A possible implementation is to obtain the issuer's public key from the chain according to the address of the certificate issuer, and then use all the attributes of the certificate and the serialized string as the original text to verify whether the signature is legal. If it is not legal, return failure.
进一步的,为进一步验证凭证的合法性,核销方根据所提供凭证中的核销记录集合是否为空进入:Further, in order to further verify the legality of the certificate, the verification party enters according to whether the verification record set in the provided certificate is empty:
如果核销记录集合不为空,则对凭证中的每条核销记录,从区块链上获取核销机构公钥及用户公钥,然后依次验证核销机构签名、核销用户签名是否合法。如果有任何一条核销记录中的任何签名不合法,返回失败。否则进入下一步。If the set of verification records is not empty, for each verification record in the certificate, obtain the verification agency public key and the user public key from the blockchain, and then verify whether the verification agency signature and verification user signature are legal . If any signature in any one of the verification records is illegal, return failure. Otherwise, go to the next step.
如果核销记录集合为空,则确定该凭证还未曾被核销,且区块链上也没有该凭证的核销登记。此时,在链上的核销登记中为此凭证新增一条核销登记的记录并填入凭证的ID或是为该凭证生成的核销登记的ID。If the set of verification records is empty, it is determined that the certificate has not been verified, and there is no verification registration of the certificate on the blockchain. At this time, add a record of the verification and registration of the certificate in the verification and verification on the chain and fill in the ID of the certificate or the ID of the verification and registration generated for the certificate.
为避免一张凭证在多个商户处同时消费成功的行为,即双花。本发明实施例中,可以采用智能合约,对核销进行事务性加锁,保证不论是凭证的持有方还是核销方都不存在进行双花攻击的可能。In order to avoid the successful consumption of a voucher at multiple merchants at the same time, that is, double spending. In the embodiment of the present invention, a smart contract can be used to perform transactional locks on verification to ensure that neither the holder of the certificate nor the verification party is likely to conduct a double-spending attack.
为避免双花,一种可能的实现方式,所述核销方确定所述凭证可用于核销之后,还包括:In order to avoid double spending, a possible implementation method, after the verification party determines that the certificate can be used for verification, further includes:
所述核销方向所述用户返回针对所述凭证的锁定请求;所述锁定请求用于所述用户生成锁定签名并将所述锁定签名上传至所述区块链;所述锁定签名用于指示所述区块链将所述核销登记中的锁定状态设置为锁定态并在所述核销登记中记录所述锁定签名;The verification returns a lock request for the certificate to the user; the lock request is used by the user to generate a lock signature and upload the lock signature to the blockchain; the lock signature is used to indicate The blockchain sets the lock state in the verification registration to a locked state and records the lock signature in the verification registration;
为避免双花,提高验证的安全性,可以在发送锁定请求的同时,向所述用户发送所述凭证的核销请求的校验值;所述校验值可以用于用户根据所述校验值生成锁定签名,以唯一标识本次核销,以便核销方获取到用户发送的锁定成功响应后,触发核销流程。In order to avoid double spending and improve the security of verification, the verification value of the verification request of the credential may be sent to the user while sending the lock request; the verification value may be used by the user according to the verification The value generates a lock signature to uniquely identify this verification, so that the verification party can trigger the verification process after obtaining the lock success response sent by the user.
所述核销方接收所述用户发送的锁定成功响应;所述锁定成功响应用于触发所述核销方进行核销。The verification party receives a lock success response sent by the user; the lock success response is used to trigger the verification party to perform verification.
具体的,用户以核销登记中的Hash及校验值作为原文,用自己的私钥生成锁定签名。用户修改核销登记中该凭证的对应表项,将锁定状态设为Y,并附上锁定签名。Specifically, the user uses the Hash and check value in the verification and registration as the original text, and generates the lock signature with his own private key. The user modifies the corresponding entry of the certificate in the verification registration, sets the lock status to Y, and attaches the lock signature.
结合上述实施例,凭证的核销登记中可以存储有锁定状态及锁定签名。在具体实施过程中,可以通过序列化字段进行存储,如表4所示:In combination with the above-mentioned embodiment, the lock status and the lock signature can be stored in the verification registration of the certificate. In the specific implementation process, serialized fields can be used for storage, as shown in Table 4:
KeyKey ValueValue
IDID UUID字符串UUID string
核销记录HashWrite-off record Hash 该凭证的核销记录序列化字符串的Hash值The Hash value of the serialized string of the verification record of the certificate
核销记录Hash签名Hash signature of verification record 该凭证最后一次核销方生成的签名The signature generated by the last verification party of the certificate
锁定状态Locked state Y/NY/N
锁定签名Lock signature 用户生成的签名User-generated signature
表4Table 4
在具体实施过程中,核销方在区块链中,检查该凭证登记中,是否正在处于锁定状态。如果当前此凭证已经被锁定了,则同样返回失败。In the specific implementation process, the verification party is in the blockchain to check whether the certificate is being registered in a locked state. If the credential is currently locked, it will also return a failure.
一种可能的实现方式,可以包括:A possible implementation can include:
步骤一、所述核销方验证所述锁定签名合法后,生成所述核销请求对应的核销方记录;Step 1: After the verification party verifies that the lock signature is legal, a record of the verification party corresponding to the verification request is generated;
在具体实施过程中,用户通知核销方锁定流程已经完成,可以开始核销;核销方从凭证状态表中找到对应的凭证ID的属性项,及所述核销请求对应生成的校验值,从链上获取用户的公钥,检查凭证是否已经被正确的锁定,且签名是否合法。如果未锁定或签名不合法,返回失败。In the specific implementation process, the user informs the verification party that the lock process has been completed and the verification can be started; the verification party finds the attribute item of the corresponding voucher ID from the voucher status table and the verification value generated corresponding to the verification request , Obtain the user's public key from the chain, check whether the certificate has been correctly locked, and whether the signature is legal. If it is not locked or the signature is invalid, it returns a failure.
核销方根据凭证的核销记录集,生成核销方记录,核销方记录中包括剩余次数、核销机构地址、核销时间、校验值等。The verifier generates a record of the verifier based on the verification record set of the certificate. The record of the verifier includes the remaining number of times, the address of the verification institution, the verification time, and the verification value.
进一步的,核销方还可以在核销方记录中写入核销机构签名,具体的,可以以核销时间、核销机构地址、剩余次数、校验值一起作为原文,用自身的私钥生成签名,填入核销方记录的“核销机构签名”项中。Further, the verifier can also write the signature of the verification agency in the verifier record. Specifically, the verification time, the address of the verification agency, the remaining number of times, and the verification value can be used as the original text together with its own private key. Generate a signature and fill it in the "Signature of Verification Agency" item recorded by the verification party.
步骤二、核销方将所述核销方记录发送至所述用户;Step 2: The verification party sends the record of the verification party to the user;
具体的,核销方将核销记录发给用户,要求用户确认实施核销方记录,并签名。Specifically, the verification party sends the verification record to the user, asking the user to confirm the implementation of the verification party record and sign.
步骤三、核销方获取所述用户返回的用户方记录;Step 3: The verification party obtains the user record returned by the user;
具体的,用户从链上获取核销机构公钥,验证核销机构签名是否合法。如果不合法,或核销内容存在错误,则要求核销机构重新生成核销方记录。否则,用户认可核销机构签名,并用自身的私钥生成签名,填入核销记录的“核销用户签名”项中。签名的原文可以为与核销机构签名相同的原文,也可以为不同的原文,在此不做限定。Specifically, the user obtains the public key of the verification agency from the chain to verify whether the verification agency signature is legal. If it is illegal or if there is an error in the verification content, the verification agency is required to regenerate the verification party record. Otherwise, the user approves the signature of the verification agency and generates a signature with its own private key, and fills it in the "Verification of User Signature" item in the verification record. The original text of the signature can be the same original text as the signature of the verification agency, or a different original text, which is not limited here.
步骤四、核销方根据所述核销方记录和所述用户方记录确定所述核销请求对应的核销记录;Step 4: The verification party determines the verification record corresponding to the verification request according to the verification party record and the user side record;
核销方从链上获取用户的公钥,验证核销用户签名是否合法,如果不合法返回失败。否则,则表明一条完整的核销记录已经生成。The verification party obtains the user's public key from the chain, verifies whether the verification user's signature is legal, and fails if it is not. Otherwise, it means that a complete write-off record has been generated.
具体的,核销方更新凭证的核销记录集,新增一条核销记录,填入核销方记录和用户方记录。可以包括:核销时间、核销机构地址、剩余次数、校验值、核销机构签名、核销用户签名。当然,更新核销记录集也可以为步骤二时即更新,核销方无需单独发生核销方记录,仅需核将更新后的凭证发送至用户。Specifically, the verification party updates the verification record set of the certificate, adds a verification record, and fills in the verification party record and the user record. Can include: verification time, verification agency address, remaining times, verification value, verification agency signature, verification user signature. Of course, the update of the set of write-off records can also be updated at the second step, and the reviewer does not need to separately generate the record of the write-off party, and only needs to verify and send the updated certificate to the user.
步骤五、核销方根据所述凭证中的已生效的各次核销记录和所述核销请求对应的核销记录,生成第三Hash值;Step 5. The verification party generates a third Hash value according to the verification records of each verification in the certificate and the verification records corresponding to the verification request;
步骤六、核销方更新所述区块链中所述凭证的核销登记中的第一Hash值为所述第三Hash值。Step 6. The verification party updates the first Hash value in the verification registration of the certificate in the blockchain to the third Hash value.
在具体实施过程中,核销方对所有核销记录进行序列化生成Hash,然后将Hash写入到链上的核销登记中与此凭证ID对应表项的“应表项的值”中,同时,以Hash值为原文,用自己的私钥生成签名,写入到核销登记对应表项的“入到核销签名项”中。In the specific implementation process, the verification party serializes all verification records to generate a Hash, and then writes the Hash into the “value of the entry” of the entry corresponding to the certificate ID in the verification registration on the chain. At the same time, use the Hash value as the original text, use your own private key to generate a signature, and write it into the "Into the verification signature item" of the verification registration corresponding entry.
一种可能的实现方式,所述方法还包括:A possible implementation manner, the method further includes:
核销方将所述凭证的写入状态修改为解锁,并将所述锁定签名写入区块链;核销方向所述用户返回核销成功的响应。The verification party modifies the writing status of the certificate to unlock, and writes the lock signature into the blockchain; the verification party returns a successful verification response to the user.
此时,核销方可以修改核销登记中锁定状态为N,并删除锁定签名。这一步也可以由用户修改锁定状态,在此不做限定。核销方向所述用户返回核销成功的响应还可以包括向用户提供凭证对应的业务服务。At this time, the verification party can modify the locked status in the verification registration to N and delete the locked signature. The lock state can also be modified by the user in this step, which is not limited here. The verification response to the user that the verification is successful may also include providing the user with a business service corresponding to the credential.
一种可能的实现方式,所述核销方将区块链上的所述第一Hash值,更新为所述第三Hash值之前,还包括:In a possible implementation manner, before the verification party updates the first Hash value on the blockchain to the third Hash value, the method further includes:
所述核销方查询所述区块链上所述凭证的写入状态;The verification party queries the writing status of the certificate on the blockchain;
若确定所述写入状态为解锁,则向所述用户返回重新锁定的指令,并将 所述凭证中的所述第二核销记录删除后,返回至所述用户。If it is determined that the writing status is unlocked, return a relocking instruction to the user, delete the second verification record in the voucher, and return to the user.
如果此时核销方发现锁定状态已经不是Y了,则说明用户可能在尝试对此凭证进行双花操作。核销方可以立即终止核销流程,重新要求用户进入凭证锁定流程。If the verification party finds that the lock status is no longer Y, it means that the user may be trying to double-spend the credential. The verification party can immediately terminate the verification process and request the user to enter the credential lock process again.
需要说明的是,核销方也可以使用带权限的区块链,保证这一解锁状态只有核销方才能修改,进一步避免双花的可能,提高核销的安全性。It should be noted that the verification party can also use the blockchain with permissions to ensure that the unlocked state can only be modified by the verification party, further avoiding the possibility of double spending and improving the security of verification.
本发明实施例中,所有凭证在核销的时候才需要上链,且链上只存储凭证最新状态、核销记录的Hash及签名;即使一个凭证有多次使用次数,也只需要一个链上记录;整个核销过程只需最多四次区块链写操作。另外,核销流程能够有效地防止用户或者核销方任意一方的双花攻击,有效保证了凭证验证的效率和安全性。In the embodiment of the present invention, all certificates need to be chained when they are verified, and only the latest state of the certificate, the Hash and signature of the verification record are stored on the chain; even if a certificate is used multiple times, only one chain is required Record; the entire verification process only requires a maximum of four blockchain write operations. In addition, the verification process can effectively prevent double-spending attacks by either the user or the verification party, effectively ensuring the efficiency and security of credential verification.
基于相同的发明构思,如图3所示,本发明实施例提供一种应用于区块链的可消耗凭证的验证装置,包括:Based on the same inventive concept, as shown in FIG. 3, an embodiment of the present invention provides a verification device for a consumable certificate applied to a blockchain, including:
收发单元301,用于获取用户提供的用以核销的凭证;所述凭证中记录有已生效的各次核销记录;从区块链上获取所述凭证的核销登记,所述核销登记中记录有第一哈希Hash值;所述第一Hash值是所述凭证在上一次核销后根据所有已生效的核销记录生成的;The transceiving unit 301 is used to obtain a certificate provided by the user for verification; the certificate records each valid verification record; obtains the verification registration of the certificate from the blockchain, and the verification A first hash value is recorded in the registration; the first hash value is generated based on all valid verification records after the last verification of the voucher;
处理单元302,用于根据所述凭证中的已生效的各次核销记录生成第二Hash值;在确认所述第一Hash值和所述第二Hash值一致时,确定所述凭证可用于核销。The processing unit 302 is configured to generate a second Hash value according to each valid verification record in the voucher; when it is confirmed that the first Hash value is consistent with the second Hash value, it is determined that the voucher can be used Write off.
一种可能的实现方式,所述核销记录中还包括上一次核销的核销方对所述第一Hash值进行签名的核销签名;所述处理单元302,用于:从所述凭证中获取上一次核销的核销记录;根据所述上一次核销的核销记录中的核销机构信息对所述核销签名进行验证;在确认所述第一Hash值和所述第二Hash值一致且所述核销签名验证通过时,确定所述凭证可用于核销。In a possible implementation manner, the verification record further includes a verification signature for the verification party that was previously verified to sign the first Hash value; the processing unit 302 is configured to: Obtain the verification record of the last verification; verify the verification signature according to the verification institution information in the verification record of the previous verification; confirm the first Hash value and the second When the Hash value is consistent and the verification of the verification signature is passed, it is determined that the certificate can be used for verification.
一种可能的实现方式,所述收发单元301,还用于:向所述用户返回针对所述凭证的锁定请求;所述锁定请求用于所述用户生成锁定签名并将所述锁 定签名上传至所述区块链;所述锁定签名用于指示所述区块链将所述核销登记中的锁定状态设置为锁定态并在所述核销登记中记录所述锁定签名;接收所述用户发送的锁定成功响应;所述锁定成功响应用于触发所述核销方进行核销。In a possible implementation manner, the transceiver unit 301 is further configured to: return a lock request for the credential to the user; the lock request is used for the user to generate a lock signature and upload the lock signature to The blockchain; the lock signature is used to instruct the blockchain to set the lock state in the verification registration to the locked state and record the lock signature in the verification registration; receive the user The sent lock success response; the lock success response is used to trigger the verification party to perform verification.
一种可能的实现方式,所述收发单元,还用于:将所述核销方记录发送至所述用户;获取所述用户返回的用户方记录;In a possible implementation manner, the transceiver unit is further configured to: send the verification party record to the user; obtain the user-side record returned by the user;
所述处理单元,还用于:验证所述锁定签名合法后,生成所述核销请求对应的核销方记录;根据所述核销方记录和所述用户方记录确定所述核销请求对应的核销记录;根据所述凭证中的已生效的各次核销记录和所述核销请求对应的核销记录,生成第三Hash值;更新所述区块链中所述凭证的核销登记中的第一Hash值为所述第三Hash值。The processing unit is further configured to: after verifying that the lock signature is legal, generate a verification party record corresponding to the verification request; and determine the verification request corresponding to the verification request based on the verification party record and the user record The verification record; the verification record corresponding to the verification request and each valid verification record in the voucher generates a third Hash value; the verification of the voucher in the blockchain is updated The first Hash value in the registration is the third Hash value.
一种可能的实现方式,所述处理单元,还用于:将所述凭证的写入状态修改为解锁,并将所述锁定签名写入区块链;向所述用户返回核销成功的响应。In a possible implementation manner, the processing unit is further configured to: modify the writing status of the certificate to unlock, and write the lock signature to the blockchain; and return a successful verification response to the user .
一种可能的实现方式,所述处理单元,用于:查询所述区块链上所述凭证的写入状态;若确定所述写入状态为解锁,则向所述用户返回重新锁定的指令,并将所述凭证中的所述第二核销记录删除后,返回至所述用户。In a possible implementation manner, the processing unit is configured to: query the writing status of the voucher on the blockchain; if it is determined that the writing status is unlocked, return an instruction to relock to the user , And after deleting the second verification record in the voucher, return to the user.
一种可能的实现方式,所述收发单元,用于:获取所述用户发送所述凭证的核销请求;所述凭证的核销请求包括所述凭证的属性签名及核销次数;In a possible implementation manner, the transceiver unit is configured to: obtain a verification request for the voucher sent by the user; the verification request for the voucher includes the attribute signature of the voucher and the number of verifications;
所述处理单元,用于:验证所述核销请求的核销次数是否小于或等于所述凭证的可用次数;所述核销方从区块链获取所述凭证的发行方的公钥,验证所述凭证的属性签名是否合法后,返回所述凭证的核销请求的验证结果。The processing unit is configured to verify whether the number of times of verification of the verification request is less than or equal to the available times of the certificate; the verification party obtains the public key of the certificate issuer from the blockchain, and verifies After the attribute signature of the certificate is legal, the verification result of the verification request of the certificate is returned.
一种可能的实现方式,所述处理单元,用于:若确定所述验证结果为通过,则向所述用户发送所述凭证的核销请求的校验值;所述校验值用于所述核销方生成所述核销请求的核销记录并为所述用户验证所述核销方生成的所述核销记录。In a possible implementation manner, the processing unit is configured to: if it is determined that the verification result is passed, send a check value of the verification request of the voucher to the user; the check value is used for all The verification party generates a verification record of the verification request and verifies the verification record generated by the verification party for the user.
请参见图4,基于同一技术构思,本发明实施例还提供了一种计算机设备, 用于执行用户或核销方在本发明任一实施例中的方法,可以包括存储器1001和处理器1002。Referring to FIG. 4, based on the same technical concept, an embodiment of the present invention also provides a computer device for executing a method of a user or a verification party in any embodiment of the present invention, and may include a memory 1001 and a processor 1002.
所述存储器1001,用于存储处理器1002执行的计算机程序。存储器1001可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序等;存储数据区可存储根据计算机设备的使用所创建的数据等。处理器1002,可以是一个中央处理单元(central processing unit,CPU),或者为数字处理单元等等。本发明实施例中不限定上述存储器1001和处理器1002之间的具体连接介质。本发明实施例在图4中以存储器1001和处理器1002之间通过总线1003连接,总线1003在图4中以粗线表示,其它部件之间的连接方式,仅是进行示意性说明,并不引以为限。所述总线1003可以分为地址总线、数据总线、控制总线等。为便于表示,图4中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The memory 1001 is used to store a computer program executed by the processor 1002. The memory 1001 may mainly include a program storage area and a data storage area. The program storage area may store an operating system, an application program required for at least one function, and the like; the data storage area may store data created according to the use of a computer device. The processor 1002 may be a central processing unit (central processing unit, CPU), or a digital processing unit or the like. The embodiment of the present invention does not limit the specific connection medium between the foregoing memory 1001 and the processor 1002. In the embodiment of the present invention, in FIG. 4, the memory 1001 and the processor 1002 are connected through a bus 1003, and the bus 1003 is represented by a thick line in FIG. 4. The connection mode between other components is only for schematic illustration, not Limited. The bus 1003 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used to represent in FIG. 4, but it does not mean that there is only one bus or one type of bus.
存储器1001可以是易失性存储器(volatile memory),例如随机存取存储器(random-access memory,RAM);存储器1001也可以是非易失性存储器(non-volatile memory),例如只读存储器,快闪存储器(flash memory),硬盘(hard disk drive,HDD)或固态硬盘(solid-state drive,SSD)、或者存储器1001是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。存储器1001可以是上述存储器的组合。The memory 1001 may be a volatile memory (volatile memory), such as a random-access memory (random-access memory, RAM); the memory 1001 may also be a non-volatile memory (non-volatile memory), such as a read-only memory, flash memory Flash memory, hard disk drive (HDD) or solid-state drive (SSD), or memory 1001 can be used to carry or store desired program codes in the form of instructions or data structures and can be used by Any other medium accessed by the computer, but not limited to this. The memory 1001 may be a combination of the above-mentioned memories.
处理器1002,用于调用所述存储器1001中存储的计算机程序时执行本发明实施例提供的基于区块链的可消耗凭证方法。The processor 1002 is configured to execute the block chain-based consumable voucher method provided by the embodiment of the present invention when calling the computer program stored in the memory 1001.
本发明实施例还提供了一种计算机存储介质,存储为执行上述处理器所需执行的计算机可执行指令,其包含用于执行上述处理器所需执行的程序。An embodiment of the present invention also provides a computer storage medium that stores computer executable instructions required to execute the foregoing processor, and contains a program used to execute the foregoing processor.
在一些可能的实施方式中,本发提供的基于区块链的可消耗凭证方法的各个方面还可以实现为一种程序产品的形式,其包括程序代码,当所述程序产品在计算机设备上运行时,所述程序代码用于使所述计算机设备执行本说明书上述描述的根据本发明各种示例性实施提供的基于区块链的可消耗凭证 方法中的步骤,例如,所述计算机设备可以执行本发明实施例提供的基于区块链的可消耗凭证的验证方法。In some possible implementations, all aspects of the blockchain-based consumable credential method provided by the present invention can also be implemented in the form of a program product, which includes program code, when the program product runs on a computer device At the time, the program code is used to make the computer device execute the steps in the block chain-based consumable voucher method provided according to various exemplary implementations of the present invention described above in this specification. For example, the computer device can execute The embodiment of the present invention provides a method for verifying a consumable certificate based on a blockchain.
所述程序产品可以采用一个或多个可读介质的任意组合。可读介质可以是可读信号介质或者可读存储介质。可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。可读存储介质的更具体的例子(非穷举的列表)包括:具有一个或多个导线的电连接、便携式盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。The program product can use any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to, an electric, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any combination of the above. More specific examples (non-exhaustive list) of readable storage media include: electrical connections with one or more wires, portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Type programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
本发明的实施方式中提供的基于区块链的可消耗凭证方法的程序产品可以采用便携式紧凑盘只读存储器(CD-ROM)并包括程序代码,并可以在计算设备上运行。然而,本发明的程序产品不限于此,在本文件中,可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。The program product based on the block chain-based consumable credential method provided in the embodiment of the present invention can adopt a portable compact disk read-only memory (CD-ROM) and include program code, and can run on a computing device. However, the program product of the present invention is not limited thereto. In this document, the readable storage medium can be any tangible medium that contains or stores a program, and the program can be used by or in combination with an instruction execution system, device, or device.
可读信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了可读程序代码。这种传播的数据信号可以采用多种形式,包括——但不限于——电磁信号、光信号或上述的任意合适的组合。可读信号介质还可以是可读存储介质以外的任何可读介质,该可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。The readable signal medium may include a data signal propagated in baseband or as a part of a carrier wave, and readable program code is carried therein. This propagated data signal can take many forms, including, but not limited to, electromagnetic signals, optical signals, or any suitable combination of the foregoing. The readable signal medium may also be any readable medium other than a readable storage medium, and the readable medium may send, propagate, or transmit a program for use by or in combination with the instruction execution system, apparatus, or device.
可读介质上包含的程序代码可以用任何适当的介质传输,包括——但不限于——无线、有线、光缆、RF等等,或者上述的任意合适的组合。The program code contained on the readable medium can be transmitted by any suitable medium, including, but not limited to, wireless, wired, optical cable, RF, etc., or any suitable combination of the above.
可以以一种或多种程序设计语言的任意组合来编写用于执行本发明操作的程序代码,所述程序设计语言包括面向对象的程序设计语言—诸如Java、C++等,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算设备上执行、部分地在用户设备上执行、作为一个独立的软件包执行、部分在用户计算设备上部分在远程计算设 备上执行、或者完全在远程计算设备或服务器上执行。在涉及远程计算设备的情形中,远程计算设备可以通过任意种类的网络——包括局域网(LAN)或广域网(WAN)—连接到用户计算设备,或者,可以连接到外部计算设备(例如利用因特网服务提供商来通过因特网连接)。The program code used to perform the operations of the present invention can be written in any combination of one or more programming languages. The programming languages include object-oriented programming languages—such as Java, C++, etc., as well as conventional procedural styles. Programming language-such as "C" language or similar programming language. The program code can be executed entirely on the user's computing device, partly on the user's device, executed as an independent software package, partly on the user's computing device and partly executed on the remote computing device, or entirely on the remote computing device or server Executed on. In the case of remote computing devices, the remote computing device can be connected to the user's computing device through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computing device (for example, using Internet services) Provider to connect via the Internet).
应当注意,尽管在上文详细描述中提及了装置的若干单元或子单元,但是这种划分仅仅是示例性的并非强制性的。实际上,根据本发明的实施方式,上文描述的两个或更多单元的特征和功能可以在一个单元中具体化。反之,上文描述的一个单元的特征和功能可以进一步划分为由多个单元来具体化。It should be noted that although several units or subunits of the device are mentioned in the above detailed description, this division is merely exemplary and not mandatory. In fact, according to the embodiments of the present invention, the features and functions of two or more units described above may be embodied in one unit. Conversely, the features and functions of a unit described above can be further divided into multiple units to be embodied.
此外,尽管在附图中以特定顺序描述了本发明方法的操作,但是,这并非要求或者暗示必须按照该特定顺序来执行这些操作,或是必须执行全部所示的操作才能实现期望的结果。附加地或备选地,可以省略某些步骤,将多个步骤合并为一个步骤执行,和/或将一个步骤分解为多个步骤执行。In addition, although the operations of the method of the present invention are described in a specific order in the drawings, this does not require or imply that these operations must be performed in the specific order, or that all the operations shown must be performed to achieve the desired result. Additionally or alternatively, some steps may be omitted, multiple steps may be combined into one step for execution, and/or one step may be decomposed into multiple steps for execution.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器 中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。Although the preferred embodiments of the present invention have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the present invention.
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. In this way, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention is also intended to include these modifications and variations.

Claims (12)

  1. 一种应用于区块链的可消耗凭证的验证方法,其特征在于,包括:A method for verifying consumable certificates applied to blockchain, which is characterized in that it includes:
    核销方获取用户提供的用以核销的凭证;所述凭证中记录有已生效的各次核销记录;The verifier obtains the certificate provided by the user for verification; the certificate records each valid verification record;
    所述核销方从区块链上获取所述凭证的核销登记,所述核销登记中记录有第一哈希Hash值;所述第一Hash值是所述凭证在上一次核销后根据所有已生效的核销记录生成的;The verification party obtains the verification registration of the certificate from the blockchain, and the verification registration records the first hash value; the first hash value is the last time the certificate was verified Generated based on all valid verification records;
    所述核销方根据所述凭证中的已生效的各次核销记录生成第二Hash值;The verification party generates a second Hash value according to the effective verification records in the certificate;
    所述核销方在确认所述第一Hash值和所述第二Hash值一致时,确定所述凭证可用于核销。When the verification party confirms that the first Hash value is consistent with the second Hash value, it determines that the certificate can be used for verification.
  2. 如权利要求1所述的方法,其特征在于,所述核销记录中还包括上一次核销的核销方对所述第一Hash值进行签名的核销签名;The method according to claim 1, wherein the verification record further includes a verification signature of the first Hash value signed by the verification party last verification;
    所述核销方在确认所述第一Hash值和所述第二Hash值一致时,确定所述凭证可用于核销,包括:When the verification party confirms that the first Hash value is consistent with the second Hash value, determining that the voucher can be used for verification includes:
    所述核销方从所述凭证中获取上一次核销的核销记录;The verification party obtains the verification record of the last verification from the certificate;
    所述核销方根据所述上一次核销的核销记录中的核销机构信息对所述核销签名进行验证;The verification party verifies the verification signature according to the verification institution information in the verification record of the previous verification;
    所述核销方在确认所述第一Hash值和所述第二Hash值一致且所述核销签名验证通过时,确定所述凭证可用于核销。When the verification party confirms that the first Hash value is consistent with the second Hash value and the verification of the verification signature is passed, the verification party determines that the certificate can be used for verification.
  3. 如权利要求1所述的方法,其特征在于,所述核销方确定所述凭证可用于核销之后,还包括:The method according to claim 1, wherein after the verification party determines that the certificate can be used for verification, the method further comprises:
    所述核销方向所述用户返回针对所述凭证的锁定请求;所述锁定请求用于所述用户生成锁定签名并将所述锁定签名上传至所述区块链;所述锁定签名用于指示所述区块链将所述核销登记中的锁定状态设置为锁定态并在所述核销登记中记录所述锁定签名;The verification returns a lock request for the certificate to the user; the lock request is used by the user to generate a lock signature and upload the lock signature to the blockchain; the lock signature is used to indicate The blockchain sets the lock state in the verification registration to a locked state and records the lock signature in the verification registration;
    所述核销方接收所述用户发送的锁定成功响应;所述锁定成功响应用于 触发所述核销方进行核销。The verification party receives a lock success response sent by the user; the lock success response is used to trigger the verification party to perform verification.
  4. 如权利要求1所述的方法,其特征在于,所述核销方接收所述用户发送的锁定成功响应后,还包括:The method according to claim 1, wherein after the verification party receives the lock success response sent by the user, the method further comprises:
    所述核销方验证所述锁定签名合法后,生成所述核销请求对应的核销方记录;After the verification party verifies that the lock signature is legal, generate a verification party record corresponding to the verification request;
    所述核销方将所述核销方记录发送至所述用户;The verification party sends the verification party record to the user;
    所述核销方获取所述用户返回的用户方记录;The verification party obtains the user-side record returned by the user;
    所述核销方根据所述核销方记录和所述用户方记录确定所述核销请求对应的核销记录;The verification party determines the verification record corresponding to the verification request according to the verification party record and the user record;
    所述核销方根据所述凭证中的已生效的各次核销记录和所述核销请求对应的核销记录,生成第三Hash值;The verification party generates a third Hash value according to each verification record in the voucher and the verification record corresponding to the verification request;
    所述核销方更新所述区块链中所述凭证的核销登记中的第一Hash值为所述第三Hash值。The verification party updates the first Hash value in the verification registration of the certificate in the blockchain to the third Hash value.
  5. 如权利要求4所述的方法,其特征在于,所述方法还包括:The method according to claim 4, wherein the method further comprises:
    所述核销方将所述凭证的写入状态修改为解锁,并将所述锁定签名写入区块链;The verification party changes the writing status of the certificate to unlocked, and writes the locked signature to the blockchain;
    所述核销方向所述用户返回核销成功的响应。The verification returns a successful response to the user.
  6. 如权利要求4所述的方法,其特征在于,所述核销方将区块链上的所述第一Hash值,更新为所述第三Hash值之前,还包括:The method according to claim 4, wherein before the verification party updates the first Hash value on the blockchain to the third Hash value, the method further comprises:
    所述核销方查询所述区块链上所述凭证的写入状态;The verification party queries the writing status of the certificate on the blockchain;
    若确定所述写入状态为解锁,则向所述用户返回重新锁定的指令,并将所述凭证中的所述第二核销记录删除后,返回至所述用户。If it is determined that the writing status is unlocked, return a relocking instruction to the user, delete the second verification record in the voucher, and return to the user.
  7. 如权利要求1所述的方法,其特征在于,所述核销方从区块链上获取所述凭证的核销登记之前,还包括:The method according to claim 1, wherein before the verification party obtains the verification registration of the certificate from the blockchain, the method further comprises:
    所述核销方获取所述用户发送所述凭证的核销请求;所述凭证的核销请求包括所述凭证的属性签名及核销次数;The verification party obtains the verification request of the certificate sent by the user; the verification request of the certificate includes the attribute signature of the certificate and the number of verifications;
    所述核销方根据所述凭证,确定所述凭证的剩余可用次数;The verification party determines the remaining available times of the voucher according to the voucher;
    所述核销方验证所述核销请求的核销次数是否小于或等于所述凭证的剩余可用次数;The verification party verifies whether the number of verification times of the verification request is less than or equal to the remaining available times of the certificate;
    所述核销方从区块链获取所述凭证的发行方的公钥,验证所述凭证的属性签名是否合法。The verification party obtains the public key of the issuer of the certificate from the blockchain, and verifies whether the attribute signature of the certificate is legal.
  8. 如权利要求7所述的方法,其特征在于,所述方法还包括:8. The method of claim 7, wherein the method further comprises:
    所述核销方向所述用户发送所述凭证的核销请求的校验值;所述校验值用于所述核销方生成所述核销请求的核销记录并为所述用户验证所述核销方生成的所述核销记录。The verification value sends the verification value of the verification request of the certificate to the user; the verification value is used by the verification party to generate a verification record of the verification request and verify the verification value for the user The verification record generated by the verification party.
  9. 一种应用于区块链的可消耗凭证的验证装置,其特征在于,包括:A device for verifying consumable certificates applied to blockchain, which is characterized in that it comprises:
    收发单元,用于获取用户提供的用以核销的凭证;所述凭证中记录有已生效的各次核销记录;从区块链上获取所述凭证的核销登记,所述核销登记中记录有第一哈希Hash值;所述第一Hash值是所述凭证在上一次核销后根据所有已生效的核销记录生成的;The transceiver unit is used to obtain the certificate provided by the user for verification; the certificate records each valid verification record; obtain the verification registration of the certificate from the blockchain, the verification registration A first hash value is recorded in, the first hash value is generated based on all valid verification records after the last verification of the voucher;
    处理单元,用于根据所述凭证中的已生效的各次核销记录生成第二Hash值;在确认所述第一Hash值和所述第二Hash值一致时,确定所述凭证可用于核销。The processing unit is configured to generate a second Hash value according to each valid verification record in the voucher; when it is confirmed that the first Hash value is consistent with the second Hash value, it is determined that the voucher can be used for verification pin.
  10. 一种计算机存储介质,其特征在于,所述计算机可读存储介质包括计算机程序,当计算机程序在计算机上运行时,使得所述计算机执行如权利要求1至8任一所述的方法。A computer storage medium, wherein the computer readable storage medium includes a computer program, and when the computer program runs on a computer, the computer is caused to execute the method according to any one of claims 1 to 8.
  11. 一种包含指令的计算机程序产品,其特征在于,当所述指令在计算机上运行时,使得所述计算机执行如权利要求1至8任一所述的方法。A computer program product containing instructions, characterized in that, when the instructions are run on a computer, the computer is caused to execute the method according to any one of claims 1 to 8.
  12. 一种计算机设备,其特征在于,包括:A computer device, characterized in that it comprises:
    至少一个存储器,用于存储程序指令;At least one memory for storing program instructions;
    至少一个处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行权利要求1至8任一项所述的方法。At least one processor, configured to call program instructions stored in the memory, and execute the method according to any one of claims 1 to 8 according to the obtained program.
PCT/CN2020/082204 2019-05-22 2020-03-30 Verification method and device of consumable certificates applied to block chain WO2020233236A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910427763.7 2019-05-22
CN201910427763.7A CN110188572A (en) 2019-05-22 2019-05-22 A kind of verification method and device for consuming voucher applied to block chain

Publications (1)

Publication Number Publication Date
WO2020233236A1 true WO2020233236A1 (en) 2020-11-26

Family

ID=67717200

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/082204 WO2020233236A1 (en) 2019-05-22 2020-03-30 Verification method and device of consumable certificates applied to block chain

Country Status (2)

Country Link
CN (1) CN110188572A (en)
WO (1) WO2020233236A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826653A (en) * 2022-03-10 2022-07-29 蚂蚁区块链科技(上海)有限公司 Certificate verification method, system and device based on block chain network

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188572A (en) * 2019-05-22 2019-08-30 深圳前海微众银行股份有限公司 A kind of verification method and device for consuming voucher applied to block chain
CN111522829B (en) * 2020-04-14 2023-11-28 深圳市启迪网络科技有限公司 Method for realizing distributed lock on block chain
CN111985918A (en) * 2020-07-27 2020-11-24 王李琰 Block chain-based electronic certificate circulation management method and system and block chain platform

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170085562A1 (en) * 2015-09-18 2017-03-23 Case Wallet, Inc. Biometric data hashing, verification and security
US20180227293A1 (en) * 2015-08-03 2018-08-09 Coinplug Inc. Certificate issuing system based on block chain
CN109146583A (en) * 2018-07-24 2019-01-04 腾讯科技(深圳)有限公司 bill processing method and device, storage medium and electronic device
CN109559164A (en) * 2018-11-19 2019-04-02 泰康保险集团股份有限公司 Favor information processing method, device, electronic equipment and computer-readable medium
CN110188572A (en) * 2019-05-22 2019-08-30 深圳前海微众银行股份有限公司 A kind of verification method and device for consuming voucher applied to block chain

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI608434B (en) * 2016-12-20 2017-12-11 Chunghwa Telecom Co Ltd Decentralized electronic transaction record method and system with traceability verification mechanism
US11132704B2 (en) * 2017-07-06 2021-09-28 Mastercard International Incorporated Method and system for electronic vouchers via blockchain
CN109447601B (en) * 2018-10-11 2022-04-12 上海保险交易所股份有限公司 Method for performing witness transfer transactions in blockchain networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180227293A1 (en) * 2015-08-03 2018-08-09 Coinplug Inc. Certificate issuing system based on block chain
US20170085562A1 (en) * 2015-09-18 2017-03-23 Case Wallet, Inc. Biometric data hashing, verification and security
CN109146583A (en) * 2018-07-24 2019-01-04 腾讯科技(深圳)有限公司 bill processing method and device, storage medium and electronic device
CN109559164A (en) * 2018-11-19 2019-04-02 泰康保险集团股份有限公司 Favor information processing method, device, electronic equipment and computer-readable medium
CN110188572A (en) * 2019-05-22 2019-08-30 深圳前海微众银行股份有限公司 A kind of verification method and device for consuming voucher applied to block chain

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826653A (en) * 2022-03-10 2022-07-29 蚂蚁区块链科技(上海)有限公司 Certificate verification method, system and device based on block chain network

Also Published As

Publication number Publication date
CN110188572A (en) 2019-08-30

Similar Documents

Publication Publication Date Title
US10977632B2 (en) Electronic bill management method, apparatus, and storage medium
WO2021017441A1 (en) Blockchain-based data authorization method and apparatus
US20240144280A1 (en) Blockchain architecture with record security
Sunyaev et al. Distributed ledger technology
JP7241216B2 (en) Computer-implemented method and system for validating tokens for blockchain-based cryptocurrencies
US11790370B2 (en) Techniques for expediting processing of blockchain transactions
WO2020233236A1 (en) Verification method and device of consumable certificates applied to block chain
TWI729719B (en) Block chain-based data authorization method and device, electronic equipment and computer readable storage medium
TWI716034B (en) System and method for information protection
CN108833081B (en) Block chain-based equipment networking authentication method
JP6389350B2 (en) Transaction processing apparatus, transaction processing method, and program therefor
US11164165B1 (en) Multi-asset blockchain network platform
CN110537355A (en) Consensus based on secure blockchains
JP2019500799A (en) Client device, server device and access control system for authorized access
US20200082388A1 (en) Authenticating server and method for transactions on blockchain
WO2020037927A1 (en) Negotiable block chain transaction method, apparatus, device, and storage medium
US20220311611A1 (en) Reputation profile propagation on blockchain networks
US20220172198A1 (en) Real-time blockchain settlement network
KR20240011890A (en) Method and system for authenticating data ganerated in block chain
JP2023536163A (en) blockchain token
KR20220143873A (en) Event streams for a sequence of events associated with the blockchain
JP2023502057A (en) Identity verification protocol using blockchain transactions
US20230119035A1 (en) Platform services verification
Zhang et al. A blockchain based secure e-commerce transaction system
US20230093411A1 (en) Synchronising event streams

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20808689

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20808689

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 16.03.2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20808689

Country of ref document: EP

Kind code of ref document: A1