WO2021032196A1 - Blockchain-based multi-stage signing method, device, computer apparatus, and storage medium - Google Patents

Blockchain-based multi-stage signing method, device, computer apparatus, and storage medium Download PDF

Info

Publication number
WO2021032196A1
WO2021032196A1 PCT/CN2020/110566 CN2020110566W WO2021032196A1 WO 2021032196 A1 WO2021032196 A1 WO 2021032196A1 CN 2020110566 W CN2020110566 W CN 2020110566W WO 2021032196 A1 WO2021032196 A1 WO 2021032196A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
signature
certificate
blockchain
party
Prior art date
Application number
PCT/CN2020/110566
Other languages
French (fr)
Chinese (zh)
Inventor
李伟
邱炜伟
胡麦芳
乔沛杨
李启雷
尹可挺
Original Assignee
杭州趣链科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201910772495.2A external-priority patent/CN110532809A/en
Priority claimed from CN201910827936.4A external-priority patent/CN110706102B/en
Application filed by 杭州趣链科技有限公司 filed Critical 杭州趣链科技有限公司
Publication of WO2021032196A1 publication Critical patent/WO2021032196A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • This application relates to the field of blockchain technology, and specifically to blockchain-based multi-level signature methods, devices, equipment and media.
  • Blockchain technology is a new type of decentralized protocol that can safely store digital currency transactions or other data, and information cannot be forged and tampered with.
  • the transaction confirmation on the blockchain is completed by all nodes on the blockchain, and its consistency is guaranteed by the consensus algorithm. By maintaining the same ledger together by all nodes, it can be ensured that the information in the blockchain cannot be tampered with, and the integrity of the data can still be maintained even when a node is doing evil.
  • the traditional alliance blockchain mainly uses the public key infrastructure (Public Key Infrastructure, PKI) PKI system to control access.
  • the traditional PKI system generally uses certificates to control access and uses certificates to represent user identities.
  • Hyperleger Fabric uses a centralized The CA server is responsible for the authentication of the identity and the issuance and control of the certificate. The corresponding certificate is used to represent the identity of the client and to control the client connection. The use of certificates to identify individuals makes it impossible to trace the source of signatures.
  • the purpose of this application is to provide a method, device, equipment and medium for multi-level signature based on blockchain.
  • a blockchain-based multi-level signature method comprising: receiving a transaction sent by a transaction party, wherein the transaction carries identity verification information of the transaction party ,
  • the identity verification information includes a first signature; obtaining a transaction certificate corresponding to the transaction and sending the transaction certificate to a blockchain node, wherein the blockchain node agrees on the transaction certificate;
  • the transaction certificate signs the transaction to obtain a second signature, and sends the transaction with the second signature to the blockchain node, where the blockchain node is
  • the second signature and identity verification information are verified, and if the verification is successful, the transaction is stored in the blockchain.
  • a transaction certificate request is constructed, and the transaction certificate request includes a request body, a request body signature, and a client certificate, wherein the client certificate is the client when the verification of the first signature is successful
  • the request body signature is generated by signing the request body with the private key of the client certificate; verify the request body signature and the client certificate, and if the verification is successful, parse the request And generate the transaction certificate according to the temporary public key in the body, wherein the temporary public key is generated by the transaction party.
  • a blockchain-based multi-level signature method includes: receiving a transaction certificate sent by a service party node of an institution, and passing a consensus mechanism on all nodes of the blockchain Synchronize the transaction certificate, wherein the transaction certificate is generated after the institution server node obtains the transaction with the transaction party identity verification information; the receiving institution server node sends the multi-level signature The transaction, wherein the multi-level signature includes the identity verification information of the transaction party and the signature of the institution service party node on the transaction according to the transaction certificate; verifying the multi-level signature of the transaction , In the case of successful verification, store the transaction on the blockchain.
  • receiving the transaction certificate sent by the institution server node, and synchronizing the transaction certificate through the consensus mechanism on the entire network nodes of the blockchain includes: receiving the transaction certificate sent by the institution server node, The transaction certificate is stored on the configuration block chain, and the certificates are synchronized through the consensus mechanism on the entire network nodes of the block chain.
  • the performing signature verification on the multi-level signature of the transaction includes: obtaining the transaction certificate from the blockchain; The signature is verified. After the verification is passed, the identity verification information of the transaction party is verified. After the verification is passed, the transaction is stored on the blockchain, and the entire network updates the transaction synchronously. Otherwise, the transaction is rejected.
  • a blockchain-based multi-level signature method includes: an institutional service party receives a transaction sent by a transaction party, wherein the transaction carries the transaction party’s Identity verification information, the identity verification information includes a first signature; the agency service party obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, where the The transaction certificate carries out a consensus; the agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the identity verification information and the second signature to the district Block chain node; the block chain node receives the transaction with the multi-level signature sent by the agency server node, verifies the multi-level signature of the transaction, and in the case of successful verification, the The transaction is stored on the blockchain, where the multi-level signature includes the first signature and the second signature.
  • the consensus on the transaction certificate on the blockchain platform includes: storing the transaction certificate on the configuration blockchain, and adopting a consensus mechanism on the entire network nodes of the blockchain Synchronize the certificate.
  • the method before the institution service party receives the transaction sent by the transaction party, the method includes: the transaction party signs the transaction through the transaction party's private key to obtain a first signature, which will carry the The first signed transaction is sent to the agency service party.
  • obtaining the transaction certificate corresponding to the transaction by the institution service party includes: the client of the institution service party generates a temporary public key and a temporary private key pair, and sends the transaction to the blockchain node A certificate request, the transaction certificate request includes a request body, a request body signature, and a client certificate corresponding to the client; the blockchain node verifies the request body signature and the client certificate, and when the verification is successful In this case, the temporary public key in the request body is parsed, and the transaction certificate is generated according to the temporary public key, and the agency service party obtains the transaction certificate.
  • the method includes: the blockchain node verifies the first signature, verifies the private key type of the transaction party, and When the transaction party private key type is ECC, the client certificate and the client certificate private key are generated according to the transaction party public key, and the client certificate and the client certificate private key are sent to the Party to the transaction.
  • the transaction party private key type is ECC
  • the transaction party public key and the transaction party private key are generated by an elliptic curve digital signature algorithm, and the hash value of the transaction party public key is the account address of the transaction party.
  • a blockchain multi-level signature method based on configuration blocks.
  • the method includes: a transaction sender performs a first-level signature: before a transaction is sent to the blockchain network, The transaction sender digitally signs with its own private key, and forwards the transaction with the sender's digital signature to the node of the service provider; the service provider obtains the certificate and stores it in the configuration blockchain: the service provider receives the pen After the transaction, obtain the corresponding certificate and send the certificate information to the blockchain node.
  • the blockchain node stores the certificate on the configuration blockchain and synchronizes the certificate information through the consensus mechanism on the entire network node; used by the agency service party
  • the certificate performs the secondary signature, and the agency service party performs a secondary signature on the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node; the blockchain node performs the secondary verification and signs and transactions
  • the blockchain node After the blockchain node receives the transaction and certificate with the two-level signature, it will perform the signature verification of the agency service party; after the verification is passed, it will perform the signature verification of the transaction sender and the first-level signature of the transaction sender After the verification is passed, the transaction is stored on the blockchain, and the entire network updates the transaction synchronously, otherwise the transaction is refused to be uploaded to the chain.
  • the corresponding certificate is obtained in step 2 to perform the second-level signature, and the certificate is stored in the configuration blockchain.
  • the certificate is stored in the configuration block chain so that the certificate is used to verify the signature of the agency service party, and the agency forwarder who knows the transaction; the sender signs the transaction to know the sender of the transaction.
  • a blockchain-based multi-level signature device the device includes an institutional service party, the institution service party is used to receive a transaction sent by the transaction party, and obtain a transaction with the transaction Corresponding transaction certificate and send the transaction certificate to the blockchain node, sign the transaction according to the transaction certificate to obtain a second signature, and send the transaction with the second signature to the blockchain Node, wherein the transaction carries identity verification information of the transaction party, the identity verification information includes a first signature, the blockchain node agrees on the transaction certificate, and the blockchain node The second signature and identity verification information of the transaction are verified, and the transaction is stored in the blockchain if the verification is successful.
  • a blockchain-based multi-level signature device the device includes a blockchain node, and the blockchain node is used to receive a transaction certificate sent by an agency service party node, And synchronize the transaction certificate through the consensus mechanism on the entire network nodes of the blockchain, receive the transaction with the multi-level signature sent by the service side node of the institution, and verify the multi-level signature of the transaction, In the case of successful verification, the transaction is stored on the blockchain, where the transaction certificate is generated after the agency service node obtains the transaction with the identity verification information of the transaction party, and the multi-level The signature includes the identity verification information of the transaction party and the signature performed by the agency server node on the transaction according to the transaction certificate.
  • a blockchain-based multi-level signature device includes an institutional service party and a blockchain node.
  • the institution service party receives a transaction sent by a transaction party, wherein, The transaction carries the identity verification information of the transaction party; the institutional service party obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, where Consensus on the transaction certificate; the agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the identity verification information and the second signature to the office
  • the blockchain node; the blockchain node receives the transaction with a multi-level signature sent by the agency server node, verifies the multi-level signature of the transaction, and in the case of successful verification, will The transaction is stored on the blockchain, wherein the multi-level signature includes the first signature and the second signature.
  • a block chain multi-level signature device based on configuration blocks.
  • the device includes a transaction sender, an institution service party and a block chain node, and the transaction sender performs a first-level signature :
  • the sender of the transaction digitally signs it with its own private key, and forwards the transaction with the sender's digital signature to the node of the service provider;
  • the service provider of the institution obtains the certificate and stores it in Configure blockchain:
  • the agency service party obtains the corresponding certificate, sends the certificate information to the blockchain node, and the blockchain node stores the certificate on the configuration blockchain, and consensus is reached on the entire network nodes
  • the mechanism performs full synchronization of certificate information;
  • the agency service party uses the certificate to perform the second-level signature, and the agency service party second-signs the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node; block
  • the chain node performs two-level verification and uploads the
  • a computer device including a memory, a processor, and a computer program stored in the memory and capable of running on the processor.
  • the processor implements the above-mentioned Configure the steps of the block chain multi-level signature method.
  • a computer-readable storage medium on which a computer program is stored, which, when executed by a processor, implements the above-mentioned configuration block-based blockchain multi-level signature method A step of.
  • the above-mentioned blockchain-based multi-level signature method, device, equipment and medium receive the transaction sent by the transaction party, obtain the transaction certificate corresponding to the transaction and send the transaction certificate to the blockchain node, and perform the transaction according to the transaction certificate
  • the signature obtains a multi-level signature, and the transaction with the multi-level signature is sent to the blockchain node.
  • the multi-level signature can realize the traceability of the whole chain of transaction forwarding, strengthen the security of the entire transaction link, and improve the transaction traceability mechanism.
  • Fig. 1 is a flowchart of a blockchain-based multi-level signature method according to an embodiment of the present application.
  • Fig. 2 is a flowchart of a blockchain-based multi-level signature method according to another embodiment of the present application.
  • Fig. 3 is a flowchart of a blockchain-based multi-level signature method according to another embodiment of the present application.
  • Figure 4 is a schematic diagram of a blockchain-based multi-level signature method according to an embodiment of the present application.
  • Fig. 5 is a schematic diagram of a first-level signature in a blockchain-based multi-level signature method according to an embodiment of the present application.
  • Fig. 6 is a schematic diagram of a blockchain-based multi-level signature method according to an embodiment of the present application.
  • connection is not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect.
  • the "plurality” referred to in this application refers to two or more.
  • “And/or” describes the association relationship of the associated objects, which means that there can be three kinds of relationships. For example, “A and/or B” can mean: A alone exists, A and B exist at the same time, and B exists alone.
  • the character “/” generally indicates that the associated objects are in an “or” relationship.
  • first”, “second”, “third”, etc. involved in this application only distinguish similar objects, and do not represent a specific order for objects.
  • FIG. 1 is a flowchart of a blockchain-based multi-level signature method according to an embodiment of the present application.
  • the method includes the following steps: Step S110, the institution service party receives the transaction The transaction sent by the party.
  • the transaction carries the identity verification information of the transaction party, and the identity verification information includes the first signature.
  • step S120 the institution service party obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node. Among them, the blockchain nodes agree on the transaction certificate.
  • step S130 the agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the second signature to the blockchain node.
  • the blockchain node verifies the second signature of the transaction and the identity verification information, and stores the transaction in the blockchain when the verification is successful.
  • step S110 to step S130 after receiving the transaction sent by the transaction sender, the agency service party obtains the transaction certificate corresponding to the transaction.
  • the transaction certificate can be a certificate issued by a certification authority or corresponding to the agency service party
  • the node generates a transaction certificate through transaction information according to a preset smart contract.
  • the institutional service party sends the transaction certificate to the blockchain node, and the transaction certificate is agreed upon through the blockchain node.
  • the institutional service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the second signature to the blockchain node.
  • the transaction not only includes the first signature and the second signature, but can also include multi-level signatures.
  • each node in the blockchain can obtain The transaction certificate is used to verify the multi-level signature in the transaction through the transaction certificate to realize the full-chain traceability of the transaction.
  • the method for obtaining a transaction certificate corresponding to the transaction includes: the institution service party constructs a transaction certificate request, The transaction certificate request includes the request body, the request body signature and the client certificate; the blockchain node verifies the request body signature and the client certificate in the transaction certificate request, and in the case of successful verification, parses the temporary public key in the request body, And generate a transaction certificate based on the temporary public key.
  • the temporary public key is generated by the transaction party
  • the above-mentioned client is the client of the agency service party
  • the request body signature is generated by signing the request body by the private key of the client certificate.
  • FIG. 2 is a flowchart of a blockchain-based multi-level signature method according to another embodiment of the present application.
  • a blockchain-based multi-level signature is provided Method, the method includes the following steps: Step S210, the blockchain node receives the transaction certificate sent by the agency server node, and synchronizes the transaction certificate through the consensus mechanism on the entire network nodes of the blockchain. Among them, the transaction certificate is generated after the service party node of the institution obtains the transaction with the identity verification information of the transaction party.
  • step S220 the blockchain node receives the transaction with the multi-level signature sent by the institution server node.
  • the multi-level signature includes the identity verification information of the transaction party and the signature of the transaction performed by the institution server node according to the transaction certificate.
  • Step S230 the blockchain node verifies the multi-level signature of the transaction, and if the verification is successful, the transaction is stored on the blockchain.
  • the blockchain node stores both the transaction certificate and the transaction on the blockchain, and verifies the multi-level signature in the transaction through the transaction certificate, so as to realize the full-chain traceability of the transaction.
  • verifying the multi-level signature of the transaction includes verifying the second signature, and if the second signature verification is passed, then verifying the identity verification information of the transaction sender.
  • the signature verification of the agency service party is performed first, and then the signature verification of the transaction party is performed.
  • the signature verification is performed in the order of the post-signature verification first. This makes the verification more accurate and easier to trace.
  • the blockchain node stores the transaction certificate on the configuration blockchain, and synchronizes the certificate through the consensus mechanism on the entire network of the blockchain, and stores the transaction certificate in a specific blockchain
  • one blockchain is used to store transactions, and the other is dedicated to storing transaction certificates. The process of obtaining certificates during the verification process will be more efficient, and the reliability of transaction certificates will be stronger.
  • performing signature verification on the multi-level signature of the transaction includes: obtaining a transaction certificate from the blockchain, and verifying the signature of the agency server node according to the transaction certificate.
  • each node in the blockchain can obtain the transaction certificate, any node on the blockchain can verify the multi-level signature in the transaction when the transaction certificate is obtained.
  • FIG. 3 is a flowchart of a blockchain-based multi-level signature method according to another embodiment of the present application.
  • the method includes: step S310, the institution service party receives the transaction A transaction sent by a party, where the transaction carries identity verification information of the transaction party, and the identity verification information includes the first signature.
  • step S320 the service party of the institution obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, where the transaction certificate is agreed upon.
  • step S330 the agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the identity verification information and the second signature to the blockchain node.
  • the blockchain node receives the transaction with the multi-level signature sent by the agency server node, verifies the multi-level signature of the transaction, and stores the transaction on the blockchain if the verification is successful.
  • the multi-level signature includes the first signature and the second signature.
  • the institutional service party receives the transaction sent by the transaction party, obtains the transaction certificate corresponding to the transaction, sends the transaction certificate to the blockchain node, and signs the transaction according to the transaction certificate to obtain a multi-level signature, which will carry multiple signatures.
  • Level-signatured transactions are sent to blockchain nodes, and the full-chain traceability of transaction forwarding can be realized through multi-level signatures, which strengthens the security of the entire transaction link and improves the transaction traceability mechanism.
  • the transaction certificate is stored on the configuration blockchain, and the certificates are synchronized through the consensus mechanism on the entire network nodes of the blockchain, and the transaction certificate is stored in a specific blockchain, such as a block.
  • the block chain is used to store transactions, and the other is dedicated to storing transaction certificates. The process of obtaining certificates in the verification process will be more efficient and make the transaction certificates more reliable.
  • performing signature verification on the multi-level signature of the transaction includes: obtaining a transaction certificate from the blockchain, and verifying the signature of the agency server node according to the transaction certificate.
  • each node in the blockchain can obtain the transaction certificate, any node on the blockchain can verify the multi-level signature in the transaction when the transaction certificate is obtained.
  • the transaction party before the institution service party receives the transaction sent by the transaction party, the transaction party signs the transaction with the transaction party's private key to obtain the first signature, and sends the transaction with the first signature to the institution service party.
  • the client of the agency service party generates a temporary public key and a temporary private key pair, and sends a transaction certificate request to the blockchain node.
  • the transaction certificate request includes the request body, the request body signature, and the client corresponding to the client End certificate;
  • the blockchain node verifies the signature of the request body and the client certificate, and in the case of successful verification, parses the temporary public key in the request body, and generates the transaction certificate according to the temporary public key, and the agency service party obtains the transaction certificate.
  • This implementation provides a specific process for generating transaction certificates, so that there are unified transaction certificate generation rules on the blockchain, which can make transaction traceability more accurate and efficient.
  • the blockchain node verifies the first signature and verifies the transaction party’s private key type.
  • the transaction party’s private key type is ECC
  • the transaction party’s public key type The key generates the client certificate and client certificate private key, and sends the client certificate and client certificate private key to the transaction party.
  • a client certificate generation method is provided, which is used to authenticate the client of the agency service party, thereby making the blockchain-based multi-level signature method more reliable.
  • FIG 4 is a schematic diagram of a blockchain-based multi-level signature method according to an embodiment of this application.
  • a blockchain multi-level signature based on configuration blocks is provided.
  • the method specifically includes the following steps: Step 1, the transaction sender performs a primary signature: Before a transaction is sent to the blockchain network, the transaction sender uses its own private key to digitally sign the transaction with the sender’s digital signature Forward to the node of the service provider. This step confirms the rights of the transaction through cryptographic means, and proves that the transaction is indeed sent by the sender, which can effectively prevent user denial.
  • Step 2 The institution service party obtains the certificate and stores it in the configuration blockchain: After the institution service party accepts the transaction, it obtains the corresponding certificate, performs the second-level (institutional level) signature, and sends the certificate information to the blockchain node ,
  • the blockchain node stores the certificate on the configuration blockchain, and all nodes in the whole network synchronize the certificate information through a consensus mechanism to realize the certificate on the chain.
  • the server certificate is stored in the configuration block chain, and is used for subsequent signature verification of the agency server.
  • the certificate is on the chain, using the non-tamperable feature of the blockchain, which has the effect of notarizing the identity of the organization. The subsequent use of the certificate to verify the signature is more convincing and irresistible.
  • Step 3 The institution service party uses the certificate to perform the secondary signature: the institution service party performs a secondary signature on the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node.
  • the second signature effectively records the forwarding path of the transaction and proves that the transaction is forwarded on the chain by the corresponding agency service party, which can effectively track the entire transaction process.
  • Step 4 The blockchain node performs two-level verification and uploads the signature and transaction to the chain: After the blockchain node receives the transaction and certificate with the two-level signature, it performs the signature verification of the agency service party; after the verification is passed , And then verify the signature of the transaction sender, otherwise the transaction will be rejected; after the transaction sender’s signature verification is passed, the transaction will be stored on the blockchain and the entire network will update the transaction synchronously; otherwise, the transaction will be rejected.
  • the on-chain storage of transactions with multi-level signatures makes use of the non-tamperable characteristics of the blockchain to make the entire transaction chain information more reliable and credible.
  • users inquire about transactions they will configure the certificate of the blockchain to verify the signature of the agency service party, and the agency forwarder who knows the transaction; through the sender's signature transaction, know the sender of the transaction, so that the multi-level signature of the transaction can be traced.
  • FIG. 5 is a schematic diagram of the first level signature in the blockchain-based multi-level signature method according to an embodiment of the present application.
  • the user initiates a transaction to the blockchain node after signing, and the node performs a consensus after passing the verification
  • the multi-level signature method of this application is compared with the original first-level signature process, by adding the signature of the service node that forwards the transaction in the transaction, and storing the service node certificate in the configuration blockchain for signature verification
  • a complete record of the forwarding path of the transaction is realized to ensure the traceability of the entire transaction link, especially in the alliance chain scenario, which can effectively record the forwarding service organization of the transaction, prevent the institution from sending malicious transactions, and strengthen the security of the entire transaction link Improve the transaction traceability mechanism.
  • FIG. 6 is a schematic diagram of a blockchain-based multi-level signature method according to an embodiment of the present application.
  • the method includes the following steps: One: The client user is the transaction party requesting the client certificate. The client user sends a request to the owner of the blockchain node to obtain the client certificate. The content of the request includes the public key generated by the client user and the corresponding private key. The signature of the public key; the private key is only properly kept by the user.
  • Step 2 The owner of the blockchain node verifies the client certificate request. First, it verifies the validity of the signature, and secondly verifies whether the private key type is ECC.
  • Client request transaction certificate Before each transaction, the client user first requests a transaction certificate, first generates a pair of temporary public and private key pairs to send a transaction certificate request to the blockchain node owner.
  • the content of the transaction certificate request includes the transaction certificate The request body, the signature of the client certificate private key to the request body, and the client certificate, where the request body is the main content of the transaction, and other accompanying information is used to complete the corresponding identity certification based on the cryptographic algorithm.
  • Step 4 The owner of the blockchain node verifies the transaction certificate request: it specifically includes verifying the legitimacy of the signature and verifying the client certificate.
  • the blockchain node parses out the temporary public key in the transaction certificate request and is the public key Generate the corresponding transaction certificate and return it to the requesting client.
  • the transaction certificate will also be used for consensus on the blockchain through blockchain nodes.
  • Step 5 initiating a transaction: the client user initiates a transaction after obtaining the transaction certificate, specifically: first generate a transaction, then the client user uses the private key generated by the client to sign the transaction to obtain the signed transaction, and use the transaction to construct a request , And then use the transaction certificate to sign the request, and then attach the transaction certificate to send the corresponding request body to the blockchain node.
  • the blockchain node stores the transaction information and verifies the transaction, and then synchronizes other transactions except the client transaction certificate signature Information to all nodes.
  • the blockchain node feeds back the verification result to the user. If the verification is successful, the transaction is successful; if the verification fails, it indicates that the transaction failed.
  • the signature method of this application adds an extension field to the transaction to store the signature of the channel, that is, the client transaction certificate signature, and the consensus on the blockchain is used to realize the traceability of the transaction forwarding through the multi-level signature and strengthen the entire transaction The security of the link improves the transaction traceability mechanism.
  • a multi-level signature device based on blockchain includes an institutional service party, which is used to receive a transaction sent by a transaction party, obtain a transaction certificate corresponding to the transaction, and The transaction certificate is sent to the blockchain node, the transaction is signed according to the transaction certificate to obtain the second signature, and the transaction with the second signature is sent to the blockchain node, where the transaction carries the identity verification information of the transaction party, and identity verification
  • the information includes the first signature, the blockchain node agrees on the transaction certificate, the blockchain node verifies the second signature of the transaction and the identity verification information, and stores the transaction in the blockchain if the verification is successful.
  • the above-mentioned blockchain-based multi-level signature device signs the transaction according to the transaction certificate to obtain a multi-level signature, and sends the transaction with the multi-level signature to the blockchain node, and the transaction forwarding can be traced through the multi-level signature. , Strengthen the security of the entire transaction link and improve the transaction traceability mechanism.
  • a multi-level signature device based on a blockchain
  • the device includes a blockchain node, and the blockchain node is used to receive a transaction certificate sent by an institution's server node, and is used in the entire blockchain.
  • the network node synchronizes the transaction certificate through the consensus mechanism, receives the transaction with the multi-level signature sent by the agency service node, verifies the multi-level signature of the transaction, and stores the transaction on the blockchain when the verification is successful ,
  • the transaction certificate is generated after the agency service party node obtains the transaction with the transaction party identity verification information
  • the multi-level signature includes the transaction party’s identity verification information and the agency service party node’s signature on the transaction based on the transaction certificate.
  • the above-mentioned blockchain-based multi-level signature device signs the transaction according to the transaction certificate to obtain a multi-level signature, and sends the transaction with the multi-level signature to the blockchain node, and the transaction forwarding can be traced through the multi-level signature. , Strengthen the security of the entire transaction link and improve the transaction traceability mechanism.
  • a multi-level signature device based on blockchain includes an institution service party and a block chain node.
  • the institution service party receives a transaction sent by a transaction party, wherein the transaction has a transaction party.
  • the identity verification information includes the first signature; the agency service party obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, and the transaction certificate is agreed upon at the blockchain node; the agency service party according to the transaction The certificate signs the transaction to obtain the second signature, and sends the transaction with the identity verification information and the second signature to the blockchain node; the blockchain node receives the transaction with the multi-level signature sent by the agency server node, and then the transaction If the verification is successful, the transaction is stored on the blockchain, where the multi-level signature includes the first signature and the second signature.
  • the above-mentioned blockchain-based multi-level signature device signs the transaction according to the transaction certificate to obtain a multi-level signature, and sends the transaction with the multi-level signature to the blockchain node, and the transaction forwarding can be traced through the multi-level signature. , Strengthen the security of the entire transaction link and improve the transaction traceability mechanism.
  • a block chain multi-level signature device based on configuration blocks.
  • the device includes a transaction sender, an institution service party, and a blockchain node.
  • the transaction sender performs a first-level signature: Before the transaction is sent to the blockchain node, the sender of the transaction digitally signs it with its own private key, and forwards the transaction with the sender's digital signature to the node of the service provider; the service provider of the institution obtains the certificate and stores it in the configuration block Chain: After receiving the transaction, the institutional service party obtains the corresponding certificate, sends the certificate information to the blockchain node, and the blockchain node stores the certificate on the configuration blockchain, and performs the certificate through the consensus mechanism on the entire network node Full synchronization of information; the agency service party uses the certificate to perform the secondary signature, the agency service party performs the secondary signature on the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node; the blockchain node performs Two-level verification and the signature and transaction on the chain:
  • the above-mentioned blockchain-based multi-level signature device signs the transaction according to the transaction certificate to obtain a multi-level signature, and sends the transaction with the multi-level signature to the blockchain node, and the transaction forwarding can be traced through the multi-level signature. , Strengthen the security of the entire transaction link and improve the transaction traceability mechanism.
  • a computer device including a memory, a processor, and a computer program stored in the memory and capable of running on the processor.
  • the processor implements the above-mentioned blockchain-based multiplexing when the computer program is executed.
  • Level signature method The above-mentioned multi-level signature computer equipment based on the block chain receives the transaction sent by the transaction party, obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, and signs the transaction according to the transaction certificate to obtain a multi-level signature.
  • a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the above-mentioned blockchain-based multi-level signature method is realized.
  • the above-mentioned block chain-based multi-level signature computer-readable storage medium receives the transaction sent by the transaction party, obtains the transaction certificate corresponding to the transaction, sends the transaction certificate to the blockchain node, and signs the transaction according to the transaction certificate.
  • Multi-level signatures which send transactions with multi-level signatures to blockchain nodes, can achieve full-chain traceability of transaction forwarding through multi-level signatures, strengthen the security of the entire transaction link, and improve the transaction traceability mechanism.
  • Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

Abstract

A blockchain-based multi-stage signing method, a device, an apparatus, and a medium. The blockchain-based multi-stage signing method comprises the following steps: receiving a transaction sent by a transaction party, the transaction carrying identity authentication information of the transaction party, and the identity authentication information comprising a first signature; acquiring a transaction certificate corresponding to the transaction, sending the transaction certificate to a blockchain node, signing the transaction according to the transaction certificate to obtain a second signature, and sending the transaction carrying the second signature to a blockchain node; and the blockchain node authenticating the second signature of the transaction and the identity authentication information, and storing the transaction to a blockchain if the authentication succeeds. The invention realizes traceability of an entire transaction forwarding link by means of multi-stage signing, thereby enhancing the overall security of transaction links, and improving the transaction traceability mechanism.

Description

基于区块链的多级签名方法、装置、计算机设备和存储介质Block chain-based multi-level signature method, device, computer equipment and storage medium
相关申请Related application
本申请要求2019年8月21日申请的,申请号为201910772495.2,发明名称为“一种基于配置区块的区块链多级签名方法”和2019年9月3日申请的,申请号为201910827936.4,发明名称为“一种用于联盟区块链的具有匿名性的多级签名方法”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requires the application on August 21, 2019, the application number is 201910772495.2, the title of the invention is "a configuration block-based blockchain multi-level signature method" and the application on September 3, 2019, the application number is 201910827936.4 , The priority of the Chinese patent application with the title of "A multi-level signature method with anonymity for alliance blockchain", the entire content of which is incorporated in this application by reference.
技术领域Technical field
本申请涉及区块链技术领域,具体涉及基于区块链的多级签名方法、装置、设备和介质。This application relates to the field of blockchain technology, and specifically to blockchain-based multi-level signature methods, devices, equipment and media.
背景技术Background technique
区块链技术,区块链是一种新型去中心化协议,能安全地存储数字货币交易或其他数据,信息不可伪造和篡改。区块链上的交易确认由区块链上的所有节点共同完成,由共识算法保证其一致性。通过所有节点共同维护同一个账本,可以保证区块链中的信息无法被篡改,在有节点作恶的情况下仍然可以维护数据的完整性。Blockchain technology. Blockchain is a new type of decentralized protocol that can safely store digital currency transactions or other data, and information cannot be forged and tampered with. The transaction confirmation on the blockchain is completed by all nodes on the blockchain, and its consistency is guaranteed by the consensus algorithm. By maintaining the same ledger together by all nodes, it can be ensured that the information in the blockchain cannot be tampered with, and the integrity of the data can still be maintained even when a node is doing evil.
目前无论是公链还是联盟链,都只有一级签名,也即交易发送方的签名,至于该笔交易是通过哪一端发送至区块链平台,并没有相关技术支撑。传统联盟区块链主要通过公钥基础设施(Public Key Infrastructure,PKI)PKI体系来进行访问控制,传统PKI体系一般使用证书控制访问并用证书表示用户身份,就比如Hyperleger Fabric来说,使用一个中心化的CA服务器来负责身份的认证和证书的颁发与控制,使用相应的证书表示客户端的身份并以此控制客户端连接。证书用于标识个人就导致不能追溯签名的来源渠道。例如现有机构A和B,A机构用户a,B机构用户b,如果A机构拿到B机构用户b的公私钥发起交易,这时并不能很好追溯到这笔交易其实是机构A发出的。At present, whether it is a public chain or a consortium chain, there is only a first-level signature, that is, the signature of the transaction sender. As to which end the transaction is sent to the blockchain platform, there is no relevant technical support. The traditional alliance blockchain mainly uses the public key infrastructure (Public Key Infrastructure, PKI) PKI system to control access. The traditional PKI system generally uses certificates to control access and uses certificates to represent user identities. For example, Hyperleger Fabric uses a centralized The CA server is responsible for the authentication of the identity and the issuance and control of the certificate. The corresponding certificate is used to represent the identity of the client and to control the client connection. The use of certificates to identify individuals makes it impossible to trace the source of signatures. For example, existing institutions A and B, user a of institution A, user b of institution B, if institution A gets the public and private keys of user b of institution B to initiate a transaction, then it cannot be traced back to the fact that the transaction was actually issued by institution A .
发明内容Summary of the invention
为了克服现有技术的不足,本申请的目的在于提供一种基于区块链的多级签名的方法、装置、设备和介质。In order to overcome the deficiencies of the prior art, the purpose of this application is to provide a method, device, equipment and medium for multi-level signature based on blockchain.
根据本申请的第一个方面,提供了一种基于区块链的多级签名方法,所述方法包括:接收交易方发送的交易,其中,所述交易带有所述交易方的身份验证信息,所述身份验证信息包括第一签名;获取与所述交易对应的交易证书并将所述交易证书发送至区块链节点,其中,所述区块链节点对所述交易证书进行共识;根据所述交易证书对所述交易进行签名得到第二签名,将带有第二签名的所述交易发送至所述区块链节点,其中,所述区块链节点在对所述交易的所述第二签名以及身份验证信息进行验证,在验证成功的情况下将所述交易存储至区块链。According to the first aspect of the present application, there is provided a blockchain-based multi-level signature method, the method comprising: receiving a transaction sent by a transaction party, wherein the transaction carries identity verification information of the transaction party , The identity verification information includes a first signature; obtaining a transaction certificate corresponding to the transaction and sending the transaction certificate to a blockchain node, wherein the blockchain node agrees on the transaction certificate; The transaction certificate signs the transaction to obtain a second signature, and sends the transaction with the second signature to the blockchain node, where the blockchain node is The second signature and identity verification information are verified, and if the verification is successful, the transaction is stored in the blockchain.
在其中一些实施例中,构建交易证书请求,所述交易证书请求包括请求体、请求体签 名和客户端证书,其中,所述客户端证书是对所述第一签名的验证成功的情况下客户端获取到的证书,所述请求体签名由客户端证书的私钥对所述请求体签名生成;验证所述请求体签名和所述客户端证书,在验证成功的情况下,解析所述请求体中的临时公钥,并根据所述临时公钥生成所述交易证书,其中,所述临时公钥为所述交易方生成的。In some of the embodiments, a transaction certificate request is constructed, and the transaction certificate request includes a request body, a request body signature, and a client certificate, wherein the client certificate is the client when the verification of the first signature is successful The request body signature is generated by signing the request body with the private key of the client certificate; verify the request body signature and the client certificate, and if the verification is successful, parse the request And generate the transaction certificate according to the temporary public key in the body, wherein the temporary public key is generated by the transaction party.
根据本申请的第二个方面,提供了一种基于区块链的多级签名方法,所述方法包括:接收机构服务方节点发送的交易证书,并在区块链的全网节点通过共识机制进行所述交易证书的同步,其中,所述交易证书是所述机构服务方节点获取到带有交易方身份验证信息的交易后生成的;接收机构服务方节点发送的带有多级签名的所述交易,其中,所述多级签名包括所述交易方身份验证信息和所述机构服务方节点根据所述交易证书对所述交易进行的签名;对所述交易的所述多级签名进行验证,在验证成功的情况下,将所述交易存储到区块链上。According to the second aspect of this application, a blockchain-based multi-level signature method is provided. The method includes: receiving a transaction certificate sent by a service party node of an institution, and passing a consensus mechanism on all nodes of the blockchain Synchronize the transaction certificate, wherein the transaction certificate is generated after the institution server node obtains the transaction with the transaction party identity verification information; the receiving institution server node sends the multi-level signature The transaction, wherein the multi-level signature includes the identity verification information of the transaction party and the signature of the institution service party node on the transaction according to the transaction certificate; verifying the multi-level signature of the transaction , In the case of successful verification, store the transaction on the blockchain.
在其中一些实施例中,接收机构服务方节点发送的交易证书,并在区块链的全网节点通过共识机制进行所述交易证书的同步包括:接收机构服务方节点发送的所述交易证书,将所述交易证书存储在配置区块链上,并在区块链的全网节点通过共识机制进行所述证书的同步。In some of the embodiments, receiving the transaction certificate sent by the institution server node, and synchronizing the transaction certificate through the consensus mechanism on the entire network nodes of the blockchain includes: receiving the transaction certificate sent by the institution server node, The transaction certificate is stored on the configuration block chain, and the certificates are synchronized through the consensus mechanism on the entire network nodes of the block chain.
在其中一些实施例中,所述对所述交易的所述多级签名进行签名验证包括:从所述区块链上获取所述交易证书;根据所述交易证书对所述机构服务方节点的签名进行验证,验证通过后,再进行交易方身份验证信息的验证,验证通过后,将交易存储到区块链上,全网同步更新该笔交易,否则拒绝交易上链。In some of the embodiments, the performing signature verification on the multi-level signature of the transaction includes: obtaining the transaction certificate from the blockchain; The signature is verified. After the verification is passed, the identity verification information of the transaction party is verified. After the verification is passed, the transaction is stored on the blockchain, and the entire network updates the transaction synchronously. Otherwise, the transaction is rejected.
根据本申请的第三个方面,提供了一种基于区块链的多级签名方法,所述方法包括:机构服务方接收交易方发送的交易,其中,所述交易带有所述交易方的身份验证信息,所述身份验证信息包括第一签名;所述机构服务方获取与所述交易对应的交易证书并将所述交易证书发送至区块链节点,在所述区块链节点对所述交易证书进行共识;所述机构服务方根据所述交易证书对所述交易进行签名得到第二签名,将带有所述身份验证信息和所述第二签名的所述交易发送至所述区块链节点;所述区块链节点接收机构服务方节点发送的带有多级签名的所述交易,对所述交易的所述多级签名进行验证,在验证成功的情况下,将所述交易存储到区块链上,其中,所述多级签名包括所述第一签名和所述第二签名。According to a third aspect of the present application, there is provided a blockchain-based multi-level signature method, the method includes: an institutional service party receives a transaction sent by a transaction party, wherein the transaction carries the transaction party’s Identity verification information, the identity verification information includes a first signature; the agency service party obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, where the The transaction certificate carries out a consensus; the agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the identity verification information and the second signature to the district Block chain node; the block chain node receives the transaction with the multi-level signature sent by the agency server node, verifies the multi-level signature of the transaction, and in the case of successful verification, the The transaction is stored on the blockchain, where the multi-level signature includes the first signature and the second signature.
在其中一些实施例中,所述在所述区块链平台对所述交易证书进行共识包括:将所述交易证书存储在配置区块链上,并在区块链的全网节点通过共识机制进行所述证书的同步。In some of the embodiments, the consensus on the transaction certificate on the blockchain platform includes: storing the transaction certificate on the configuration blockchain, and adopting a consensus mechanism on the entire network nodes of the blockchain Synchronize the certificate.
在其中一些实施例中,所述机构服务方接收交易方发送的交易之前,所述方法包括:所述交易方通过交易方私钥对所述交易进行签名得到第一签名,将带有所述第一签名的交易发送给所述机构服务方。In some of the embodiments, before the institution service party receives the transaction sent by the transaction party, the method includes: the transaction party signs the transaction through the transaction party's private key to obtain a first signature, which will carry the The first signed transaction is sent to the agency service party.
在其中一些实施例中,所述机构服务方获取与所述交易对应的交易证书包括:所述机构服务方的客户端生成临时公钥和临时私钥对,向所述区块链节点发送交易证书请求,所述交易证书请求包括请求体、请求体签名和与所述客户端对应的客户端证书;所述区块链节点验证所述请求体签名和所述客户端证书,在验证成功的情况下,解析所述请求体中的所述临 时公钥,并根据所述临时公钥生成所述交易证书,所述机构服务方获取所述交易证书。In some of the embodiments, obtaining the transaction certificate corresponding to the transaction by the institution service party includes: the client of the institution service party generates a temporary public key and a temporary private key pair, and sends the transaction to the blockchain node A certificate request, the transaction certificate request includes a request body, a request body signature, and a client certificate corresponding to the client; the blockchain node verifies the request body signature and the client certificate, and when the verification is successful In this case, the temporary public key in the request body is parsed, and the transaction certificate is generated according to the temporary public key, and the agency service party obtains the transaction certificate.
在其中一些实施例中,所述机构服务方接收交易方发送的交易之后,所述方法包括:所述区块链节点验证所述第一签名,验证所述交易方私钥类型,在所述交易方私钥类型为ECC的情况下,根据所述交易方公钥生成所述客户端证书和客户端证书私钥,并将所述客户端证书和所示客户端证书私钥发送至所述交易方。In some of the embodiments, after the institution service party receives the transaction sent by the transaction party, the method includes: the blockchain node verifies the first signature, verifies the private key type of the transaction party, and When the transaction party private key type is ECC, the client certificate and the client certificate private key are generated according to the transaction party public key, and the client certificate and the client certificate private key are sent to the Party to the transaction.
在其中一些实施例中,所述交易方公钥和所述交易方私钥通过椭圆曲线数字签名算法生成,所述交易方公钥的散列值为所述交易方的账户地址。In some of the embodiments, the transaction party public key and the transaction party private key are generated by an elliptic curve digital signature algorithm, and the hash value of the transaction party public key is the account address of the transaction party.
根据本发明的第四个方面,提供了一种基于配置区块的区块链多级签名方法,所述方法包括:交易发送方进行一级签名:一笔交易发送到区块链网络之前,交易发送方通过自己的私钥进行数字签名,将带有发送方数字签名的交易转发到提供服务机构的节点上;机构服务方获取证书并存储于配置区块链:机构服务方接受到该笔交易后,获取相应证书,将证书信息发送至区块链节点,区块链节点将证书存储在配置区块链上,并在全网节点通过共识机制进行证书信息的全同步;机构服务方使用证书进行二级签名,机构服务方对该笔交易进行二次签名,并将带有两级签名的交易和证书转发到区块链节点;区块链节点进行二级验签并将签名和交易上链:区块链节点接收到所述带有两级签名的交易和证书后,进行机构服务方的签名验证;验证通过后,再进行交易发送方的签名验证,交易发送方的一级签名验证通过后,将交易存储到区块链上,全网同步更新该笔交易,否则拒绝交易上链。According to a fourth aspect of the present invention, there is provided a blockchain multi-level signature method based on configuration blocks. The method includes: a transaction sender performs a first-level signature: before a transaction is sent to the blockchain network, The transaction sender digitally signs with its own private key, and forwards the transaction with the sender's digital signature to the node of the service provider; the service provider obtains the certificate and stores it in the configuration blockchain: the service provider receives the pen After the transaction, obtain the corresponding certificate and send the certificate information to the blockchain node. The blockchain node stores the certificate on the configuration blockchain and synchronizes the certificate information through the consensus mechanism on the entire network node; used by the agency service party The certificate performs the secondary signature, and the agency service party performs a secondary signature on the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node; the blockchain node performs the secondary verification and signs and transactions On the chain: After the blockchain node receives the transaction and certificate with the two-level signature, it will perform the signature verification of the agency service party; after the verification is passed, it will perform the signature verification of the transaction sender and the first-level signature of the transaction sender After the verification is passed, the transaction is stored on the blockchain, and the entire network updates the transaction synchronously, otherwise the transaction is refused to be uploaded to the chain.
在其中一些实施例中,步骤二中所述获取相应证书进行第二层级的签名,并且证书存储于配置区块链中。In some of the embodiments, the corresponding certificate is obtained in step 2 to perform the second-level signature, and the certificate is stored in the configuration blockchain.
在其中一些实施例中,将证书存储于配置区块链从而使用所述证书进行机构服务方签名验证,知晓交易的机构转发方;通过发送方签名交易,知晓交易发送方。In some of these embodiments, the certificate is stored in the configuration block chain so that the certificate is used to verify the signature of the agency service party, and the agency forwarder who knows the transaction; the sender signs the transaction to know the sender of the transaction.
根据本申请的第五个方面,提供了一种基于区块链的多级签名装置,所述装置包括机构服务方,所述机构服务方用于接收交易方发送的交易,获取与所述交易对应的交易证书并将所述交易证书发送至区块链节点,根据所述交易证书对所述交易进行签名得到第二签名,将带有第二签名的所述交易发送至所述区块链节点,其中,所述交易带有所述交易方的身份验证信息,所述身份验证信息包括第一签名,所述区块链节点对所述交易证书进行共识,所述区块链节点在对所述交易的所述第二签名以及身份验证信息进行验证,在验证成功的情况下将所述交易存储至区块链。According to a fifth aspect of the present application, there is provided a blockchain-based multi-level signature device, the device includes an institutional service party, the institution service party is used to receive a transaction sent by the transaction party, and obtain a transaction with the transaction Corresponding transaction certificate and send the transaction certificate to the blockchain node, sign the transaction according to the transaction certificate to obtain a second signature, and send the transaction with the second signature to the blockchain Node, wherein the transaction carries identity verification information of the transaction party, the identity verification information includes a first signature, the blockchain node agrees on the transaction certificate, and the blockchain node The second signature and identity verification information of the transaction are verified, and the transaction is stored in the blockchain if the verification is successful.
根据本申请的第六个方面,提供了一种基于区块链的多级签名装置,所述装置包括区块链节点,所述区块链节点用于接收机构服务方节点发送的交易证书,并在区块链的全网节点通过共识机制进行所述交易证书的同步,接收机构服务方节点发送的带有多级签名的所述交易,对所述交易的所述多级签名进行验证,在验证成功的情况下,将所述交易存储到区块链上,其中,所述交易证书是所述机构服务方节点获取到带有交易方身份验证信息的交易后生成的,所述多级签名包括所述交易方身份验证信息和所述机构服务方节点根据所述交易证书对所述交易进行的签名。According to a sixth aspect of the present application, there is provided a blockchain-based multi-level signature device, the device includes a blockchain node, and the blockchain node is used to receive a transaction certificate sent by an agency service party node, And synchronize the transaction certificate through the consensus mechanism on the entire network nodes of the blockchain, receive the transaction with the multi-level signature sent by the service side node of the institution, and verify the multi-level signature of the transaction, In the case of successful verification, the transaction is stored on the blockchain, where the transaction certificate is generated after the agency service node obtains the transaction with the identity verification information of the transaction party, and the multi-level The signature includes the identity verification information of the transaction party and the signature performed by the agency server node on the transaction according to the transaction certificate.
根据本申请的第七个方面,提供了一种基于区块链的多级签名装置,所述装置包括机 构服务方和区块链节点,所述机构服务方接收交易方发送的交易,其中,所述交易带有所述交易方的身份验证信息;所述机构服务方获取与所述交易对应的交易证书并将所述交易证书发送至所述区块链节点,在所述区块链节点对所述交易证书进行共识;所述机构服务方根据所述交易证书对所述交易进行签名得到第二签名,将带有所述身份验证信息和所述第二签名的所述交易发送至所述区块链节点;所述区块链节点接收机构服务方节点发送的带有多级签名的所述交易,对所述交易的所述多级签名进行验证,在验证成功的情况下,将所述交易存储到区块链上,其中,所述多级签名包括所述第一签名和所述第二签名。According to a seventh aspect of the present application, there is provided a blockchain-based multi-level signature device. The device includes an institutional service party and a blockchain node. The institution service party receives a transaction sent by a transaction party, wherein, The transaction carries the identity verification information of the transaction party; the institutional service party obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, where Consensus on the transaction certificate; the agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the identity verification information and the second signature to the office The blockchain node; the blockchain node receives the transaction with a multi-level signature sent by the agency server node, verifies the multi-level signature of the transaction, and in the case of successful verification, will The transaction is stored on the blockchain, wherein the multi-level signature includes the first signature and the second signature.
根据本申请的第八个方面,提供了一种基于配置区块的区块链多级签名装置,所述装置包括交易发送方、机构服务方和区块链节点,交易发送方进行一级签名:一笔交易发送到区块链网络之前,交易发送方通过自己的私钥进行数字签名,将带有发送方数字签名的交易转发到提供服务机构的节点上;机构服务方获取证书并存储于配置区块链:机构服务方接受到该笔交易后,获取相应证书,将证书信息发送至区块链节点,区块链节点将证书存储在配置区块链上,并在全网节点通过共识机制进行证书信息的全同步;机构服务方使用证书进行二级签名,机构服务方对该笔交易进行二次签名,并将带有两级签名的交易和证书转发到区块链节点;区块链节点进行二级验签并将签名和交易上链:区块链节点接收到所述带有两级签名的交易和证书后,进行机构服务方的签名验证;验证通过后,再进行交易发送方的签名验证,交易发送方签名验证通过后,将交易存储到区块链上,全网同步更新该笔交易,否则拒绝交易上链。According to the eighth aspect of the present application, there is provided a block chain multi-level signature device based on configuration blocks. The device includes a transaction sender, an institution service party and a block chain node, and the transaction sender performs a first-level signature : Before a transaction is sent to the blockchain network, the sender of the transaction digitally signs it with its own private key, and forwards the transaction with the sender's digital signature to the node of the service provider; the service provider of the institution obtains the certificate and stores it in Configure blockchain: After receiving the transaction, the agency service party obtains the corresponding certificate, sends the certificate information to the blockchain node, and the blockchain node stores the certificate on the configuration blockchain, and consensus is reached on the entire network nodes The mechanism performs full synchronization of certificate information; the agency service party uses the certificate to perform the second-level signature, and the agency service party second-signs the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node; block The chain node performs two-level verification and uploads the signature and transaction to the chain: After the blockchain node receives the transaction and certificate with the two-level signature, it performs the signature verification of the agency service party; after the verification is passed, the transaction is sent The signature verification of the party, after the transaction sender’s signature verification is passed, the transaction is stored on the blockchain and the entire network updates the transaction synchronously, otherwise the transaction is refused to be uploaded to the chain.
根据本申请的第九个方面,提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述基于配置区块的区块链多级签名方法的步骤。According to a ninth aspect of the present application, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor. The processor implements the above-mentioned Configure the steps of the block chain multi-level signature method.
根据本申请的第十个方面,提供了一种计算机可读存储介质,其上存储有计算机程序,,所述计算机程序被处理器执行时实现上述基于配置区块的区块链多级签名方法的步骤。According to a tenth aspect of the present application, there is provided a computer-readable storage medium on which a computer program is stored, which, when executed by a processor, implements the above-mentioned configuration block-based blockchain multi-level signature method A step of.
上述基于区块链的多级签名的方法、装置、设备和介质,通过接收交易方发送的交易,获取与交易对应的交易证书并将交易证书发送至区块链节点,根据交易证书对交易进行签名得到多级签名,将带有多级签名的交易发送至区块链节点,可以通过多级签名实现交易转发全链路可追溯,加强整个交易链路安全性,提升交易可追溯机制。The above-mentioned blockchain-based multi-level signature method, device, equipment and medium receive the transaction sent by the transaction party, obtain the transaction certificate corresponding to the transaction and send the transaction certificate to the blockchain node, and perform the transaction according to the transaction certificate The signature obtains a multi-level signature, and the transaction with the multi-level signature is sent to the blockchain node. The multi-level signature can realize the traceability of the whole chain of transaction forwarding, strengthen the security of the entire transaction link, and improve the transaction traceability mechanism.
附图说明Description of the drawings
为了更好地描述和说明这里公开的那些发明的实施例和/或示例,可以参考一幅或多幅附图。用于描述附图的附加细节或示例不应当被认为是对所公开的发明、目前描述的实施例和/或示例以及目前理解的这些发明的最佳模式中的任何一者的范围的限制。In order to better describe and illustrate the embodiments and/or examples of the inventions disclosed herein, one or more drawings may be referred to. The additional details or examples used to describe the drawings should not be considered as limiting the scope of any of the disclosed inventions, the currently described embodiments and/or examples, and the best mode of these inventions currently understood.
图1是根据本申请一个实施例中的基于区块链的多级签名方法的流程图。Fig. 1 is a flowchart of a blockchain-based multi-level signature method according to an embodiment of the present application.
图2是根据本申请另一个实施例中基于区块链的多级签名方法的流程图。Fig. 2 is a flowchart of a blockchain-based multi-level signature method according to another embodiment of the present application.
图3是根据本申请又一个实施例中基于区块链的多级签名方法的流程图。Fig. 3 is a flowchart of a blockchain-based multi-level signature method according to another embodiment of the present application.
图4是根据本申请一个实施例中基于区块链的多级签名方法的示意图。Figure 4 is a schematic diagram of a blockchain-based multi-level signature method according to an embodiment of the present application.
图5是根据本申请一个实施例中基于区块链的多级签名方法中一级签名的示意图。Fig. 5 is a schematic diagram of a first-level signature in a blockchain-based multi-level signature method according to an embodiment of the present application.
图6是根据本申请一个实施例中基于区块链的多级签名方法的示意图。Fig. 6 is a schematic diagram of a blockchain-based multi-level signature method according to an embodiment of the present application.
具体实施方式detailed description
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行描述和说明。应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。基于本申请提供的实施例,本领域普通技术人员在没有作出创造性劳动的前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions, and advantages of this application clearer, the following describes and illustrates this application with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the application, and are not used to limit the application. Based on the embodiments provided in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
显而易见地,下面描述中的附图仅仅是本申请的一些示例或实施例,对于本领域的普通技术人员而言,在不付出创造性劳动的前提下,还可以根据这些附图将本申请应用于其他类似情景。此外,还可以理解的是,虽然这种开发过程中所作出的努力可能是复杂并且冗长的,然而对于与本申请公开的内容相关的本领域的普通技术人员而言,在本申请揭露的技术内容的基础上进行的一些设计,制造或者生产等变更只是常规的技术手段,不应当理解为本申请公开的内容不充分。Obviously, the drawings in the following description are only some examples or embodiments of the application. For those of ordinary skill in the art, without creative work, the application can also be applied to the application according to these drawings. Other similar scenarios. In addition, it is also understandable that although the efforts made in this development process may be complicated and lengthy, for those of ordinary skill in the art related to the content disclosed in this application, the technology disclosed in this application Some design, manufacturing, or production changes based on the content are just conventional technical means, and should not be understood that the content disclosed in this application is insufficient.
在本申请中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域普通技术人员显式地和隐式地理解的是,本申请所描述的实施例在不冲突的情况下,可以与其它实施例相结合。The reference to "embodiments" in this application means that a specific feature, structure or characteristic described in conjunction with the embodiments may be included in at least one embodiment of the present application. The appearance of the phrase in various places in the specification does not necessarily refer to the same embodiment, nor is it an independent or alternative embodiment mutually exclusive with other embodiments. Those of ordinary skill in the art understand explicitly and implicitly that the embodiments described in this application can be combined with other embodiments without conflict.
除非另作定义,本申请所涉及的技术术语或者科学术语应当为本申请所属技术领域内具有一般技能的人士所理解的通常意义。本申请所涉及的“一”、“一个”、“一种”、“该”等类似词语并不表示数量限制,可表示单数或复数。本申请所涉及的术语“包括”、“包含”、“具有”以及它们任何变形,意图在于覆盖不排他的包含;例如包含了一系列步骤或模块(单元)的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可以还包括没有列出的步骤或单元,或可以还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。本申请所涉及的“连接”、“相连”、“耦接”等类似的词语并非限定于物理的或者机械的连接,而是可以包括电气的连接,不管是直接的还是间接的。本申请所涉及的“多个”是指两个或两个以上。“和/或”描述关联对象的关联关系,表示可以存在三种关系,例如,“A和/或B”可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。字符“/”一般表示前后关联对象是一种“或”的关系。本申请所涉及的术语“第一”、“第二”、“第三”等仅仅是区别类似的对象,不代表针对对象的特定排序。Unless otherwise defined, the technical terms or scientific terms involved in this application shall have the usual meanings understood by those with general skills in the technical field to which this application belongs. The terms "a", "an", "one", "the" and other similar words involved in this application do not mean a quantitative limit, and may mean a singular or plural number. The terms "include", "include", "have" and any of their variations involved in this application are intended to cover non-exclusive inclusion; for example, a process, method, system, product or product that includes a series of steps or modules (units) The equipment is not limited to the listed steps or units, but may further include unlisted steps or units, or may further include other steps or units inherent to these processes, methods, products, or equipment. The terms "connected", "connected", "coupled" and the like mentioned in this application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The "plurality" referred to in this application refers to two or more. "And/or" describes the association relationship of the associated objects, which means that there can be three kinds of relationships. For example, "A and/or B" can mean: A alone exists, A and B exist at the same time, and B exists alone. The character "/" generally indicates that the associated objects are in an "or" relationship. The terms "first", "second", "third", etc. involved in this application only distinguish similar objects, and do not represent a specific order for objects.
在一个实施例中,图1是根据本申请一个实施例中的基于区块链的多级签名方法的流程图,如图1所示,该方法包括以下步骤:步骤S110,机构服务方接收交易方发送的交易。其中,交易带有交易方的身份验证信息,身份验证信息包括第一签名。In an embodiment, FIG. 1 is a flowchart of a blockchain-based multi-level signature method according to an embodiment of the present application. As shown in FIG. 1, the method includes the following steps: Step S110, the institution service party receives the transaction The transaction sent by the party. Wherein, the transaction carries the identity verification information of the transaction party, and the identity verification information includes the first signature.
步骤S120,机构服务方获取与交易对应的交易证书并将交易证书发送至区块链节点。其中,区块链节点对交易证书进行共识。In step S120, the institution service party obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node. Among them, the blockchain nodes agree on the transaction certificate.
步骤S130,机构服务方根据交易证书对交易进行签名得到第二签名,将带有第二签 名的交易发送至区块链节点。其中,区块链节点在对交易的第二签名以及身份验证信息进行验证,在验证成功的情况下将交易存储至区块链。In step S130, the agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the second signature to the blockchain node. Among them, the blockchain node verifies the second signature of the transaction and the identity verification information, and stores the transaction in the blockchain when the verification is successful.
步骤S110至步骤S130中,机构服务方在接收到交易发送方发送的交易之后,获取与该交易对应的交易证书,该交易证书可以是认证机构颁发的证书,也可以是与机构服务方对应的节点根据预设的智能合约,通过交易信息产生的交易证书。机构服务方将该交易证书发送至区块链节点,通过区块链节点对交易证书进行共识。此外,机构服务方根据交易证书对交易进行签名得到第二签名,将带有第二签名的交易发送至区块链节点。需要说明的是,在实际应用场景中,随着交易的不断流转,该交易不仅包括第一签名和第二签名,而是可以包含多级签名,同时,区块链中的各个节点都可以获取交易证书,并通过交易证书对交易中的多级签名进行验证,实现交易的全链路溯源。In step S110 to step S130, after receiving the transaction sent by the transaction sender, the agency service party obtains the transaction certificate corresponding to the transaction. The transaction certificate can be a certificate issued by a certification authority or corresponding to the agency service party The node generates a transaction certificate through transaction information according to a preset smart contract. The institutional service party sends the transaction certificate to the blockchain node, and the transaction certificate is agreed upon through the blockchain node. In addition, the institutional service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the second signature to the blockchain node. It should be noted that in actual application scenarios, as the transaction continues to flow, the transaction not only includes the first signature and the second signature, but can also include multi-level signatures. At the same time, each node in the blockchain can obtain The transaction certificate is used to verify the multi-level signature in the transaction through the transaction certificate to realize the full-chain traceability of the transaction.
在其中一些实施例中,在机构服务方包括机构服务平台和与该机构服务方平台对应的区块链节点的情况下,获取与交易对应的交易证书方法包括:机构服务方构建交易证书请求,交易证书请求中包括请求体、请求体签名和客户端证书;区块链节点验证交易证书请求中的请求体签名和客户端证书,在验证成功的情况下,解析请求体中的临时公钥,并根据临时公钥生成交易证书。其中,临时公钥为交易方生成的,上述客户端是机构服务方的客户端,请求体签名由客户端证书的私钥对请求体签名生成。本实施例提供了一种交易证书的生成方式,使得区块链上有统一的交易证书生成规则,可以使得交易溯源更加准确和高效。In some of the embodiments, in the case that the institution service party includes an institution service platform and a blockchain node corresponding to the institution service party platform, the method for obtaining a transaction certificate corresponding to the transaction includes: the institution service party constructs a transaction certificate request, The transaction certificate request includes the request body, the request body signature and the client certificate; the blockchain node verifies the request body signature and the client certificate in the transaction certificate request, and in the case of successful verification, parses the temporary public key in the request body, And generate a transaction certificate based on the temporary public key. Among them, the temporary public key is generated by the transaction party, the above-mentioned client is the client of the agency service party, and the request body signature is generated by signing the request body by the private key of the client certificate. This embodiment provides a method for generating transaction certificates, so that there are unified transaction certificate generation rules on the blockchain, which can make transaction traceability more accurate and efficient.
根据本申请的另一个方面,图2是根据本申请另一个实施例中基于区块链的多级签名方法的流程图,如图2所示,提供了一种基于区块链的多级签名方法,该方法包括以下步骤:步骤S210,区块链节点接收机构服务方节点发送的交易证书,并在区块链的全网节点通过共识机制进行交易证书的同步。其中,交易证书是机构服务方节点获取到带有交易方身份验证信息的交易后生成的。According to another aspect of the present application, FIG. 2 is a flowchart of a blockchain-based multi-level signature method according to another embodiment of the present application. As shown in FIG. 2, a blockchain-based multi-level signature is provided Method, the method includes the following steps: Step S210, the blockchain node receives the transaction certificate sent by the agency server node, and synchronizes the transaction certificate through the consensus mechanism on the entire network nodes of the blockchain. Among them, the transaction certificate is generated after the service party node of the institution obtains the transaction with the identity verification information of the transaction party.
步骤S220,区块链节点接收机构服务方节点发送的带有多级签名的交易。其中,多级签名包括交易方身份验证信息和所述机构服务方节点根据所述交易证书对所述交易进行的签名。In step S220, the blockchain node receives the transaction with the multi-level signature sent by the institution server node. Wherein, the multi-level signature includes the identity verification information of the transaction party and the signature of the transaction performed by the institution server node according to the transaction certificate.
步骤S230,区块链节点对交易的多级签名进行验证,在验证成功的情况下,将交易存储到区块链上。Step S230, the blockchain node verifies the multi-level signature of the transaction, and if the verification is successful, the transaction is stored on the blockchain.
通过步骤S210至步骤S230,区块链节点将交易证书和交易均存储在区块链上,并通过交易证书对交易中的多级签名进行验证,实现交易的全链路溯源。Through step S210 to step S230, the blockchain node stores both the transaction certificate and the transaction on the blockchain, and verifies the multi-level signature in the transaction through the transaction certificate, so as to realize the full-chain traceability of the transaction.
在其中一些实施例中,对交易的多级签名进行验证包括验证第二签名,在第二签名验证通过的情况下,再进行交易发送方身份验证信息的验证。对多级签名层层进行验证,先进行机构服务方的签名验证,再进行交易方的签名验证。可选地,在交易包括多级签名的情况下,按照后签名先验证的顺序进行签名验证。从而使得验证更加准确,也更加便于溯源。In some of the embodiments, verifying the multi-level signature of the transaction includes verifying the second signature, and if the second signature verification is passed, then verifying the identity verification information of the transaction sender. To verify the multi-level signature layer by layer, the signature verification of the agency service party is performed first, and then the signature verification of the transaction party is performed. Optionally, in the case where the transaction includes a multi-level signature, the signature verification is performed in the order of the post-signature verification first. This makes the verification more accurate and easier to trace.
在其中一些实施例中,区块链节点将交易证书存储在配置区块链上,并在区块链的全网节点通过共识机制进行证书的同步,将交易证书存储在特定的区块链中,例如一条区块链用于存储交易,另一条专门用于存储交易证书,在验证过程中获取证书的过程将更为高效, 也使得交易证书的可靠性更强。In some of these embodiments, the blockchain node stores the transaction certificate on the configuration blockchain, and synchronizes the certificate through the consensus mechanism on the entire network of the blockchain, and stores the transaction certificate in a specific blockchain For example, one blockchain is used to store transactions, and the other is dedicated to storing transaction certificates. The process of obtaining certificates during the verification process will be more efficient, and the reliability of transaction certificates will be stronger.
在其中一些实施例中,对交易的多级签名进行签名验证包括:从区块链上获取交易证书,根据交易证书对机构服务方节点的签名进行验证。在本实施中,由于区块链中的各个节点都可以获取交易证书,因此区块链上的任意节点在获取到交易证书的情况下均可以对交易中的多级签名进行验证。In some of the embodiments, performing signature verification on the multi-level signature of the transaction includes: obtaining a transaction certificate from the blockchain, and verifying the signature of the agency server node according to the transaction certificate. In this implementation, since each node in the blockchain can obtain the transaction certificate, any node on the blockchain can verify the multi-level signature in the transaction when the transaction certificate is obtained.
根据本申请的另一个方面,图3是根据本申请又一个实施例中基于区块链的多级签名方法的流程图,如图3所示,该方法包括:步骤S310,机构服务方接收交易方发送的交易,其中,交易带有交易方的身份验证信息,身份验证信息包括第一签名。According to another aspect of the present application, FIG. 3 is a flowchart of a blockchain-based multi-level signature method according to another embodiment of the present application. As shown in FIG. 3, the method includes: step S310, the institution service party receives the transaction A transaction sent by a party, where the transaction carries identity verification information of the transaction party, and the identity verification information includes the first signature.
步骤S320,机构服务方获取与交易对应的交易证书并将交易证书发送至区块链节点,在区块链节点对交易证书进行共识。In step S320, the service party of the institution obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, where the transaction certificate is agreed upon.
步骤S330,机构服务方根据交易证书对交易进行签名得到第二签名,将带有身份验证信息和第二签名的交易发送至区块链节点。In step S330, the agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the identity verification information and the second signature to the blockchain node.
步骤S340,区块链节点接收机构服务方节点发送的带有多级签名的交易,对交易的多级签名进行验证,在验证成功的情况下,将交易存储到区块链上。其中,多级签名包括第一签名和第二签名。本实施例中,机构服务方接收交易方发送的交易,获取与交易对应的交易证书并将交易证书发送至区块链节点,并且根据交易证书对交易进行签名得到多级签名,将带有多级签名的交易发送至区块链节点,可以通过多级签名实现交易转发全链路可追溯,加强整个交易链路安全性,提升交易可追溯机制。In step S340, the blockchain node receives the transaction with the multi-level signature sent by the agency server node, verifies the multi-level signature of the transaction, and stores the transaction on the blockchain if the verification is successful. Among them, the multi-level signature includes the first signature and the second signature. In this embodiment, the institutional service party receives the transaction sent by the transaction party, obtains the transaction certificate corresponding to the transaction, sends the transaction certificate to the blockchain node, and signs the transaction according to the transaction certificate to obtain a multi-level signature, which will carry multiple signatures. Level-signatured transactions are sent to blockchain nodes, and the full-chain traceability of transaction forwarding can be realized through multi-level signatures, which strengthens the security of the entire transaction link and improves the transaction traceability mechanism.
在其中一些实施例中,将交易证书存储在配置区块链上,并在区块链的全网节点通过共识机制进行证书的同步,将交易证书存储在特定的区块链中,例如一条区块链用于存储交易,另一条专门用于存储交易证书,在验证过程中获取证书的过程将更为高效,也使得交易证书的可靠性更强。In some of these embodiments, the transaction certificate is stored on the configuration blockchain, and the certificates are synchronized through the consensus mechanism on the entire network nodes of the blockchain, and the transaction certificate is stored in a specific blockchain, such as a block. The block chain is used to store transactions, and the other is dedicated to storing transaction certificates. The process of obtaining certificates in the verification process will be more efficient and make the transaction certificates more reliable.
在其中一些实施例中,对交易的多级签名进行签名验证包括:从区块链上获取交易证书,根据交易证书对机构服务方节点的签名进行验证。在本实施中,由于区块链中的各个节点都可以获取交易证书,因此区块链上的任意节点在获取到交易证书的情况下均可以对交易中的多级签名进行验证。In some of the embodiments, performing signature verification on the multi-level signature of the transaction includes: obtaining a transaction certificate from the blockchain, and verifying the signature of the agency server node according to the transaction certificate. In this implementation, since each node in the blockchain can obtain the transaction certificate, any node on the blockchain can verify the multi-level signature in the transaction when the transaction certificate is obtained.
在其中一些实施例中,机构服务方接收交易方发送的交易之前,交易方通过交易方私钥对交易进行签名得到第一签名,将带有第一签名的交易发送给机构服务方。In some of these embodiments, before the institution service party receives the transaction sent by the transaction party, the transaction party signs the transaction with the transaction party's private key to obtain the first signature, and sends the transaction with the first signature to the institution service party.
在其中一些实施例中,机构服务方的客户端生成临时公钥和临时私钥对,向区块链节点发送交易证书请求,交易证书请求包括请求体、请求体签名和与客户端对应的客户端证书;区块链节点验证请求体签名和客户端证书,在验证成功的情况下,解析请求体中的临时公钥,并根据临时公钥生成所述交易证书,机构服务方获取交易证书。本实施了中提供了一种生成交易证书的具体过程,使得区块链上有统一的交易证书生成规则,可以使得交易溯源更加准确和高效。In some of the embodiments, the client of the agency service party generates a temporary public key and a temporary private key pair, and sends a transaction certificate request to the blockchain node. The transaction certificate request includes the request body, the request body signature, and the client corresponding to the client End certificate; the blockchain node verifies the signature of the request body and the client certificate, and in the case of successful verification, parses the temporary public key in the request body, and generates the transaction certificate according to the temporary public key, and the agency service party obtains the transaction certificate. This implementation provides a specific process for generating transaction certificates, so that there are unified transaction certificate generation rules on the blockchain, which can make transaction traceability more accurate and efficient.
在其中一些实施例中,机构服务方接收交易方发送的交易之后,区块链节点验证第一签名,验证交易方私钥类型,在交易方私钥类型为ECC的情况下,根据交易方公钥生成客户端 证书和客户端证书私钥,并将客户端证书和客户端证书私钥发送至交易方。本实施例中提供了一种客户端证书的生成方式,用于对机构服务方的客户端进行认证,从而使得基于区块链的多级签名方法可靠性更强。In some of these embodiments, after the institutional service party receives the transaction sent by the transaction party, the blockchain node verifies the first signature and verifies the transaction party’s private key type. In the case that the transaction party’s private key type is ECC, according to the transaction party’s public key type The key generates the client certificate and client certificate private key, and sends the client certificate and client certificate private key to the transaction party. In this embodiment, a client certificate generation method is provided, which is used to authenticate the client of the agency service party, thereby making the blockchain-based multi-level signature method more reliable.
根本申请的另一个方面,图4是根据本申请一个实施例中基于区块链的多级签名方法的示意图,如图4所示,提供了一种基于配置区块的区块链多级签名方法,具体包括如下步骤:步骤一,交易发送方进行一级签名:一笔交易发送到区块链网络之前,交易发送方通过自己的私钥进行数字签名,将带有发送方数字签名的交易转发到提供服务机构的节点上。该步骤通过密码学的手段对该笔交易进行确权,证明该笔交易的确是发送方发送,可以有效防范用户抵赖。步骤二:机构服务方获取证书并存储于配置区块链:机构服务方接受到该笔交易后,获取相应证书,进行第二层级(机构层级)的签名,将证书信息发送至区块链节点,区块链节点将证书存储在配置区块链上,并在全网节点通过共识机制进行证书信息的全同步,实现证书上链。服务方证书存储于配置区块链中,用于之后进行机构服务方签名验证。证书上链,利用区块链不可篡改的特性,起到机构身份公证的效果,后续使用该证书验证签名更具说服力,无从抵赖。步骤三:机构服务方使用证书进行二级签名:机构服务方对该笔交易进行二次签名,并将带有两级签名的交易和证书转发到区块链节点。二次签名有效记录了交易的转发路径,证明该交易时由相应机构服务方转发上链,可有效进行交易全流程的追踪。步骤四:区块链节点进行二级验签并将签名和交易上链:区块链节点接收到所述带有两级签名的交易和证书后,进行机构服务方的签名验证;验证通过后,再进行交易发送方的签名验证,否则拒绝交易上链;交易发送方签名验证通过后,将交易存储到区块链上,全网同步更新该笔交易,否则,拒绝交易上链。Another aspect of the fundamental application. Figure 4 is a schematic diagram of a blockchain-based multi-level signature method according to an embodiment of this application. As shown in Figure 4, a blockchain multi-level signature based on configuration blocks is provided. The method specifically includes the following steps: Step 1, the transaction sender performs a primary signature: Before a transaction is sent to the blockchain network, the transaction sender uses its own private key to digitally sign the transaction with the sender’s digital signature Forward to the node of the service provider. This step confirms the rights of the transaction through cryptographic means, and proves that the transaction is indeed sent by the sender, which can effectively prevent user denial. Step 2: The institution service party obtains the certificate and stores it in the configuration blockchain: After the institution service party accepts the transaction, it obtains the corresponding certificate, performs the second-level (institutional level) signature, and sends the certificate information to the blockchain node , The blockchain node stores the certificate on the configuration blockchain, and all nodes in the whole network synchronize the certificate information through a consensus mechanism to realize the certificate on the chain. The server certificate is stored in the configuration block chain, and is used for subsequent signature verification of the agency server. The certificate is on the chain, using the non-tamperable feature of the blockchain, which has the effect of notarizing the identity of the organization. The subsequent use of the certificate to verify the signature is more convincing and irresistible. Step 3: The institution service party uses the certificate to perform the secondary signature: the institution service party performs a secondary signature on the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node. The second signature effectively records the forwarding path of the transaction and proves that the transaction is forwarded on the chain by the corresponding agency service party, which can effectively track the entire transaction process. Step 4: The blockchain node performs two-level verification and uploads the signature and transaction to the chain: After the blockchain node receives the transaction and certificate with the two-level signature, it performs the signature verification of the agency service party; after the verification is passed , And then verify the signature of the transaction sender, otherwise the transaction will be rejected; after the transaction sender’s signature verification is passed, the transaction will be stored on the blockchain and the entire network will update the transaction synchronously; otherwise, the transaction will be rejected.
带有多级签名的交易上链存储,利用区块链不可篡改的特性,可使得交易全链路信息更可靠可信。用户查询交易时,将配置区块链的证书进行机构服务方签名验证,知晓交易的机构转发方;通过发送方签名交易,知晓交易发送方,从而实现交易的多级签名可追溯。The on-chain storage of transactions with multi-level signatures makes use of the non-tamperable characteristics of the blockchain to make the entire transaction chain information more reliable and credible. When users inquire about transactions, they will configure the certificate of the blockchain to verify the signature of the agency service party, and the agency forwarder who knows the transaction; through the sender's signature transaction, know the sender of the transaction, so that the multi-level signature of the transaction can be traced.
图5是根据本申请一个实施例中基于区块链的多级签名方法中一级签名的示意图,如图5所示,用户签名后发起交易至区块链节点,节点验签通过后进行共识将交易上链,本申请的多级签名方法与原始一级签名流程相比,通过在交易中增加转发交易的服务节点的签名,并在配置区块链中存储服务节点证书用于签名验证,实现了交易的转发路径的完整记录,从而保证交易全链路的可追溯,特别是在联盟链场景下,可有效记录交易的转发服务机构,防范机构端发送恶意交易,加强整个交易链路安全性,提升交易可追溯机制。Figure 5 is a schematic diagram of the first level signature in the blockchain-based multi-level signature method according to an embodiment of the present application. As shown in Figure 5, the user initiates a transaction to the blockchain node after signing, and the node performs a consensus after passing the verification Put the transaction on the chain, the multi-level signature method of this application is compared with the original first-level signature process, by adding the signature of the service node that forwards the transaction in the transaction, and storing the service node certificate in the configuration blockchain for signature verification, A complete record of the forwarding path of the transaction is realized to ensure the traceability of the entire transaction link, especially in the alliance chain scenario, which can effectively record the forwarding service organization of the transaction, prevent the institution from sending malicious transactions, and strengthen the security of the entire transaction link Improve the transaction traceability mechanism.
在一些实施例中,机构服务方包括客户端的情况下,图6是根据本申请一个实施例中基于区块链的多级签名方法的示意图,如图6所示,该方法包括以下步骤:步骤一:客户端用户即交易方请求获取客户端证书,客户端用户向区块链节点所有者发送请求以便获取客户端证书,请求的内容包括客户端用户自己生成的公钥和对应私钥对该公钥的签名;私钥仅由用户妥善保存。步骤二,区块链节点所有者验证客户端证书请求,首先验证签名的合法性,其次验证私钥类型是否为ECC,验证通过后区块链节点所有者为该公钥生成客户端证书和私钥并返回给请求的客户端用户。客户端请求交易证书:每次交易前客户端用户先请求交易证 书,首先生成一对临时的公私钥对向区块链节点所有者发送一个交易证书请求,交易证书请求的内容包括对交易证书的请求体、客户端证书私钥对请求体的签名以及客户端证书,其中请求体是交易的主要内容,其他附带信息用于完成相应基于密码学算法的身份证明。步骤四,区块链节点所有者验证交易证书请求:具体包括验证签名的合法性和验证客户端证书,验证通过后区块链节点解析出交易证书请求中的临时公钥,并为该公钥生成相应的交易证书返回给请求的客户端。此外,该交易证书还将通过区块链节点在区块链上进行共识。步骤五,发起交易:客户端用户获取到交易证书后发起交易,具体为:首先生成一笔交易,然后客户端用户使用自己生成的私钥对交易签名得到签名后的交易,并用该交易构造请求,然后使用交易证书对请求进行签名,再附带交易证书发送相应的请求体到区块链节点中,区块链节点存储交易信息并验证该交易,然后同步除客户端交易证书签名以外的其他交易信息至全部节点。区块链节点将验证结果反馈给用户,若验证成功,表明交易成功;若验证失败,则表明交易失败。本申请的签名方法在交易中增加扩展字段存储表示渠道的签名,即客户端交易证书签名,并在区块链上共识,用以通过多级签名实现交易转发全链路可追溯,加强整个交易链路安全性,提升交易可追溯机制。In some embodiments, when the institutional service party includes a client, FIG. 6 is a schematic diagram of a blockchain-based multi-level signature method according to an embodiment of the present application. As shown in FIG. 6, the method includes the following steps: One: The client user is the transaction party requesting the client certificate. The client user sends a request to the owner of the blockchain node to obtain the client certificate. The content of the request includes the public key generated by the client user and the corresponding private key. The signature of the public key; the private key is only properly kept by the user. Step 2: The owner of the blockchain node verifies the client certificate request. First, it verifies the validity of the signature, and secondly verifies whether the private key type is ECC. After the verification is passed, the owner of the blockchain node generates a client certificate and private key for the public key. Key and return it to the requesting client user. Client request transaction certificate: Before each transaction, the client user first requests a transaction certificate, first generates a pair of temporary public and private key pairs to send a transaction certificate request to the blockchain node owner. The content of the transaction certificate request includes the transaction certificate The request body, the signature of the client certificate private key to the request body, and the client certificate, where the request body is the main content of the transaction, and other accompanying information is used to complete the corresponding identity certification based on the cryptographic algorithm. Step 4: The owner of the blockchain node verifies the transaction certificate request: it specifically includes verifying the legitimacy of the signature and verifying the client certificate. After the verification is passed, the blockchain node parses out the temporary public key in the transaction certificate request and is the public key Generate the corresponding transaction certificate and return it to the requesting client. In addition, the transaction certificate will also be used for consensus on the blockchain through blockchain nodes. Step 5, initiating a transaction: the client user initiates a transaction after obtaining the transaction certificate, specifically: first generate a transaction, then the client user uses the private key generated by the client to sign the transaction to obtain the signed transaction, and use the transaction to construct a request , And then use the transaction certificate to sign the request, and then attach the transaction certificate to send the corresponding request body to the blockchain node. The blockchain node stores the transaction information and verifies the transaction, and then synchronizes other transactions except the client transaction certificate signature Information to all nodes. The blockchain node feeds back the verification result to the user. If the verification is successful, the transaction is successful; if the verification fails, it indicates that the transaction failed. The signature method of this application adds an extension field to the transaction to store the signature of the channel, that is, the client transaction certificate signature, and the consensus on the blockchain is used to realize the traceability of the transaction forwarding through the multi-level signature and strengthen the entire transaction The security of the link improves the transaction traceability mechanism.
根据本申请的另一个方面,提供了一种基于区块链的多级签名装置,该装置包括机构服务方,机构服务方用于接收交易方发送的交易,获取与交易对应的交易证书并将交易证书发送至区块链节点,根据交易证书对交易进行签名得到第二签名,将带有第二签名的交易发送至区块链节点,其中,交易带有交易方的身份验证信息,身份验证信息包括第一签名,区块链节点对交易证书进行共识,区块链节点在对交易的第二签名以及身份验证信息进行验证,在验证成功的情况下将交易存储至区块链。上述基于区块链的多级签名装置根据交易证书对交易进行签名得到多级签名,将带有多级签名的交易发送至区块链节点,可以通过多级签名实现交易转发全链路可追溯,加强整个交易链路安全性,提升交易可追溯机制。According to another aspect of the present application, a multi-level signature device based on blockchain is provided. The device includes an institutional service party, which is used to receive a transaction sent by a transaction party, obtain a transaction certificate corresponding to the transaction, and The transaction certificate is sent to the blockchain node, the transaction is signed according to the transaction certificate to obtain the second signature, and the transaction with the second signature is sent to the blockchain node, where the transaction carries the identity verification information of the transaction party, and identity verification The information includes the first signature, the blockchain node agrees on the transaction certificate, the blockchain node verifies the second signature of the transaction and the identity verification information, and stores the transaction in the blockchain if the verification is successful. The above-mentioned blockchain-based multi-level signature device signs the transaction according to the transaction certificate to obtain a multi-level signature, and sends the transaction with the multi-level signature to the blockchain node, and the transaction forwarding can be traced through the multi-level signature. , Strengthen the security of the entire transaction link and improve the transaction traceability mechanism.
根据本申请的另一个方面,一种基于区块链的多级签名装置,装置包括区块链节点,区块链节点用于接收机构服务方节点发送的交易证书,并在区块链的全网节点通过共识机制进行交易证书的同步,接收机构服务方节点发送的带有多级签名的交易,对交易的多级签名进行验证,在验证成功的情况下,将交易存储到区块链上,其中,交易证书是机构服务方节点获取到带有交易方身份验证信息的交易后生成的,多级签名包括交易方身份验证信息和机构服务方节点根据交易证书对交易进行的签名。上述基于区块链的多级签名装置根据交易证书对交易进行签名得到多级签名,将带有多级签名的交易发送至区块链节点,可以通过多级签名实现交易转发全链路可追溯,加强整个交易链路安全性,提升交易可追溯机制。According to another aspect of the present application, a multi-level signature device based on a blockchain, the device includes a blockchain node, and the blockchain node is used to receive a transaction certificate sent by an institution's server node, and is used in the entire blockchain. The network node synchronizes the transaction certificate through the consensus mechanism, receives the transaction with the multi-level signature sent by the agency service node, verifies the multi-level signature of the transaction, and stores the transaction on the blockchain when the verification is successful , Where the transaction certificate is generated after the agency service party node obtains the transaction with the transaction party identity verification information, and the multi-level signature includes the transaction party’s identity verification information and the agency service party node’s signature on the transaction based on the transaction certificate. The above-mentioned blockchain-based multi-level signature device signs the transaction according to the transaction certificate to obtain a multi-level signature, and sends the transaction with the multi-level signature to the blockchain node, and the transaction forwarding can be traced through the multi-level signature. , Strengthen the security of the entire transaction link and improve the transaction traceability mechanism.
根据本申请的另一个方面,提供了一种基于区块链的多级签名装置,装置包括机构服务方和区块链节点,机构服务方接收交易方发送的交易,其中,交易带有交易方的身份验证信息,身份验证信息包括第一签名;机构服务方获取与交易对应的交易证书并将交易证书发送至区块链节点,在区块链节点对交易证书进行共识;机构服务方根据交易证书对交易进行签名得到第二签名,将带有身份验证信息和第二签名的交易发送至区块链节点;区块链节点接收机构服务方节点发送的带有多级签名的交易,对交易的多级签名进行验证,在验证成功 的情况下,将交易存储到区块链上,其中,多级签名包括第一签名和第二签名。上述基于区块链的多级签名装置根据交易证书对交易进行签名得到多级签名,将带有多级签名的交易发送至区块链节点,可以通过多级签名实现交易转发全链路可追溯,加强整个交易链路安全性,提升交易可追溯机制。According to another aspect of the present application, a multi-level signature device based on blockchain is provided. The device includes an institution service party and a block chain node. The institution service party receives a transaction sent by a transaction party, wherein the transaction has a transaction party. The identity verification information includes the first signature; the agency service party obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, and the transaction certificate is agreed upon at the blockchain node; the agency service party according to the transaction The certificate signs the transaction to obtain the second signature, and sends the transaction with the identity verification information and the second signature to the blockchain node; the blockchain node receives the transaction with the multi-level signature sent by the agency server node, and then the transaction If the verification is successful, the transaction is stored on the blockchain, where the multi-level signature includes the first signature and the second signature. The above-mentioned blockchain-based multi-level signature device signs the transaction according to the transaction certificate to obtain a multi-level signature, and sends the transaction with the multi-level signature to the blockchain node, and the transaction forwarding can be traced through the multi-level signature. , Strengthen the security of the entire transaction link and improve the transaction traceability mechanism.
根据本申请的另一个方面,提供了一种基于配置区块的区块链多级签名装置,装置包括交易发送方、机构服务方和区块链节点,交易发送方进行一级签名:一笔交易发送到区块链节点之前,交易发送方通过自己的私钥进行数字签名,将带有发送方数字签名的交易转发到提供服务机构的节点上;机构服务方获取证书并存储于配置区块链:机构服务方接受到该笔交易后,获取相应证书,将证书信息发送至区块链节点,区块链节点将证书存储在配置区块链上,并在全网节点通过共识机制进行证书信息的全同步;机构服务方使用证书进行二级签名,机构服务方对该笔交易进行二次签名,并将带有两级签名的交易和证书转发到区块链节点;区块链节点进行二级验签并将签名和交易上链:区块链节点接收到带有两级签名的交易和证书后,进行机构服务方的签名验证;验证通过后,再进行交易发送方的签名验证,交易发送方签名验证通过后,将交易存储到区块链上,全网同步更新该笔交易,否则拒绝交易上链。上述基于区块链的多级签名装置根据交易证书对交易进行签名得到多级签名,将带有多级签名的交易发送至区块链节点,可以通过多级签名实现交易转发全链路可追溯,加强整个交易链路安全性,提升交易可追溯机制。According to another aspect of the present application, a block chain multi-level signature device based on configuration blocks is provided. The device includes a transaction sender, an institution service party, and a blockchain node. The transaction sender performs a first-level signature: Before the transaction is sent to the blockchain node, the sender of the transaction digitally signs it with its own private key, and forwards the transaction with the sender's digital signature to the node of the service provider; the service provider of the institution obtains the certificate and stores it in the configuration block Chain: After receiving the transaction, the institutional service party obtains the corresponding certificate, sends the certificate information to the blockchain node, and the blockchain node stores the certificate on the configuration blockchain, and performs the certificate through the consensus mechanism on the entire network node Full synchronization of information; the agency service party uses the certificate to perform the secondary signature, the agency service party performs the secondary signature on the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node; the blockchain node performs Two-level verification and the signature and transaction on the chain: After the blockchain node receives the transaction and certificate with the two-level signature, it will verify the signature of the agency service party; after the verification is passed, the transaction sender's signature verification will be performed. After the transaction sender's signature is verified, the transaction is stored on the blockchain, and the entire network updates the transaction synchronously, otherwise the transaction is refused to be uploaded to the chain. The above-mentioned blockchain-based multi-level signature device signs the transaction according to the transaction certificate to obtain a multi-level signature, and sends the transaction with the multi-level signature to the blockchain node, and the transaction forwarding can be traced through the multi-level signature. , Strengthen the security of the entire transaction link and improve the transaction traceability mechanism.
根据本申请的另一个方面,提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现上述基于区块链的多级签名方法。上述基于区块链的多级签名计算机设备,通过接收交易方发送的交易,获取与交易对应的交易证书并将交易证书发送至区块链节点,根据交易证书对交易进行签名得到多级签名,将带有多级签名的交易发送至区块链节点,可以通过多级签名实现交易转发全链路可追溯,加强整个交易链路安全性,提升交易可追溯机制。According to another aspect of the present application, there is provided a computer device including a memory, a processor, and a computer program stored in the memory and capable of running on the processor. The processor implements the above-mentioned blockchain-based multiplexing when the computer program is executed. Level signature method. The above-mentioned multi-level signature computer equipment based on the block chain receives the transaction sent by the transaction party, obtains the transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, and signs the transaction according to the transaction certificate to obtain a multi-level signature. By sending transactions with multi-level signatures to blockchain nodes, the full-chain traceability of transaction forwarding can be realized through multi-level signatures, strengthening the security of the entire transaction link, and improving the transaction traceability mechanism.
根据本申请的另一个方面,提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现权上述基于区块链的多级签名方法。上述基于区块链的多级签名的计算机可读存储介质,通过接收交易方发送的交易,获取与交易对应的交易证书并将交易证书发送至区块链节点,根据交易证书对交易进行签名得到多级签名,将带有多级签名的交易发送至区块链节点,可以通过多级签名实现交易转发全链路可追溯,加强整个交易链路安全性,提升交易可追溯机制。According to another aspect of the present application, there is provided a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the above-mentioned blockchain-based multi-level signature method is realized. The above-mentioned block chain-based multi-level signature computer-readable storage medium receives the transaction sent by the transaction party, obtains the transaction certificate corresponding to the transaction, sends the transaction certificate to the blockchain node, and signs the transaction according to the transaction certificate. Multi-level signatures, which send transactions with multi-level signatures to blockchain nodes, can achieve full-chain traceability of transaction forwarding through multi-level signatures, strengthen the security of the entire transaction link, and improve the transaction traceability mechanism.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM 以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer program. The computer program can be stored in a non-volatile computer readable storage. In the medium, when the computer program is executed, it may include the procedures of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments can be combined arbitrarily. In order to make the description concise, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction between the combinations of these technical features, they should It is considered as the range described in this specification.
以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-mentioned embodiments only express several implementation manners of the present application, and the description is relatively specific and detailed, but it should not be understood as a limitation on the scope of the invention patent. It should be pointed out that for those of ordinary skill in the art, without departing from the concept of this application, several modifications and improvements can be made, and these all fall within the protection scope of this application. Therefore, the scope of protection of the patent of this application shall be subject to the appended claims.

Claims (20)

  1. 一种基于区块链的多级签名方法,其特征在于,所述方法包括:A blockchain-based multi-level signature method, characterized in that the method includes:
    接收交易方发送的交易,其中,所述交易带有所述交易方的身份验证信息,所述身份验证信息包括第一签名;Receiving a transaction sent by a transaction party, wherein the transaction carries identity verification information of the transaction party, and the identity verification information includes a first signature;
    获取与所述交易对应的交易证书并将所述交易证书发送至区块链节点,其中,所述区块链节点对所述交易证书进行共识;Obtaining a transaction certificate corresponding to the transaction and sending the transaction certificate to a blockchain node, where the blockchain node agrees on the transaction certificate;
    根据所述交易证书对所述交易进行签名得到第二签名,将带有第二签名的所述交易发送至所述区块链节点,其中,所述区块链节点在对所述交易的所述第二签名以及身份验证信息进行验证,在验证成功的情况下将所述交易存储至区块链。Sign the transaction according to the transaction certificate to obtain a second signature, and send the transaction with the second signature to the blockchain node, where the blockchain node is in charge of the transaction. The second signature and identity verification information are verified, and if the verification is successful, the transaction is stored in the blockchain.
  2. 根据权利要求1所述的方法,其特征在于,所述获取与所述交易对应的交易证书方法包括:The method according to claim 1, wherein the method for obtaining a transaction certificate corresponding to the transaction comprises:
    构建交易证书请求,所述交易证书请求包括请求体、请求体签名和客户端证书,其中,所述客户端证书是对所述第一签名的验证成功的情况下客户端获取到的证书,所述请求体签名由客户端证书的私钥对所述请求体签名生成;Construct a transaction certificate request. The transaction certificate request includes a request body, a request body signature, and a client certificate, where the client certificate is a certificate obtained by the client when the verification of the first signature succeeds, so The request body signature is generated by signing the request body by the private key of the client certificate;
    验证所述请求体签名和所述客户端证书,在验证成功的情况下,解析所述请求体中的临时公钥,并根据所述临时公钥生成所述交易证书,其中,所述临时公钥为所述交易方生成的。The signature of the request body and the client certificate are verified, and if the verification is successful, the temporary public key in the request body is parsed, and the transaction certificate is generated according to the temporary public key, wherein the temporary public key The key is generated by the transaction party.
  3. 一种基于区块链的多级签名方法,其特征在于,所述方法包括:A blockchain-based multi-level signature method, characterized in that the method includes:
    接收机构服务方节点发送的交易证书,并在区块链的全网节点通过共识机制进行所述交易证书的同步,其中,所述交易证书是所述机构服务方节点获取到带有交易方身份验证信息的交易后生成的;Receive the transaction certificate sent by the institutional server node, and synchronize the transaction certificate through the consensus mechanism on the entire network nodes of the blockchain, where the transaction certificate is obtained by the institutional server node with the identity of the transaction party Generated after the transaction of verification information;
    接收机构服务方节点发送的带有多级签名的所述交易,其中,所述多级签名包括所述交易方身份验证信息和所述机构服务方节点根据所述交易证书对所述交易进行的签名;Receive the transaction with a multi-level signature sent by an agency server node, wherein the multi-level signature includes the transaction party identity verification information and the agency server node performs the transaction on the transaction according to the transaction certificate signature;
    对所述交易的所述多级签名进行验证,在验证成功的情况下,将所述交易存储到区块链上。The multi-level signature of the transaction is verified, and if the verification is successful, the transaction is stored on the blockchain.
  4. 根据权利要求3所述的方法,其特征在于,接收机构服务方节点发送的交易证书,并在区块链的全网节点通过共识机制进行所述交易证书的同步包括:The method according to claim 3, characterized in that receiving the transaction certificate sent by the service party node of the institution, and synchronizing the transaction certificate through a consensus mechanism on the entire network nodes of the blockchain comprises:
    接收机构服务方节点发送的所述交易证书,将所述交易证书存储在配置区块链上,并在区块链的全网节点通过共识机制进行所述证书的同步。Receive the transaction certificate sent by the service party node of the institution, store the transaction certificate on the configuration blockchain, and synchronize the certificate through a consensus mechanism on all nodes of the blockchain.
  5. 根据权利要求3所述的方法,其特征在于,所述对所述交易的所述多级签名进行签名验证包括:The method according to claim 3, wherein said performing signature verification on said multi-level signature of said transaction comprises:
    从所述区块链上获取所述交易证书;Obtaining the transaction certificate from the blockchain;
    根据所述交易证书对所述机构服务方节点的签名进行验证,验证通过后,再进行交易发方身份验证信息的验证,验证通过后,将所述交易存储到所述区块链上,全网同步更新所述交易,否则拒绝所述交易上链。According to the transaction certificate, the signature of the service party node of the institution is verified. After the verification is passed, the identity verification information of the transaction sender is verified. After the verification is passed, the transaction is stored on the blockchain. The network updates the transaction synchronously, otherwise the transaction is refused to be uploaded to the chain.
  6. 一种基于区块链的多级签名方法,其特征在于,所述方法包括:A blockchain-based multi-level signature method, characterized in that the method includes:
    机构服务方接收交易方发送的交易,其中,所述交易带有所述交易方的身份验证信息, 所述身份验证信息包括第一签名;The institutional service party receives the transaction sent by the transaction party, wherein the transaction carries identity verification information of the transaction party, and the identity verification information includes a first signature;
    所述机构服务方获取与所述交易对应的交易证书并将所述交易证书发送至区块链节点,在所述区块链节点对所述交易证书进行共识;The institutional service party obtains a transaction certificate corresponding to the transaction and sends the transaction certificate to a blockchain node, where a consensus is reached on the transaction certificate;
    所述机构服务方根据所述交易证书对所述交易进行签名得到第二签名,将带有所述身份验证信息和所述第二签名的所述交易发送至所述区块链节点;The agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the identity verification information and the second signature to the blockchain node;
    所述区块链节点接收机构服务方节点发送的带有多级签名的所述交易,对所述交易的所述多级签名进行验证,在验证成功的情况下,将所述交易存储到区块链上,其中,所述多级签名包括所述第一签名和所述第二签名。The blockchain node receives the transaction with a multi-level signature sent by the service party node of the organization, verifies the multi-level signature of the transaction, and stores the transaction in the area if the verification is successful. On a block chain, wherein the multi-level signature includes the first signature and the second signature.
  7. 根据权利要求6所述的方法,其特征在于,所述在所述区块链平台对所述交易证书进行共识包括:The method according to claim 6, wherein the consensus on the transaction certificate on the blockchain platform comprises:
    将所述交易证书存储在配置区块链上,并在区块链的全网节点通过共识机制进行所述证书的同步。The transaction certificate is stored on the configuration block chain, and the certificates are synchronized through the consensus mechanism on the entire network nodes of the block chain.
  8. 根据权利要求6所述的方法,其特征在于,所述机构服务方接收交易方发送的交易之前,所述方法包括:The method according to claim 6, characterized in that, before the service party of the institution receives the transaction sent by the transaction party, the method comprises:
    所述交易方通过交易方私钥对所述交易进行签名得到第一签名,将带有所述第一签名的交易发送给所述机构服务方。The transaction party signs the transaction using the transaction party's private key to obtain a first signature, and sends the transaction with the first signature to the institution service party.
  9. 根据权利要求6所述的方法,其特征在于,所述机构服务方获取与所述交易对应的交易证书包括:The method according to claim 6, wherein the obtaining of the transaction certificate corresponding to the transaction by the service party of the institution comprises:
    所述机构服务方的客户端生成临时公钥和临时私钥对,向所述区块链节点发送交易证书请求,所述交易证书请求包括请求体、请求体签名和与所述客户端对应的客户端证书;The client of the agency service party generates a pair of a temporary public key and a temporary private key, and sends a transaction certificate request to the blockchain node. The transaction certificate request includes the request body, the request body signature, and the client Client certificate;
    所述区块链节点验证所述请求体签名和所述客户端证书,在验证成功的情况下,解析所述请求体中的所述临时公钥,并根据所述临时公钥生成所述交易证书;The blockchain node verifies the signature of the request body and the client certificate, and in the case of successful verification, parses the temporary public key in the request body, and generates the transaction according to the temporary public key certificate;
    所述机构服务方获取所述交易证书。The service party of the institution obtains the transaction certificate.
  10. 根据权利要求6所述的方法,其特征在于,所述机构服务方接收交易方发送的交易之后,所述方法包括:The method according to claim 6, wherein after the service party of the institution receives the transaction sent by the transaction party, the method comprises:
    所述区块链节点验证所述第一签名,验证所述交易方私钥类型,在所述交易方私钥类型为ECC椭圆曲线机密算法的情况下,根据所述交易方公钥生成所述客户端证书和客户端证书私钥,并将所述客户端证书和所示客户端证书私钥发送至所述交易方。The blockchain node verifies the first signature, verifies the private key type of the transaction party, and in the case that the private key type of the transaction party is the ECC elliptic curve secret algorithm, generates the Client certificate and client certificate private key, and sending the client certificate and the client certificate private key to the transaction party.
  11. 根据权利要求10所述的方法,其特征在于,所述交易方公钥和所述交易方私钥通过椭圆曲线数字签名算法生成,所述交易方公钥的散列值为所述交易方的账户地址。The method according to claim 10, wherein the transaction party public key and the transaction party private key are generated by an elliptic curve digital signature algorithm, and the hash value of the transaction party public key is the transaction party’s Account address.
  12. 一种基于配置区块的区块链多级签名方法,其特征在于,所述方法包括:A blockchain multi-level signature method based on configuration blocks, characterized in that the method includes:
    交易发送方进行一级签名:一笔交易发送到区块链网络之前,交易发送方通过自己的私钥进行数字签名,将带有发送方数字签名的交易转发到提供服务机构的节点上;The transaction sender performs primary signature: Before a transaction is sent to the blockchain network, the transaction sender digitally signs with its own private key, and forwards the transaction with the sender's digital signature to the node of the service provider;
    机构服务方获取证书并存储于配置区块链:机构服务方接受到该笔交易后,获取相应证书,将证书信息发送至区块链节点,区块链节点将证书存储在配置区块链上,并在全网节点通过共识机制进行证书信息的全同步;The institutional service party obtains the certificate and stores it on the configuration blockchain: After the institution service party accepts the transaction, it obtains the corresponding certificate, sends the certificate information to the blockchain node, and the blockchain node stores the certificate on the configuration blockchain , And perform full synchronization of certificate information through a consensus mechanism in the entire network nodes;
    机构服务方使用证书进行二级签名,机构服务方对该笔交易进行二次签名,并将带有两级签名的交易和证书转发到区块链节点;The agency service party uses the certificate to perform the secondary signature, and the agency service party performs the secondary signature on the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node;
    区块链节点进行二级验签并将签名和交易上链:区块链节点接收到所述带有两级签名的交易和证书后,进行机构服务方的签名验证;验证通过后,再进行交易发送方的签名验证,交易发送方签名验证通过后,将交易存储到区块链上,全网同步更新该笔交易,否则拒绝交易上链。The blockchain node performs the second-level verification and uploads the signature and transaction to the chain: After the blockchain node receives the transaction and certificate with the two-level signature, it performs the signature verification of the agency service party; after the verification is passed, it is performed again The signature of the transaction sender is verified. After the transaction sender's signature verification is passed, the transaction is stored on the blockchain, and the entire network updates the transaction synchronously, otherwise the transaction is rejected on the chain.
  13. 根据权利要求12所述的方法,其特征在于,步骤二中所述获取相应证书进行第二层级的签名,并且证书存储于配置区块链中。The method according to claim 12, wherein the corresponding certificate is obtained in step 2 to perform the second-level signature, and the certificate is stored in the configuration blockchain.
  14. 根据权利要求12所述的方法,其特征在于,将证书存储于配置区块链从而使用所述证书进行机构服务方签名验证,知晓交易的机构转发方;通过发送方签名交易,知晓交易发送方。The method according to claim 12, wherein the certificate is stored in the configuration block chain so as to use the certificate to verify the signature of the agency service party, know the agency forwarder of the transaction; and know the transaction sender by signing the transaction by the sender .
  15. 一种基于区块链的多级签名装置,其特征在于,所述装置包括机构服务方,A block chain-based multi-level signature device, characterized in that the device includes an institutional service party,
    所述机构服务方用于接收交易方发送的交易,获取与所述交易对应的交易证书并将所述交易证书发送至区块链节点,根据所述交易证书对所述交易进行签名得到第二签名,将带有第二签名的所述交易发送至所述区块链节点,其中,所述交易带有所述交易方的身份验证信息,所述身份验证信息包括第一签名,所述区块链节点对所述交易证书进行共识,所述区块链节点在对所述交易的所述第二签名以及身份验证信息进行验证,在验证成功的情况下将所述交易存储至区块链。The institutional service party is used to receive the transaction sent by the transaction party, obtain the transaction certificate corresponding to the transaction and send the transaction certificate to the blockchain node, and sign the transaction according to the transaction certificate to obtain the second Signing, sending the transaction with the second signature to the blockchain node, wherein the transaction carries the identity verification information of the transaction party, the identity verification information includes the first signature, and the zone The block chain node performs a consensus on the transaction certificate, the block chain node verifies the second signature of the transaction and the identity verification information, and stores the transaction in the block chain if the verification is successful .
  16. 一种基于区块链的多级签名装置,其特征在于,所述装置包括区块链节点,A block chain-based multi-level signature device, characterized in that the device includes a block chain node,
    所述区块链节点用于接收机构服务方节点发送的交易证书,并在区块链的全网节点通过共识机制进行所述交易证书的同步,接收机构服务方节点发送的带有多级签名的所述交易,对所述交易的所述多级签名进行验证,在验证成功的情况下,将所述交易存储到区块链上,其中,所述交易证书是所述机构服务方节点获取到带有交易方身份验证信息的交易后生成的,所述多级签名包括所述交易方身份验证信息和所述机构服务方节点根据所述交易证书对所述交易进行的签名。The blockchain node is used to receive the transaction certificate sent by the agency server node, and synchronize the transaction certificate through the consensus mechanism on the entire network of the blockchain, and receive the multi-level signature sent by the agency server node The transaction, the multi-level signature of the transaction is verified, and in the case of a successful verification, the transaction is stored on the blockchain, wherein the transaction certificate is obtained by the institution server node Generated after the transaction with the identity verification information of the transaction party, the multi-level signature includes the identity verification information of the transaction party and the signature of the transaction by the agency service node according to the transaction certificate.
  17. 一种基于区块链的多级签名装置,其特征在于,所述装置包括机构服务方和区块链节点,A block chain-based multi-level signature device, characterized in that the device includes an institution service party and a block chain node,
    所述机构服务方接收交易方发送的交易,其中,所述交易带有所述交易方的身份验证信息,所述身份验证信息包括第一签名;The agency service party receives a transaction sent by a transaction party, wherein the transaction carries identity verification information of the transaction party, and the identity verification information includes a first signature;
    所述机构服务方获取与所述交易对应的交易证书并将所述交易证书发送至所述区块链节点,在所述区块链节点对所述交易证书进行共识;The institutional service party obtains a transaction certificate corresponding to the transaction and sends the transaction certificate to the blockchain node, and the transaction certificate is agreed upon at the blockchain node;
    所述机构服务方根据所述交易证书对所述交易进行签名得到第二签名,将带有所述身份验证信息和所述第二签名的所述交易发送至所述区块链节点;所述区块链节点接收机构服务方节点发送的带有多级签名的所述交易,对所述交易的所述多级签名进行验证,在验证成功的情况下,将所述交易存储到区块链上,其中,所述多级签名包括所述第一签名和所述第二签名。The agency service party signs the transaction according to the transaction certificate to obtain a second signature, and sends the transaction with the identity verification information and the second signature to the blockchain node; The blockchain node receives the transaction with the multi-level signature sent by the agency service node, verifies the multi-level signature of the transaction, and stores the transaction in the blockchain if the verification is successful Above, wherein the multi-level signature includes the first signature and the second signature.
  18. 一种基于配置区块的区块链多级签名装置,其特征在于,所述装置包括交易发送方、机构服务方和区块链节点,A block chain multi-level signature device based on configuration blocks, characterized in that the device includes a transaction sender, an institution service party and a block chain node,
    交易发送方进行一级签名:一笔交易发送到所述区块链节点之前,交易发送方通过自己的私钥进行数字签名,将带有发送方数字签名的交易转发到提供服务机构的节点上;The transaction sender performs primary signature: Before a transaction is sent to the blockchain node, the transaction sender digitally signs with its own private key, and forwards the transaction with the sender's digital signature to the node of the service provider ;
    机构服务方获取证书并存储于配置区块链:机构服务方接受到该笔交易后,获取相应证书,将证书信息发送至区块链节点,区块链节点将证书存储在配置区块链上,并在全网节点通过共识机制进行证书信息的全同步;The institutional service party obtains the certificate and stores it on the configuration blockchain: After the institution service party accepts the transaction, it obtains the corresponding certificate, sends the certificate information to the blockchain node, and the blockchain node stores the certificate on the configuration blockchain , And perform full synchronization of certificate information through a consensus mechanism in the entire network nodes;
    机构服务方使用证书进行二级签名,机构服务方对该笔交易进行二次签名,并将带有两级签名的交易和证书转发到区块链节点;The agency service party uses the certificate to perform the secondary signature, and the agency service party performs the secondary signature on the transaction, and forwards the transaction and the certificate with the two-level signature to the blockchain node;
    区块链节点进行二级验签并将签名和交易上链:区块链节点接收到所述带有两级签名的交易和证书后,进行机构服务方的签名验证;验证通过后,再进行交易发送方的签名验证,交易发送方签名验证通过后,将交易存储到区块链上,全网同步更新该笔交易,否则拒绝交易上链。The blockchain node performs the second-level verification and uploads the signature and transaction to the chain: After the blockchain node receives the transaction and certificate with the two-level signature, it performs the signature verification of the agency service party; after the verification is passed, it is performed again The signature of the transaction sender is verified. After the transaction sender's signature verification is passed, the transaction is stored on the blockchain, and the entire network updates the transaction synchronously, otherwise the transaction is rejected on the chain.
  19. 一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现权利要求1至18中任一项所述方法的步骤。A computer device, comprising a memory, a processor, and a computer program stored on the memory and running on the processor, wherein the processor implements any one of claims 1 to 18 when the computer program is executed The steps of the method.
  20. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至18中任一项所述的方法的步骤。A computer-readable storage medium having a computer program stored thereon, wherein the computer program implements the steps of the method according to any one of claims 1 to 18 when the computer program is executed by a processor.
PCT/CN2020/110566 2019-08-21 2020-08-21 Blockchain-based multi-stage signing method, device, computer apparatus, and storage medium WO2021032196A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201910772495.2A CN110532809A (en) 2019-08-21 2019-08-21 A kind of block chain multistage endorsement method based on configuration block
CN201910772495.2 2019-08-21
CN201910827936.4 2019-09-03
CN201910827936.4A CN110706102B (en) 2019-09-03 2019-09-03 Multistage signature method with anonymity for alliance block chain

Publications (1)

Publication Number Publication Date
WO2021032196A1 true WO2021032196A1 (en) 2021-02-25

Family

ID=74660492

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/110566 WO2021032196A1 (en) 2019-08-21 2020-08-21 Blockchain-based multi-stage signing method, device, computer apparatus, and storage medium

Country Status (1)

Country Link
WO (1) WO2021032196A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180144114A1 (en) * 2011-08-09 2018-05-24 Michael Stephen Fiske Securing Blockchain Transactions Against Cyberattacks
CN109377198A (en) * 2018-12-24 2019-02-22 上海金融期货信息技术有限公司 A kind of signing system known together in many ways based on alliance's chain
CN109801168A (en) * 2019-01-28 2019-05-24 杭州复杂美科技有限公司 A kind of method of calibration, equipment and the storage medium of the transaction of block chain
CN110532809A (en) * 2019-08-21 2019-12-03 杭州趣链科技有限公司 A kind of block chain multistage endorsement method based on configuration block
CN110706102A (en) * 2019-09-03 2020-01-17 杭州趣链科技有限公司 Multistage signature method with anonymity for alliance block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180144114A1 (en) * 2011-08-09 2018-05-24 Michael Stephen Fiske Securing Blockchain Transactions Against Cyberattacks
CN109377198A (en) * 2018-12-24 2019-02-22 上海金融期货信息技术有限公司 A kind of signing system known together in many ways based on alliance's chain
CN109801168A (en) * 2019-01-28 2019-05-24 杭州复杂美科技有限公司 A kind of method of calibration, equipment and the storage medium of the transaction of block chain
CN110532809A (en) * 2019-08-21 2019-12-03 杭州趣链科技有限公司 A kind of block chain multistage endorsement method based on configuration block
CN110706102A (en) * 2019-09-03 2020-01-17 杭州趣链科技有限公司 Multistage signature method with anonymity for alliance block chain

Similar Documents

Publication Publication Date Title
JP7109569B2 (en) Digital certificate verification method and its device, computer equipment and computer program
TWI737240B (en) Improving integrity of communications between blockchain networks and external data sources
US10764067B2 (en) Operation of a certificate authority on a distributed ledger
WO2020019912A1 (en) Digital certificate management method and apparatus, computer device, and storage medium
US10798094B2 (en) Blockchain-based account management
CN112583596B (en) Complete cross-domain identity authentication method based on block chain technology
CN112153608A (en) Vehicle networking cross-domain authentication method based on side chain technology trust model
CN112818368A (en) Digital certificate authentication method based on block chain intelligent contract
CN109146479B (en) Data encryption method based on block chain
WO2021047446A1 (en) Method and apparatus for replacing identity certificate in blockchain network, and storage medium and computer device
CN110071807B (en) Block chain point-to-point node authentication method, system and computer readable storage medium
CN113824563B (en) Cross-domain identity authentication method based on block chain certificate
US20110167258A1 (en) Efficient Secure Cloud-Based Processing of Certificate Status Information
CN110493237A (en) Identity management method, device, computer equipment and storage medium
CN110855445B (en) Block chain-based certificate management method and device and storage equipment
Abraham et al. Revocable and offline-verifiable self-sovereign identities
KR20220006097A (en) Method and device for public key management using blockchain
CN112235260A (en) Anonymous data storage method, device, equipment and storage medium
CN111340485B (en) Configuration method of digital certificate for alliance block chain, terminal and root certificate server
CN113360861A (en) Mortgage loan oriented decentralized identity method based on repeater cross-chain
CN110706102B (en) Multistage signature method with anonymity for alliance block chain
CN111737766B (en) Method for judging validity of digital certificate signature data in block chain
US20220294647A1 (en) Distributed ledger-based methods and systems for certificate authentication
CN115841330B (en) System and method for managing and controlling block chain cross-domain identity
WO2021032196A1 (en) Blockchain-based multi-stage signing method, device, computer apparatus, and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20854580

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20854580

Country of ref document: EP

Kind code of ref document: A1