WO2021220062A1 - Blockchain transaction - Google Patents

Blockchain transaction Download PDF

Info

Publication number
WO2021220062A1
WO2021220062A1 PCT/IB2021/000334 IB2021000334W WO2021220062A1 WO 2021220062 A1 WO2021220062 A1 WO 2021220062A1 IB 2021000334 W IB2021000334 W IB 2021000334W WO 2021220062 A1 WO2021220062 A1 WO 2021220062A1
Authority
WO
WIPO (PCT)
Prior art keywords
digital signature
node device
transaction
blockchain
execution result
Prior art date
Application number
PCT/IB2021/000334
Other languages
French (fr)
Chinese (zh)
Inventor
鲁泽增
魏玮
王林青
陈春伟
Original Assignee
支付宝实验室(新加坡)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝实验室(新加坡)有限公司 filed Critical 支付宝实验室(新加坡)有限公司
Publication of WO2021220062A1 publication Critical patent/WO2021220062A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Definitions

  • One or more implementations of this specification relate to the field of blockchain technology, and in particular to a blockchain transaction method and device.
  • Blockchain technology also known as distributed ledger technology, is an emerging technology in which several computing devices participate in "bookkeeping" and jointly maintain a complete distributed database. Because the blockchain technology has the characteristics of decentralization, openness and transparency, each computing device can participate in database records, and the rapid data synchronization between computing devices, the blockchain technology has been widely used in many fields. To apply.
  • one or more implementations of this specification provide a blockchain transaction method, device, and computer equipment.
  • an application to a business system is proposed; the business system is connected to a node device of the blockchain through a bridge terminal; the method includes: the target that the business system will construct The business transaction is sent to the node device of the blockchain through the bridge terminal, wherein the target business transaction includes a first digital signature generated by the business system using a first private key for the detailed data of the target business transaction , So that when the node device performs transaction verification, it verifies the first digital signature based at least on the first public key corresponding to the first private key, and executes the target business transaction after the verification is passed, And storing the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result in the blockchain database stored locally by the node device; Obtain the execution result of the target business transaction and the second digital signature from the node device through the bridge terminal; verify the second digital signature based on the second public key corresponding to the second private key, and After the verification of
  • a blockchain transaction method is proposed, which is applied to the node equipment of the blockchain; the business system is connected to the node equipment of the blockchain through the bridge terminal;
  • the method includes: a node device connected to the bridge terminal obtains a target business transaction constructed by the business system through the bridge terminal, wherein the target business transaction includes the business system using a first private key as the target A first digital signature generated by the detailed data of the business transaction; transaction verification is performed on the target business transaction, the transaction verification at least including performing the first digital signature on the first public key corresponding to the first private key Verification; after the verification is passed, execute the target business transaction, and the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using a second private key for the execution result Stored in the blockchain database locally stored in the node device; sending the execution result and the second digital signature to the business system through the bridge end, so that the business system is based on the second private
  • the second public key corresponding to the key verifies the second
  • a blockchain transaction device which is applied to a business system; the business system is connected to a node device of the blockchain through a bridge terminal; the device includes : A sending unit, which sends the constructed target business transaction to the node device of the blockchain through the bridge end, wherein the target business transaction includes the use of the first private key by the business system for the target business transaction
  • the first digital signature generated by the detailed data, so that when the node device performs transaction verification, the first digital signature is verified at least based on the first public key corresponding to the first private key, and after the verification is passed Execute the target business transaction, and store the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result to the node device Locally stored blockchain database; obtain the execution result of the target business transaction and the second digital signature from the node device through the bridge terminal; verify based on the second public key corresponding to the second private key The second digital signature, and after the verification
  • a blockchain transaction device which is applied to the node equipment of the blockchain; the business system is connected to the node equipment of the blockchain through the bridge terminal;
  • the device includes: an acquiring unit, and a node device connected to the bridge terminal acquires a target business transaction constructed by the business system through the bridge terminal, wherein the target business transaction includes the business system using a first private key for The first digital signature generated by the detailed data of the target business transaction; a verification unit, which performs transaction verification on the target business transaction, the transaction verification at least including a transaction verification based on a first public key corresponding to the first private key The first digital signature is verified; the execution unit executes the target business transaction; the storage unit uses the execution result of the target business transaction and the node device in the blockchain using a second private key as the execution result The generated second digital signature is stored in the blockchain database locally stored in the node device; the sending unit sends the execution result and the second digital signature to the business system through the bridge end, so that the The
  • a computer device including: a memory and a processor; the memory stores a computer program that can be run by the processor; When the computer program is described, the blockchain transaction method executed by the business system is executed.
  • a computer device including: a memory and a processor; the memory stores a computer program that can be run by the processor; When the computer program is described, the blockchain transaction method executed by the node device connected to the bridge terminal is executed.
  • the blockchain transaction methods, devices, and computer equipment provided by the various implementations of this specification set up a bridge terminal between the business system and the blockchain node equipment, and the bridge terminal is responsible for forwarding the transaction and transaction constructed by the business system to the blockchain network. Forward the transaction execution result on the blockchain to the business system.
  • the transaction constructed by the above-mentioned business system includes the first digital signature made by the business system, and the blockchain node device connected to the bridging end includes the node of the blockchain in the block in which the above-mentioned transaction is recorded.
  • the second digital signature made by the device, through the digital signature verification technology effectively reduces the data security risk caused by the evildoing of the bridge end, and improves the data security of the business system.
  • FIG. 1 is a schematic diagram of implementing blockchain transactions through a system including a business system, a bridge terminal, and a blockchain network provided by an exemplary embodiment
  • FIG. 2 is a schematic flowchart of a blockchain transaction method provided by an exemplary embodiment
  • Fig. 3 is a schematic diagram of a blockchain transaction device applied to a business system according to an exemplary embodiment
  • FIG. 4 is a schematic diagram of a blockchain transaction device applied to a device side of a blockchain node according to an exemplary embodiment
  • Fig. 5 is a hardware structure diagram for running the implementation of the blockchain transaction device provided in this specification.
  • the steps of the corresponding method are not necessarily executed in the order shown and described in this specification.
  • the method may include more or fewer steps than described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe.
  • one or more implementations of this specification provide a blockchain transaction method for the business system to publish transactions to the blockchain network and receive the execution results of the transaction; the above-mentioned business system communicates with each other through a bridge The node device connection of the blockchain.
  • FIG. 1 is a schematic diagram of implementing blockchain transactions through a system including a business system, a bridge terminal, and a blockchain network provided by an exemplary embodiment
  • the business system described in one or more implementations of this specification may include one or more business system servers deployed with business processing logic, and may also include other functions such as connection with the business system server, responsible for network communication, or key calculation.
  • Hardware modules such as HSM hardware security modules or stand-alone devices.
  • the bridge terminal received in one or more embodiments of this specification is an independent device that connects the business system with any node device of the blockchain, or is a hardware module set inside the business system, so that the business system can pass through the
  • the hardware module is connected to the node device of the blockchain, and may also be a hardware module installed inside the node device of the blockchain, which is not limited here.
  • the above-mentioned business system may set its trusted blockchain node device, and require the bridge terminal to communicate with the above-mentioned trusted blockchain node device to perform business transaction execution.
  • the blockchain or blockchain network described in one or more embodiments of this specification can specifically refer to a P2P network system with a distributed data storage structure reached by each node device through a consensus mechanism.
  • Ledger data is distributed in time-connected "blocks".
  • the next block can contain the data summary of the previous block and is based on the specific consensus mechanism (such as POW, POS, DPOS or PBFT, etc.) ) To achieve full backup of all or part of the node data.
  • the real data generated in the physical world can be constructed into a standard transaction format supported by the blockchain, and then published and broadcasted to the node devices of the blockchain.
  • the received transaction is processed by consensus, and after a consensus is reached, the node device as the accounting node in the block chain will package the transaction into the block and carry out persistent storage in the block chain.
  • the accounting node can package the received transaction to generate the latest block, and send the generated latest block or the block header of the latest block to other node devices for consensus verification . If other node equipment receives the latest block or the block header of the latest block, it is verified that there is no problem, and the latest block can be appended to the end of the original blockchain to complete the accounting process of the blockchain. When other nodes verify the new block or block header sent by the accounting node, they can also execute the transactions contained in the block.
  • Merkle trees are usually used; or, based on the data structure of Merkle trees, to store and maintain data.
  • MPT tree a variant of Merkle tree
  • Ethereum has designed three MPT trees for the data that needs to be stored and maintained in the blockchain, namely the MPT state tree, the MPT transaction tree and the MPT receipt tree. Among them, in addition to the above three MPT trees, there is actually a Storage tree constructed based on the storage content of the contract account.
  • MPT state tree is an MPT tree organized by the account state data of all accounts in the blockchain
  • MPT transaction tree is an MPT tree organized by transaction data in the blockchain
  • MPT receipt tree Is the MPT tree organized by the receipt of each transaction generated after the transactions in the block are executed.
  • the hash values of the root nodes of the MPT state tree, MPT transaction tree, and MPT receipt tree shown above will all be added to the block header of the corresponding block eventually.
  • the MPT transaction tree and MPT receipt tree correspond to blocks, that is, each block has its own MPT transaction tree and MPT receipt tree.
  • the MPT state tree is a global MPT tree, which does not correspond to a specific block, but covers the account state data of all accounts in the blockchain.
  • the organized MPT transaction tree, MPT receipt tree, and MPT state tree will eventually be stored in a Key-Value database (for example, LevelDB) that uses a multi-level data storage structure.
  • the execution method of the transaction can be specifically set according to the type and content of the transaction.
  • the node device of the blockchain can store it in the locally stored blockchain user account status database based on the transfer value included in the transfer transaction .
  • the amount corresponding to the transfer value is transferred from the sender account of the transfer transaction, and the recipient user adds and transfers to the corresponding amount, and the execution result of the transaction will be saved in the local state of the node device in the form of a transaction log In the receipt tree (MPT) of the database.
  • MPT receipt tree
  • the node device of the blockchain can save the new block containing the business data certificate transaction in the locally maintained blockchain ledger after receiving the new block sent by the accounting node.
  • the database block block
  • the execution result of the transaction will be stored in the receipt tree (MPT) of the local state database of the node device in the form of a transaction log;
  • the node device of the blockchain can execute the smart contract logic of the transaction call on the local virtual machine after receiving the new block sent by the accounting node, except for the execution result of the transaction
  • the execution result of the smart contract logic can also be stored in the blockchain state data storage space corresponding to the smart contract.
  • the relevant account of the executed transaction in the blockchain can be an external account or a contract account
  • the status of the account will usually change accordingly. For example, when a "transfer transaction" in a block is executed, the balances of the transferor account and transferee account related to the "transfer transaction" (that is, the field value of the Balance field of these accounts) are usually also Will change accordingly.
  • the node device After the transaction of the node device in the latest block generated by the blockchain is completed, because the account status in the current blockchain has changed, the node device needs to use the current account status data of all accounts in the blockchain to Construct the MPT state tree to maintain the latest state of all accounts in the blockchain.
  • each block in the blockchain has a corresponding MPT state tree; the MPT state tree maintains that after the transactions in the block are executed, all accounts in the blockchain are up to date The status of the account.
  • Blockchain is generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain.
  • Public Blockchain Private Blockchain
  • Consortium Blockchain there can also be a combination of the above types, such as private chain + consortium chain, consortium chain + public chain, and so on.
  • the public chain is represented by Bitcoin and Ethereum. Participants who join the public chain (also called nodes in the blockchain) can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks, etc. . Moreover, each node can freely join or exit the network, and perform related operations.
  • the private chain is the opposite.
  • the write permission of the network is controlled by an organization or institution, and the data read permission is regulated by the organization.
  • a private chain can be a weakly centralized system with strict restrictions on nodes and a small number of nodes. This type of blockchain is more suitable for internal use by specific institutions.
  • Each node in the alliance chain usually has a corresponding entity or organization; nodes are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.
  • the blockchain transaction method provided by one or more implementations provided in this specification includes:
  • Step 202 The business system sends the constructed target business transaction to the node device of the blockchain through the bridge end, where the target business transaction includes the business system using the first private key as the target The first digital signature generated by the detailed data of the business transaction.
  • the business system may construct a target business transaction based on business needs, the target business transaction may include detailed data related to business processing, and a first digital signature generated by the business system using the first private key held by the business system for the detailed data.
  • the first digital signature may be made for derived data such as the original text of the detailed data or the hash digest of the detailed data.
  • the above-mentioned first private key is stored in the hardware security module HSM carried by the business system.
  • the hardware security module HSM is a computer hardware device used to protect and manage the keys used by the business system, and at the same time provide related key calculation operations (such as digital signature operations).
  • the business system can use instructions that include the above detailed data. Invoke the HSM to execute the key calculation service of generating the first digital signature on the above-mentioned detailed data based on the stored first private key, and directly obtain the above-mentioned first digital signature from the HSM. Further, the business system may encapsulate the above-mentioned detailed data and the first digital signature into a target business transaction according to the transaction format, and then send the target business transaction to the bridge end.
  • Step 204 The bridge terminal forwards the target service transaction to the node device connected to the bridge terminal.
  • the above-mentioned bridge terminal can be connected to one or more node devices in the above-mentioned blockchain network, and forward the above-mentioned target business transaction to one or more node devices; the node device that obtains the above-mentioned target business transaction You can continue to broadcast and forward the above-mentioned target business transactions in the blockchain network.
  • Step 206 When the node device (including the node device connected to the bridge terminal) in the blockchain performs transaction verification, at least perform the first digital signature on the first public key corresponding to the first private key. Verify, and after the verification is passed, execute the target business transaction.
  • One or more node devices corresponding to the above-mentioned bridge terminal, or node devices in the blockchain may store the first public key corresponding to the first private key held by the business system.
  • the business system can apply for joining the above-mentioned blockchain network, or when the above-mentioned business system connected with the bridge terminal and the above-mentioned one or more node devices are initialized and connected, the first private held by the above-mentioned business system
  • the first public key corresponding to the key is forwarded through the above-mentioned bridging terminal or directly communicated with the above-mentioned one or more node devices through the service system, and the above-mentioned first public key is transmitted to the above-mentioned one or more node devices, or the Node equipment in the blockchain.
  • This specification does not limit the specific way for the node device of the blockchain to obtain the above-mentioned first public key.
  • the business system may also periodically update the aforementioned first private key-first public key pair, and transmit the updated first public key to the node device of the blockchain.
  • Step 208 the node device connected to the bridge terminal stores the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result to the bridge terminal
  • the blockchain database stored locally on the connected node device.
  • the second digital signature is the second private key held by the node device of the blockchain, and is the status database stored in the block header of the target block that contains the target business transaction.
  • the digital signature generated by the certification root is the second private key held by the node device of the blockchain, and is the status database stored in the block header of the target block that contains the target business transaction. The digital signature generated by the certification root.
  • the node device of the blockchain can execute the transaction included in the target block, and store the execution result of the transaction, that is, the state data after the transaction is executed, in the blockchain state database.
  • the authentication root described in this embodiment is derived from the state data corresponding to all transactions in the target block, or derived from the execution result data of all transactions, and can be the execution result of any transaction in the target block.
  • the value of the data for authentication verification which can be stored in the block header of the target block.
  • Ethereum has designed three MPT trees for the data that needs to be stored and maintained in the blockchain, namely the MPT state tree, the MPT transaction tree and the MPT receipt tree. Among them, in addition to the above three MPT trees, there is actually a Storage tree constructed based on the storage content of the contract account.
  • MPT state tree is an MPT tree organized by the account state data of all accounts in the blockchain
  • MPT transaction tree is an MPT tree organized by transaction data in the blockchain
  • MPT receipt tree Is an MPT tree organized into transaction log receipts (receipts) corresponding to each transaction generated after the transactions in the block are executed, and the transaction log receipts contain the execution results of the transaction.
  • the hash values of the root nodes of the MPT state tree, MPT transaction tree, and MPT receipt tree shown above will all be added to the block header of the corresponding block eventually.
  • the state database described in the foregoing embodiment is a Merkel tree (MPT state tree or MPT state tree) constructed based on the state data corresponding to the transaction stored in the target block; the authentication root is the The root hash of the Merkel tree (MPT state tree or MPT state tree).
  • this embodiment does not limit the above-mentioned blockchain to the Ethereum architecture.
  • Those skilled in the art can at least design specific derivative rules for the execution result of the target business transaction or the state data after the execution of the target business transaction.
  • And include the authentication root in the block header of the target block to realize the verification of the target business transaction based on the authentication root.
  • This embodiment does not limit the role of the node device that generates the digital signature for the authentication root in the block header of the target block, nor does it limit the storage location for generating the digital signature for the authentication root in the block header of the target block.
  • the above-mentioned second digital signature is generated by the accounting node device of the blockchain using a second private key held by it, and the second digital signature is stored in the blockchain.
  • the block header of the target block is generated by the accounting node device of the blockchain using a second private key held by it, and the second digital signature is stored in the blockchain.
  • the accounting node of the blockchain uses the second private key held by the accounting node when packaging the above target business transaction into the target block, which is the block header of the target block.
  • the authentication root generates a second digital signature, and the second digital signature is also included in the block header of the target block.
  • the accounting node broadcasts the target block containing the second digital signature to the node device in the blockchain network for consensus verification.
  • the election method of the above-mentioned blockchain's accounting nodes, the collection method of the transactions included in the new block, and the specific method of consensus verification of the new block are also different based on the difference of the blockchain consensus mechanism, and will not be discussed here. limited.
  • the node device in the blockchain can execute the above-mentioned target block chain. And store the target block containing the second digital signature made by the above-mentioned accounting node in the blockchain database stored locally in the node device.
  • the above-mentioned second digital signature is generated by the node device connected to the bridge terminal using a second private key held by it, and the second digital signature is stored in a local storage of the node device connected to the bridge terminal.
  • the block header of the target block is generated by the node device connected to the bridge terminal using a second private key held by it, and the second digital signature is stored in a local storage of the node device connected to the bridge terminal.
  • the accounting node of the blockchain can package the above-mentioned target business transaction into a target block, and then broadcast the target block to the node device in the blockchain network For consensus verification.
  • the election method of the above-mentioned blockchain's accounting nodes, the collection method of the transactions included in the new block, and the specific method of consensus verification of the new block are also different based on the difference of the blockchain consensus mechanism, and will not be discussed here. limited.
  • the above-mentioned one or more node devices connected to the bridge terminal after receiving the target block including the above-mentioned target business transaction, can execute each transaction included in the above-mentioned target block, and store it in the blockchain state database locally Store the execution results of each of the above transactions and update the state data corresponding to each transaction; when one or more node devices connected to the bridge end store the above target blocks locally, they can use their own second private
  • the key generates a second digital signature for the authentication root in the block header of the target block, and saves the second digital signature in the block header of the target block stored locally in the node device.
  • the second digital signature made by the node device connected to the bridge terminal in this embodiment to the authentication root in the block header of the target block based on the second private key it holds is only In order to prevent the bridging end from doing evil and to facilitate the business system to verify the execution results of the target business transaction, the node device connected to the bridging end saves it in the block header of the target block stored locally. Others in the blockchain The node device receives the target block broadcast by the accounting node that does not include the second digital signature.
  • the second private key held by the node device can be used to generate a second digital signature for the execution result of the above-mentioned target service transaction.
  • the node device of the blockchain can receive the target block sent by the accounting node according to the transfer transaction.
  • Transfer value in the locally stored blockchain state database, transfer the amount corresponding to the transfer value from the sender account of the transfer transaction, and add and transfer to the corresponding amount on the receiving user, and the execution result of the transaction It will be stored in the receipt tree (receipt MPT) of the local state database of the node device in the form of a transaction log.
  • the node device of the blockchain can save the execution result of the transaction on the node device in the form of a transaction log after receiving the target block sent by the accounting node.
  • MPT receipt tree
  • the node device of the blockchain can execute the smart contract logic of the transaction call on the local virtual machine after receiving the target block sent by the accounting node, except for the transaction
  • the execution results of the smart contract are stored in the receipt tree (receipt MPT) of the local state database of the node device in the form of transaction logs, and the execution results of the smart contract logic can also be stored in the account storage space (storage MPT) corresponding to the smart contract. )middle.
  • the execution result of the foregoing target business transaction is stored in the blockchain state database stored locally in the node device.
  • one or more node devices connected to the bridging end can verify the target business transaction and include the target business.
  • the target block of the transaction is executed, the target business transaction is executed, and a second digital signature is generated for the execution result of the target business transaction using the held second private key.
  • the node device connected to the bridge terminal may perform a digital signature operation on the plaintext of the execution result of the target business transaction to obtain the second digital signature; or, for some target business transactions, the execution result may occupy a large amount of At this time, the node device may also perform a digital signature operation on the verification data of the execution result, for example, the hash digest of the execution result, to obtain the second digital signature.
  • the second digital signature made by the node device connected to the bridge terminal based on the second private key held by it to the execution result of the target business transaction described in this embodiment is only to prevent the bridge terminal from doing evil.
  • the node device connected to the bridge terminal is stored in its locally stored blockchain database.
  • Other node devices in the blockchain are not connected to the above-mentioned business system. There is no need to digitally sign the execution result of the above-mentioned target business transaction, and there is no need to store the above-mentioned digital signature in its locally stored blockchain database.
  • the specific storage location of the second digital signature in the local blockchain database of the node device connected to the bridge terminal is not limited.
  • the node device can notify the bridge end or business system that the target business transaction is blocked by sending the entire target block to the bridge end.
  • the node device may combine the execution result and the second digital signature, or the verification data of the execution result (such as the hash digest of the execution result) and The second digital signature is stored in the target block, for example, in the block header of the target block.
  • the execution result and the second digital signature are obtained by directly pulling the target block from the node device through the bridge terminal.
  • the second digital signature can be stored in the state database by the node device corresponding to the execution result, for example, The second digital signature and execution result are correspondingly stored in the receipt tree corresponding to the target block, or the second digital signature and execution result are correspondingly stored in the account storage space of the smart contract called by the target business transaction, and so on.
  • Step 210 The bridge terminal forwards the execution result of the target service transaction and the second digital signature sent by the node device connected to the bridge terminal to the service system.
  • the node device connected to the bridge terminal can obtain the above-mentioned execution result and the second digital signature from its locally stored blockchain database, and then send the above-mentioned execution result and the second digital signature to the bridge terminal, so that the bridge terminal can The above execution result and the second digital signature are forwarded to the business system.
  • the second digital signature is generated by the accounting node of the blockchain for the authentication root of the state database stored in the block header of the target block of the target business transaction, or when the second The digital signature is generated by the node device connected to the bridge terminal for the above authentication root, and the business system verifies that the second digital signature is the accounting node device or the node device connected to the bridge terminal is included in the above block header. If the authentication root is generated, it is also necessary to verify the authentication correspondence between the execution result of the target business transaction and the authentication root contained in the block header, that is, verify whether the execution result is indeed included in the block corresponding to the target block The chain state database.
  • the node device connected to the bridge terminal also needs to send state data corresponding to the target block to the bridge terminal.
  • the state data may include a default constructed based on the state data corresponding to the transaction stored in the target block.
  • Kerr tree such as MPT state tree or MPT receipt tree
  • the Merkel tree contains the execution result of the above target business transaction, so that the bridge end forwards the above state data to the business system, and the business system is based on the execution result that contains the above execution result.
  • the state data can be derived to obtain the above authentication root, if it can be obtained, it is proved that the execution result of the target business transaction is indeed included in the blockchain state database corresponding to the target block.
  • the above-mentioned business system may locally store the public key corresponding to the node device in the blockchain or the node device connected with the bridge terminal to facilitate the verification of the above-mentioned second digital signature.
  • the second digital signature is made by the node device connected to the bridge terminal using the second private key to write the original text of the execution result, and the node device connected to the bridge terminal can compare the execution result with the result of the execution.
  • the second digital signature is stored in the block header of the target block stored locally.
  • the bridge terminal can monitor the node device connected to it regularly to obtain the target block stored by the node device.
  • the node device after storing the execution result and the second digital signature in the target block, sends a notification to the bridge end that the target business transaction is included.
  • the notification may include the block height of the target block and the retrieval identifier of the target business transaction, so that the bridge terminal can pull the target block from the node device and check that the target business transaction is included based on the retrieval identifier. In the target block.
  • the above-mentioned second digital signature is made by a node device connected to the bridge terminal using the second private key to a hash digest of the execution result, the hash of the execution result
  • the digest and the second digital signature are stored in the block header of the target block stored locally in the node device.
  • the node device may send a notification that the target business transaction is included to the bridge end, and the notification may include the block of the target block Height and the retrieval identifier of the target business transaction (for example, the TXID or transaction serial number of the target business transaction), so that the bridge terminal can pull the target block from the node device and send it to the node device based on the retrieval identifier.
  • the notification may include the block of the target block Height and the retrieval identifier of the target business transaction (for example, the TXID or transaction serial number of the target business transaction), so that the bridge terminal can pull the target block from the node device and send it to the node device based on the retrieval identifier.
  • the node device Inquire about the execution result of the target business transaction; based on the search identifier, the node device queries the execution result corresponding to the target business transaction in its locally maintained blockchain state database, and returns the execution result to the bridge end, So that the bridging end forwards the execution result to the business system.
  • the above-mentioned second digital signature is made by a node device connected to the bridge terminal using the second private key on the original text of the execution result or the hash digest of the execution result , And the second digital signature and the execution result are correspondingly saved in the blockchain state database stored locally in the node device.
  • the node device can directly obtain the original text of the execution result and the second digital signature from its locally stored blockchain state database, and forward the original text of the execution result and the second digital signature from the bridge end to business system.
  • Step 212 The service system verifies the second digital signature based on the second public key corresponding to the second private key, and after the verification of the second digital signature is passed, executes the transaction based on the execution result. Describe the further business processing logic related to the transaction detail data.
  • the above-mentioned business system can maintain its trusted blockchain node equipment (such as the above-mentioned accounting node) or the public key list of the node equipment connected to the bridge terminal locally, and receive the execution result and forwarded by the above-mentioned bridge terminal.
  • the business system can obtain the second public key corresponding to the second private key held by the node device from the public key list, and verify the second digital signature based on the second public key .
  • the business system also needs to be based on the state database data of the blockchain forwarded by the bridge end
  • the Merkel tree MPT receipt tree or MPT state tree
  • the stored state data tree is used to verify the authentication correspondence between the authentication root and the execution result.
  • the business system can perform Merkel tree root generation calculations on the values of the execution results of all transactions in the target block containing the target business transaction to verify the calculated root of the Merkel tree and the authentication in the block header. Whether the roots are consistent; when the two root values are consistent, it means that the execution result can be authenticated by the authentication root, and the execution result is included in the blockchain state database that can generate the authentication root.
  • the business system In addition to verifying the second digital signature, the business system also needs to verify the Whether the hash digest of the execution result matches the execution result.
  • the transaction detail data includes blockchain transfer data
  • the target business transaction is a transfer transaction.
  • the node device can transfer from the sender account of the transfer transaction in the locally stored blockchain user account status database according to the transfer value included in the transfer transaction.
  • the amount corresponding to the transfer value is output, and the recipient user adds and transfers to the corresponding amount.
  • the user account balance value and transfer value of the above blockchain correspond to the virtual currency (Token) circulating on the blockchain.
  • the virtual currency can only be used as a currency symbol corresponding to the actual assets under the chain to circulate assets on the chain. Proof of the process.
  • the business system needs to perform the remittance operation related to the above-mentioned blockchain transfer data outside the chain, for example, the above-mentioned business system initiates the actual bank remittance operation to its user, or notify The sender related to the aforementioned transfer transaction performs the remittance operation, or informs the recipient related to the aforementioned transfer transaction to check whether the remittance is received, and so on.
  • the business system needs to perform the refund operation related to the above blockchain transfer data outside the chain, for example, the above business system initiates the actual bank account refund operation to its user, or Notify the sender related to the above transfer transaction to perform the refund operation, or notify the receiver related to the above transfer transaction to check whether the refund is received, and so on.
  • a bridge terminal is set between the business system and the node equipment of the blockchain network, and the bridge terminal is responsible for forwarding the transaction constructed by the business system to the blockchain network And forward the transaction execution result on the blockchain to the business server.
  • the transaction constructed by the above-mentioned business system includes the first digital signature made by the business system based on the business data, and the block chain node device connected to the bridging end contains the block in the block containing the above-mentioned transaction.
  • the second digital signature made by the node device of the chain based on the transaction execution result converts the trust of the business system to the bridge terminal into the trust of the node device in the blockchain; the digital signature verification technology effectively reduces the evil caused by the bridge terminal
  • Data security risks not only reduce the cost of business system access to the blockchain, but also improve the data security of the business system.
  • the embodiment of this specification also provides a block chain transaction device 30 and 40.
  • the devices 30 and 40 can be implemented by software, or can be implemented by hardware or a combination of software and hardware. Taking software implementation as an example, as a logical device, it is formed by reading the corresponding computer program instructions into the memory by the CPU (Central Process Unit, central processing unit) of the device where it is located. From the perspective of hardware, in addition to the CPU, memory, and storage shown in Figure 5, the device where the above-mentioned device is located usually also includes other hardware such as chips for wireless signal transmission and reception, and/or for implementing network communication functions. Other hardware such as boards.
  • this specification also provides a block chain transaction device 30, which is applied to a business system; the business system is connected to a node device of the block chain through a bridge terminal; the device 30 includes:
  • the sending unit 302 sends the constructed target business transaction to the node device of the blockchain through the bridge end, where the target business transaction includes the business system using the first private key for the target business transaction
  • the first digital signature generated by the detailed data; so that when the node device performs transaction verification, the first digital signature is verified at least based on the first public key corresponding to the first private key, and after the verification is passed Execute the target business transaction, and store the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result to the node device Locally stored blockchain database;
  • An obtaining unit 304 which obtains the execution result of the target business transaction and the second digital signature from the node device through the bridge terminal;
  • the verification unit 306 verifies the second digital signature based on the second public key corresponding to the second private key
  • the execution unit 308 executes further business processing logic related to the transaction detail data based on the execution result.
  • the second digital signature is: the second private key held by the node device of the blockchain is the state stored in the block header of the target block that contains the target business transaction The digital signature generated by the authentication root of the database.
  • the state database is a Merkel tree constructed based on state data corresponding to the transaction stored in the target block; the authentication root is the root hash of the Merkel tree.
  • the second digital signature is generated by the accounting node device of the blockchain using a second private key held by it, and the second digital signature is stored in the blockchain storage The block header of the target block.
  • the second digital signature is generated by the node device using a second private key held by it, and the second digital signature is stored in the target block stored locally by the node device The block header.
  • the second digital signature includes: a digital signature generated by the node device using a second private key held by the node device for the execution result of the target business transaction.
  • the second digital signature and the execution result are stored locally in the node device connected to the bridge end The block header of the target block.
  • the obtaining unit 304 is further configured to: pull the target block from the node device through the bridge end to obtain the execution result and the second digital signature; or , Pull the target block from the node device through the bridge terminal to obtain the hash digest of the execution result and the second digital signature; and through the bridge terminal based on the target business transaction The identification is retrieved, and the execution result of the target business transaction is obtained from the node device.
  • the second digital signature and the execution result are stored in the state database of the blockchain stored locally in the node device connected to the bridge terminal.
  • this specification also provides a blockchain transaction device 40, which is applied to the node equipment of the blockchain; the business system is connected to the node equipment of the blockchain through a bridge end; the device 40 includes :
  • An acquiring unit 402 the node device connected to the bridge terminal acquires the target business transaction constructed by the business system through the bridge terminal, wherein the target business transaction includes the business system using the first private key as the target The first digital signature generated by the detailed data of the business transaction;
  • the verification unit 404 performs transaction verification on the target business transaction, where the transaction verification at least includes verifying the first digital signature based on a first public key corresponding to the first private key;
  • the execution unit 406 executes the target business transaction
  • the storage unit 408 stores the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result to a block locally stored by the node device Chain database
  • the sending unit 410 sends the execution result and the second digital signature to the service system through the bridge terminal, so that the service system verifies the execution result based on the second public key corresponding to the second private key.
  • the second digital signature includes: a second private key held by a node device of the blockchain, which is a state stored in a block header of a target block that contains the target business transaction The digital signature generated by the authentication root of the database.
  • the state database is a Merkel tree constructed based on state data corresponding to the transaction stored in the target block; the authentication root is the root hash of the Merkel tree.
  • the second digital signature is generated by the accounting node device of the blockchain using a second private key held by it, and the second digital signature is stored in the blockchain storage The block header of the target block.
  • the second digital signature is generated by the node device using a second private key held by it, and the second digital signature is stored in the target block stored locally by the node device The block header.
  • the second digital signature includes: a digital signature generated by the node device using a second private key held by the node device for the execution result of the target business transaction.
  • the second digital signature and the execution result, or the second digital signature and the hash digest of the execution result are stored in the target block stored locally by the node device The block header.
  • the sending unit 410 is further configured to: send the target block to the bridge end, so that the business system obtains the target block included in the target block through the bridge end.
  • the execution result and the second digital signature or, send the target block to the bridge end, so that the business system obtains the hash of the execution result included in the target block through the bridge end
  • the summary and the second digital signature and based on the retrieval identification of the target business transaction sent by the bridge end, the execution result is sent to the bridge end, so that the business system obtains all information through the bridge end
  • the results of the implementation are described by the bridge end.
  • the second digital signature and the execution result are stored in the state database of the blockchain stored locally in the node device connected to the bridge terminal.
  • the device implementations described above are merely illustrative.
  • the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical modules, that is, they may be located in One place, or it can be distributed to multiple network modules. Some or all of the units or modules can be selected according to actual needs to achieve the purpose of the solution in this specification. Those of ordinary skill in the art can understand and implement without creative work.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
  • the embodiments of this specification also provide a computer device.
  • the computer device includes a memory and a processor.
  • the memory stores a computer program that can be run by the processor; when the processor runs the stored computer program, it executes each step of the blockchain transaction method executed by the business system in the embodiment of this specification.
  • the processor runs the stored computer program, it executes each step of the blockchain transaction method executed by the business system in the embodiment of this specification.
  • the embodiments of this specification also provide a computer device.
  • the computer device includes a memory and a processor.
  • the memory stores a computer program that can be run by the processor; when the processor runs the stored computer program, it executes each step of the blockchain transaction method executed by the node device of the blockchain in the embodiment of this specification.
  • the processor runs the stored computer program, it executes each step of the blockchain transaction method executed by the node device of the blockchain in the embodiment of this specification.
  • the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in a computer-readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM).
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • Information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • PRAM phase change memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • RAM random access memory
  • ROM read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • flash memory or other memory technology
  • CD-ROM compact disc
  • DVD digital versatile disc
  • Magnetic cassettes magnetic tape magnetic disk storage or other magnetic storage devices or any other non
  • the implementation of this specification can be provided as a method, a system or a computer program product. Therefore, the implementation manners in this specification may adopt the form of a complete hardware implementation, a complete software implementation, or a combination of software and hardware implementations. Moreover, the implementation of this specification may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. .
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.

Abstract

Provided are a blockchain transaction method and apparatus, comprising: a service system sends a constructed target service transaction to a node device of a blockchain by means of a bridging end, the target service transaction comprising a first digital signature generated by the service system, using a first private key, for detailed data of the target service transaction, so that when the node device performs transaction verification, at least the first digital signature is verified on the basis of a first public key corresponding to the first private key, and after the verification is passed, the target service transaction is executed and an execution result of the target service transaction and a second digital signature generated by the node device in the blockchain, using a second private key, for the execution result are stored in a blockchain database locally stored by the node device.

Description

区块链交易Blockchain transaction 技术领域Technical field
本说明书一个或多个实施方式涉及区块链技术领域,尤其涉及一种区块链交易方法和装置。One or more implementations of this specification relate to the field of blockchain technology, and in particular to a blockchain transaction method and device.
背景技术Background technique
区块链技术,也被称之为分布式账本技术,是一种由若干台计算设备共同参与“记账”,共同维护一份完整的分布式数据库的新兴技术。由于区块链技术具有去中心化、公开透明、每台计算设备可以参与数据库记录、并且各计算设备之间可以快速的进行数据同步的特性,使得区块链技术已在众多的领域中广泛的进行应用。Blockchain technology, also known as distributed ledger technology, is an emerging technology in which several computing devices participate in "bookkeeping" and jointly maintain a complete distributed database. Because the blockchain technology has the characteristics of decentralization, openness and transparency, each computing device can participate in database records, and the rapid data synchronization between computing devices, the blockchain technology has been widely used in many fields. To apply.
随着区块链技术的发展,越来越多的业务系统提出了接入区块链网络的需求,然而将业务系统服务器与区块链网络直接对接会带来数据安全的风险,尤其是当区块链网络为公有区块链网络时,不仅对业务系统服务器有着更高的硬件需求,而且对业务系统服务器有着较大的隐私破坏风险。With the development of blockchain technology, more and more business systems have put forward the need to connect to the blockchain network. However, directly connecting the business system server with the blockchain network will bring data security risks, especially when When the blockchain network is a public blockchain network, it not only has higher hardware requirements for the business system server, but also has a greater risk of privacy breaches for the business system server.
发明内容Summary of the invention
有鉴于此,本说明书一个或多个实施方式提供了一种区块链交易方法、装置及计算机设备。In view of this, one or more implementations of this specification provide a blockchain transaction method, device, and computer equipment.
根据本说明书一个或多个实施方式的第一方面,提出了应用于业务系统;所述业务系统通过桥接端与区块链的节点设备连接;所述方法包括:所述业务系统将构建的目标业务交易通过所述桥接端发送至所述区块链的节点设备,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名,以使所述节点设备在进行交易验证时,至少基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证,在验证通过后,执行所述目标业务交易,并将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;通过所述桥接端从所述节点设备获取所述目标业务交易的执行结果和所述第二数字签名;基于与所述第二私钥对应的第二公钥验证所述第二数字签名,并在对所述第二数字签名验证通过后,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。According to the first aspect of one or more implementation manners of this specification, an application to a business system is proposed; the business system is connected to a node device of the blockchain through a bridge terminal; the method includes: the target that the business system will construct The business transaction is sent to the node device of the blockchain through the bridge terminal, wherein the target business transaction includes a first digital signature generated by the business system using a first private key for the detailed data of the target business transaction , So that when the node device performs transaction verification, it verifies the first digital signature based at least on the first public key corresponding to the first private key, and executes the target business transaction after the verification is passed, And storing the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result in the blockchain database stored locally by the node device; Obtain the execution result of the target business transaction and the second digital signature from the node device through the bridge terminal; verify the second digital signature based on the second public key corresponding to the second private key, and After the verification of the second digital signature is passed, further business processing logic related to the transaction detail data is executed based on the execution result.
根据本说明书一个或多个实施方式的第二方面,提出了一种区块链交易方法,应用于区块链的节点设备;业务系统通过桥接端与所述区块链的节点设备连接;所述方法包括:与所述桥接端连接的节点设备通过所述桥接端获取所述业务系统构建的目标业务交易,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明 细数据生成的第一数字签名;对所述目标业务交易进行交易验证,所述交易验证至少包括基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证;在验证通过后,执行所述目标业务交易,并将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;通过所述桥接端向所述业务系统发送所述执行结果和所述第二数字签名,以使所述业务系统基于与所述第二私钥对应的第二公钥验证所述第二数字签名,并在对所述第二数字签名验证通过后,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。According to the second aspect of one or more implementations of this specification, a blockchain transaction method is proposed, which is applied to the node equipment of the blockchain; the business system is connected to the node equipment of the blockchain through the bridge terminal; The method includes: a node device connected to the bridge terminal obtains a target business transaction constructed by the business system through the bridge terminal, wherein the target business transaction includes the business system using a first private key as the target A first digital signature generated by the detailed data of the business transaction; transaction verification is performed on the target business transaction, the transaction verification at least including performing the first digital signature on the first public key corresponding to the first private key Verification; after the verification is passed, execute the target business transaction, and the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using a second private key for the execution result Stored in the blockchain database locally stored in the node device; sending the execution result and the second digital signature to the business system through the bridge end, so that the business system is based on the second private The second public key corresponding to the key verifies the second digital signature, and after the second digital signature is verified, executes further business processing logic related to the transaction detail data based on the execution result.
根据本说明书一个或多个实施方式的第三方面,提出了、一种区块链交易装置,应用于业务系统;所述业务系统通过桥接端与区块链的节点设备连接;所述装置包括:发送单元,将构建的目标业务交易通过所述桥接端发送至所述区块链的节点设备,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名,以使所述节点设备在进行交易验证时,至少基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证,在验证通过后,执行所述目标业务交易,并将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;通过所述桥接端从所述节点设备获取所述目标业务交易的执行结果和所述第二数字签名;基于与所述第二私钥对应的第二公钥验证所述第二数字签名,并在对所述第二数字签名验证通过后,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。According to the third aspect of one or more embodiments of this specification, a blockchain transaction device is proposed, which is applied to a business system; the business system is connected to a node device of the blockchain through a bridge terminal; the device includes : A sending unit, which sends the constructed target business transaction to the node device of the blockchain through the bridge end, wherein the target business transaction includes the use of the first private key by the business system for the target business transaction The first digital signature generated by the detailed data, so that when the node device performs transaction verification, the first digital signature is verified at least based on the first public key corresponding to the first private key, and after the verification is passed Execute the target business transaction, and store the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result to the node device Locally stored blockchain database; obtain the execution result of the target business transaction and the second digital signature from the node device through the bridge terminal; verify based on the second public key corresponding to the second private key The second digital signature, and after the verification of the second digital signature is passed, execute further business processing logic related to the transaction detail data based on the execution result.
根据本说明书一个或多个实施方式的第四方面,提出了一种区块链交易装置,应用于区块链的节点设备;业务系统通过桥接端与所述区块链的节点设备连接;所述装置包括:获取单元,与所述桥接端连接的节点设备通过所述桥接端获取所述业务系统构建的目标业务交易,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名;验证单元,对所述目标业务交易进行交易验证,所述交易验证至少包括基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证;执行单元,执行所述目标业务交易;存储单元,将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;发送单元,通过所述桥接端向所述业务系统发送所述执行结果和所述第二数字签名,以使所述业务系统基于与所述第二私钥对应的第二公钥验证所述第二数字签名,并在对所述第二数字签名验证通过后,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。According to the fourth aspect of one or more implementations of this specification, a blockchain transaction device is proposed, which is applied to the node equipment of the blockchain; the business system is connected to the node equipment of the blockchain through the bridge terminal; The device includes: an acquiring unit, and a node device connected to the bridge terminal acquires a target business transaction constructed by the business system through the bridge terminal, wherein the target business transaction includes the business system using a first private key for The first digital signature generated by the detailed data of the target business transaction; a verification unit, which performs transaction verification on the target business transaction, the transaction verification at least including a transaction verification based on a first public key corresponding to the first private key The first digital signature is verified; the execution unit executes the target business transaction; the storage unit uses the execution result of the target business transaction and the node device in the blockchain using a second private key as the execution result The generated second digital signature is stored in the blockchain database locally stored in the node device; the sending unit sends the execution result and the second digital signature to the business system through the bridge end, so that the The business system verifies the second digital signature based on the second public key corresponding to the second private key, and after passing the verification of the second digital signature, executes the related transaction detail data based on the execution result The further business processing logic.
根据本说明书一个或多个实施方式的第五方面,提出了一种计算机设备,包括:存储器和处理器;所述存储器上存储有可由所述处理器运行的计算机程序;所述处理器运行所述计算机程序时,执行业务系统所执行的区块链交易方法。According to a fifth aspect of one or more implementation manners of this specification, a computer device is proposed, including: a memory and a processor; the memory stores a computer program that can be run by the processor; When the computer program is described, the blockchain transaction method executed by the business system is executed.
根据本说明书一个或多个实施方式的第六方面,提出了一种计算机设备,包括:存 储器和处理器;所述存储器上存储有可由所述处理器运行的计算机程序;所述处理器运行所述计算机程序时,执行与桥接端连接的节点设备所执行的区块链交易方法。According to the sixth aspect of one or more implementation manners of this specification, a computer device is proposed, including: a memory and a processor; the memory stores a computer program that can be run by the processor; When the computer program is described, the blockchain transaction method executed by the node device connected to the bridge terminal is executed.
本说明书各个实施方式提供的区块链交易方法、装置和计算机设备,在业务系统与区块链节点设备之间设置了桥接端,由桥接端负责向区块链网络转发业务系统构建的交易和向业务系统转发区块链上的交易执行结果。为了防止桥接端作恶,上述业务系统构建的交易包含了业务系统所作的第一数字签名,且与桥接端连接的区块链节点设备在其收录上述交易的区块内包含了区块链的节点设备所作的第二数字签名,通过数字签名验证技术,从而有效降低了桥接端作恶而造成的数据安全风险,提高了业务系统的数据安全性。The blockchain transaction methods, devices, and computer equipment provided by the various implementations of this specification set up a bridge terminal between the business system and the blockchain node equipment, and the bridge terminal is responsible for forwarding the transaction and transaction constructed by the business system to the blockchain network. Forward the transaction execution result on the blockchain to the business system. In order to prevent the bridging end from doing evil, the transaction constructed by the above-mentioned business system includes the first digital signature made by the business system, and the blockchain node device connected to the bridging end includes the node of the blockchain in the block in which the above-mentioned transaction is recorded. The second digital signature made by the device, through the digital signature verification technology, effectively reduces the data security risk caused by the evildoing of the bridge end, and improves the data security of the business system.
附图说明Description of the drawings
图1是一示例性实施方式提供的通过包括业务系统、桥接端和区块链网络的系统来实施区块链交易的示意图;FIG. 1 is a schematic diagram of implementing blockchain transactions through a system including a business system, a bridge terminal, and a blockchain network provided by an exemplary embodiment;
图2是一示例性实施方式提供的区块链交易方法的流程示意图;FIG. 2 is a schematic flowchart of a blockchain transaction method provided by an exemplary embodiment;
图3是一示例性实施方式提供的应用于业务系统的区块链交易装置的示意图;Fig. 3 is a schematic diagram of a blockchain transaction device applied to a business system according to an exemplary embodiment;
图4是一示例性实施方式提供的应用于区块链节点设备端的区块链交易装置的示意图;FIG. 4 is a schematic diagram of a blockchain transaction device applied to a device side of a blockchain node according to an exemplary embodiment;
图5是运行本说明书所提供的区块链交易装置实施方式的一种硬件结构图。Fig. 5 is a hardware structure diagram for running the implementation of the blockchain transaction device provided in this specification.
具体实施方式Detailed ways
这里将详细地对示例性实施方式进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施方式中所描述的实施方式并不代表与本说明书一个或多个实施方式相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本说明书一个或多个实施方式的一些方面相一致的装置和方法的例子。Here, exemplary embodiments will be described in detail, and examples thereof are shown in the accompanying drawings. When the following description refers to the accompanying drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all the embodiments consistent with one or more embodiments in this specification. On the contrary, they are merely examples of devices and methods consistent with some aspects of one or more embodiments of this specification as detailed in the appended claims.
需要说明的是:在其他实施方式中并不一定按照本说明书示出和描述的顺序来执行相应方法的步骤。在一些其他实施方式中,其方法所包括的步骤可以比本说明书所描述的更多或更少。此外,本说明书中所描述的单个步骤,在其他实施方式中可能被分解为多个步骤进行描述;而本说明书中所描述的多个步骤,在其他实施方式中也可能被合并为单个步骤进行描述。It should be noted that in other embodiments, the steps of the corresponding method are not necessarily executed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. In addition, a single step described in this specification may be decomposed into multiple steps for description in other embodiments; and multiple steps described in this specification may also be combined into a single step in other embodiments. describe.
随着区块链支持的应用业务日渐成熟,越来越多的业务系统需要接入区块链网络,以向区块链上发送转账交易、存证交易、或智能合约调用交易,并获得上述交易在区块链上的执行结果。如果将业务系统与区块链网络的节点设备直接连接,为了业务系统的 安全,除业务逻辑外,还需要在业务系统部署网络通信、证书交换、密钥安全及隐私保护等复杂逻辑,业务系统直接接入区块链的成本较高。As the application business supported by the blockchain matures, more and more business systems need to be connected to the blockchain network to send transfer transactions, deposit certificate transactions, or smart contract call transactions to the blockchain, and obtain the above The execution result of the transaction on the blockchain. If the business system is directly connected to the node equipment of the blockchain network, in addition to the business logic, complex logic such as network communication, certificate exchange, key security and privacy protection needs to be deployed in the business system for the security of the business system. The cost of direct access to the blockchain is higher.
鉴于以上的问题,本说明书的一个或多个实施方式提供了一种区块链交易方法,用于业务系统向区块链网络发布交易、且接收交易的执行结果;上述业务系统通过桥接端与区块链的节点设备连接。In view of the above problems, one or more implementations of this specification provide a blockchain transaction method for the business system to publish transactions to the blockchain network and receive the execution results of the transaction; the above-mentioned business system communicates with each other through a bridge The node device connection of the blockchain.
图1是一示例性实施方式提供的通过包括业务系统、桥接端和区块链网络的系统来实施区块链交易的示意图;FIG. 1 is a schematic diagram of implementing blockchain transactions through a system including a business system, a bridge terminal, and a blockchain network provided by an exemplary embodiment;
本说明书一个或多个实施方式所述的业务系统可包括一个或多个部署有业务处理逻辑的业务系统服务器,还可以包括与业务系统服务器连接的、负责网络通信、或密钥计算等其他功能的硬件模块(如HSM硬件安全模块)或独立设备。The business system described in one or more implementations of this specification may include one or more business system servers deployed with business processing logic, and may also include other functions such as connection with the business system server, responsible for network communication, or key calculation. Hardware modules (such as HSM hardware security modules) or stand-alone devices.
本说明书一个或多个实施方式所收到桥接端,是连接业务系统与区块链的任一节点设备的独立设备,或者是被设置于所述业务系统内部的硬件模块,使得业务系统通过该硬件模块与区块链的节点设备连接,还可以是被设置于区块链节点设备内部的硬件模块,在此不作限定。The bridge terminal received in one or more embodiments of this specification is an independent device that connects the business system with any node device of the blockchain, or is a hardware module set inside the business system, so that the business system can pass through the The hardware module is connected to the node device of the blockchain, and may also be a hardware module installed inside the node device of the blockchain, which is not limited here.
具体地,上述业务系统可设置其信任的区块链节点设备,并要求桥接端与上述信任的区块链节点设备通信连接以进行业务交易的执行。Specifically, the above-mentioned business system may set its trusted blockchain node device, and require the bridge terminal to communicate with the above-mentioned trusted blockchain node device to perform business transaction execution.
本说明书一个或多个实施方式所述的区块链或区块链网络,具体可指一个各节点设备通过共识机制达成的、具有分布式数据存储结构的P2P网络系统,该区块链内的账本数据分布在时间上相连的一个个“区块(block)”之内,后一区块可包含前一区块的数据摘要,且根据具体的共识机制(如POW、POS、DPOS或PBFT等)的不同,达成全部或部分节点的数据全备份。The blockchain or blockchain network described in one or more embodiments of this specification can specifically refer to a P2P network system with a distributed data storage structure reached by each node device through a consensus mechanism. Ledger data is distributed in time-connected "blocks". The next block can contain the data summary of the previous block and is based on the specific consensus mechanism (such as POW, POS, DPOS or PBFT, etc.) ) To achieve full backup of all or part of the node data.
本领域的技术人员熟知,由于区块链网络系统在相应共识机制下运行,已收录至区块链数据库内的数据很难被任意的节点篡改,例如采用Pow共识的区块链,至少需要全网51%算力的攻击才有可能篡改已有数据,因此区块链系统有着其他中心化数据库系统所无法比拟的保证数据安全、防攻击篡改的特性。Those skilled in the art are well aware that because the blockchain network system operates under the corresponding consensus mechanism, the data that has been included in the blockchain database is difficult to be tampered with by any node. For example, a blockchain using Pow consensus requires at least full Only 51% of the network's computing power can tamper with existing data. Therefore, the blockchain system has the characteristics of ensuring data security and preventing attack and tampering that other centralized database systems cannot match.
对于物理世界产生的真实数据,可以将其构建成区块链所支持的标准的交易(transaction)格式,然后发布、并广播至区块链的节点设备中,由区块链中的节点设备对收到的交易进行共识处理,并在达成共识后,由区块链中作为记账节点的节点设备,将这笔交易打包进区块,在区块链中进行持久化存证。For the real data generated in the physical world, it can be constructed into a standard transaction format supported by the blockchain, and then published and broadcasted to the node devices of the blockchain. The received transaction is processed by consensus, and after a consensus is reached, the node device as the accounting node in the block chain will package the transaction into the block and carry out persistent storage in the block chain.
无论区块链采用哪种共识算法,记账节点均可以将接收到的交易打包以生成最新区块,并将生成的最新区块或者该最新区块的区块头发送至其它节点设备进行共识验证。如果其它节点设备接收到最新区块或者该最新区块的区块头后,经验证没有问题,可以将该最新区块追加到原有的区块链末尾,从而完成区块链的记账过程。其它节点验证记 账节点发来的新的区块或区块头的过程中,也可以执行该区块中的包含的交易。No matter which consensus algorithm the blockchain uses, the accounting node can package the received transaction to generate the latest block, and send the generated latest block or the block header of the latest block to other node devices for consensus verification . If other node equipment receives the latest block or the block header of the latest block, it is verified that there is no problem, and the latest block can be appended to the end of the original blockchain to complete the accounting process of the blockchain. When other nodes verify the new block or block header sent by the accounting node, they can also execute the transactions contained in the block.
对于大多数区块链模型,通常都会使用Merkle树;或者,基于Merkle树的数据结构,来存储和维护数据。以以太坊为例,以太坊使用了MPT树(一种Merkle树变种),作为数据组织形式,用来组织和管理账户状态、交易信息等重要数据。For most blockchain models, Merkle trees are usually used; or, based on the data structure of Merkle trees, to store and maintain data. Take Ethereum as an example. Ethereum uses MPT tree (a variant of Merkle tree) as a form of data organization to organize and manage important data such as account status and transaction information.
以太坊针对区块链中需要存储和维护的数据,设计了三棵MPT树,分别是MPT状态树、MPT交易树和MPT收据树。其中,除了以上三棵MPT树以外,实际上还存在一棵基于合约账户的存储内容构建的Storage树。Ethereum has designed three MPT trees for the data that needs to be stored and maintained in the blockchain, namely the MPT state tree, the MPT transaction tree and the MPT receipt tree. Among them, in addition to the above three MPT trees, there is actually a Storage tree constructed based on the storage content of the contract account.
MPT状态树,是由区块链中所有账户的账户状态(state)数据组织成的MPT树;MPT交易树,是由区块链中的交易(transaction)数据组织成的MPT树;MPT收据树,是区块中的交易在执行完毕后生成的与每笔交易对应的交易(receipt)收据组织成的MPT树。以上示出的MPT状态树、MPT交易树和MPT收据树的根节点的hash值,最终都会被添加至对应区块的区块头中。MPT state tree is an MPT tree organized by the account state data of all accounts in the blockchain; MPT transaction tree is an MPT tree organized by transaction data in the blockchain; MPT receipt tree , Is the MPT tree organized by the receipt of each transaction generated after the transactions in the block are executed. The hash values of the root nodes of the MPT state tree, MPT transaction tree, and MPT receipt tree shown above will all be added to the block header of the corresponding block eventually.
其中,MPT交易树和MPT收据树均与区块相对应,即每一个区块都有自己的MPT交易树和MPT收据树。而MPT状态树是一个全局的MPT树,并不与某一个特定的区块相对应,而是涵盖了区块链中所有账户的账户状态数据。Among them, the MPT transaction tree and MPT receipt tree correspond to blocks, that is, each block has its own MPT transaction tree and MPT receipt tree. The MPT state tree is a global MPT tree, which does not correspond to a specific block, but covers the account state data of all accounts in the blockchain.
对于组织成的MPT交易树、MPT收据树和MPT状态树,最终都会在采用多级数据存储结构的Key-Value型数据库(比如,LevelDB)中进行存储。对交易的执行方法,可依据交易的类型和内容而具体设定。例如,当交易为转账交易时,区块链的节点设备在收到记账节点发来的新区块后,可依据转账交易所包含的转账值,在本地保存的区块链用户账户状态数据库中,从转账交易的汇出方账户转出与转账值对应的金额,并在接收方用户加入与转账至对应的金额,且该交易的执行结果会以交易日志的形式被保存在节点设备本地状态数据库的收据树(receipt MPT)中。The organized MPT transaction tree, MPT receipt tree, and MPT state tree will eventually be stored in a Key-Value database (for example, LevelDB) that uses a multi-level data storage structure. The execution method of the transaction can be specifically set according to the type and content of the transaction. For example, when the transaction is a transfer transaction, after receiving a new block sent by the accounting node, the node device of the blockchain can store it in the locally stored blockchain user account status database based on the transfer value included in the transfer transaction , The amount corresponding to the transfer value is transferred from the sender account of the transfer transaction, and the recipient user adds and transfers to the corresponding amount, and the execution result of the transaction will be saved in the local state of the node device in the form of a transaction log In the receipt tree (MPT) of the database.
当交易为业务数据存证交易时,区块链的节点设备在收到记账节点发来的新区块后,可将包含上述业务数据存证交易的新区块保存在本地维护的区块链账本数据库(区块block)中,且该交易的执行结果会以交易日志的形式被保存在节点设备本地状态数据库的收据树(receipt MPT)中;When the transaction is a business data certificate transaction, the node device of the blockchain can save the new block containing the business data certificate transaction in the locally maintained blockchain ledger after receiving the new block sent by the accounting node. In the database (block block), and the execution result of the transaction will be stored in the receipt tree (MPT) of the local state database of the node device in the form of a transaction log;
当交易为智能合约调用交易时,区块链的节点设备在收到记账节点发来的新区块后,可在本地虚拟机上执行上述交易调用的智能合约逻辑,除了将该交易的执行结果以交易日志的形式被保存在节点设备本地状态数据库的收据树(receipt MPT)中之外,还可以将智能合约逻辑的执行结果保存在与该智能合约对应的区块链状态数据存储空间中。When the transaction is a smart contract call transaction, the node device of the blockchain can execute the smart contract logic of the transaction call on the local virtual machine after receiving the new block sent by the accounting node, except for the execution result of the transaction In addition to being stored in the receipt tree (MPT) of the local state database of the node device in the form of a transaction log, the execution result of the smart contract logic can also be stored in the blockchain state data storage space corresponding to the smart contract.
需要说明的是,区块链每产生一个最新区块,则在该最新区块中的交易被执行之后,区块链中这些被执行交易的相关账户(可以是外部账户也可以是合约账户)的账户状态,通常也会随之发生变化。例如,当区块中的一笔“转账交易”执行完毕后,与该“转账交易”相关的转出方账户和转入方账户的余额(即这些账户的Balance字段的字段值), 通常也会随之发生变化。It should be noted that each time the blockchain generates a newest block, after the transaction in the latest block is executed, the relevant account of the executed transaction in the blockchain (can be an external account or a contract account) The status of the account will usually change accordingly. For example, when a "transfer transaction" in a block is executed, the balances of the transferor account and transferee account related to the "transfer transaction" (that is, the field value of the Balance field of these accounts) are usually also Will change accordingly.
而节点设备在区块链产生的最新区块中的交易执行完毕后,由于当前区块链中的账户状态发生了变化,因此节点设备需要根据区块链中所有账户当前的账户状态数据,来构建MPT状态树,用于维护区块链中所有账户的最新状态。After the transaction of the node device in the latest block generated by the blockchain is completed, because the account status in the current blockchain has changed, the node device needs to use the current account status data of all accounts in the blockchain to Construct the MPT state tree to maintain the latest state of all accounts in the blockchain.
也即,每当区块链中产生一个最新区块,并且该最新区块中的交易执行完毕后,导致区块链中的账户状态发生了变化,节点设备都需要基于区块链中所有账户最新的账户状态数据,重新构建一棵MPT状态树。换句话说,区块链中每一个区块,都有一个与之对应的MPT状态树;该MPT状态树,维护了在该区块中的交易在执行完毕后,区块链中所有账户最新的账户状态。That is, whenever a newest block is generated in the blockchain, and the transaction in the latest block is executed, the account status in the blockchain changes, and the node device needs to be based on all accounts in the blockchain With the latest account status data, rebuild an MPT status tree. In other words, each block in the blockchain has a corresponding MPT state tree; the MPT state tree maintains that after the transactions in the block are executed, all accounts in the blockchain are up to date The status of the account.
区块链一般被划分为三种类型:公有链(Public Blockchain),私有链(Private Blockchain)和联盟链(Consortium Blockchain)。此外,还可以有上述多种类型的结合,比如私有链+联盟链、联盟链+公有链等。Blockchain is generally divided into three types: Public Blockchain, Private Blockchain and Consortium Blockchain. In addition, there can also be a combination of the above types, such as private chain + consortium chain, consortium chain + public chain, and so on.
其中,去中心化程度最高的是公有链。公有链以比特币、以太坊为代表,加入公有链的参与者(也可称为区块链中的节点)可以读取链上的数据记录、参与交易、以及竞争新区块的记账权等。而且,各节点可自由加入或者退出网络,并进行相关操作。Among them, the most decentralized one is the public chain. The public chain is represented by Bitcoin and Ethereum. Participants who join the public chain (also called nodes in the blockchain) can read the data records on the chain, participate in transactions, and compete for the accounting rights of new blocks, etc. . Moreover, each node can freely join or exit the network, and perform related operations.
私有链则相反,该网络的写入权限由某个组织或者机构控制,数据读取权限受组织规定。简单来说,私有链可以为一个弱中心化系统,其对节点具有严格限制且节点数量较少。这种类型的区块链更适合于特定机构内部使用。The private chain is the opposite. The write permission of the network is controlled by an organization or institution, and the data read permission is regulated by the organization. In simple terms, a private chain can be a weakly centralized system with strict restrictions on nodes and a small number of nodes. This type of blockchain is more suitable for internal use by specific institutions.
联盟链则是介于公有链以及私有链之间的区块链,可实现“部分去中心化”。联盟链中各个节点通常有与之相对应的实体机构或者组织;节点通过授权加入网络并组成利益相关联盟,共同维护区块链运行。Consortium chain is a block chain between public chain and private chain, which can realize "partial decentralization". Each node in the alliance chain usually has a corresponding entity or organization; nodes are authorized to join the network and form a stakeholder alliance to jointly maintain the operation of the blockchain.
可以预期,本说明书所提供的实施方式能够在任何合适类型的区块链网络中实现。It can be expected that the implementation provided in this specification can be implemented in any suitable type of blockchain network.
如图2所示,本说明书提供的一个或多个实施方式所提供的区块链交易方法,包括:As shown in Figure 2, the blockchain transaction method provided by one or more implementations provided in this specification includes:
步骤202,所述业务系统将构建的目标业务交易通过所述桥接端发送至所述区块链的节点设备,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名。Step 202: The business system sends the constructed target business transaction to the node device of the blockchain through the bridge end, where the target business transaction includes the business system using the first private key as the target The first digital signature generated by the detailed data of the business transaction.
业务系统可基于业务需要构建目标业务交易,该目标业务交易可包含与业务处理相关的明细数据,和业务系统使用持有的第一私钥为上述明细数据生成的第一数字签名。具体地,上述第一数字签名可针对上述明细数据的原文、或上述明细数据的哈希摘要等衍生数据而做出。The business system may construct a target business transaction based on business needs, the target business transaction may include detailed data related to business processing, and a first digital signature generated by the business system using the first private key held by the business system for the detailed data. Specifically, the first digital signature may be made for derived data such as the original text of the detailed data or the hash digest of the detailed data.
为进一步地提高密钥安全性,上述第一私钥被保存在业务系统搭载的硬件安全模块HSM中。硬件安全模块HSM是用于保护和管理业务系统所使用的密钥,并同时提供相关密钥运算操作(如数字签名操作)的计算机硬件设备,例如,业务系统可使用包括上 述明细数据的指令,调用HSM执行基于其存储的第一私钥对上述明细数据生成第一数字签名的密钥运算服务,并从HSM中直接获取上述第一数字签名。进一步地,业务系统可以将上述明细数据和第一数字签名按照交易的格式封装成目标业务交易,再将该目标业务交易发送到桥接端。In order to further improve the key security, the above-mentioned first private key is stored in the hardware security module HSM carried by the business system. The hardware security module HSM is a computer hardware device used to protect and manage the keys used by the business system, and at the same time provide related key calculation operations (such as digital signature operations). For example, the business system can use instructions that include the above detailed data. Invoke the HSM to execute the key calculation service of generating the first digital signature on the above-mentioned detailed data based on the stored first private key, and directly obtain the above-mentioned first digital signature from the HSM. Further, the business system may encapsulate the above-mentioned detailed data and the first digital signature into a target business transaction according to the transaction format, and then send the target business transaction to the bridge end.
步骤204,所述桥接端将所述目标业务交易转发至与桥接端连接的节点设备。Step 204: The bridge terminal forwards the target service transaction to the node device connected to the bridge terminal.
在本实施方式中,上述桥接端可以与上述区块链网络中的一个或多个节点设备连接,并将上述目标业务交易转发至一个或多个节点设备中;获得上述目标业务交易的节点设备可继续在区块链网络中广播转发上述目标业务交易。In this embodiment, the above-mentioned bridge terminal can be connected to one or more node devices in the above-mentioned blockchain network, and forward the above-mentioned target business transaction to one or more node devices; the node device that obtains the above-mentioned target business transaction You can continue to broadcast and forward the above-mentioned target business transactions in the blockchain network.
步骤206,所述区块链中的节点设备(包括与桥接端连接的节点设备)在进行交易验证时,至少基于与所述第一私钥对应的第一公钥对上述第一数字签名进行验证,并在验证通过后,执行所述目标业务交易。Step 206: When the node device (including the node device connected to the bridge terminal) in the blockchain performs transaction verification, at least perform the first digital signature on the first public key corresponding to the first private key. Verify, and after the verification is passed, execute the target business transaction.
与上述桥接端对应的一个或多个节点设备,或者区块链中的节点设备,可保存有与业务系统持有的第一私钥对应的第一公钥。在实现时,业务系统可在申请加入上述区块链网络时,或者,在上述连接有桥接端的业务系统与上述一个或多个节点设备进行初始化连接时,将上述业务系统持有的第一私钥对应的第一公钥,通过上述桥接端转发、或者通过业务系统与上述一个或多个节点设备直接通信的方式,将上述第一公钥传输给上述一个或多个节点设备,或者所述区块链中的节点设备。本说明书并不限定区块链的节点设备获取上述第一公钥的具体方式。One or more node devices corresponding to the above-mentioned bridge terminal, or node devices in the blockchain, may store the first public key corresponding to the first private key held by the business system. In the implementation, the business system can apply for joining the above-mentioned blockchain network, or when the above-mentioned business system connected with the bridge terminal and the above-mentioned one or more node devices are initialized and connected, the first private held by the above-mentioned business system The first public key corresponding to the key is forwarded through the above-mentioned bridging terminal or directly communicated with the above-mentioned one or more node devices through the service system, and the above-mentioned first public key is transmitted to the above-mentioned one or more node devices, or the Node equipment in the blockchain. This specification does not limit the specific way for the node device of the blockchain to obtain the above-mentioned first public key.
而且,为了进一步保证业务系统的安全性,业务系统还可定期更新上述第一私钥-第一公钥对,并将更新后的第一公钥传输至区块链的节点设备中。Moreover, in order to further ensure the security of the business system, the business system may also periodically update the aforementioned first private key-first public key pair, and transmit the updated first public key to the node device of the blockchain.
步骤208,与桥接端连接的节点设备将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至与桥接端连接的节点设备本地存储的区块链数据库。 Step 208, the node device connected to the bridge terminal stores the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result to the bridge terminal The blockchain database stored locally on the connected node device.
在一实施方式中,所述第二数字签名为所述区块链的节点设备使用持有的第二私钥、为收录所述目标业务交易的目标区块的区块头中存储的状态数据库的认证根生成的数字签名。In one embodiment, the second digital signature is the second private key held by the node device of the blockchain, and is the status database stored in the block header of the target block that contains the target business transaction. The digital signature generated by the certification root.
区块链的节点设备接收共识验证后的目标区块后,可执行目标区块中收录的交易,并将交易的执行结果、即交易执行完毕后的状态数据存储在区块链状态数据库中。本实施方式所述的认证根,是由该目标区块中所有交易对应的状态数据衍生生成的、或者所有交易的执行结果数据衍生生成的、可为目标区块内的任一交易的执行结果数据进行认证验证的数值,该数值可保存在目标区块的区块头内。After receiving the target block after consensus verification, the node device of the blockchain can execute the transaction included in the target block, and store the execution result of the transaction, that is, the state data after the transaction is executed, in the blockchain state database. The authentication root described in this embodiment is derived from the state data corresponding to all transactions in the target block, or derived from the execution result data of all transactions, and can be the execution result of any transaction in the target block The value of the data for authentication verification, which can be stored in the block header of the target block.
例如,以太坊针对区块链中需要存储和维护的数据,设计了三棵MPT树,分别是MPT状态树、MPT交易树和MPT收据树。其中,除了以上三棵MPT树以外,实际上 还存在一棵基于合约账户的存储内容构建的Storage树。For example, Ethereum has designed three MPT trees for the data that needs to be stored and maintained in the blockchain, namely the MPT state tree, the MPT transaction tree and the MPT receipt tree. Among them, in addition to the above three MPT trees, there is actually a Storage tree constructed based on the storage content of the contract account.
MPT状态树,是由区块链中所有账户的账户状态(state)数据组织成的MPT树;MPT交易树,是由区块链中的交易(transaction)数据组织成的MPT树;MPT收据树,是区块中的交易在执行完毕后生成的与每笔交易对应的交易日志收据(receipt)组织成的MPT树,上述交易日志收据包含交易的执行结果。以上示出的MPT状态树、MPT交易树和MPT收据树的根节点的hash值,最终都会被添加至对应区块的区块头中。此时,上述实施方式所述的状态数据库为基于与所述目标区块中存储的交易对应的状态数据构建的默克尔树(MPT状态树或者MPT状态树);所述认证根为所述默克尔树(MPT状态树或者MPT状态树)的root hash。MPT state tree is an MPT tree organized by the account state data of all accounts in the blockchain; MPT transaction tree is an MPT tree organized by transaction data in the blockchain; MPT receipt tree , Is an MPT tree organized into transaction log receipts (receipts) corresponding to each transaction generated after the transactions in the block are executed, and the transaction log receipts contain the execution results of the transaction. The hash values of the root nodes of the MPT state tree, MPT transaction tree, and MPT receipt tree shown above will all be added to the block header of the corresponding block eventually. At this time, the state database described in the foregoing embodiment is a Merkel tree (MPT state tree or MPT state tree) constructed based on the state data corresponding to the transaction stored in the target block; the authentication root is the The root hash of the Merkel tree (MPT state tree or MPT state tree).
当然,本实施方式并未将上述区块链限定为以太坊架构,本领域技术人员可至少为目标业务交易的执行结果、或目标业务交易执行后的状态数据设计特定衍生规则而得到的认证根,并将该认证根收录于目标区块的区块头中,以基于该认证根实现对目标业务交易的验证。Of course, this embodiment does not limit the above-mentioned blockchain to the Ethereum architecture. Those skilled in the art can at least design specific derivative rules for the execution result of the target business transaction or the state data after the execution of the target business transaction. , And include the authentication root in the block header of the target block to realize the verification of the target business transaction based on the authentication root.
本实施方式未限定对上述目标区块的区块头中的认证根生成数字签名的节点设备的角色,也未限定对上述目标区块的区块头中的认证根生成数字签名的存储位置。This embodiment does not limit the role of the node device that generates the digital signature for the authentication root in the block header of the target block, nor does it limit the storage location for generating the digital signature for the authentication root in the block header of the target block.
在一实施方式中,上述第二数字签名是由所述区块链的记账节点设备使用其持有的第二私钥生成,所述第二数字签名被保存在所述区块链存储的目标区块的区块头。In one embodiment, the above-mentioned second digital signature is generated by the accounting node device of the blockchain using a second private key held by it, and the second digital signature is stored in the blockchain. The block header of the target block.
区块链的记账节点在接收到上述目标业务交易后,在将上述目标业务交易打包至目标区块时,使用记账节点持有的第二私钥、为目标区块的区块头中的认证根生成第二数字签名,并将该第二数字签名也收录于目标区块的区块头中。记账节点将包含上述第二数字签名的目标区块广播至区块链网络中的节点设备以进行共识验证。上述区块链的记账节点的选举方式、新生区块中包括的交易的收录方式、及对新生区块的共识验证的具体方式内容也基于区块链共识机制的不同而不同,在此不作限定。After receiving the above target business transaction, the accounting node of the blockchain uses the second private key held by the accounting node when packaging the above target business transaction into the target block, which is the block header of the target block. The authentication root generates a second digital signature, and the second digital signature is also included in the block header of the target block. The accounting node broadcasts the target block containing the second digital signature to the node device in the blockchain network for consensus verification. The election method of the above-mentioned blockchain's accounting nodes, the collection method of the transactions included in the new block, and the specific method of consensus verification of the new block are also different based on the difference of the blockchain consensus mechanism, and will not be discussed here. limited.
当上述目标区块通过区块链网络中节点设备的共识验证(包括上述一实施方式所述的对第一数字签名的验证),区块链中的节点设备可执行上述目标区块链中包含的交易,并将包含上述记账节点作出的第二数字签名的目标区块存储在该节点设备本地保存的区块链数据库中。When the above-mentioned target block passes the consensus verification of the node device in the blockchain network (including the verification of the first digital signature described in the above-mentioned embodiment), the node device in the blockchain can execute the above-mentioned target block chain. And store the target block containing the second digital signature made by the above-mentioned accounting node in the blockchain database stored locally in the node device.
在又一实施方式中,上述第二数字签名由与桥接端连接的节点设备使用其持有的第二私钥生成,所述第二数字签名被保存在与桥接端连接的节点设备本地存储的所述目标区块的区块头。In another embodiment, the above-mentioned second digital signature is generated by the node device connected to the bridge terminal using a second private key held by it, and the second digital signature is stored in a local storage of the node device connected to the bridge terminal. The block header of the target block.
在本实施方式中,区块链的记账节点在接收到上述目标业务交易后,可将上述目标业务交易打包至目标区块,再将该目标区块广播至区块链网络中的节点设备以进行共识验证。上述区块链的记账节点的选举方式、新生区块中包括的交易的收录方式、及对新生区块的共识验证的具体方式内容也基于区块链共识机制的不同而不同,在此不作限定。In this embodiment, after receiving the above-mentioned target business transaction, the accounting node of the blockchain can package the above-mentioned target business transaction into a target block, and then broadcast the target block to the node device in the blockchain network For consensus verification. The election method of the above-mentioned blockchain's accounting nodes, the collection method of the transactions included in the new block, and the specific method of consensus verification of the new block are also different based on the difference of the blockchain consensus mechanism, and will not be discussed here. limited.
上述与桥接端连接的一个或多个节点设备,在收到包括上述目标业务交易的目标区块后,即可通过执行上述目标区块收录的每个交易,在本地存储的区块链状态数据库中存储上述每个交易的执行结果、更新每个交易对应的状态数据;当与桥接端连接的一个或多个节点设备在其本地存储上述目标区块时,可使用自身持有的第二私钥、为上述目标区块的区块头中的认证根生成第二数字签名,并将该第二数字签名保存在该节点设备本地存储的目标区块的区块头。The above-mentioned one or more node devices connected to the bridge terminal, after receiving the target block including the above-mentioned target business transaction, can execute each transaction included in the above-mentioned target block, and store it in the blockchain state database locally Store the execution results of each of the above transactions and update the state data corresponding to each transaction; when one or more node devices connected to the bridge end store the above target blocks locally, they can use their own second private The key generates a second digital signature for the authentication root in the block header of the target block, and saves the second digital signature in the block header of the target block stored locally in the node device.
值得注意的是,本实施方式中所述的、由与桥接端连接的节点设备基于其持有的第二私钥对目标区块的区块头中的认证根所作的第二数字签名,仅仅是为了防止桥接端作恶、以方便该业务系统对目标业务交易的执行结果进行验证,由与桥接端连接的节点设备保存在其本地存储的目标区块的区块头中的,区块链中的其他节点设备接收到上述记账节点广播的目标区块中并未包含上述第二数字签名。It is worth noting that the second digital signature made by the node device connected to the bridge terminal in this embodiment to the authentication root in the block header of the target block based on the second private key it holds is only In order to prevent the bridging end from doing evil and to facilitate the business system to verify the execution results of the target business transaction, the node device connected to the bridging end saves it in the block header of the target block stored locally. Others in the blockchain The node device receives the target block broadcast by the accounting node that does not include the second digital signature.
在又一实施方式中,在与桥接端连接的节点设备执行上述目标业务交易后,可使用该节点设备其持有的第二私钥、为上述目标业务交易的执行结果生成第二数字签名。In another embodiment, after the node device connected to the bridge terminal executes the above-mentioned target service transaction, the second private key held by the node device can be used to generate a second digital signature for the execution result of the above-mentioned target service transaction.
以基于以太坊架构的账户型区块链为例,当目标业务交易为转账交易时,区块链的节点设备在收到记账节点发来的目标区块后,可依据转账交易所包含的转账值,在本地保存的区块链状态数据库中,从转账交易的汇出方账户转出与转账值对应的金额,并在接收方用户加入与转账至对应的金额,且该交易的执行结果会以交易日志的形式被保存在节点设备本地状态数据库的收据树(receipt MPT)中。Take the account-type blockchain based on the Ethereum architecture as an example. When the target business transaction is a transfer transaction, the node device of the blockchain can receive the target block sent by the accounting node according to the transfer transaction. Transfer value, in the locally stored blockchain state database, transfer the amount corresponding to the transfer value from the sender account of the transfer transaction, and add and transfer to the corresponding amount on the receiving user, and the execution result of the transaction It will be stored in the receipt tree (receipt MPT) of the local state database of the node device in the form of a transaction log.
当目标业务交易为业务数据存证交易时,区块链的节点设备在收到记账节点发来的目标区块后,可将该交易的执行结果会以交易日志的形式被保存在节点设备本地维护的区块链状态数据库的收据树(receipt MPT)中。When the target business transaction is a business data deposit transaction, the node device of the blockchain can save the execution result of the transaction on the node device in the form of a transaction log after receiving the target block sent by the accounting node. In the receipt tree (MPT) of the locally maintained blockchain state database.
当目标业务交易为智能合约调用交易时,区块链的节点设备在收到记账节点发来的目标区块后,可在本地虚拟机上执行上述交易调用的智能合约逻辑,除了将该交易的执行结果以交易日志的形式被保存在节点设备本地状态数据库的收据树(receipt MPT)中之外,还可将智能合约逻辑的执行结果保存在与该智能合约对应的账户存储空间(storage MPT)中。When the target business transaction is a smart contract call transaction, the node device of the blockchain can execute the smart contract logic of the transaction call on the local virtual machine after receiving the target block sent by the accounting node, except for the transaction The execution results of the smart contract are stored in the receipt tree (receipt MPT) of the local state database of the node device in the form of transaction logs, and the execution results of the smart contract logic can also be stored in the account storage space (storage MPT) corresponding to the smart contract. )middle.
通过执行上述目标业务交易,上述目标业务交易的执行结果即被保存在节点设备本地存储的区块链状态数据库中。在本实施方式中,为了防止在向业务系统通知目标业务交易的执行结果时桥接端作恶,与上述桥接端连接的一个或多个节点设备可在对上述目标业务交易验证通过、收录包含目标业务交易的目标区块时,执行所述目标业务交易,并使用持有的第二私钥对该目标业务交易的执行结果生成第二数字签名。By executing the foregoing target business transaction, the execution result of the foregoing target business transaction is stored in the blockchain state database stored locally in the node device. In this embodiment, in order to prevent the bridging end from doing evil when notifying the business system of the execution result of the target business transaction, one or more node devices connected to the bridging end can verify the target business transaction and include the target business. When the target block of the transaction is executed, the target business transaction is executed, and a second digital signature is generated for the execution result of the target business transaction using the held second private key.
具体地,上述与桥接端连接的节点设备可对上述目标业务交易的执行结果明文进行数字签名运算,以得到上述第二数字签名;或者,对于一些目标业务交易,其执行结果可占用较大的容量,此时上述节点设备也可对上述执行结果的验证数据,例如,上述执 行结果的哈希摘要进行数字签名运算,以得到上述第二数字签名。Specifically, the node device connected to the bridge terminal may perform a digital signature operation on the plaintext of the execution result of the target business transaction to obtain the second digital signature; or, for some target business transactions, the execution result may occupy a large amount of At this time, the node device may also perform a digital signature operation on the verification data of the execution result, for example, the hash digest of the execution result, to obtain the second digital signature.
类似的,本实施方式中所述的、由与桥接端连接的节点设备基于其持有的第二私钥对目标业务交易的执行结果所作的第二数字签名,仅仅是为了防止桥接端作恶、以方便该业务系统对目标业务交易的执行结果进行验证,由与桥接端连接的节点设备保存在其本地存储的区块链数据库中的,区块链中的其他节点设备由于没有与上述业务系统的通信需求,而无需对上述目标业务交易的执行结果进行数字签名、也无需在其本地存储的区块链数据库中保存上述数字签名。Similarly, the second digital signature made by the node device connected to the bridge terminal based on the second private key held by it to the execution result of the target business transaction described in this embodiment is only to prevent the bridge terminal from doing evil. In order to facilitate the business system to verify the execution results of the target business transaction, the node device connected to the bridge terminal is stored in its locally stored blockchain database. Other node devices in the blockchain are not connected to the above-mentioned business system. There is no need to digitally sign the execution result of the above-mentioned target business transaction, and there is no need to store the above-mentioned digital signature in its locally stored blockchain database.
在本实施方式中,并不限定上述第二数字签名在与上述桥接端连接的节点设备本地的区块链数据库中的具体存储位置。由于为方便桥接端或业务系统验证目标业务交易确实已被收录至目标区块,节点设备可通过向桥接端发送整个目标区块的方式,向桥接端或业务系统通知上述目标业务交易被区块链收录,为了进一步地方便通知,减少节点设备与桥接端的信息交互步骤,上述节点设备可将上述执行结果和第二数字签名、或者上述执行结果的验证数据(如执行结果的哈希摘要)和第二数字签名存储在目标区块中,例如,目标区块的区块头中,以通过桥接端从该节点设备直接拉取目标区块的方式,获取到上述执行结果和第二数字签名。In this embodiment, the specific storage location of the second digital signature in the local blockchain database of the node device connected to the bridge terminal is not limited. In order to facilitate the bridge end or business system to verify that the target business transaction is indeed included in the target block, the node device can notify the bridge end or business system that the target business transaction is blocked by sending the entire target block to the bridge end. In order to further facilitate the notification and reduce the information interaction steps between the node device and the bridge terminal, the node device may combine the execution result and the second digital signature, or the verification data of the execution result (such as the hash digest of the execution result) and The second digital signature is stored in the target block, for example, in the block header of the target block. The execution result and the second digital signature are obtained by directly pulling the target block from the node device through the bridge terminal.
或者,为方便与桥接端连接的节点设备查询上述执行结果和为上述执行结果生成的第二数字签名,上述第二数字签名可被该节点设备与执行结果对应保存在状态数据库中,例如,将上述第二数字签名和执行结果对应保存在上述目标区块对应的收据树中,或者将上述第二数字签名和执行结果对应保存在目标业务交易所调用的智能合约的账户存储空间,等等。Or, in order to facilitate the node device connected to the bridge terminal to query the execution result and the second digital signature generated for the execution result, the second digital signature can be stored in the state database by the node device corresponding to the execution result, for example, The second digital signature and execution result are correspondingly stored in the receipt tree corresponding to the target block, or the second digital signature and execution result are correspondingly stored in the account storage space of the smart contract called by the target business transaction, and so on.
步骤210,所述桥接端将与其连接的节点设备发送的所述目标业务交易的执行结果和所述第二数字签名转发至所述业务系统。Step 210: The bridge terminal forwards the execution result of the target service transaction and the second digital signature sent by the node device connected to the bridge terminal to the service system.
与桥接端连接的节点设备可从其本地存储的区块链数据库中,获取上述执行结果和第二数字签名,再将上述执行结果和第二数字签名发送至桥接端,以使桥接端可将上述执行结果和第二数字签名转发至业务系统。The node device connected to the bridge terminal can obtain the above-mentioned execution result and the second digital signature from its locally stored blockchain database, and then send the above-mentioned execution result and the second digital signature to the bridge terminal, so that the bridge terminal can The above execution result and the second digital signature are forwarded to the business system.
在一实施方式中,当上述第二数字签名是区块链的记账节点为收录目标业务交易的目标区块的区块头中存储的状态数据库的认证根所生成的,或者,当上述第二数字签名是与桥接端连接的节点设备为上述认证根所生成的,业务系统除了验证所述第二数字签名是所述记账节点设备、或者与桥接端连接的节点设备为上述区块头中包含的认证根生成的,还需验证上述目标业务交易的执行结果与上述区块头中包含的认证根的认证对应关系,即验证上述执行结果是否确实被收录于与所述目标区块对应的区块链状态数据库。In one embodiment, when the second digital signature is generated by the accounting node of the blockchain for the authentication root of the state database stored in the block header of the target block of the target business transaction, or when the second The digital signature is generated by the node device connected to the bridge terminal for the above authentication root, and the business system verifies that the second digital signature is the accounting node device or the node device connected to the bridge terminal is included in the above block header. If the authentication root is generated, it is also necessary to verify the authentication correspondence between the execution result of the target business transaction and the authentication root contained in the block header, that is, verify whether the execution result is indeed included in the block corresponding to the target block The chain state database.
此时,上述与桥接端连接的节点设备还需向桥接端发送与目标区块对应的状态数据,上述状态数据可包括,基于与所述目标区块中存储的交易对应的状态数据构建的默克尔树(如MPT状态树或MPT收据树),上述默克尔树包含上述目标业务交易的执行结果, 以使桥接端将上述状态数据转发至业务系统,由业务系统基于包含上述执行结果的状态数据是否可衍生得到上述认证根,如果可以得到,即证明所述目标业务交易的执行结果确实被收录于与所述目标区块对应的区块链状态数据库。At this time, the node device connected to the bridge terminal also needs to send state data corresponding to the target block to the bridge terminal. The state data may include a default constructed based on the state data corresponding to the transaction stored in the target block. Kerr tree (such as MPT state tree or MPT receipt tree), the Merkel tree contains the execution result of the above target business transaction, so that the bridge end forwards the above state data to the business system, and the business system is based on the execution result that contains the above execution result. Whether the state data can be derived to obtain the above authentication root, if it can be obtained, it is proved that the execution result of the target business transaction is indeed included in the blockchain state database corresponding to the target block.
值得注意的是,上述业务系统可在其本地保存区块链中节点设备、或与该桥接端对接的节点设备所对应的公钥,以方便对上述第二数字签名进行验证。It is worth noting that the above-mentioned business system may locally store the public key corresponding to the node device in the blockchain or the node device connected with the bridge terminal to facilitate the verification of the above-mentioned second digital signature.
在又一实施方式中,第二数字签名是与桥接端连接的节点设备使用第二私钥对所述执行结果的原文而做出的,与桥接端连接的节点设备可将上述执行结果和所述第二数字签名保存在其本地存储的目标区块的区块头内。所述桥接端可定时监听与其连接的节点设备以获取节点设备存储的目标区块。或者,上述节点设备在将上述执行结果和第二数字签名保存在目标区块后,向桥接端发送目标业务交易被收录的通知。该通知可包括目标区块的区块高度和所述目标业务交易的检索标识,以便上述桥接端从所述节点设备拉取所述目标区块,并基于上述检索标识查验上述目标业务交易被收录于所述目标区块。In yet another embodiment, the second digital signature is made by the node device connected to the bridge terminal using the second private key to write the original text of the execution result, and the node device connected to the bridge terminal can compare the execution result with the result of the execution. The second digital signature is stored in the block header of the target block stored locally. The bridge terminal can monitor the node device connected to it regularly to obtain the target block stored by the node device. Alternatively, the node device, after storing the execution result and the second digital signature in the target block, sends a notification to the bridge end that the target business transaction is included. The notification may include the block height of the target block and the retrieval identifier of the target business transaction, so that the bridge terminal can pull the target block from the node device and check that the target business transaction is included based on the retrieval identifier. In the target block.
在又一实施方式中,上述第二数字签名是与所述桥接端连接的节点设备使用所述第二私钥对所述执行结果的哈希摘要而做出的,所述执行结果的哈希摘要和所述第二数字签名被保存在该节点设备本地存储的所述目标区块的区块头。上述节点设备在将上述执行结果的哈希值和第二数字签名保存在目标区块的区块头后,可向桥接端发送目标业务交易被收录的通知,该通知可包括目标区块的区块高度和所述目标业务交易的检索标识(例如目标业务交易的TXID或交易序列号),以方便上述桥接端从所述节点设备拉取所述目标区块,并基于该检索标识向上述节点设备问询目标业务交易的执行结果;上述节点设备基于上述检索标识,在其本地维护的区块链状态数据库中查询到与上述目标业务交易对应的执行结果,并将上述执行结果返回至桥接端,以使所述桥接端将上述执行结果转发至业务系统。In another embodiment, the above-mentioned second digital signature is made by a node device connected to the bridge terminal using the second private key to a hash digest of the execution result, the hash of the execution result The digest and the second digital signature are stored in the block header of the target block stored locally in the node device. After storing the hash value of the execution result and the second digital signature in the block header of the target block, the node device may send a notification that the target business transaction is included to the bridge end, and the notification may include the block of the target block Height and the retrieval identifier of the target business transaction (for example, the TXID or transaction serial number of the target business transaction), so that the bridge terminal can pull the target block from the node device and send it to the node device based on the retrieval identifier. Inquire about the execution result of the target business transaction; based on the search identifier, the node device queries the execution result corresponding to the target business transaction in its locally maintained blockchain state database, and returns the execution result to the bridge end, So that the bridging end forwards the execution result to the business system.
在又一实施方式中,上述第二数字签名是与所述桥接端连接的节点设备使用所述第二私钥对所述执行结果的原文、或所述执行结果的哈希摘要而做出的,且所述第二数字签名与所述执行结果被对应保存在该节点设备本地存储的区块链状态数据库中。该节点设备可直接从其本地存储的区块链状态数据库中获取所述执行结果的原文和所述第二数字签名,并将上述执行结果的原文和所述第二数字签名由桥接端转发至业务系统。In another embodiment, the above-mentioned second digital signature is made by a node device connected to the bridge terminal using the second private key on the original text of the execution result or the hash digest of the execution result , And the second digital signature and the execution result are correspondingly saved in the blockchain state database stored locally in the node device. The node device can directly obtain the original text of the execution result and the second digital signature from its locally stored blockchain state database, and forward the original text of the execution result and the second digital signature from the bridge end to business system.
步骤212,所述业务系统基于与所述第二私钥对应的第二公钥验证所述第二数字签名,并在对所述第二数字签名验证通过后,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。Step 212: The service system verifies the second digital signature based on the second public key corresponding to the second private key, and after the verification of the second digital signature is passed, executes the transaction based on the execution result. Describe the further business processing logic related to the transaction detail data.
上述业务系统可在其本地维护其信任的区块链节点设备(例如上述记账节点)、或与桥接端连接的节点设备的公钥列表,在收到上述桥接端转发的所述执行结果和第二数字签名后,上述业务系统可从上述公钥列表中获取与上述节点设备持有的第二私钥对应的第二公钥,并基于该第二公钥对上述第二数字签名进行验证。The above-mentioned business system can maintain its trusted blockchain node equipment (such as the above-mentioned accounting node) or the public key list of the node equipment connected to the bridge terminal locally, and receive the execution result and forwarded by the above-mentioned bridge terminal. After the second digital signature, the business system can obtain the second public key corresponding to the second private key held by the node device from the public key list, and verify the second digital signature based on the second public key .
当上述第二数字签名是基于目标区块的区块头所包括的认证根所生成时,除了对上述第二数字签名进行验证,业务系统还需基于桥接端所转发的区块链的状态数据库数据,例如与目标区块基于与所述目标区块中存储的交易对应的状态数据构建的默克尔树(MPT收据树或MPT状态树),或目标业务交易所调用的智能合约的账户空间所存储的状态数据树,来验证所述认证根与执行结果的认证对应关系。业务系统可对包含目标业务交易的目标区块内的所有交易的执行结果的值执行默克尔树根生成计算,以验证其计算所得的默克尔树的树根与上述区块头中的认证根是否一致;上述两根值一致时,即代表上述执行结果可由上述认证根认证,且上述执行结果被收录在可生成上述认证根的区块链状态数据库中。When the above-mentioned second digital signature is generated based on the authentication root included in the block header of the target block, in addition to verifying the above-mentioned second digital signature, the business system also needs to be based on the state database data of the blockchain forwarded by the bridge end For example, the Merkel tree (MPT receipt tree or MPT state tree) constructed by the target block based on the state data corresponding to the transaction stored in the target block, or the account space of the smart contract called by the target business exchange The stored state data tree is used to verify the authentication correspondence between the authentication root and the execution result. The business system can perform Merkel tree root generation calculations on the values of the execution results of all transactions in the target block containing the target business transaction to verify the calculated root of the Merkel tree and the authentication in the block header. Whether the roots are consistent; when the two root values are consistent, it means that the execution result can be authenticated by the authentication root, and the execution result is included in the blockchain state database that can generate the authentication root.
当上述第二数字签名是与桥接端连接的节点设备使用第二私钥至少对执行结果的哈希摘要所作出时,除了对上述第二数字签名进行验证,所述业务系统还需验证所述执行结果的哈希摘要与所述执行结果是否匹配。When the second digital signature is made by the node device connected to the bridge terminal using the second private key to at least the hash digest of the execution result, in addition to verifying the second digital signature, the business system also needs to verify the Whether the hash digest of the execution result matches the execution result.
在对第二数字签名的验证通过,或者且对所述执行结果与认证根的认证对应关系验证通过,或者且对所述执行结果的哈希摘要与执行结果的原文一致验证通过后,执行与所述交易明细数据相关的业务处理逻辑。After the verification of the second digital signature is passed, or the authentication correspondence between the execution result and the authentication root is verified, or the hash digest of the execution result is consistent with the original text of the execution result, the execution and The business processing logic related to the transaction detail data.
在一实施方式中,上述交易明细数据包括区块链转账数据,上述目标业务交易为转账交易。当上述转账交易被收录到区块链的目标区块后,节点设备可依据转账交易所包含的转账值,在本地保存的区块链用户账户状态数据库中,从转账交易的汇出方账户转出与转账值对应的金额,并在接收方用户加入与转账至对应的金额。上述区块链的用户账户余额值及转账值对应的是区块链上流通的虚拟货币(Token),该虚拟货币可以仅仅作为与链下的实际资产对应的货币符号,在链上进行资产流通过程的存证。In one embodiment, the transaction detail data includes blockchain transfer data, and the target business transaction is a transfer transaction. After the above transfer transaction is included in the target block of the blockchain, the node device can transfer from the sender account of the transfer transaction in the locally stored blockchain user account status database according to the transfer value included in the transfer transaction. The amount corresponding to the transfer value is output, and the recipient user adds and transfers to the corresponding amount. The user account balance value and transfer value of the above blockchain correspond to the virtual currency (Token) circulating on the blockchain. The virtual currency can only be used as a currency symbol corresponding to the actual assets under the chain to circulate assets on the chain. Proof of the process.
当上述转账交易在区块链上被执行成功后,业务系统需在链外执行与上述区块链转账数据相关的汇款操作,例如由上述业务系统向其用户发起实际的银行汇款操作,或通知与上述转账交易相关的汇出方执行汇款操作,或通知上述转账交易相关的接收方查收汇款是否到账,等等。After the above-mentioned transfer transaction is successfully executed on the blockchain, the business system needs to perform the remittance operation related to the above-mentioned blockchain transfer data outside the chain, for example, the above-mentioned business system initiates the actual bank remittance operation to its user, or notify The sender related to the aforementioned transfer transaction performs the remittance operation, or informs the recipient related to the aforementioned transfer transaction to check whether the remittance is received, and so on.
当上述转账交易的执行结果显示转账失败时,业务系统需在链外执行与上述区块链转账数据相关的退款操作,例如由上述业务系统向其用户发起实际的银行账户退款操作,或通知与上述转账交易相关的汇出方执行退款操作,或通知上述转账交易相关的接收方查收退款是否到账,等等。When the execution result of the above transfer transaction shows that the transfer has failed, the business system needs to perform the refund operation related to the above blockchain transfer data outside the chain, for example, the above business system initiates the actual bank account refund operation to its user, or Notify the sender related to the above transfer transaction to perform the refund operation, or notify the receiver related to the above transfer transaction to check whether the refund is received, and so on.
由上述一个或多个实施方式所提供的区块链交易方法,在业务系统与区块链网络的节点设备之间设置了桥接端,由桥接端负责向区块链网络转发业务系统构建的交易和向业务服务端转发区块链上的交易执行结果。为了防止桥接端作恶,上述业务系统构建的交易包含了业务系统基于业务数据所作的第一数字签名,且与桥接端连接的区块链节点设备在其收录上述交易的区块内包含了区块链的节点设备基于交易执行结果所作的第 二数字签名,使业务系统对桥接端的信任转化为对区块链中的节点设备的信任;通过数字签名验证技术,有效降低了桥接端作恶而造成的数据安全风险,从而既降低了业务系统接入区块链的成本,又提高了业务系统的数据安全性。In the blockchain transaction method provided by one or more of the above embodiments, a bridge terminal is set between the business system and the node equipment of the blockchain network, and the bridge terminal is responsible for forwarding the transaction constructed by the business system to the blockchain network And forward the transaction execution result on the blockchain to the business server. In order to prevent the bridging end from doing evil, the transaction constructed by the above-mentioned business system includes the first digital signature made by the business system based on the business data, and the block chain node device connected to the bridging end contains the block in the block containing the above-mentioned transaction. The second digital signature made by the node device of the chain based on the transaction execution result converts the trust of the business system to the bridge terminal into the trust of the node device in the blockchain; the digital signature verification technology effectively reduces the evil caused by the bridge terminal Data security risks not only reduce the cost of business system access to the blockchain, but also improve the data security of the business system.
与上述流程实现对应,本说明书的实施方式还提供了一种区块链交易装置30和40。装置30和40可以通过软件实现,也可以通过硬件或者软硬件结合的方式实现。以软件实现为例,作为逻辑意义上的装置,是通过所在设备的CPU(Central Process Unit,中央处理器)将对应的计算机程序指令读取到内存中运行形成的。从硬件层面而言,除了图5所示的CPU、内存以及存储器之外,上述装置所在的设备通常还包括用于进行无线信号收发的芯片等其他硬件,和/或用于实现网络通信功能的板卡等其他硬件。Corresponding to the above-mentioned process realization, the embodiment of this specification also provides a block chain transaction device 30 and 40. The devices 30 and 40 can be implemented by software, or can be implemented by hardware or a combination of software and hardware. Taking software implementation as an example, as a logical device, it is formed by reading the corresponding computer program instructions into the memory by the CPU (Central Process Unit, central processing unit) of the device where it is located. From the perspective of hardware, in addition to the CPU, memory, and storage shown in Figure 5, the device where the above-mentioned device is located usually also includes other hardware such as chips for wireless signal transmission and reception, and/or for implementing network communication functions. Other hardware such as boards.
如图3所示,本说明书还提供了一种区块链交易装置30,应用于业务系统;所述业务系统通过桥接端与区块链的节点设备连接;所述装置30包括:As shown in Fig. 3, this specification also provides a block chain transaction device 30, which is applied to a business system; the business system is connected to a node device of the block chain through a bridge terminal; the device 30 includes:
发送单元302,将构建的目标业务交易通过所述桥接端发送至所述区块链的节点设备,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名;以使所述节点设备在进行交易验证时,至少基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证,在验证通过后,执行所述目标业务交易,并将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;The sending unit 302 sends the constructed target business transaction to the node device of the blockchain through the bridge end, where the target business transaction includes the business system using the first private key for the target business transaction The first digital signature generated by the detailed data; so that when the node device performs transaction verification, the first digital signature is verified at least based on the first public key corresponding to the first private key, and after the verification is passed Execute the target business transaction, and store the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result to the node device Locally stored blockchain database;
获取单元304,通过所述桥接端从所述节点设备获取所述目标业务交易的执行结果和所述第二数字签名;An obtaining unit 304, which obtains the execution result of the target business transaction and the second digital signature from the node device through the bridge terminal;
验证单元306,基于与所述第二私钥对应的第二公钥验证所述第二数字签名;The verification unit 306 verifies the second digital signature based on the second public key corresponding to the second private key;
执行单元308,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。The execution unit 308 executes further business processing logic related to the transaction detail data based on the execution result.
在又一实施方式中,所述第二数字签名为:所述区块链的节点设备使用持有的第二私钥、为收录所述目标业务交易的目标区块的区块头中存储的状态数据库的认证根生成的数字签名。In another embodiment, the second digital signature is: the second private key held by the node device of the blockchain is the state stored in the block header of the target block that contains the target business transaction The digital signature generated by the authentication root of the database.
在又一实施方式中,所述状态数据库为基于与所述目标区块中存储的交易对应的状态数据构建的默克尔树;所述认证根为所述默克尔树的root hash。In another embodiment, the state database is a Merkel tree constructed based on state data corresponding to the transaction stored in the target block; the authentication root is the root hash of the Merkel tree.
在又一实施方式中,所述第二数字签名由所述区块链的记账节点设备使用其持有的第二私钥生成,所述第二数字签名被保存在所述区块链存储的目标区块的区块头。In another embodiment, the second digital signature is generated by the accounting node device of the blockchain using a second private key held by it, and the second digital signature is stored in the blockchain storage The block header of the target block.
在又一实施方式中,所述第二数字签名由所述节点设备使用其持有的第二私钥生成,所述第二数字签名被保存在所述节点设备本地存储的所述目标区块的区块头。In another embodiment, the second digital signature is generated by the node device using a second private key held by it, and the second digital signature is stored in the target block stored locally by the node device The block header.
在又一实施方式中,所述第二数字签名包括:所述节点设备使用持有的第二私钥为所述目标业务交易的执行结果生成的数字签名。In another embodiment, the second digital signature includes: a digital signature generated by the node device using a second private key held by the node device for the execution result of the target business transaction.
在又一实施方式中,所述第二数字签名和所述执行结果,或者,所述第二数字签名和所述执行结果的哈希摘要,被存储在所述桥接端连接的节点设备本地存储的所述目标区块的区块头。In another embodiment, the second digital signature and the execution result, or the second digital signature and the hash digest of the execution result, are stored locally in the node device connected to the bridge end The block header of the target block.
在又一实施方式中,所述获取单元304,进一步用于:通过所述桥接端从所述节点设备拉取所述目标区块,以获取所述执行结果和所述第二数字签名;或者,通过所述桥接端从所述节点设备拉取所述目标区块,以获取所述执行结果的哈希摘要和所述第二数字签名;并通过所述桥接端基于所述目标业务交易的检索标识,从所述节点设备获取所述目标业务交易的执行结果。In another embodiment, the obtaining unit 304 is further configured to: pull the target block from the node device through the bridge end to obtain the execution result and the second digital signature; or , Pull the target block from the node device through the bridge terminal to obtain the hash digest of the execution result and the second digital signature; and through the bridge terminal based on the target business transaction The identification is retrieved, and the execution result of the target business transaction is obtained from the node device.
在又一实施方式中,所述第二数字签名和所述执行结果被存储在所述桥接端连接的节点设备本地存储的所述区块链的状态数据库中。In another embodiment, the second digital signature and the execution result are stored in the state database of the blockchain stored locally in the node device connected to the bridge terminal.
如图4所示,本说明书还提供了一种区块链交易装置40,应用于区块链的节点设备;业务系统通过桥接端与所述区块链的节点设备连接;所述装置40包括:As shown in Figure 4, this specification also provides a blockchain transaction device 40, which is applied to the node equipment of the blockchain; the business system is connected to the node equipment of the blockchain through a bridge end; the device 40 includes :
获取单元402,与所述桥接端连接的节点设备通过所述桥接端获取所述业务系统构建的目标业务交易,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名;An acquiring unit 402, the node device connected to the bridge terminal acquires the target business transaction constructed by the business system through the bridge terminal, wherein the target business transaction includes the business system using the first private key as the target The first digital signature generated by the detailed data of the business transaction;
验证单元404,对所述目标业务交易进行交易验证,所述交易验证至少包括基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证;The verification unit 404 performs transaction verification on the target business transaction, where the transaction verification at least includes verifying the first digital signature based on a first public key corresponding to the first private key;
执行单元406,执行所述目标业务交易;The execution unit 406 executes the target business transaction;
存储单元408,将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;The storage unit 408 stores the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result to a block locally stored by the node device Chain database
发送单元410,通过所述桥接端向所述业务系统发送所述执行结果和所述第二数字签名,以使所述业务系统基于与所述第二私钥对应的第二公钥验证所述第二数字签名,并在对所述第二数字签名验证通过后,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。The sending unit 410 sends the execution result and the second digital signature to the service system through the bridge terminal, so that the service system verifies the execution result based on the second public key corresponding to the second private key. A second digital signature, and after the verification of the second digital signature is passed, further business processing logic related to the transaction detail data is executed based on the execution result.
在又一实施方式中,所述第二数字签名包括:所述区块链的节点设备使用持有的第二私钥、为收录所述目标业务交易的目标区块的区块头中存储的状态数据库的认证根生成的数字签名。In another embodiment, the second digital signature includes: a second private key held by a node device of the blockchain, which is a state stored in a block header of a target block that contains the target business transaction The digital signature generated by the authentication root of the database.
在又一实施方式中,所述状态数据库为基于与所述目标区块中存储的交易对应的状态数据构建的默克尔树;所述认证根为所述默克尔树的root hash。In another embodiment, the state database is a Merkel tree constructed based on state data corresponding to the transaction stored in the target block; the authentication root is the root hash of the Merkel tree.
在又一实施方式中,所述第二数字签名由所述区块链的记账节点设备使用其持有的第二私钥生成,所述第二数字签名被保存在所述区块链存储的目标区块的区块头。In another embodiment, the second digital signature is generated by the accounting node device of the blockchain using a second private key held by it, and the second digital signature is stored in the blockchain storage The block header of the target block.
在又一实施方式中,所述第二数字签名由所述节点设备使用其持有的第二私钥生成,所述第二数字签名被保存在所述节点设备本地存储的所述目标区块的区块头。In another embodiment, the second digital signature is generated by the node device using a second private key held by it, and the second digital signature is stored in the target block stored locally by the node device The block header.
在又一实施方式中,所述第二数字签名包括:所述节点设备使用持有的第二私钥为所述目标业务交易的执行结果生成的数字签名。In another embodiment, the second digital signature includes: a digital signature generated by the node device using a second private key held by the node device for the execution result of the target business transaction.
在又一实施方式中,所述第二数字签名和所述执行结果,或者所述第二数字签名和所述执行结果的哈希摘要被存储在所述节点设备本地存储的所述目标区块的区块头。In another embodiment, the second digital signature and the execution result, or the second digital signature and the hash digest of the execution result are stored in the target block stored locally by the node device The block header.
在又一实施方式中,所述发送单元410,进一步用于:向所述桥接端发送所述目标区块,以使所述业务系统通过所述桥接端获取所述目标区块包括的所述执行结果和所述第二数字签名;或者,向所述桥接端发送所述目标区块,以使所述业务系统通过所述桥接端获取所述目标区块包括的所述执行结果的哈希摘要和所述第二数字签名;并基于所述桥接端发送的所述目标业务交易的检索标识,向所述桥接端发送所述执行结果,以使所述业务系统通过所述桥接端获取所述执行结果。In another embodiment, the sending unit 410 is further configured to: send the target block to the bridge end, so that the business system obtains the target block included in the target block through the bridge end. The execution result and the second digital signature; or, send the target block to the bridge end, so that the business system obtains the hash of the execution result included in the target block through the bridge end The summary and the second digital signature; and based on the retrieval identification of the target business transaction sent by the bridge end, the execution result is sent to the bridge end, so that the business system obtains all information through the bridge end The results of the implementation.
在又一实施方式中,所述第二数字签名和所述执行结果被存储在被存储在所述桥接端连接的节点设备本地存储的所述区块链的状态数据库中。In another embodiment, the second digital signature and the execution result are stored in the state database of the blockchain stored locally in the node device connected to the bridge terminal.
上述装置30、40中各个单元的功能和作用的实现过程具体详见上述业务系统、区块链的节点设备端所执行的区块链交易方法中对应步骤的实现过程,相关之处参见方法实施方式的部分说明即可,在此不再赘述。For the implementation process of the functions and roles of each unit in the above-mentioned devices 30 and 40, please refer to the implementation process of the corresponding steps in the blockchain transaction method executed by the above-mentioned business system and the node device side of the blockchain. For related details, please refer to the method implementation. Part of the description of the method is sufficient, so I won't repeat it here.
以上所描述的装置实施方式仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理模块,即可以位于一个地方,或者也可以分布到多个网络模块上。可以根据实际的需要选择其中的部分或者全部单元或模块来实现本说明书方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。The device implementations described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical modules, that is, they may be located in One place, or it can be distributed to multiple network modules. Some or all of the units or modules can be selected according to actual needs to achieve the purpose of the solution in this specification. Those of ordinary skill in the art can understand and implement without creative work.
上述实施方式阐明的装置、单元、模块,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机,计算机的具体形式可以是个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件收发设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任意几种设备的组合。The devices, units, and modules described in the foregoing implementation manners may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. The specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
与上述方法实施方式相对应,本说明书的实施方式还提供了一种计算机设备,如图5所示,该计算机设备包括存储器和处理器。其中,存储器上存储有能够由处理器运行的计算机程序;处理器在运行存储的计算机程序时,执行本说明书实施方式中业务系统所执行的区块链交易方法的各个步骤。对上述业务系统所执行的区块链交易方法的各个步骤的详细描述请参见之前的内容,不再重复。Corresponding to the foregoing method embodiments, the embodiments of this specification also provide a computer device. As shown in FIG. 5, the computer device includes a memory and a processor. Wherein, the memory stores a computer program that can be run by the processor; when the processor runs the stored computer program, it executes each step of the blockchain transaction method executed by the business system in the embodiment of this specification. For a detailed description of each step of the blockchain transaction method executed by the above business system, please refer to the previous content and will not be repeated.
与上述方法实施方式相对应,本说明书的实施方式还提供了一种计算机设备,如图5所示,该计算机设备包括存储器和处理器。其中,存储器上存储有能够由处理器运行的计算机程序;处理器在运行存储的计算机程序时,执行本说明书实施方式中区块链的节点设备所执行的区块链交易方法的各个步骤。对上述区块链的节点设备所执行的区块链交易方法的各个步骤的详细描述请参见之前的内容,不再重复。Corresponding to the foregoing method embodiments, the embodiments of this specification also provide a computer device. As shown in FIG. 5, the computer device includes a memory and a processor. Wherein, the memory stores a computer program that can be run by the processor; when the processor runs the stored computer program, it executes each step of the blockchain transaction method executed by the node device of the blockchain in the embodiment of this specification. For a detailed description of each step of the blockchain transaction method executed by the node device of the above blockchain, please refer to the previous content, and will not be repeated.
以上所述仅为本说明书的较佳实施方式而已,并不用以限制本说明书,凡在本说明书的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本说明书保护的范围之内。The above descriptions are only the preferred embodiments of this specification and are not intended to limit this specification. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this specification shall be included in this specification. Within the scope of protection.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in a computer-readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可由任何方法或技术来实现信息存储。信息可是计算机可读指令、数据结构、程序的模块或其他数据。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. Information can be computer-readable instructions, data structures, program modules, or other data.
计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements includes not only those elements, but also Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
本领域技术人员应明白,本说明书的实施方式可提供为方法、系统或计算机程序产品。因此,本说明书的实施方式可采用完全硬件实施方式、完全软件实施方式或结合软件和硬件方面的实施方式的形式。而且,本说明书的实施方式可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the implementation of this specification can be provided as a method, a system or a computer program product. Therefore, the implementation manners in this specification may adopt the form of a complete hardware implementation, a complete software implementation, or a combination of software and hardware implementations. Moreover, the implementation of this specification may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. .

Claims (42)

  1. 一种区块链交易方法,应用于业务系统;所述业务系统通过桥接端与区块链的节点设备连接;所述方法包括:A blockchain transaction method, applied to a business system; the business system is connected to a node device of the blockchain through a bridge terminal; the method includes:
    所述业务系统将构建的目标业务交易通过所述桥接端发送至所述区块链的节点设备,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名,以使所述节点设备The business system sends the constructed target business transaction to the node device of the blockchain through the bridge end, where the target business transaction includes the business system using the first private key to transfer the target business transaction The first digital signature generated by the detailed data, so that the node device
    在进行交易验证时,至少基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证,When performing transaction verification, verify the first digital signature based at least on the first public key corresponding to the first private key,
    在验证通过后,执行所述目标业务交易,并将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;After the verification is passed, the target business transaction is executed, and the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result are stored in The blockchain database locally stored in the node device;
    通过所述桥接端从所述节点设备获取所述目标业务交易的执行结果和所述第二数字签名;Obtaining the execution result of the target business transaction and the second digital signature from the node device through the bridge terminal;
    基于与所述第二私钥对应的第二公钥验证所述第二数字签名,并在对所述第二数字签名验证通过后,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。The second digital signature is verified based on the second public key corresponding to the second private key, and after the verification of the second digital signature is passed, further steps related to the transaction detail data are executed based on the execution result. Business processing logic.
  2. 根据权利要求1所述的方法,所述第二数字签名包括:所述区块链的节点设备使用持有的第二私钥、为收录所述目标业务交易的目标区块的区块头中存储的状态数据库的认证根生成的数字签名。The method according to claim 1, wherein the second digital signature comprises: a second private key held by a node device of the blockchain is stored in a block header of a target block that contains the target business transaction The digital signature generated by the authentication root of the state database.
  3. 根据权利要求2所述的方法,According to the method of claim 2,
    所述状态数据库为基于与所述目标区块中存储的交易对应的状态数据构建的默克尔树;The state database is a Merkel tree constructed based on state data corresponding to transactions stored in the target block;
    所述认证根为所述默克尔树的root hash。The authentication root is the root hash of the Merkel tree.
  4. 根据权利要求2或3所述的方法,The method according to claim 2 or 3,
    所述第二数字签名由所述区块链的记账节点设备使用其持有的第二私钥生成,The second digital signature is generated by the accounting node device of the blockchain using the second private key held by it,
    所述第二数字签名被保存在所述区块链存储的目标区块的区块头。The second digital signature is stored in the block header of the target block stored in the blockchain.
  5. 根据权利要求2或3所述的方法,The method according to claim 2 or 3,
    所述第二数字签名由所述节点设备使用其持有的第二私钥生成,The second digital signature is generated by the node device using the second private key held by it,
    所述第二数字签名被保存在所述节点设备本地存储的所述目标区块的区块头。The second digital signature is stored in the block header of the target block stored locally in the node device.
  6. 根据权利要求1所述的方法,所述第二数字签名包括:所述节点设备使用持有的第二私钥为所述目标业务交易的执行结果生成的数字签名。The method according to claim 1, wherein the second digital signature comprises: a digital signature generated by the node device using a second private key held by the node device for the execution result of the target business transaction.
  7. 根据权利要求6所述的方法,According to the method of claim 6,
    所述第二数字签名和所述执行结果,被存储在所述桥接端连接的节点设备本地存储的所述目标区块的区块头;或者,The second digital signature and the execution result are stored in the block header of the target block locally stored in the node device connected to the bridge end; or,
    所述第二数字签名和所述执行结果的哈希摘要,被存储在所述桥接端连接的节点设备本地存储的所述目标区块的区块头。The second digital signature and the hash digest of the execution result are stored in the block header of the target block stored locally in the node device connected to the bridge end.
  8. 根据权利要求7所述的方法,所述通过所述桥接端从所述节点设备获取所述目标业务交易的执行结果和所述第二数字签名,包括:The method according to claim 7, wherein the obtaining the execution result of the target service transaction and the second digital signature from the node device through the bridge terminal comprises:
    通过所述桥接端从所述节点设备拉取所述目标区块,以获取所述执行结果和所述第二数字签名,或者所述执行结果的哈希摘要和所述第二数字签名;并Pull the target block from the node device through the bridge terminal to obtain the execution result and the second digital signature, or the hash digest of the execution result and the second digital signature; and
    通过所述桥接端基于所述目标业务交易的检索标识,从所述节点设备获取所述目标业务交易的执行结果。Obtain the execution result of the target business transaction from the node device through the bridge terminal based on the retrieval identifier of the target business transaction.
  9. 根据权利要求6所述的方法,所述第二数字签名和所述执行结果被存储在所述桥接端连接的节点设备本地存储的所述区块链的状态数据库中。According to the method of claim 6, the second digital signature and the execution result are stored in the state database of the blockchain stored locally in the node device connected to the bridge terminal.
  10. 根据权利要求1所述的方法,所述第一私钥被保存在所述业务系统搭载的硬件安全模块HSM中。According to the method of claim 1, the first private key is stored in a hardware security module HSM carried by the business system.
  11. 根据权利要求1所述的方法,The method according to claim 1,
    所述目标业务交易为转账交易;The target business transaction is a transfer transaction;
    所述交易明细数据为区块链转账数据;The transaction detail data is blockchain transfer data;
    所述执行与所述交易明细数据相关的进一步业务处理逻辑,包括:The execution of further business processing logic related to the transaction detail data includes:
    执行与所述区块链转账数据相关的汇款操作;或者,Perform remittance operations related to the blockchain transfer data; or,
    执行与所述区块链转账数据相关的退款操作。Perform a refund operation related to the blockchain transfer data.
  12. 一种区块链交易方法,应用于区块链的节点设备;业务系统通过桥接端与所述区块链的节点设备连接;所述方法包括:A block chain transaction method is applied to the node equipment of the block chain; the business system is connected to the node equipment of the block chain through a bridge end; the method includes:
    与所述桥接端连接的节点设备通过所述桥接端获取所述业务系统构建的目标业务交易,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名;The node device connected to the bridge terminal obtains the target business transaction constructed by the business system through the bridge terminal, wherein the target business transaction includes the business system using the first private key to provide the details of the target business transaction The first digital signature generated by the data;
    对所述目标业务交易进行交易验证,所述交易验证至少包括基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证;Performing transaction verification on the target business transaction, the transaction verification at least including verifying the first digital signature based on a first public key corresponding to the first private key;
    在验证通过后,执行所述目标业务交易,并将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;After the verification is passed, the target business transaction is executed, and the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result are stored in The blockchain database locally stored in the node device;
    通过所述桥接端向所述业务系统发送所述执行结果和所述第二数字签名,以使所述业务系统基于与所述第二私钥对应的第二公钥验证所述第二数字签名,并在对所述第二数字签名验证通过后,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。Send the execution result and the second digital signature to the service system through the bridge end, so that the service system verifies the second digital signature based on the second public key corresponding to the second private key , And after passing the verification of the second digital signature, execute further business processing logic related to the transaction detail data based on the execution result.
  13. 根据权利要求12所述的方法,所述第二数字签名包括:所述区块链的节点设备使用持有的第二私钥、为收录所述目标业务交易的目标区块的区块头中存储的状态数据库的认证根生成的数字签名。The method according to claim 12, wherein the second digital signature comprises: using a second private key held by the node device of the blockchain, storing in the block header of the target block that contains the target business transaction The digital signature generated by the authentication root of the state database.
  14. 根据权利要求13所述的方法,According to the method of claim 13,
    所述状态数据库为基于与所述目标区块中存储的交易对应的状态数据构建的默克尔树;The state database is a Merkel tree constructed based on state data corresponding to transactions stored in the target block;
    所述认证根为所述默克尔树的root hash。The authentication root is the root hash of the Merkel tree.
  15. 根据权利要求13或14所述的方法,The method according to claim 13 or 14,
    所述第二数字签名由所述区块链的记账节点设备使用其持有的第二私钥生成,The second digital signature is generated by the accounting node device of the blockchain using the second private key held by it,
    所述第二数字签名被保存在所述区块链存储的目标区块的区块头。The second digital signature is stored in the block header of the target block stored in the blockchain.
  16. 根据权利要求13或14所述的方法,The method according to claim 13 or 14,
    所述第二数字签名由所述节点设备使用其持有的第二私钥生成,The second digital signature is generated by the node device using the second private key held by it,
    所述第二数字签名被保存在所述节点设备本地存储的所述目标区块的区块头。The second digital signature is stored in the block header of the target block stored locally in the node device.
  17. 根据权利要求12所述的方法,所述第二数字签名包括:所述节点设备使用持有的第二私钥为所述目标业务交易的执行结果生成的数字签名。The method according to claim 12, wherein the second digital signature comprises: a digital signature generated by the node device using a second private key held by the node device for the execution result of the target business transaction.
  18. 根据权利要求17所述的方法,According to the method of claim 17,
    所述第二数字签名和所述执行结果被存储在所述节点设备本地存储的所述目标区块的区块头,或者,The second digital signature and the execution result are stored in the block header of the target block stored locally by the node device, or,
    所述第二数字签名和所述执行结果的哈希摘要被存储在所述节点设备本地存储的所述目标区块的区块头。The second digital signature and the hash digest of the execution result are stored in the block header of the target block stored locally in the node device.
  19. 根据权利要求18所述的方法,所述通过所述桥接端向所述业务系统发送所述执行结果和所述第二数字签名,包括:The method according to claim 18, wherein the sending the execution result and the second digital signature to the service system through the bridge terminal comprises:
    向所述桥接端发送所述目标区块,以使所述业务系统通过所述桥接端获取所述目标区块包括的所述执行结果和所述第二数字签名,或者,所述执行结果的哈希摘要和所述第二数字签名;并Send the target block to the bridge end, so that the business system obtains the execution result and the second digital signature included in the target block through the bridge end, or the execution result is The hash digest and the second digital signature; and
    基于所述桥接端发送的所述目标业务交易的检索标识,向所述桥接端发送所述执行结果,以使所述业务系统通过所述桥接端获取所述执行结果。Based on the retrieval identifier of the target business transaction sent by the bridge terminal, send the execution result to the bridge terminal, so that the business system obtains the execution result through the bridge terminal.
  20. 根据权利要求17所述的方法,所述第二数字签名和所述执行结果被存储在被存储在所述桥接端连接的节点设备本地存储的所述区块链的状态数据库中。According to the method of claim 17, the second digital signature and the execution result are stored in the state database of the blockchain stored locally in the node device connected to the bridge terminal.
  21. 根据权利要求12所述的方法,所述第一私钥被保存在所述业务系统搭载的硬件安全模块HSM中。According to the method of claim 12, the first private key is stored in a hardware security module HSM carried by the business system.
  22. 根据权利要求12所述的方法,According to the method of claim 12,
    所述目标业务交易为转账交易;The target business transaction is a transfer transaction;
    所述交易明细数据为区块链转账数据;The transaction detail data is blockchain transfer data;
    所述执行与所述交易明细数据相关的进一步业务处理逻辑,包括:The execution of further business processing logic related to the transaction detail data includes:
    执行与所述区块链转账数据相关的汇款操作;或者,Perform remittance operations related to the blockchain transfer data; or,
    执行与所述区块链转账数据相关的退款操作。Perform a refund operation related to the blockchain transfer data.
  23. 一种区块链交易装置,应用于业务系统;所述业务系统通过桥接端与区块链的节点设备连接;所述装置包括:A block chain transaction device is applied to a business system; the business system is connected to a node device of the block chain through a bridge terminal; the device includes:
    发送单元,将构建的目标业务交易通过所述桥接端发送至所述区块链的节点设备,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名,以使所述节点设备A sending unit, which sends the constructed target business transaction to the node device of the blockchain through the bridge end, where the target business transaction includes the details of the target business transaction using the first private key by the business system Data generated by the first digital signature so that the node device
    在进行交易验证时,至少基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证,When performing transaction verification, verify the first digital signature based at least on the first public key corresponding to the first private key,
    在验证通过后,执行所述目标业务交易,并将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;After the verification is passed, the target business transaction is executed, and the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using the second private key for the execution result are stored in The blockchain database locally stored in the node device;
    获取单元,通过所述桥接端从所述节点设备获取所述目标业务交易的执行结果和所述第二数字签名;An obtaining unit, which obtains the execution result of the target business transaction and the second digital signature from the node device through the bridge terminal;
    验证单元,基于与所述第二私钥对应的第二公钥验证所述第二数字签名;A verification unit that verifies the second digital signature based on a second public key corresponding to the second private key;
    执行单元,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。The execution unit executes further business processing logic related to the transaction detail data based on the execution result.
  24. 根据权利要求23所述的装置,所述第二数字签名为:所述区块链的节点设备使用持有的第二私钥、为收录所述目标业务交易的目标区块的区块头中存储的状态数据库的认证根生成的数字签名。The apparatus according to claim 23, wherein the second digital signature is: the node device of the blockchain uses a second private key held by the node device, and is stored in the block header of the target block that contains the target business transaction. The digital signature generated by the authentication root of the state database.
  25. 根据权利要求24所述的装置,The device according to claim 24,
    所述状态数据库为基于与所述目标区块中存储的交易对应的状态数据构建的默克尔树;The state database is a Merkel tree constructed based on state data corresponding to transactions stored in the target block;
    所述认证根为所述默克尔树的root hash。The authentication root is the root hash of the Merkel tree.
  26. 根据权利要求24或25所述的装置,The device according to claim 24 or 25,
    所述第二数字签名由所述区块链的记账节点设备使用其持有的第二私钥生成,The second digital signature is generated by the accounting node device of the blockchain using the second private key held by it,
    所述第二数字签名被保存在所述区块链存储的目标区块的区块头。The second digital signature is stored in the block header of the target block stored in the blockchain.
  27. 根据权利要求24或25所述的装置,The device according to claim 24 or 25,
    所述第二数字签名由所述节点设备使用其持有的第二私钥生成,The second digital signature is generated by the node device using the second private key held by it,
    所述第二数字签名被保存在所述节点设备本地存储的所述目标区块的区块头。The second digital signature is stored in the block header of the target block stored locally in the node device.
  28. 根据权利要求23所述的装置,所述第二数字签名包括:所述节点设备使用持有的第二私钥为所述目标业务交易的执行结果生成的数字签名。The apparatus according to claim 23, wherein the second digital signature comprises: a digital signature generated by the node device using a second private key held by the node device for the execution result of the target business transaction.
  29. 根据权利要求28所述的装置,The device according to claim 28,
    所述第二数字签名和所述执行结果,被存储在所述桥接端连接的节点设备本地存储的所述目标区块的区块头;或者,The second digital signature and the execution result are stored in the block header of the target block locally stored in the node device connected to the bridge end; or,
    所述第二数字签名和所述执行结果的哈希摘要,被存储在所述桥接端连接的节点设备本地存储的所述目标区块的区块头。The second digital signature and the hash digest of the execution result are stored in the block header of the target block stored locally in the node device connected to the bridge end.
  30. 根据权利要求29所述的装置,所述获取单元,进一步用于:The device according to claim 29, the acquiring unit is further configured to:
    通过所述桥接端从所述节点设备拉取所述目标区块,以获取所述执行结果和所述第二数字签名或者所述执行结果的哈希摘要和所述第二数字签名;并Pull the target block from the node device through the bridge terminal to obtain the execution result and the second digital signature or the hash digest of the execution result and the second digital signature; and
    通过所述桥接端基于所述目标业务交易的检索标识,从所述节点设备获取所述目标业务交易的执行结果。Obtain the execution result of the target business transaction from the node device through the bridge terminal based on the retrieval identifier of the target business transaction.
  31. 根据权利要求28所述的装置,所述第二数字签名和所述执行结果被存储在所 述桥接端连接的节点设备本地存储的所述区块链的状态数据库中。The apparatus according to claim 28, wherein the second digital signature and the execution result are stored in the state database of the blockchain stored locally in the node device connected to the bridge terminal.
  32. 一种区块链交易装置,应用于区块链的节点设备;业务系统通过桥接端与所述区块链的节点设备连接;所述装置包括:A block chain transaction device is applied to the node equipment of the block chain; the business system is connected with the node equipment of the block chain through a bridge end; the device includes:
    获取单元,与所述桥接端连接的节点设备通过所述桥接端获取所述业务系统构建的目标业务交易,其中,所述目标业务交易包括所述业务系统使用第一私钥为所述目标业务交易的明细数据生成的第一数字签名;An acquiring unit, where the node device connected to the bridge terminal acquires the target business transaction constructed by the business system through the bridge terminal, wherein the target business transaction includes the business system using the first private key for the target business The first digital signature generated by the transaction detail data;
    验证单元,对所述目标业务交易进行交易验证,所述交易验证至少包括基于与所述第一私钥对应的第一公钥对所述第一数字签名进行验证;A verification unit for performing transaction verification on the target business transaction, the transaction verification at least including verifying the first digital signature based on a first public key corresponding to the first private key;
    执行单元,执行所述目标业务交易;An execution unit to execute the target business transaction;
    存储单元,将所述目标业务交易的执行结果和所述区块链中的节点设备使用第二私钥为所述执行结果生成的第二数字签名存储至所述节点设备本地存储的区块链数据库;A storage unit that stores the execution result of the target business transaction and the second digital signature generated by the node device in the blockchain using a second private key for the execution result to the blockchain locally stored by the node device database;
    发送单元,通过所述桥接端向所述业务系统发送所述执行结果和所述第二数字签名,以使所述业务系统基于与所述第二私钥对应的第二公钥验证所述第二数字签名,并在对所述第二数字签名验证通过后,基于所述执行结果执行与所述交易明细数据相关的进一步的业务处理逻辑。The sending unit sends the execution result and the second digital signature to the service system through the bridge terminal, so that the service system verifies the first based on the second public key corresponding to the second private key 2. A digital signature, and after the verification of the second digital signature is passed, further business processing logic related to the transaction detail data is executed based on the execution result.
  33. 根据权利要求32所述的装置,所述第二数字签名包括:所述区块链的节点设备使用持有的第二私钥、为收录所述目标业务交易的目标区块的区块头中存储的状态数据库的认证根生成的数字签名。The apparatus according to claim 32, wherein the second digital signature comprises: a second private key held by a node device of the blockchain, stored in a block header of a target block that contains the target business transaction The digital signature generated by the authentication root of the state database.
  34. 根据权利要求33所述的装置,The device according to claim 33,
    所述状态数据库为基于与所述目标区块中存储的交易对应的状态数据构建的默克尔树;The state database is a Merkel tree constructed based on state data corresponding to transactions stored in the target block;
    所述认证根为所述默克尔树的root hash。The authentication root is the root hash of the Merkel tree.
  35. 根据权利要求33或34所述的装置,The device according to claim 33 or 34,
    所述第二数字签名由所述区块链的记账节点设备使用其持有的第二私钥生成,The second digital signature is generated by the accounting node device of the blockchain using the second private key held by it,
    所述第二数字签名被保存在所述区块链存储的目标区块的区块头。The second digital signature is stored in the block header of the target block stored in the blockchain.
  36. 根据权利要求33或34所述的装置,The device according to claim 33 or 34,
    所述第二数字签名由所述节点设备使用其持有的第二私钥生成,The second digital signature is generated by the node device using the second private key held by it,
    所述第二数字签名被保存在所述节点设备本地存储的所述目标区块的区块头。The second digital signature is stored in the block header of the target block stored locally in the node device.
  37. 根据权利要求32所述的装置,所述第二数字签名包括:所述节点设备使用持有的第二私钥为所述目标业务交易的执行结果生成的数字签名。The apparatus according to claim 32, wherein the second digital signature comprises: a digital signature generated by the node device using a second private key held by the node device for the execution result of the target business transaction.
  38. 根据权利要求37所述的装置,The device according to claim 37,
    所述第二数字签名和所述执行结果,所述第二数字签名和所述执行结果的哈希摘要被存储在所述节点设备本地存储的所述目标区块的区块头;或者,The second digital signature and the execution result, the second digital signature and the hash digest of the execution result are stored in the block header of the target block stored locally in the node device; or,
    所述第二数字签名和所述执行结果的哈希摘要,被存储在所述节点设备本地存储的所述目标区块的区块头。The second digital signature and the hash digest of the execution result are stored in the block header of the target block stored locally in the node device.
  39. 根据权利要求38所述的装置,所述发送单元,进一步用于:The device according to claim 38, the sending unit is further configured to:
    向所述桥接端发送所述目标区块,以使所述业务系统通过所述桥接端获取所述目标区块包括的所述执行结果和所述第二数字签名,或者所述执行结果的哈希摘要和所述第二数字签名;并Send the target block to the bridge end, so that the business system obtains the execution result and the second digital signature included in the target block through the bridge end, or the hash of the execution result Greek digest and said second digital signature; and
    基于所述桥接端发送的所述目标业务交易的检索标识,向所述桥接端发送所述执行结果,以使所述业务系统通过所述桥接端获取所述执行结果。Based on the retrieval identifier of the target business transaction sent by the bridge terminal, the execution result is sent to the bridge terminal, so that the business system obtains the execution result through the bridge terminal.
  40. 根据权利要求37所述的装置,所述第二数字签名和所述执行结果被存储在被存储在所述桥接端连接的节点设备本地存储的所述区块链的状态数据库中。The apparatus according to claim 37, wherein the second digital signature and the execution result are stored in the state database of the blockchain stored locally in the node device connected to the bridge terminal.
  41. 一种计算机设备,包括存储器和处理器;A computer device including a memory and a processor;
    所述存储器上存储有可由所述处理器运行的计算机程序;A computer program that can be run by the processor is stored on the memory;
    所述处理器运行所述计算机程序时,执行如权利要求1至11任意一项所述的方法。When the processor runs the computer program, the method according to any one of claims 1 to 11 is executed.
  42. 一种计算机设备,包括存储器和处理器;A computer device including a memory and a processor;
    所述存储器上存储有可由所述处理器运行的计算机程序;A computer program that can be run by the processor is stored on the memory;
    所述处理器运行所述计算机程序时,执行如权利要求12至22任意一项所述的方法。When the processor runs the computer program, the method according to any one of claims 12 to 22 is executed.
PCT/IB2021/000334 2020-04-29 2021-04-23 Blockchain transaction WO2021220062A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010356265.0 2020-04-29
CN202010356265.0A CN111552991A (en) 2020-04-29 2020-04-29 Block chain transaction method and device

Publications (1)

Publication Number Publication Date
WO2021220062A1 true WO2021220062A1 (en) 2021-11-04

Family

ID=72006014

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2021/000334 WO2021220062A1 (en) 2020-04-29 2021-04-23 Blockchain transaction

Country Status (2)

Country Link
CN (1) CN111552991A (en)
WO (1) WO2021220062A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115580431A (en) * 2022-09-01 2023-01-06 广州大学 Private data access control method based on alliance chain intelligent contract
WO2023168993A1 (en) * 2022-03-07 2023-09-14 腾讯科技(深圳)有限公司 Blockchain-based data processing method, apparatus, and device, medium, and product

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112560005A (en) * 2020-12-01 2021-03-26 杭州趣链科技有限公司 Identity trusted service system, method, electronic device and computer readable medium
CN112286643B (en) * 2020-12-24 2021-04-20 北京百度网讯科技有限公司 Transaction processing method, device, equipment and medium for Ether house virtual machine

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110266655A (en) * 2019-05-30 2019-09-20 中国工商银行股份有限公司 A kind of across chain interconnected method, equipment and system based on block chain
US20190370810A1 (en) * 2018-05-29 2019-12-05 Alibaba Group Holding Limited Blockchain transaction reconciliation method and apparatus, and electronic device
CN110650189A (en) * 2019-09-20 2020-01-03 深圳供电局有限公司 Relay-based block chain interaction system and method
CN110944004A (en) * 2019-09-12 2020-03-31 腾讯科技(深圳)有限公司 Data processing method, device, storage medium and equipment in block chain network

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11829998B2 (en) * 2016-06-07 2023-11-28 Cornell University Authenticated data feed for blockchains
CN110535647A (en) * 2018-05-25 2019-12-03 上海诚频信息科技合伙企业(有限合伙) Believable data transmission method, system, electronic equipment, storage medium
CN110009337B (en) * 2018-12-21 2020-04-21 阿里巴巴集团控股有限公司 Data processing method and device based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190370810A1 (en) * 2018-05-29 2019-12-05 Alibaba Group Holding Limited Blockchain transaction reconciliation method and apparatus, and electronic device
CN110266655A (en) * 2019-05-30 2019-09-20 中国工商银行股份有限公司 A kind of across chain interconnected method, equipment and system based on block chain
CN110944004A (en) * 2019-09-12 2020-03-31 腾讯科技(深圳)有限公司 Data processing method, device, storage medium and equipment in block chain network
CN110650189A (en) * 2019-09-20 2020-01-03 深圳供电局有限公司 Relay-based block chain interaction system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023168993A1 (en) * 2022-03-07 2023-09-14 腾讯科技(深圳)有限公司 Blockchain-based data processing method, apparatus, and device, medium, and product
CN115580431A (en) * 2022-09-01 2023-01-06 广州大学 Private data access control method based on alliance chain intelligent contract

Also Published As

Publication number Publication date
CN111552991A (en) 2020-08-18

Similar Documents

Publication Publication Date Title
US11188874B2 (en) Block chain-based claim settlement method and apparatus
CN110766550B (en) Asset query method and device based on block chain and electronic equipment
Sunyaev et al. Distributed ledger technology
WO2021220062A1 (en) Blockchain transaction
US20210150521A1 (en) Blockchain-based privacy transaction and blockchain-based privacy transaction application methods and apparatuses
TWI716140B (en) Data processing method and device based on blockchain
WO2020155789A1 (en) Blockchain-based certificate storage method and apparatus
TWI779231B (en) Blockchain-based certificate storage method and device
CN111026789B (en) Block chain-based electronic bill query method and device and electronic equipment
US20230028606A1 (en) Method and apparatus for vertical federated learning
TWI727284B (en) Block chain-based privacy transaction method, device and computer equipment, application method based on block chain privacy transaction and computer equipment
EP3933642B1 (en) Managing transactions in multiple blockchain networks
CN113595734B (en) Methods, systems, and apparatus for managing transactions in a plurality of blockchain networks
US20200175583A1 (en) Blockchain-based leasing
TW202026926A (en) Blockchain-based recordkeeping method and apparatus
TW202026979A (en) Blockchain-based data processing method and apparatus
EP3933641B1 (en) Managing transactions in multiple blockchain networks
CN112612856A (en) Data processing method and device based on block chain
Hegnauer Design and development of a blockchain interoperability api
Garcia Bringas et al. BlockChain platforms in financial services: current perspective
Fikri et al. A Blockchain-Based Decentralized Microservices: Minimal Architecture for Accounting
Kalla Blockchain perspectives, mining, and types: An introductory tutorial
van Gerwen Blockchain based data management system in an IoT environment.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21796182

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21796182

Country of ref document: EP

Kind code of ref document: A1