CN111062833A - Signature authentication method of contract data and related device - Google Patents

Signature authentication method of contract data and related device Download PDF

Info

Publication number
CN111062833A
CN111062833A CN201911175102.6A CN201911175102A CN111062833A CN 111062833 A CN111062833 A CN 111062833A CN 201911175102 A CN201911175102 A CN 201911175102A CN 111062833 A CN111062833 A CN 111062833A
Authority
CN
China
Prior art keywords
contract
data
signature
ves
contract data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911175102.6A
Other languages
Chinese (zh)
Inventor
于佳
张亮
张翰林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao University
Original Assignee
Qingdao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao University filed Critical Qingdao University
Priority to CN201911175102.6A priority Critical patent/CN111062833A/en
Publication of CN111062833A publication Critical patent/CN111062833A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Technology Law (AREA)
  • Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a signature authentication method of contract data, which comprises the following steps: the first equipment encrypts sensitive data of the contract data according to the generated secret key to obtain encrypted contract data; uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, sending the VES signature of the second equipment to the first equipment; and extracting the signature of the second device from the received VES signature to realize signature authentication processing of the contract data. By uploading the encrypted contract data to the block chain instead of sending the encrypted contract data to the third-party node, the safety of the contract data is improved, and the problem of contract data leakage is avoided. The application also discloses a signature authentication device, a server and a computer readable storage medium of contract data, which have the beneficial effects.

Description

Signature authentication method of contract data and related device
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for signature authentication of contract data, a server, and a computer-readable storage medium.
Background
With the rapid development of the internet, electronic commerce activities become more and more popular. In order to maintain the rights of the two parties to the transaction from being compromised in the network transaction, the two parties to the activity will typically seek legal protection by signing a contract online.
However, some parties may perform dishonest actions during the signing process of the electronic contract, which may cause some unfairness problems, for example, after one party receives the signature of the other party, the signing party may intentionally not send the signature to the other party or directly deny receiving the signature of the other party. Thus, a fair electronic contract signing scheme would be needed to effectively ensure fairness in the contract signing process.
A fair contract signing scheme is essentially that both parties to a contract can fairly exchange their digital signatures for the contract. In the field of electronic contract signing, a Verifiable Encrypted Signature (VES) can be used as a fair exchange mechanism of digital signatures, and is usually used for electronic contract signing, but a centralized trusted third party is required as an arbitrator to ensure fairness of signature exchange. However, the introduction of third parties can present a number of security issues. For example, most third parties are highly centralized, they have some sensitive information about the contract, including the content of the contract, the digital signature of the contract, etc., and they may collude with others for their own benefit, revealing the relevant sensitive information. In addition, the third party needs to maintain and upgrade its own software and hardware facilities, the service cost is usually high, and once the equipment fails, the signature service will be terminated, which may cause significant loss to the contract signing participants.
Therefore, how to improve the security in the electronic contract signing process is a key issue of attention for those skilled in the art.
Disclosure of Invention
The application aims to provide a contract data signature authentication method, a contract data signature authentication device, a server and a computer readable storage medium, and the encrypted contract data is uploaded to a block chain instead of being sent to a third-party node, so that the safety of the contract data is improved, and the problem of contract data leakage is avoided.
In order to solve the above technical problem, the present application provides a method for authenticating a signature of contract data, including:
the first equipment encrypts sensitive data of the contract data according to the generated secret key to obtain encrypted contract data;
uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, sending the VES signature of the second equipment to the first equipment;
and extracting the signature of the second device from the received VES signature to realize signature authentication processing of the contract data.
Optionally, the method further includes:
the first equipment and the second equipment execute guarantee fund data submission operation to the block link points to obtain guarantee fund information;
and when the verification fails, executing punishment operation on the equipment to be punished according to the guarantee fund information.
Optionally, executing a penalty operation on the device to be penalized according to the guarantee fund information, including:
determining a punishment type according to the VES signature received by the block chain node;
and executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
Optionally, the first device performs sensitive data encryption processing on the contract data according to the generated secret key to obtain encrypted contract data, and the method includes:
the first equipment carries out sensitive data extraction processing on the contract data to obtain contract sensitive data and contract desensitization data;
encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
The present application further provides a signature authentication apparatus for contract data, including:
the contract data encryption module is used for carrying out sensitive data encryption processing on the contract data according to the generated secret key to obtain encrypted contract data;
the signature authentication module is used for uploading the encrypted contract data to a block chain node so that the block chain node can verify the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, the VES signature of the second equipment is sent to the first equipment;
and the signature extraction module is used for extracting the signature of the second device from the received VES signature to realize the signature authentication processing of the contract data.
Optionally, the method further includes:
the guarantee fund submitting module is used for executing guarantee fund data submitting operation to the block link points to obtain guarantee fund information;
and the punishment operation module is used for executing punishment operation on the equipment to be punished according to the guarantee fund information when the verification fails.
Optionally, the penalty operation module includes:
the penalty type determining unit is used for determining a penalty type according to the VES signature received by the block chain node;
and the punishment operation executing unit is used for executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
Optionally, the contract data encryption module includes:
the sensitive data extraction unit is used for extracting sensitive data from the contract data to obtain contract sensitive data and contract desensitization data;
the encryption unit is used for encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and the data integration unit is used for integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
The present application further provides a server, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the signature authentication method as described above when executing the computer program.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the signature authentication method as described above.
The application provides a signature authentication method of contract data, which comprises the following steps: the first equipment encrypts sensitive data of the contract data according to the generated secret key to obtain encrypted contract data; uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, sending the VES signature of the second equipment to the first equipment; and extracting the signature of the second device from the received VES signature to realize signature authentication processing of the contract data.
Sensitive data encryption processing is carried out on the contract data according to the secret key, then the encrypted contract data is uploaded to the block chain node instead of the third party node, insecurity caused by the third party node is avoided, then the VES signature created by the second equipment is verified through the block chain node, and when the verification is passed, the signature of the second equipment is extracted from the VES signature by the first equipment, signature authentication processing of the contract data is achieved, safety of the contract data is improved, and the problem of contract data leakage is avoided.
The application further provides a signature authentication device, a server and a computer readable storage medium for contract data, which have the above beneficial effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flowchart of a method for authenticating a signature of contract data according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a signature authentication apparatus for contract data according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a contract data signature authentication method, a signature authentication device, a server and a computer readable storage medium, and the encrypted contract data is uploaded to a block chain instead of being sent to a third-party node, so that the safety of the contract data is improved, and the problem of contract data leakage is avoided.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the prior art, the essence of a fair contract signing scheme is that both parties to a contract can fairly exchange their digital signatures for the contract. In the field of electronic contract signing, a Verifiable Encrypted Signature (VES) can be used as a fair exchange mechanism of digital signatures, and is usually used for electronic contract signing, but a centralized trusted third party is required as an arbitrator to ensure fairness of signature exchange. However, the introduction of third parties can present a number of security issues. For example, most third parties are highly centralized, they have some sensitive information about the contract, including the content of the contract, the digital signature of the contract, etc., and they may collude with others for their own benefit, revealing the relevant sensitive information. In addition, the third party needs to maintain and upgrade its own software and hardware facilities, the service cost is usually high, and once the equipment fails, the signature service will be terminated, which may cause significant loss to the contract signing participants.
Therefore, the application provides a signature authentication method of contract data, sensitive data encryption processing is carried out on the contract data according to a secret key, then the encrypted contract data is uploaded to a block chain node instead of the third party node, insecurity brought by the third party node is avoided, then the block chain node verifies the VES signature created by the second equipment, and when the verification is passed, the first equipment extracts the signature of the second equipment from the VES signature, so that signature authentication processing of the contract data is realized, the security of the contract data is improved, and the problem of contract data leakage is avoided.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for authenticating a signature of contract data according to an embodiment of the present disclosure.
In this embodiment, the method may include:
s101, the first equipment carries out sensitive data encryption processing on contract data according to the generated secret key to obtain encrypted contract data;
the method comprises the following steps that sensitive data are encrypted by first equipment to obtain encrypted contract data. Specifically, a cryptographic symmetric encryption algorithm may be used to encrypt sensitive information in the contract, and any data encryption method provided in the prior art may also be used to encrypt sensitive information in the contract.
It is conceivable that the present embodiment includes a first device and a second device, which are both parties of signing the electronic contract.
Wherein the secret key is key data known to both the first device and the second device. Specifically, the first device and the second device may exchange mutually agreed key data under online, that is, exchange mutually agreed key data through a Diffie-Hellman key exchange protocol, or exchange a consistent secret key through another key exchange method provided in the prior art on online.
Optionally, the process of encrypting the sensitive information of the identical data in this step may include:
firstly, sensitive data extraction processing is carried out on contract data by first equipment to obtain contract sensitive data and contract desensitization data;
step two, encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and step three, integrating the contract desensitization data and the encrypted sensitive data into encrypted contract data.
It can be seen that the alternative scheme mainly explains specifically how to perform sensitive data encryption processing. Specifically, contract sensitive data and contract desensitization data are extracted from contract data. Then, only the sensitive data therein is subjected to encryption processing. And finally, integrating all the data to obtain the encrypted contract data.
Wherein, the sensitive data refers to the sensitive information related to the specific money in the contract data. In order to avoid leakage of sensitive information of the contract data, the contract data is subjected to sensitive data encryption processing in this step.
S102, uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the verification is passed, sending the VES signature of the second equipment to the first equipment;
on the basis of S101, this step is intended to upload the encrypted contract data to the block chain node, so that the block chain node verifies the VES signature created and uploaded by the second device, that is, verifies whether the contract data in the block chain node in this time zone is modified, that is, it is ensured that the contract data is not modified in the signing process, and fairness of contract signing is improved.
For a specific VES signature verification process, reference may be made to the following embodiments, which are not described herein again.
And S103, extracting the signature of the second device from the received VES signature, and realizing the signature authentication processing of the contract data.
On the basis of S102, this step is intended to, after VES signature verification passes,
it should be noted that, in this embodiment, only the process of the first device verifying the signature of the second device is described. In a practical environment, the second device may also authenticate the signature of the first device. The specific process is substantially the same as that of the present embodiment, and only the first device and the second device need to be replaced with each other, which is not described herein again.
Optionally, this embodiment may further include:
the first equipment and the second equipment execute guarantee fund data submission operation to the block link points to obtain guarantee fund information;
and when the verification fails, executing punishment operation on the equipment to be punished according to the guarantee fund information.
It can be seen that the alternative adds a guarantee payment phase on the basis of the embodiment, so as to constrain the behaviors of both parties signing together and avoid the occurrence of improper behaviors. Specifically, when the VES signature verification fails, a data transmission error is eliminated, and a case may occur in which a device modifies the contract content, and therefore, a certain penalty operation needs to be performed.
In this alternative, the method for performing a penalty operation on a device to be penalized according to the information of the deposit may include:
determining a punishment type according to the VES signature received by the block chain node; and executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
It can be seen that in this alternative, what penalty operation is performed is determined according to the condition of the VES signature in the blockchain node in this time zone.
In summary, in this embodiment, sensitive data encryption processing is performed on the contract data according to the secret key, then the encrypted contract data is uploaded to the block chain node, instead of uploading the contract data to the third party node, so that insecurity caused by the third party node is avoided, then the block chain node verifies the VES signature created by the second device, and when the verification passes, the first device extracts the signature of the second device from the VES signature, so that signature authentication processing of the contract data is implemented, the security of the contract data is improved, and the problem of contract data leakage is avoided.
The following further describes a signature authentication method for contract data provided by the present application by an embodiment.
In this embodiment, the method may include:
s201, in the system initialization stage, some main parameters in the system are automatically generated by the system;
s202, the key generation phase is executed by both contract signing parties (a first device and a second device), a randomly selected private key is input, and a public key is output;
s203, the contract negotiation stage is executed by both contract signing parties (a first device and a second device), the contents of the plaintext contract are subjected to under-link negotiation, and then a negotiated shared encryption key is used for encrypting and uploading the plaintext contract to a block chain in combination with a symmetric cryptographic encryption algorithm, so that the encrypted contract to be signed is prevented from being tampered and sensitive information is prevented from being leaked;
s204, the guarantee fund payment stage is executed by both contract signing parties (a first device and a second device), and the full-amount guarantee fund is paid to the intelligent contract address through the intelligent contract and is used for punishing dishonest behaviors;
s205, a VES signature creation phase is executed by two contract signing parties (a first device and a second device), a VES signature is generated on an encryption contract on a chain under the chain, and then the VES signature is submitted to a block chain through an intelligent contract;
s206, the VES signature verification stage is executed by a verification node (an intelligent contract running on a local computer of the whole network node) in the Etherhouse block chain system, a VES signature submitted by a same signer is verified, and if the VES signature verification stage is correct, the VES signature extraction stage is executed, namely S207 is executed;
s207, the VES signature extraction phase is executed by both contract signing parties (a first device and a second device), and common signatures of the contracts are extracted from the verified VES signatures;
and S208, a punishment stage is executed by a verification node (an intelligent contract running on a local computer of the whole network node) in the Etherhouse block chain system, relevant operation is executed according to a VES signature verification result, if both parties are honest, a guarantee fund refund operation is executed, if a dishonest party exists, the dishonest party is punished, except that the payment guarantee fund of the dishonest party is deducted, the signed contract is recorded as invalid and is permanently stored in the block chain, and meanwhile, the block chain is used for recording the personal credit value of the dishonest party, so that certain influence is exerted on subsequent contract signing.
Specifically, the present embodiment may include:
step one, initializing system parameters. Let G1Is a cyclic addition group with a generator P, and G2Is a cyclic multiplicative group, G1And G2The order of (a) is a prime number p. The step e is G1×G1→G2Defining a bilinear mapping and defining a collision-resistant hash function
Figure BDA0002289751140000081
Step two, a key generation stage: random selection by contract signing parties
Figure BDA0002289751140000082
Calculating u as xP, v as yP as G1,z=e(P,P)∈G2. Therefore, the private key of the first equipment is (x)a,ya) The public key is (P, u)a,vaZ) the private key of the second device is (x)b,yb) The public key is (P, u)b,vb,z)。
Step three, contract negotiation stage: the first device and the second device collaborate under the chain a contract m to be signedAnd the merchant determines the final contract content, exchanges the respective public signature key and the Etheng address at the same time for identity verification, and then sets an index id for the contract. Because the contract is signed based on a public block chain, in order to protect sensitive information in the contract, the first device and the second device negotiate to share a secret key k under the chain through a Diffie-Hellman key exchange protocol, and the cryptographic symmetric encryption algorithm is combined to encrypt the sensitive information in the contract, and for the contract with part of information encrypted, the cryptographic symmetric encryption algorithm is used
Figure BDA0002289751140000091
And (4) showing. After the negotiation of both sides of signing a contract, calculating the hash value H (m) of the contract m before partial encryption and the hash value H (c) of the contract c after partial encryption, submitting H (m), c, H (c), the public keys of both sides of signing and the Etheng address to a block chain through an intelligent contract, packaging the block chain link points into blocks for storage after the confirmation of a common identification mechanism, then checking the correctness of uplink data by both sides of signing a contract, and entering the exchange stage of VES signatures on the chain when both sides of signing pass the verification; otherwise, the scheme terminates.
Step four, the guarantee fund payment stage: in order to realize fair signature exchange in the contract signing process, after contract negotiation and related data are uploaded to a chain, both contract signing parties need to pay a sufficient amount of guarantee money and give the guarantee money to an intelligent contract to be kept for punishing a party implementing dishonest behavior. There are generally two cases: if one party does not pay the deposit to the intelligent contract address through the intelligent contract within the specified time, the contract signing is terminated, and the deposit paid by the other party is returned to the Ethernet address of the other party. If both parties do not pay the security deposit to the intelligent contract address through the intelligent contract within the specified time, the contract signing is also terminated. Only after both parties signing the contract successfully pay the guarantee fee, the two parties enter the establishment stage of the VES signature.
Step five, a VES signature creation stage: assuming that the first device first signs contract c VES, the first device uses his private key (x)a,ya) And the public key (P, u) of the second deviceb,vbZ) generates a VES signature for contract c under the chain as follows:
first, a random number is selected
Figure BDA0002289751140000092
Then, calculate
Figure BDA0002289751140000093
The first device signs the VES of contract c as < r, σVES-AliceThen submit it to the blockchain through the intelligent contract along with the public key of the first device and the public key of the second device, waiting for the intelligent contract to verify its correctness. If the second equipment creates the VES signature on the contract c, the VES signature of the second equipment is obtained in the same way:
Figure BDA0002289751140000094
step six, VES signature verification stage: after the intelligent contract receives data such as the VES signature of the first device on the contract c, the block chain verification node runs the intelligent contract code in the local EtherFang virtual machine to verify the related data and verify the signature validity. Firstly, the intelligent contract code hashes the contract c, and judges whether the contract c is matched with the H (c) negotiated by the previous two parties, so as to ensure that the first equipment does not tamper the encrypted sensitive information. Then according to the public key (P, u) provided by the first devicea,vaZ) and the public key of the second device (P, u)b,vbZ) VES signature < r, σ for contract cVES-AliceVerify, check if the following equation holds:
e(σVES-Alice,ua+cP+rva)=e(ub+rvb,P)
if and only if the VES signature of the first device is accepted after the above equation verification passes, the second device may enter the extraction phase of the signature, otherwise, the VES signature of the first device is rejected. Refund and deduction of the deposit will be discussed in the penalty stage.
Step seven, VES signature extraction: after the VES signature verification of the first device by the smart contract is passed, the second device may utilize its own private key (x)b,yb) Extracting a common digital signature of the first device on the contract c:
Figure BDA0002289751140000101
when both sides of the contract signing successfully extract the true signature of the other side, the contract signing is successfully completed.
Step eight, punishing: in the stage, an overtime punishment mechanism based on a guarantee fund and a credit value mechanism based on identity are designed by an Etheng intelligent contract, dishonest participants are automatically judged by the intelligent contract, corresponding processing is carried out on the dishonest participants, contract signing is stopped, and fairness of signature exchange is ensured.
Guarantee fund based timeout penalty mechanism: after both sides of the contract are paid the guarantee fee by the intelligent contract, we set a deadline to ensure that the contract signing is completed within a specified time, so there are three cases:
when the specified time is exceeded, neither party submits the VES signature;
in a specified time, both sides submit respective VES signatures and pass the verification;
when the specified time is exceeded, only one party submits the correct VES signature.
For the first case, the intelligent contract can be identified as contract signing failure, the guarantee fund can return to their respective Ether house addresses as it is, the scheme is terminated, but in order to maintain normal contract signing, the intelligent contract records the behavior of both parties terminating signing to the blockchain; and the second condition represents that contract signing is successful, the first equipment and the second equipment successfully obtain the VES signature of the opposite side, and the fund can be returned to the Ethernet addresses of the two sides in the original way. The third case pertains to the act of breaking the fairness of contract signing, so that a guarantee-based timeout penalty mechanism is triggered when a specified time is exceeded and dishonest behavior occurs. That is, after the dishonest receives the signature of the other party, when the specified time arrives, the dishonest still does not send the VES signature for verification by the node or sends the wrong VES signature, the intelligent contract judges the dishonest behavior, transfers the payment security to the ether house address of the dishonest, and takes the dishonest behavior as a punishment to compensate the dishonest signing party. However, although the deposit of the dishonest party is deducted, the dishonest party still obtains the digital signature which is true of the dishonest party, and the contract is effective. In order to invalidate the contract, a block chain link point is adopted for public verification and the dishonest behavior is recorded, firstly, after an honest party receives a deposit of the dishonest party, a secret key k negotiated by the two parties and an unencrypted contract m are disclosed, then, an intelligent contract calculates a hash value H (m) of the contract m before encryption, the hash value H (m) is compared with the hash value stored on the previous chain, if the hash value H (m) is equal to the hash value stored on the previous chain, the plaintext contract is determined to be negotiated by the two parties and is published, the intelligent contract marks the plaintext contract m and a part of the encrypted contract c signed by the two parties as invalid contracts, and the invalid contracts are stored in a block chain after the joint agreement is achieved, so that subsequent inquiry is facilitated and the invalid evidence of contract signing is taken as.
Identity-based credit value mechanism: in order to increase punishment on dishonest behavior, besides the fact that the dishonest party can be deducted the security fund paid by the dishonest party, the scheme of the embodiment also introduces a credit value mechanism based on identity, utilizes the Ethengfang intelligent contract to automatically record the credit records of each contract signing participant, establishes a credit file based on identity, stores the credit file in a block chain, ensures that the credit file cannot be tampered, and can be traced for inquiry. When the participant acts dishonest, the intelligent contract is automatically identified, the credit value of the intelligent contract is reduced, and the credit value is recorded on the chain. In the future, if a party wants to sign a contract with the party, the party can inquire the credit record of the other party and then decide whether to sign the contract. This mechanism may effectively reduce the likelihood of a participant performing dishonest behavior.
As can be seen, in the embodiment, sensitive data encryption processing is performed on the contract data according to the secret key, then the encrypted contract data is uploaded to the block chain node instead of the third party node, so that insecurity caused by the third party node is avoided, then the VES signature created by the second device is verified through the block chain node, and when the verification is passed, the signature of the second device is extracted from the VES signature by the first device, so that signature authentication processing of the contract data is realized, the security of the contract data is improved, and the problem of contract data leakage is avoided.
In the following, a description is given of a signature authentication apparatus for contract data provided in an embodiment of the present application, and a signature authentication apparatus for contract data described below and a signature authentication method for contract data described above can be referred to correspondingly.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a signature authentication apparatus for contract data according to an embodiment of the present application.
In this embodiment, the apparatus may include:
a contract data encryption module 100, configured to perform sensitive data encryption processing on the contract data according to the generated secret key, so as to obtain encrypted contract data;
the signature authentication module 200 is configured to upload the encrypted contract data to a block chain node, so that the block chain node verifies the VES signature created by the second device according to the encrypted contract data, and when the VES signature passes the verification, send the VES signature of the second device to the first device;
and a signature extraction module 300, configured to extract a signature of the second device from the received VES signature, so as to implement signature authentication processing of the contract data.
Optionally, the apparatus may further include:
the system comprises a guarantee fund submitting module, a guarantee fund processing module and a guarantee fund processing module, wherein the guarantee fund submitting module is used for executing guarantee fund data submitting operation to block link points to obtain guarantee fund information;
and the punishment operation module is used for executing punishment operation on the equipment to be punished according to the guarantee fund information when the verification fails.
Optionally, the penalty operation module includes:
the penalty type determining unit is used for determining a penalty type according to the VES signature received by the block chain node;
and the punishment operation executing unit is used for executing punishment operation corresponding to the punishment type on the device to be punished according to the guarantee fund information.
Optionally, the contract data encryption module 100 may include:
the sensitive data extraction unit is used for extracting sensitive data from the contract data to obtain contract sensitive data and contract desensitization data;
the encryption unit is used for encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and the data integration unit is used for integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
An embodiment of the present application further provides a server, including:
a memory for storing a computer program;
a processor for implementing the steps of the signature authentication method as described in the above embodiments when executing the computer program.
Embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the signature authentication method according to the above embodiments.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above details the signature authentication method, the signature authentication apparatus, the server, and the computer-readable storage medium of the contract data provided by the present application. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.

Claims (10)

1. A method for authenticating a signature of contract data, comprising:
the first equipment encrypts sensitive data of the contract data according to the generated secret key to obtain encrypted contract data;
uploading the encrypted contract data to a block chain node so that the block chain node verifies the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, sending the VES signature of the second equipment to the first equipment;
and extracting the signature of the second device from the received VES signature to realize signature authentication processing of the contract data.
2. The contract data processing method according to claim 1, further comprising:
the first equipment and the second equipment execute guarantee fund data submission operation to the block link points to obtain guarantee fund information;
and when the verification fails, executing punishment operation on the equipment to be punished according to the guarantee fund information.
3. The contract data processing method according to claim 2, wherein performing a penalty operation on the device to be penalized according to the deposit information comprises:
determining a punishment type according to the VES signature received by the block chain node;
and executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
4. The contract data processing method of claim 1, wherein the first device performs sensitive data encryption processing on the contract data according to the generated secret key to obtain encrypted contract data, and the method comprises:
the first equipment carries out sensitive data extraction processing on the contract data to obtain contract sensitive data and contract desensitization data;
encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
5. A signature authentication apparatus for contract data, comprising:
the contract data encryption module is used for carrying out sensitive data encryption processing on the contract data according to the generated secret key to obtain encrypted contract data;
the signature authentication module is used for uploading the encrypted contract data to a block chain node so that the block chain node can verify the VES signature created by the second equipment according to the encrypted contract data, and when the VES signature passes the verification, the VES signature of the second equipment is sent to the first equipment;
and the signature extraction module is used for extracting the signature of the second device from the received VES signature to realize the signature authentication processing of the contract data.
6. The signature authentication device according to claim 5, further comprising:
the guarantee fund submitting module is used for executing guarantee fund data submitting operation to the block link points to obtain guarantee fund information;
and the punishment operation module is used for executing punishment operation on the equipment to be punished according to the guarantee fund information when the verification fails.
7. The signature authentication device of claim 6, wherein the penalty operation module comprises:
the penalty type determining unit is used for determining a penalty type according to the VES signature received by the block chain node;
and the punishment operation executing unit is used for executing punishment operation corresponding to the punishment type on the equipment to be punished according to the guarantee fund information.
8. The signature authentication device according to claim 5, wherein the contract data encryption module includes:
the sensitive data extraction unit is used for extracting sensitive data from the contract data to obtain contract sensitive data and contract desensitization data;
the encryption unit is used for encrypting the contract sensitive data according to the generated secret key to obtain encrypted sensitive data;
and the data integration unit is used for integrating the contract desensitization data and the encrypted sensitive data into the encrypted contract data.
9. A server, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the signature authentication method as claimed in any one of claims 1 to 4 when executing the computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the signature authentication method as claimed in any one of claims 1 to 4.
CN201911175102.6A 2019-11-26 2019-11-26 Signature authentication method of contract data and related device Pending CN111062833A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911175102.6A CN111062833A (en) 2019-11-26 2019-11-26 Signature authentication method of contract data and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911175102.6A CN111062833A (en) 2019-11-26 2019-11-26 Signature authentication method of contract data and related device

Publications (1)

Publication Number Publication Date
CN111062833A true CN111062833A (en) 2020-04-24

Family

ID=70298796

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911175102.6A Pending CN111062833A (en) 2019-11-26 2019-11-26 Signature authentication method of contract data and related device

Country Status (1)

Country Link
CN (1) CN111062833A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115204827A (en) * 2022-07-13 2022-10-18 李蹊 Human resource management system and method based on block chain technology

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107040383A (en) * 2017-04-24 2017-08-11 中山大学 A kind of blind Verifiable Encryptosystem endorsement method based on block chain
CN108600272A (en) * 2018-05-10 2018-09-28 阿里巴巴集团控股有限公司 A kind of block chain data processing method, device, processing equipment and system
CN108833115A (en) * 2018-06-15 2018-11-16 中山大学 A kind of multi-party Fair PDF contract signature method based on block chain
WO2018224943A1 (en) * 2017-06-09 2018-12-13 nChain Holdings Limited Blockchain for general computation
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
AU2019203848A1 (en) * 2019-03-01 2019-05-31 Advanced New Technologies Co., Ltd. Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain
US20190347656A1 (en) * 2018-05-10 2019-11-14 Alibaba Group Holding Limited Blockchain member management data processing methods, apparatuses, servers, and systems

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107040383A (en) * 2017-04-24 2017-08-11 中山大学 A kind of blind Verifiable Encryptosystem endorsement method based on block chain
WO2018224943A1 (en) * 2017-06-09 2018-12-13 nChain Holdings Limited Blockchain for general computation
CN108600272A (en) * 2018-05-10 2018-09-28 阿里巴巴集团控股有限公司 A kind of block chain data processing method, device, processing equipment and system
US20190347656A1 (en) * 2018-05-10 2019-11-14 Alibaba Group Holding Limited Blockchain member management data processing methods, apparatuses, servers, and systems
CN108833115A (en) * 2018-06-15 2018-11-16 中山大学 A kind of multi-party Fair PDF contract signature method based on block chain
CN109033855A (en) * 2018-07-18 2018-12-18 腾讯科技(深圳)有限公司 A kind of data transmission method based on block chain, device and storage medium
AU2019203848A1 (en) * 2019-03-01 2019-05-31 Advanced New Technologies Co., Ltd. Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
HUI HUANG等: "A Fair Three-Party Contract Singing Protocol Based on Blockchain", 《INTERNATIONAL SYMPOSIUM ON CYBERSPACE SAFETY AND SECURITY》 *
吴进喜等: "区块链的多方隐私保护公平合同签署协议", 《信息安全学报》 *
田海博等: "基于公开区块链的隐私保护公平合同签署协议", 《密码学报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115204827A (en) * 2022-07-13 2022-10-18 李蹊 Human resource management system and method based on block chain technology

Similar Documents

Publication Publication Date Title
AU2022224799B2 (en) Methods for secure cryptogram generation
US11842317B2 (en) Blockchain-based authentication and authorization
CN110781521B (en) Intelligent contract authentication data privacy protection method and system based on zero-knowledge proof
CN108876332B (en) Block chain safe transaction method and device based on biometric feature mark authentication
KR102621116B1 (en) Elecronic device and electronic payement method using id-based public key cryptography
WO2021008453A1 (en) Method and system for offline blockchain transaction based on identifier authentication
CN110612547A (en) System and method for information protection
EP1984890A2 (en) A point-of-sale terminal transaction using mutating identifiers
CN112419021A (en) Electronic invoice verification method, system, storage medium, computer equipment and terminal
JP2009272737A (en) Secret authentication system
CN114519206A (en) Method for anonymously signing electronic contract and signature system
CN116720839B (en) Financial information management method based on blockchain technology and supervision system thereof
CN116664298A (en) Implementation method and device of block chain-based decentralization data transaction system
CN111062833A (en) Signature authentication method of contract data and related device
US9563881B2 (en) Fair payment protocol with semi-trusted third party
CN111539719B (en) Audit coin-mixing service method and system model based on blind signature
CN111369332A (en) Data processing method and device based on block chain
CN116561739B (en) Data transaction method and device, electronic equipment and storage medium
TWM579789U (en) Electronic contract signing device
US12021987B2 (en) Methods for secure cryptogram generation
CN115170132B (en) Payment method suitable for high-speed post network member system
JP4148465B2 (en) Electronic value distribution system and electronic value distribution method
JP2002082611A (en) Method for maintaining transaction information and storage source computer
Herath et al. Task based Interdisciplinary E-Commerce Course with UML Sequence Diagrams, Algorithm Transformations and Spatial Circuits to Boost Learning Information Security Concepts
Hemalatha et al. Risk Detection and Assessment in Digital Signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination