CN111368340A - Block chain-based evidence-based security verification method and device and hardware equipment - Google Patents

Block chain-based evidence-based security verification method and device and hardware equipment Download PDF

Info

Publication number
CN111368340A
CN111368340A CN202010025029.0A CN202010025029A CN111368340A CN 111368340 A CN111368340 A CN 111368340A CN 202010025029 A CN202010025029 A CN 202010025029A CN 111368340 A CN111368340 A CN 111368340A
Authority
CN
China
Prior art keywords
party
transaction
transaction party
identity information
user identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010025029.0A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liannong Shenzhen Information Technology Co ltd
Original Assignee
Liannong Shenzhen Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liannong Shenzhen Information Technology Co ltd filed Critical Liannong Shenzhen Information Technology Co ltd
Priority to CN202010025029.0A priority Critical patent/CN111368340A/en
Publication of CN111368340A publication Critical patent/CN111368340A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a block chain-based evidence-passing safety verification method, a block chain-based evidence-passing safety verification device and hardware equipment, relates to the technical field of block chains, and is used for ensuring the evidence-passing safety in a block chain system and improving the safety of intelligent contract transactions. The main technical scheme of the invention is as follows: after the block chain system is successfully deployed, an intelligent contract broadcasted by a transaction party is received, after the intelligent contract request is received, the signature of a first transaction party sending the request is verified, after the signature of the first transaction party is verified, a second transaction party corresponding to the first transaction party in the intelligent contract is obtained, CA digital certificates of the first transaction party and the second transaction party are verified, after the CA digital certificates are authenticated, user identity information of the first transaction party and the second transaction party is verified, and after the user identity information of the first transaction party and the second transaction party is verified, the parties can execute the transaction of the first transaction party and the second transaction party according to the verified content in the intelligent contract.

Description

Block chain-based evidence-based security verification method and device and hardware equipment
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain-based evidence-based security verification method, a block chain-based evidence-based security verification device and hardware equipment.
Background
The block chain is a recording technology different from the traditional centralized accounting mode, participates in nodes on the block chain system, possibly does not belong to the same organization and does not need to trust each other; the blockchain data is maintained by all nodes together, and each node participating in maintenance can obtain a copy of a complete record. Compared with the traditional accounting technology, the method has the characteristics that: maintaining a chain which grows continuously, only adding records possibly, and the records which occur cannot be tampered; can achieve the consensus without centralized control.
In a blockchain system, potentially sensitive or secret items may be represented by a pass that has no discernable meaning or value. The use of a passport as an identifier that allows real world items to be referenced from the blockchain provides enhanced security and control over the communication, transfer, and authentication of digital entities on the blockchain. However, once the hacker acquires the content of the certificate in the smart contract and tampers with the certificate, the transaction security of the smart contract is damaged.
Disclosure of Invention
The invention provides a block chain-based evidence-passing security verification method and device, computer equipment and a storage medium, which are used for ensuring the evidence-passing security in a block chain system and improving the security of intelligent contract transactions.
The embodiment of the invention provides a block chain-based evidence-based security verification method, which comprises the following steps:
deploying the blockchain system through a deployment script;
confirming whether each node service is successfully started or not through logs of all nodes in the block chain system;
if the service of each node in the blockchain system is successfully started, a verification node in the blockchain system receives an intelligent contract broadcasted by a transaction party;
after receiving a request for triggering execution of an intelligent contract sent by a first trading party, verifying a signature of the first trading party;
if the signature of the first trading party passes the verification, acquiring a second trading party corresponding to the first trading party in the intelligent contract;
acquiring CA digital certificates corresponding to the first transaction party and the second transaction party respectively; verifying whether the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated;
if the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated, user identity information contained in the first transaction party and the second transaction party in the digital certificates is acquired respectively;
verifying whether the user identity information respectively corresponding to the first transaction party and the second transaction party succeeds or not;
and when the user identity information corresponding to the first trading party and the second trading party respectively succeeds in verification, executing the trading between the first trading party and the second trading party according to the evidence-passing content in the intelligent contract.
The embodiment of the invention provides a block chain-based evidence-passing safety verification device, which comprises:
the deployment module is used for deploying the blockchain system through the deployment script;
the confirming module is used for confirming whether the service of each node is started successfully or not through the log of each node in the block chain system;
the receiving module is used for receiving the intelligent contract broadcasted by the transaction party by the verification node in the blockchain system if the service starting of each node in the blockchain system is confirmed to be successful;
the verification module is used for verifying the signature of the first trading party after receiving a request for triggering and executing the intelligent contract sent by the first trading party;
the acquisition module is used for acquiring a second transaction party corresponding to the first transaction party in the intelligent contract if the signature of the first transaction party passes the verification;
the acquisition module is further used for acquiring CA digital certificates corresponding to the first transaction party and the second transaction party respectively;
the verification module is further used for verifying whether the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated;
the acquisition module is further configured to acquire user identity information included in the digital certificate by the first transaction party and the second transaction party respectively if the CA digital certificates corresponding to the first transaction party and the second transaction party respectively are authenticated;
the verification module is further configured to verify whether the user identity information corresponding to the first transaction party and the user identity information corresponding to the second transaction party are successful;
and the execution module is used for executing the transaction between the first transaction party and the second transaction party according to the evidence-passing content in the intelligent contract when the user identity information corresponding to the first transaction party and the second transaction party respectively is successfully verified.
A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the above block chain based passsecurity verification method when executing the computer program.
A computer-readable storage medium storing a computer program which, when executed by a processor, implements the above block chain-based credential security verification apparatus.
The invention provides a block chain-based certificate-passing security verification method, a device, computer equipment and a storage medium, after determining that the service of each node in the blockchain system is successfully started, the verification node receives the intelligent contract broadcasted by the transaction party, and after receiving the intelligent contract request, the signature of the first transaction party sending the request is verified, and after the signature verification of the first transaction party is passed, acquiring a second trading party corresponding to the first trading party in the intelligent contract, verifying CA digital certificates of the first trading party and the second trading party, after the CA digital certificates are authenticated, the user identity information of the first transaction party and the second transaction party is verified, after the user identity information of the first trading party and the user identity information of the second trading party are verified, the first trading party and the second trading party can execute trading according to the evidence-passing content in the intelligent contract. After receiving the intelligent contract request, the invention verifies the signature of the transaction party, the CA digital certificate and the user identity information in sequence, thereby ensuring the security of the pass-certificate in the intelligent contract and further improving the security of the intelligent contract transaction.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a flow chart of a block chain-based method for certified security verification in accordance with an embodiment of the present invention;
FIG. 2 is a flow chart of a block chain-based method for certified security verification in accordance with an embodiment of the present invention;
FIG. 3 is a block diagram of an embodiment of the present invention;
FIG. 4 is a schematic diagram of a computer device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making an invasive task, are within the scope of the present invention.
In an embodiment, as shown in fig. 1, a block chain-based method for security verification of a certificate is provided, which includes the following steps:
and S10, deploying the blockchain system through the deployment script.
The deployment script is used for deploying the blockchain system, and after the blockchain system is deployed through the deployment script, whether the node service is successfully deployed or not can be determined according to logs of nodes in the blockchain system.
And S20, confirming whether each node service is started successfully or not through the log of each node in the blockchain system.
Specifically, in the embodiment of the present invention, after the blockchain system is deployed by the deployment script, logs corresponding to each node in the blockchain system are obtained, and then whether each node is successfully started is determined by analyzing the logs of each node, and if all the nodes in the blockchain system are successfully started, the verification node in the blockchain system in step S30 may jump to receive the intelligent contract broadcasted by the transaction party to continue executing.
And S30, if it is confirmed that the service start of each node in the blockchain system is successful, the verification node in the blockchain system receives the intelligent contract broadcasted by the transaction party.
The verification node is used for receiving the intelligent contract sent by the transaction party and verifying the intelligent contract. The transaction party may participate in any one or more parties in the transaction, for example, the transaction party may be a first transaction party or a second transaction party, and the embodiment of the present invention is not limited in particular. It should be noted that the intelligent contract further includes a pass, and specific contents of the transaction between the transaction parties, such as transaction amount, transaction time, transaction type, and the like, are recorded in the pass, which is not specifically limited in the embodiment of the present invention.
In one embodiment provided by the present invention, before the verification node in the blockchain system receives the intelligent contract broadcasted by the transaction party, the method further includes: the block chain system acquires contract records generated between the transaction parties, and signs and encrypts the contract records to generate the intelligent contract; the transaction parties comprise the first transaction party and the second transaction party; and sending the generated intelligent contract to the trading party.
It should be noted that before the intelligent contract is broadcast by the transaction direction blockchain system, the user who needs to participate in the intelligent contract must first register as the user of the blockchain, that is, after the transaction direction blockchain sends a registration account number application, the blockchain system returns a pair of public key and private key to the transaction party. The public key is used as an account address of the user on the block chain, and the private key is used as a unique key for operating the account. Then, more than two users in the transaction side agree a promise contract according to the needs, the contract comprises the rights and obligations of both sides, the rights and obligations are designed and recorded in an electronic mode, the participants sign with respective private keys respectively to ensure the validity of the contract, and the signed intelligent contract is broadcasted in the block chain network.
And S40, after receiving a request for triggering the execution of the intelligent contract sent by the first trading party, verifying the signature of the first trading party.
It should be noted that the first transaction party is any party in the intelligent contract, after the first transaction party sends the verification request for triggering the execution of the intelligent contract to the blockchain, the verification node in the blockchain verifies the signature of the intelligent contract, that is, the signature is verified by the private key of the first transaction party, and after the verification is passed, the step S50 is performed to obtain the second transaction party corresponding to the first transaction party in the intelligent contract.
And S50, if the signature of the first trading party is verified to be passed, acquiring a second trading party corresponding to the first trading party in the intelligent contract.
In the embodiment of the invention, the second trading party corresponding to the first trading party is another party corresponding to the first trading party, which is agreed in the intelligent contract, and if the content in the intelligent contract is transfer transaction, the first trading party is a transfer party, and the second trading party corresponding to the first trading party is a transferred party.
S60, obtaining the CA digital certificates corresponding to the first trading party and the second trading party respectively; and verifying whether the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated respectively.
The CA digital certificate contains a public key, a user trusts the CA by verifying the signature of the CA, and anyone can obtain the CA digital certificate to verify the certificate issued by the CA digital certificate. The CA digital certificate binds the public key with the user identity information of the applicant, and forms a certificate after signing the public key and the user identity information of the applicant, and then sends the certificate to the applicant.
In an embodiment of the present invention, before acquiring CA (electronic authentication service) digital certificates corresponding to the first transaction party and the second transaction party, the method further includes: the first trading party and the second trading party respectively send CA digital certificate acquisition requests to an authority server, wherein the CA digital certificate acquisition requests contain user identity information, so that the authority server can carry out KYC (Know your customer, namely, fully Know your customer) audit on a user according to the user identity information; and the first transaction party and the second transaction party receive CA digital certificates sent by the authority server, wherein the CA digital certificates comprise user identity information, and the CA digital certificates are certificates approved by KYC.
And S70, if the CA digital certificates corresponding to the first transaction party and the second transaction party respectively are authenticated, respectively acquiring user identity information contained in the first transaction party and the second transaction party in the digital certificates.
In the embodiment of the present invention, after the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated, the user identity information is obtained from the CA digital certificates of the first transaction party and the second transaction party, respectively, that is, the CA digital certificates are decrypted by the public keys corresponding to the CA digital certificates, respectively, and the user identity information included in the first transaction party and the first transaction party is obtained therefrom.
S80, verifying whether the user identity information corresponding to the first trading party and the second trading party respectively is successful.
In this embodiment of the present invention, the verification of the user identity information of the first transaction party and the second transaction party is performed to further determine whether the first transaction party and the second transaction party are trusted users, and if both the first transaction party and the second transaction party are trusted users, step S90 may be performed to execute the transaction between the first transaction party and the second transaction party according to the content of the pass in the intelligent contract, so as to ensure the security of the block chain system pass and the security of the transaction between the first transaction party and the second transaction party.
Specifically, whether the user identity information passes the verification can be determined by checking whether the user identity information is in a preset white list, that is, if the user identity information is in the preset white list, the user identity information passes the verification; and if the user identity information is not in the preset white list, the user identity information can be confirmed to be not verified. The preset white list stores the identity information of the trusted user.
As shown in fig. 2, in an embodiment provided by the present invention, the step S80 of verifying whether the user identity information corresponding to the first transaction party and the second transaction party respectively is successful includes:
s801, if the transaction between the first transaction part and the second transaction part is a transfer transaction, obtaining a transfer part and a transferred part in the first transaction part and the second transaction part.
S802, determining whether the number of transferring times of the user exceeds a preset value in a preset time through the user identity information of the transfer party.
The preset time can be set according to actual requirements, for example, the preset time is set to 3 minutes, 5 minutes and the like; the preset value may also be set according to actual situations, for example, the preset value is set to 10, 20, and the like, and the embodiment of the present invention is not limited specifically. For example, if the preset time is 3 minutes and the preset value is 5, checking and checking the user identity information of the transfer party to determine whether the user transfers more than 5 times within 3 minutes, and if the transfer times of the user exceeds 5 times within 3 minutes, determining that the user identity information verification of the transfer party fails.
It should be noted that, because some personal information and account information of the user are obtained by lawless persons through illegal channels, money of all accounts of the user is transferred to other accounts. Therefore, the embodiment of the invention determines whether the transfer times in the process that the transfer times of the user exceeds the preset value in the preset time comprise the transfer behaviors of all account numbers of the user, namely if the transfer user is the user A, the user A can be determined to comprise 3 account numbers through the user identity information of the user A, and if the accumulated transfer behaviors of the 3 account numbers of the user A exceed the preset value in the preset time, the identity verification information of the user A can be determined not to pass.
S803, determining whether the transferred party belongs to a user in a preset blacklist or not according to the user identity information of the transferred party.
Step S803 is a parallel step of step S802, and execution thereof is not in a fixed order. Identity information of an untrusted user is stored in the content of the preset blacklist; it should be noted that before determining whether the transferred party belongs to a user in a preset blacklist according to the user identity information of the transferred party, the method further comprises: storing the user identity information of the user account frozen into the preset list; and/or storing the user identity information of the suspicious account marked by the preset number of users into the preset list.
S804, if the number of times of transferring accounts of the user of the transfer party in a preset time does not exceed the preset value and the transferred party does not belong to the user in the preset blacklist, determining that the user identity information corresponding to the first transaction party and the user identity information corresponding to the second transaction party are both successfully verified.
In the embodiment of the invention, after determining a transfer party and a transferred party in a first transaction party and a second transaction party, determining whether the transfer times of a user exceed a preset value within a preset time through user identity information of the transfer party, determining whether the transferred party belongs to a user in a preset blacklist according to the user identity information of the transferred party, and determining that the user identity information corresponding to the first transaction party and the second transaction party is successfully verified if the transfer times of the user of the transfer party do not exceed the preset value within the preset time and the transferred party does not belong to the user in the preset blacklist. The user identity information of the first trading party and the user identity information of the second trading party are used for verification, so that the security of the evidence in the intelligent contract can be ensured, and the security of the intelligent contract trading is further improved.
And S90, when the user identity information corresponding to the first trading party and the second trading party respectively is verified successfully, executing the trading between the first trading party and the second trading party according to the content of the pass certificate in the intelligent contract.
The content of the pass certificate includes a transaction amount, a transaction type, a transaction time, and the like, and the embodiment of the present invention is not particularly limited. In the embodiment of the invention, when the user identity information corresponding to the first trading party and the user identity information corresponding to the second trading party are determined to be successfully verified, the trading between the first trading party and the second trading party is executed according to the evidence-passing content in the intelligent contract, if the trading amount recorded in the evidence-passing content is 100, the trading type is transfer trading, the transfer party is the first trading party, and the transferred party is the second trading party, the operation of transferring 100 yuan from the first trading party to the second trading party is executed.
In one embodiment provided by the present invention, the performing of the transaction between the first transaction part and the second transaction part according to the certified content in the smart contract comprises: decrypting the accreditation content to obtain the transaction amount in the accreditation content; the first counterparty transfers the transaction amount to the second counterparty; checking, by the smart contract, whether the account amounts of the first and second transaction parties are the same as an expected amount; and if the account amount of the first transaction party and the account amount of the second transaction party are the same as the expected amount, determining that the first transaction party transfers the transaction amount to the first transaction party successfully.
The invention provides a block chain-based evidence-based security verification method, after determining that the service of each node in a block chain system is successfully started, the verification node receives the intelligent contract broadcasted by the transaction party, and after receiving the intelligent contract request, the signature of the first transaction part sending the request is verified, and after the signature verification of the first transaction part is passed, acquiring a second trading party corresponding to the first trading party in the intelligent contract, verifying CA digital certificates of the first trading party and the second trading party, after the CA digital certificates are authenticated, the user identity information of the first transaction party and the second transaction party is verified, after the user identity information of the first trading party and the user identity information of the second trading party are verified, the first trading party and the second trading party can execute trading according to the evidence passing content in the intelligent contract. After receiving the intelligent contract request, the invention verifies the signature of the transaction party, the CA digital certificate and the user identity information in sequence, thereby ensuring the security of the pass-certificate in the intelligent contract and further improving the security of the intelligent contract transaction.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In an embodiment provided by the present invention, a block chain-based certification security verification apparatus is provided, where the block chain-based certification security verification apparatus corresponds to the block chain-based certification security verification method in the foregoing embodiment one to one. As shown in fig. 3, the block chain-based certification security verification apparatus includes a deployment module 10, a confirmation module 20, a receiving module 30, a verification module 40, an acquisition module 50, and an execution module 60. The functional modules are explained in detail as follows:
a deployment module 10, configured to deploy the blockchain system through a deployment script;
a confirming module 20, configured to confirm whether the service of each node is successfully started through the log of each node in the blockchain system;
a receiving module 30, configured to receive, by a verification node in the blockchain system, an intelligent contract broadcasted by a transaction party if it is determined that service start of each node in the blockchain system is successful;
the verification module 40 is configured to verify a signature of a first transaction party after receiving a request for triggering execution of an intelligent contract sent by the first transaction party;
an obtaining module 50, configured to obtain a second trading party corresponding to the first trading party in the intelligent contract if the signature of the first trading party is verified;
the obtaining module 50 is further configured to obtain CA digital certificates corresponding to the first transaction party and the second transaction party, respectively;
the verification module 40 is further configured to verify whether the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated;
the obtaining module 50 is further configured to, if the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated, respectively obtain user identity information included in the digital certificates respectively by the first transaction party and the second transaction party;
the verification module 40 is further configured to verify whether the user identity information corresponding to the first transaction party and the user identity information corresponding to the second transaction party are successful;
and the execution module 60 is configured to execute the transaction between the first transaction party and the second transaction party according to the content of the pass in the intelligent contract when the user identity information corresponding to the first transaction party and the second transaction party is successfully verified.
Further, the apparatus further comprises:
a sending module 70, configured to send, by the first transaction party and the second transaction party, a CA digital certificate acquisition request to an authority server, where the CA digital certificate acquisition request includes user identity information, so that the authority server performs KYC audit on a user according to the user identity information;
the receiving module 30 is further configured to receive, by the first transaction party and the second transaction party, a CA digital certificate sent by the authority server, where the CA digital certificate includes user identity information, and the CA digital certificate is a certificate that is approved by KYC.
The verification module 40 includes:
an obtaining unit 41, configured to obtain a transfer party and a transferred party of the first transaction party and the second transaction party if a transaction between the first transaction party and the second transaction party is a transfer transaction;
a determining unit 42 for determining whether the number of transfers of the user exceeds a preset value within a preset time by the user identification information of the transfer party;
the determining unit 42 is further configured to determine whether the transferred party belongs to a user in a preset blacklist according to the user identity information of the transferred party, where the content of the preset blacklist stores identity information of an untrusted user;
the determining unit 42 is further configured to determine that the user identity information corresponding to the first transaction party and the second transaction party is successfully verified if the number of transfers of the user of the transfer party in a preset time does not exceed the preset value and the transferred party does not belong to a user in a preset blacklist.
The execution module 60 is configured to decrypt the content of the pass certificate, and obtain a transaction amount in the content of the pass certificate; the first counterparty transfers the transaction amount to the second counterparty; checking, by the smart contract, whether the account amounts of the first and second transaction parties are the same as an expected amount; and if the account amount of the first transaction party and the account amount of the second transaction party are the same as the expected amount, determining that the first transaction party transfers the transaction amount to the first transaction party successfully.
Further, the verification module 40 further includes:
the storage unit 43 is configured to store the user identity information of the user account frozen in the preset and name list; and/or storing the user identity information of the suspicious account marked by a preset number of users into the preset list.
Further, the obtaining module 50 is further configured to obtain a contract record generated between the transaction parties by using a blockchain system, and sign and encrypt the contract record to generate the intelligent contract; the transaction party comprises the first transaction party and the second transaction party;
the sending module 70 is further configured to send the generated intelligent contract to the trading party.
For the specific definition of the block chain-based pass-certificate security verification apparatus, reference may be made to the above definition of the block chain-based pass-certificate security verification method, which is not described herein again. All or part of each module in the block chain-based evidence-passing safety verification device can be realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through network connection. The computer program is executed by a processor to implement a block chain based method of certified security verification.
In one embodiment, there is provided a computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
deploying the blockchain system through a deployment script;
confirming whether each node service is successfully started or not through logs of all nodes in the block chain system;
if the service of each node in the blockchain system is successfully started, a verification node in the blockchain system receives an intelligent contract broadcasted by a transaction party;
after receiving a request for triggering execution of an intelligent contract sent by a first trading party, verifying a signature of the first trading party;
if the signature of the first trading party passes the verification, acquiring a second trading party corresponding to the first trading party in the intelligent contract;
acquiring CA digital certificates corresponding to the first transaction party and the second transaction party respectively; verifying whether the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated;
if the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated, user identity information contained in the first transaction party and the second transaction party in the digital certificates is acquired respectively;
verifying whether the user identity information respectively corresponding to the first transaction party and the second transaction party succeeds or not;
and when the user identity information corresponding to the first trading party and the second trading party respectively succeeds in verification, executing the trading between the first trading party and the second trading party according to the evidence-passing content in the intelligent contract.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
deploying the blockchain system through a deployment script;
confirming whether each node service is successfully started or not through logs of all nodes in the block chain system;
if the service of each node in the blockchain system is successfully started, a verification node in the blockchain system receives an intelligent contract broadcasted by a transaction party;
after receiving a request for triggering execution of an intelligent contract sent by a first trading party, verifying a signature of the first trading party;
if the signature of the first trading party passes the verification, acquiring a second trading party corresponding to the first trading party in the intelligent contract;
acquiring CA digital certificates corresponding to the first transaction party and the second transaction party respectively; verifying whether the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated;
if the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated, user identity information contained in the first transaction party and the second transaction party in the digital certificates is acquired respectively;
verifying whether the user identity information respectively corresponding to the first transaction party and the second transaction party succeeds or not;
and when the user identity information corresponding to the first trading party and the second trading party respectively succeeds in verification, executing the trading between the first trading party and the second trading party according to the evidence-passing content in the intelligent contract.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by the relevant hardware instructed by a computer program stored in a non-volatile computer-readable storage medium, and the computer program can include the processes of the embodiments of the methods described above when executed. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It will be apparent to those skilled in the art that, for convenience and simplicity of description, the foregoing functional units and modules are merely illustrated in terms of division, and in practical applications, the foregoing functional allocation may be performed by different functional units and modules as needed, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above described functions.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (10)

1. A block chain-based evidence-passing security verification method is characterized by comprising the following steps:
deploying the blockchain system through a deployment script;
confirming whether the service of each node is started successfully or not through the log of each node in the block chain system;
if the service of each node in the blockchain system is successfully started, a verification node in the blockchain system receives an intelligent contract broadcasted by a transaction party;
after receiving a request for triggering execution of an intelligent contract sent by a first trading party, verifying a signature of the first trading party;
if the signature of the first trading party passes the verification, acquiring a second trading party corresponding to the first trading party in the intelligent contract;
acquiring CA digital certificates corresponding to the first transaction party and the second transaction party respectively; verifying whether the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated;
if the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated, user identity information contained in the first transaction party and the second transaction party in the digital certificates is acquired respectively;
verifying whether the user identity information corresponding to the first transaction party and the second transaction party respectively succeeds or not;
and when the user identity information corresponding to the first trading party and the second trading party respectively is verified successfully, executing the trading between the first trading party and the second trading party according to the evidence-passing content in the intelligent contract.
2. The block chain based certification security verification method according to claim 1, wherein before the obtaining of the CA digital certificates corresponding to the first transaction party and the second transaction party, the method further comprises:
the first trading party and the second trading party respectively send CA digital certificate acquisition requests to an authority server, wherein the CA digital certificate acquisition requests comprise user identity information, so that the authority server can perform KYC audit on a user according to the user identity information;
and the first transaction party and the second transaction party receive CA digital certificates sent by the authority server, wherein the CA digital certificates comprise user identity information, and the CA digital certificates are certificates approved by KYC.
3. The block chain-based pass-certificate security verification method of claim 1, wherein the verifying whether the user identity information respectively corresponding to the first transaction part and the second transaction part is successful comprises:
if the transaction between the first transaction party and the second transaction party is a transfer transaction, acquiring a transfer party and a transferred party in the first transaction party and the second transaction party;
determining whether the number of account transfer times of the user exceeds a preset value within preset time through the user identity information of the account transfer party;
determining whether the transferred party belongs to a user in a preset blacklist or not according to the user identity information of the transferred party, wherein the identity information of an untrusted user is stored in the content of the preset blacklist;
and if the number of times of transferring accounts of the user of the transfer party in a preset time does not exceed the preset value and the transferred party does not belong to the user in the preset blacklist, determining that the user identity information corresponding to the first transaction party and the user identity information corresponding to the second transaction party are verified successfully.
4. The blockchain-based passport security verification method of claim 3, wherein the performing of the transaction between the first transaction part and the second transaction part according to the passport content in the smart contract comprises:
decrypting the accreditation content to obtain the transaction amount in the accreditation content;
the first counterparty transfers the transaction amount to the second counterparty;
checking, by the smart contract, whether the account amounts of the first and second transaction parties are the same as an expected amount;
and if the account amount of the first transaction party and the account amount of the second transaction party are the same as the expected amount, determining that the first transaction party transfers the transaction amount to the first transaction party successfully.
5. The block chain based pass security verification method according to claim 3, wherein before determining whether the transferred party belongs to a user in a preset blacklist according to the user identity information of the transferred party, the method further comprises:
storing the user identity information of the user account frozen in the preset list; and/or
And storing the user identity information of the suspicious account marked by a preset number of users into the preset list.
6. The blockchain-based forensic security verification method according to claim 1 wherein before the verification node in the blockchain system receives the intelligent contract broadcast by the transaction party, the method further comprises:
the block chain system acquires contract records generated between the transaction parties, and signs and encrypts the contract records to generate the intelligent contract; the transaction parties comprise the first transaction party and the second transaction party;
and sending the generated intelligent contract to the trading party.
7. A block chain-based evidence-based security verification device, the device comprising:
the deployment module is used for deploying the blockchain system through the deployment script;
the confirming module is used for confirming whether the service of each node is started successfully or not through the log of each node in the block chain system;
the receiving module is used for receiving the intelligent contract broadcasted by the transaction party by the verification node in the blockchain system if the service starting of each node in the blockchain system is confirmed to be successful;
the verification module is used for verifying the signature of the first trading party after receiving a request for triggering and executing the intelligent contract sent by the first trading party;
the acquisition module is used for acquiring a second trading party corresponding to the first trading party in the intelligent contract if the signature of the first trading party passes the verification;
the acquisition module is further used for acquiring CA digital certificates corresponding to the first transaction party and the second transaction party respectively;
the verification module is further used for verifying whether the CA digital certificates corresponding to the first transaction party and the second transaction party are authenticated;
the acquisition module is further configured to acquire user identity information included in the digital certificate by the first transaction party and the second transaction party respectively if the CA digital certificates corresponding to the first transaction party and the second transaction party respectively are authenticated;
the verification module is further configured to verify whether the user identity information corresponding to the first transaction party and the user identity information corresponding to the second transaction party are successful;
and the execution module is used for executing the transaction between the first transaction party and the second transaction party according to the evidence-passing content in the intelligent contract when the user identity information corresponding to the first transaction party and the second transaction party respectively is successfully verified.
8. The blockchain-based pass-certificate security verification apparatus of claim 7, further comprising:
the sending module is used for the first trading party and the second trading party to respectively send CA digital certificate acquisition requests to an authority server, wherein the CA digital certificate acquisition requests comprise user identity information, so that the authority server can perform KYC audit on a user according to the user identity information;
the receiving module is further configured to receive, by the first transaction party and the second transaction party, a CA digital certificate sent by the authority server, where the CA digital certificate includes user identity information, and the CA digital certificate is a certificate approved by KYC.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the block chain based attestation security verification method of any one of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements the blockchain-based passsecurity verification method according to any one of claims 1 to 6.
CN202010025029.0A 2020-01-04 2020-01-04 Block chain-based evidence-based security verification method and device and hardware equipment Pending CN111368340A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010025029.0A CN111368340A (en) 2020-01-04 2020-01-04 Block chain-based evidence-based security verification method and device and hardware equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010025029.0A CN111368340A (en) 2020-01-04 2020-01-04 Block chain-based evidence-based security verification method and device and hardware equipment

Publications (1)

Publication Number Publication Date
CN111368340A true CN111368340A (en) 2020-07-03

Family

ID=71208047

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010025029.0A Pending CN111368340A (en) 2020-01-04 2020-01-04 Block chain-based evidence-based security verification method and device and hardware equipment

Country Status (1)

Country Link
CN (1) CN111368340A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111770112A (en) * 2020-08-31 2020-10-13 支付宝(杭州)信息技术有限公司 Information sharing method, device and equipment
CN112163845A (en) * 2020-09-29 2021-01-01 深圳前海微众银行股份有限公司 Cross-block-chain transaction identity confirmation method and device
CN112488683A (en) * 2020-12-11 2021-03-12 深圳前海微众银行股份有限公司 Method and device for offline transaction of block chain
CN112508558A (en) * 2020-11-21 2021-03-16 首钢京唐钢铁联合有限责任公司 Transaction system and method based on block chain
CN113382025A (en) * 2021-08-12 2021-09-10 环球数科集团有限公司 Method for checking user identity in process of exchanging certificates
CN113378240A (en) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
WO2022082548A1 (en) * 2020-10-22 2022-04-28 贾胜 Blockchain-based token exchange method and device
CN115099814A (en) * 2022-06-13 2022-09-23 马上消费金融股份有限公司 Information processing method, device, equipment and storage medium
US11615078B2 (en) 2021-06-07 2023-03-28 Alipay (Hangzhou) Information Technology Co., Ltd. Blockchain-based transaction methods

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
CN107103473A (en) * 2017-04-27 2017-08-29 电子科技大学 A kind of intelligent contract implementation method based on block chain
CN109242663A (en) * 2018-09-05 2019-01-18 金蝶软件(中国)有限公司 A kind of bookkeeping methods and system based on block chain technology
CN109981650A (en) * 2019-03-27 2019-07-05 互链云网(北京)科技有限公司 Lead to the transfer method and system of card in block chain
CN110060056A (en) * 2019-03-18 2019-07-26 阿里巴巴集团控股有限公司 A kind of business confirmation method and system based on block chain intelligence contract
CN110647439A (en) * 2019-08-15 2020-01-03 深圳壹账通智能科技有限公司 Method and device for confirming block chain system deployment, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
CN107103473A (en) * 2017-04-27 2017-08-29 电子科技大学 A kind of intelligent contract implementation method based on block chain
CN109242663A (en) * 2018-09-05 2019-01-18 金蝶软件(中国)有限公司 A kind of bookkeeping methods and system based on block chain technology
CN110060056A (en) * 2019-03-18 2019-07-26 阿里巴巴集团控股有限公司 A kind of business confirmation method and system based on block chain intelligence contract
CN109981650A (en) * 2019-03-27 2019-07-05 互链云网(北京)科技有限公司 Lead to the transfer method and system of card in block chain
CN110647439A (en) * 2019-08-15 2020-01-03 深圳壹账通智能科技有限公司 Method and device for confirming block chain system deployment, computer equipment and storage medium

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111770112A (en) * 2020-08-31 2020-10-13 支付宝(杭州)信息技术有限公司 Information sharing method, device and equipment
US11310244B2 (en) 2020-08-31 2022-04-19 Alipay (Hangzhou) Information Technology Co., Ltd. Information sharing methods, apparatuses, and devices
CN112163845A (en) * 2020-09-29 2021-01-01 深圳前海微众银行股份有限公司 Cross-block-chain transaction identity confirmation method and device
CN112163845B (en) * 2020-09-29 2024-03-22 深圳前海微众银行股份有限公司 Transaction identity confirmation method and device for cross-region block chain
WO2022082548A1 (en) * 2020-10-22 2022-04-28 贾胜 Blockchain-based token exchange method and device
CN112508558A (en) * 2020-11-21 2021-03-16 首钢京唐钢铁联合有限责任公司 Transaction system and method based on block chain
CN112488683A (en) * 2020-12-11 2021-03-12 深圳前海微众银行股份有限公司 Method and device for offline transaction of block chain
CN112488683B (en) * 2020-12-11 2024-02-23 深圳前海微众银行股份有限公司 Under-chain transaction method and device of blockchain
US11615078B2 (en) 2021-06-07 2023-03-28 Alipay (Hangzhou) Information Technology Co., Ltd. Blockchain-based transaction methods
CN113378240B (en) * 2021-06-23 2023-03-28 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
CN113378240A (en) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
CN113382025B (en) * 2021-08-12 2021-10-08 环球数科集团有限公司 Method for checking user identity in process of exchanging certificates
CN113382025A (en) * 2021-08-12 2021-09-10 环球数科集团有限公司 Method for checking user identity in process of exchanging certificates
CN115099814A (en) * 2022-06-13 2022-09-23 马上消费金融股份有限公司 Information processing method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN111368340A (en) Block chain-based evidence-based security verification method and device and hardware equipment
CN111429254B (en) Business data processing method and device and readable storage medium
CN108768664B (en) Key management method, device, system, storage medium and computer equipment
CN108322451B (en) Data processing method, data processing device, computer equipment and storage medium
US7526649B2 (en) Session key exchange
US20070192829A1 (en) Authenticated communication using a shared unpredictable secret
TWM623435U (en) System for verifying client identity and transaction services using multiple security levels
CN108496323B (en) Certificate importing method and terminal
CN104660412A (en) Password-less security authentication method and system for mobile equipment
CN110992178A (en) Verification method and device for block chain node, computer equipment and storage medium
CN112632574A (en) Multi-mechanism data processing method and device based on alliance chain and related equipment
CN110942382A (en) Electronic contract generating method and device, computer equipment and storage medium
WO2021190197A1 (en) Method and apparatus for authenticating biometric payment device, computer device and storage medium
CN111881483A (en) Resource account binding method, device, equipment and medium based on block chain
JP2010231404A (en) System, method, and program for managing secret information
CN111062059B (en) Method and device for service processing
CN115147224A (en) Transaction data sharing method and device based on alliance chain
CN115065542A (en) Permission verification method and device, processor and electronic equipment
CN111901359B (en) Resource account authorization method, device, system, computer equipment and medium
CN111080300B (en) Asset transfer method and device based on block chain and hardware equipment
CN113205342A (en) User identity authentication method and device based on multi-terminal payment
CN113328854A (en) Service processing method and system based on block chain
Durán et al. An architecture for easy onboarding and key life-cycle management in blockchain applications
US20240129139A1 (en) User authentication using two independent security elements
CN115526703A (en) Enterprise user authentication and authorization method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200703

WD01 Invention patent application deemed withdrawn after publication