CN114331437A - Block chain-based digital seal using method and device - Google Patents
Block chain-based digital seal using method and device Download PDFInfo
- Publication number
- CN114331437A CN114331437A CN202111655401.7A CN202111655401A CN114331437A CN 114331437 A CN114331437 A CN 114331437A CN 202111655401 A CN202111655401 A CN 202111655401A CN 114331437 A CN114331437 A CN 114331437A
- Authority
- CN
- China
- Prior art keywords
- seal
- key
- digital
- transaction
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 92
- 239000012634 fragment Substances 0.000 claims abstract description 89
- 239000003999 initiator Substances 0.000 claims abstract description 68
- 238000012795 verification Methods 0.000 claims abstract description 64
- 238000003860 storage Methods 0.000 claims description 49
- 238000013475 authorization Methods 0.000 claims description 35
- 230000004044 response Effects 0.000 claims description 12
- 230000000977 initiatory effect Effects 0.000 claims description 7
- 230000007246 mechanism Effects 0.000 description 30
- 230000008569 process Effects 0.000 description 28
- 238000010586 diagram Methods 0.000 description 22
- 230000006870 function Effects 0.000 description 13
- 238000012545 processing Methods 0.000 description 13
- 230000003993 interaction Effects 0.000 description 12
- 230000008520 organization Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 9
- 230000006872 improvement Effects 0.000 description 9
- 238000004590 computer program Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 7
- 239000000463 material Substances 0.000 description 7
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 6
- 230000006399 behavior Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 201000009032 substance abuse Diseases 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000004927 fusion Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012015 optical character recognition Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 241000270295 Serpentes Species 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 239000007795 chemical reaction product Substances 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 239000003607 modifier Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A block chain based digital seal using method and device are applied to a block chain system, and the method can comprise the following steps: receiving a digital seal usage transaction for requesting usage of a target digital seal; the target digital seal comprises a digital certificate of the target digital seal and a target stamp die; the seal key corresponding to the target digital seal is divided into a plurality of key fragments respectively maintained by a plurality of authorized custody parties in advance; calling a key verification intelligent contract, combining the key fragments submitted by each authorized custody manager respectively by the key verification intelligent contract to form a complete seal key, and transmitting the seal key formed by combination to an authentication center, wherein the authentication center maintains a pre-generated digital certificate of a target digital seal; and the digital certificate of the target digital seal returned by the authentication center according to the seal key is transmitted to a transaction initiator of the transaction for using the digital seal, so that the transaction initiator uses the digital certificate of the target digital seal and the target stamp to perform signature operation.
Description
Technical Field
The embodiment of the specification belongs to the technical field of block chains, and particularly relates to a block chain-based digital seal using method and device.
Background
The Blockchain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. In the block chain system, data blocks are combined into a chain data structure in a sequential connection mode according to a time sequence, and a distributed account book which is not falsifiable and counterfeitable is ensured in a cryptographic mode. Because the blockchain has the characteristics of decentralization, information non-tampering, autonomy and the like, the blockchain is also paid more and more attention and is applied by people.
Disclosure of Invention
The invention aims to provide a block chain-based digital seal using method and a block chain-based digital seal using device, wherein the block chain-based digital seal using method comprises the following steps:
according to a first aspect of one or more embodiments of the present specification, a block chain-based digital stamp using method is provided, which is applied to a block chain system, and includes:
receiving a digital seal usage transaction requesting use of a target digital seal; the target digital seal comprises a digital certificate of the target digital seal and a target stamp die; the seal key corresponding to the target digital seal is divided into a plurality of key fragments respectively maintained by a plurality of authorized custody parties in advance;
calling a key verification intelligent contract, combining the key fragments submitted by each authorized custody manager respectively by the key verification intelligent contract to form a complete seal key, and transmitting the seal key formed by combination to an authentication center, wherein the authentication center maintains a pre-generated digital certificate of the target digital seal;
and transmitting the digital certificate of the target digital seal returned by the authentication center according to the seal key to a transaction initiator of the transaction for using the digital seal, so that the transaction initiator uses the digital certificate of the target digital seal and the target stamp to perform signature operation.
According to a second aspect of one or more embodiments of the present specification, a block chain-based digital seal generation method is provided, which is applied to a block chain system, and includes:
receiving a digital seal application transaction, wherein the digital seal application transaction is used for requesting to generate a target digital seal, and the target digital seal comprises a digital certificate and a target stamp corresponding to the target digital seal;
invoking a seal key determination contract in response to the digital seal application transaction, the seal key determination contract being for:
determining a seal key corresponding to the target digital seal;
splitting the seal key into a plurality of key fragments according to the number of authorized custody providers, and transparently transmitting each key fragment to a corresponding authorized custody provider;
and transparently transmitting the seal key to an authentication center so that the authentication center generates a digital certificate and a target stamp corresponding to the target digital seal.
According to a third aspect of one or more embodiments of the present specification, there is provided a block chain-based digital stamp using apparatus applied to a block chain system, the apparatus including:
a first receiving unit for receiving a digital seal usage transaction for requesting usage of a target digital seal; the target digital seal comprises a digital certificate of the target digital seal and a target stamp die; the seal key corresponding to the target digital seal is divided into a plurality of key fragments respectively maintained by a plurality of authorized custody parties in advance;
the first calling unit is used for calling a key verification intelligent contract, combining the key fragments respectively submitted by each authorized custody manager by the key verification intelligent contract to form a complete seal key, and transparently transmitting the seal key formed by combination to an authentication center, wherein the authentication center maintains a pre-generated digital certificate of the target digital seal;
and the return unit is used for transparently transmitting the digital certificate of the target digital seal returned by the authentication center according to the seal key to a transaction initiator of the transaction for using the digital seal so as to enable the transaction initiator to use the digital certificate of the target digital seal and the target stamp to perform signature operation.
According to a fourth aspect of one or more embodiments of the present specification, there is provided a block chain-based digital stamp generating apparatus applied to a block chain system, the apparatus including:
the second receiving unit is used for receiving a digital seal application transaction, wherein the digital seal application transaction is used for requesting to generate a target digital seal, and the target digital seal comprises a digital certificate and a target stamp corresponding to the target digital seal;
the second calling unit is used for calling a seal key to determine a contract in response to the digital seal application transaction, and the seal key is used for:
determining a seal key corresponding to the target digital seal;
splitting the seal key into a plurality of key fragments according to the number of authorized custody providers, and transparently transmitting each key fragment to a corresponding authorized custody provider;
and the sending unit is used for transmitting the seal key to an authentication center so as to generate the digital certificate of the target digital seal and the target stamp by the authentication center.
According to a fifth aspect of one or more embodiments of the present specification, there is provided an electronic device comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method as described in the embodiments of any of the above aspects by executing the executable instructions.
According to a sixth aspect of one or more embodiments of the present specification, there is provided a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method as described in the embodiments of any one of the above aspects.
In the specification, the seal key of the digital seal is stored in a segmented manner through a block chain decentralized mechanism, and meanwhile, the authorization relation of the digital seal is managed by applying a block chain intelligent contract, so that strong control over the use process of the digital seal is realized, and the safety of the use process of the digital seal is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and it is obvious for a person skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a schematic diagram of a creation flow of an intelligent contract shown herein;
FIG. 2 is a schematic diagram illustrating the call flow of an intelligent contract shown in this specification;
FIG. 3 is a schematic diagram of the creation and invocation flow of an intelligent contract shown in the present specification;
FIG. 4 is a flow chart of a method for using a digital stamp based on a blockchain according to an exemplary embodiment of the present disclosure;
FIG. 5 is a flowchart of a block chain based digital seal generation method provided by an exemplary embodiment of the present description;
FIG. 6 is a diagram of a network architecture to which the method of the present description may be applied, as provided in an exemplary embodiment of the present description;
FIG. 7 is an interaction diagram of a block chain based digital seal generation method provided by an exemplary embodiment of the present specification;
FIG. 8 is an interaction diagram of a block chain based digital stamp use method provided by an exemplary embodiment of the present specification;
FIG. 9 is a schematic diagram of an apparatus provided in an exemplary embodiment of the present description;
FIG. 10 is a block diagram of a blockchain-based digital stamp using apparatus provided in an exemplary embodiment of the present specification;
fig. 11 is a block diagram of a block chain-based digital stamp generating apparatus according to an exemplary embodiment of the present specification.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
Blockchains are generally divided into three types: public chain (Public Blockchain), Private chain (Private Blockchain) and alliance chain (Consortium Blockchain). Furthermore, there may be a combination of the above types, such as private chain + federation chain, federation chain + public chain, and so on.
Among them, the most decentralized is the public chain. The public chain is represented by an ether house, and participants (also called nodes in the block chain) joining the public chain can read data records on the chain, participate in transactions, compete for accounting rights of new blocks, and the like. Moreover, each node can freely join or leave the network and perform related operations.
Private chains are the opposite, with the network's write rights controlled by an organization or organization and the data read rights specified by the organization. Briefly, a private chain may be a weakly centralized system with strict restrictions on nodes and a small number of nodes. This type of blockchain is more suitable for use within a particular establishment.
A federation chain is a block chain between a public chain and a private chain, and "partial decentralization" can be achieved. Each node in a federation chain typically has a physical organization or organization corresponding to it; the nodes are authorized to join the network and form a benefit-related alliance, and block chain operation is maintained together.
Based on the basic characteristics of a blockchain, a blockchain is usually composed of several blocks. The time stamps corresponding to the creation time of the block are recorded in the blocks respectively, and all the blocks form a time-ordered data chain according to the time stamps recorded in the blocks strictly.
The real data generated by the physical world can be constructed into a standard transaction (transaction) format supported by a block chain, then is issued to the block chain, the node equipment in the block chain performs consensus processing on the received transaction, and after the consensus is achieved, the node equipment serving as an accounting node in the block chain packs the transaction into a block and performs persistent evidence storage in the block chain.
The consensus algorithm supported in the blockchain may include:
the first kind of consensus algorithm, namely the consensus algorithm that the node device needs to contend for the accounting right of each round of accounting period; consensus algorithms such as Proof of Work (POW), Proof of equity (POS), Proof of commission rights (DPOS), etc.;
the second kind of consensus algorithm, namely the consensus algorithm which elects accounting nodes in advance for each accounting period (without competing for accounting right); for example, a consensus algorithm such as a Practical Byzantine Fault Tolerance (PBFT) is used.
In a blockchain network employing a first type of consensus algorithm, node devices competing for billing rights can execute a transaction upon receipt. One of the node devices competing for the accounting right may win in the process of competing for the accounting right in the current round, and become an accounting node. The accounting node may package the received transaction with other transactions to generate a latest block and send the generated latest block or a block header of the latest block to other node devices for consensus.
In the block chain network adopting the second type of consensus algorithm, the node equipment with the accounting right is agreed before accounting in the current round. Thus, the node device, after receiving the transaction, may send the transaction to the accounting node if it is not the accounting node of its own round. For the accounting node of the current round, the transaction may be performed during or before packaging the transaction with other transactions to generate the latest block. After generating the latest block, the accounting node may send the latest block or a block header of the latest block to other node devices for consensus.
As described above, regardless of which consensus algorithm is used by the blockchain, the accounting node of the current round may pack the received transaction to generate the latest block, and send the generated latest block or the block header of the latest block to other node devices for consensus verification. If no problem is verified after other node equipment receives the latest block or the block header of the latest block, the latest block can be added to the tail of the original block chain, so that the accounting process of the block chain is completed. The transaction contained in the block may also be performed by other nodes in verifying the new block or block header sent by the accounting node.
In the field of blockchain, an important concept is account (account); taking an ether house as an example, the ether house generally divides an account into an external account and a contract account; the external account is an account directly controlled by the user and is also called as a user account; and the contract account is created by the user through an external account, the account containing the contract code (i.e. the smart contract). Of course, for some blockchain items derived from the ethernet-based architecture (such as ant blockchains), the account types supported by the blockchain may be further expanded, and are not particularly limited in this specification.
For accounts in a blockchain, the account status of the account is usually maintained through a structure. When a transaction in a block is executed, the status of the account associated with the transaction in the block chain is also typically changed.
Taking etherhouses as an example, the structure of an account usually includes fields such as Balance, Nonce, Code and Storage. Wherein:
a Balance field for maintaining the current account Balance of the account;
a Nonce field for maintaining a number of transactions for the account; the counter is used for guaranteeing that each transaction can be processed only once, and replay attack is effectively avoided;
a Code field for maintaining a contract Code for the account; in practical applications, only the hash value of the contract Code is typically maintained in the Code field; thus, the Code field is also commonly referred to as the Codhash field.
A Storage field for maintaining the Storage contents of the account (default field value is null); for a contract account, a separate storage space is usually allocated to store the storage content of the contract account; this separate storage space is often referred to as the account storage of the contract account. The storage content of the contract account is usually constructed into a data structure of an MPT (Merkle Patricia Trie) tree and stored in the independent storage space; in which, the Storage content based on the contract account is constructed into an MPT tree, which is also commonly referred to as a Storage tree. Whereas the Storage field typically maintains only the root node of the Storage tree; therefore, the Storage field is also commonly referred to as the Storage Root field.
Wherein, for the external account, the field values of the Code field and the Storage field shown above are both null values.
For most blockchain items, a Merkle tree is typically used; alternatively, the data is stored and maintained based on the data structure of the Merkle tree. Taking etherhouses as an example, the etherhouses use MPT tree (a Merkle tree variation) as a data organization form for organizing and managing important data such as account status, transaction information, and the like.
The Etherhouse designs three MPT trees, namely an MPT state tree, an MPT transaction tree and an MPT receipt tree, aiming at data needing to be stored and maintained in a block chain. In addition to the above three MPT trees, there is actually a Storage tree constructed based on the Storage content of the contract account.
An MPT state tree, which is an MPT tree organized by account state data of all accounts in a blockchain; an MPT transaction tree, which is an MPT tree organized by transaction (transaction) data in a blockchain; the MPT receipt tree is organized into transaction (receipt) receipts corresponding to each transaction generated after the transactions in the block are executed. The hash values of the root nodes of the MPT state tree, the MPT transaction tree, and the MPT receipt tree shown above are eventually added to the block header of the corresponding block.
The MPT transaction tree and the MPT receipt tree correspond to the blocks, namely each block has the MPT transaction tree and the MPT receipt tree. The MPT state tree is a global MPT tree, which does not correspond to a specific tile, but covers account state data of all accounts in the tile chain.
It should be noted that, each time a latest block is generated in the blockchain, after a transaction in the latest block is executed, the account status of the accounts (which may be an external account or a contract account) related to the executed transaction in the blockchain is usually changed;
for example, when a "transfer transaction" is completed in a block, the balances of the transferring party account and the transferring party account associated with the "transfer transaction" (i.e., the field values of the Balance fields of these accounts) are usually changed.
After the transaction in the latest block generated by the blockchain is completed, the node device needs to construct an MPT state tree according to the current account state data of all accounts in the blockchain because the account state in the current blockchain changes, so as to maintain the latest state of all accounts in the blockchain.
That is, each time a latest block is generated in the block chain and the account status in the block chain changes after the transaction in the latest block is completed, the node device needs to reconstruct an MPT status tree based on the latest account status data of all accounts in the block chain. In other words, each block in the block chain has a corresponding MPT state tree; the MPT status tree maintains the latest account status of all accounts in the blockchain after the transaction in the block is completed.
In practical applications, whether public, private, or alliance, it is possible to provide the functionality of a smart contract (smart contract). An intelligent contract on a blockchain is a contract on a blockchain that can be executed triggered by a transaction. An intelligent contract may be defined in the form of code.
Taking an Etherhouse as an example, a user is supported to create and call some complex logic in the Etherhouse network. The ethernet workshop is used as a programmable block chain, and the core of the ethernet workshop is an ethernet workshop virtual machine (EVM), and each ethernet workshop node can run the EVM. The EVM is a well-behaved virtual machine through which various complex logic can be implemented. The user issuing and invoking smart contracts in the etherhouse is running on the EVM. In fact, the EVM directly runs virtual machine code (virtual machine bytecode, hereinafter referred to as "bytecode"), so the intelligent contract deployed on the blockchain may be bytecode.
After Bob sends a transaction (transaction) containing information to create a smart contract to the ethernet network, each node may perform the transaction in the EVM, as shown in fig. 1. In fig. 1, the From field of the transaction is used To record the address of the account initiating the creation of the intelligent contract, the contract code stored in the field value of the Data field of the transaction may be byte code, and the field value of the To field of the transaction is a null account. After the nodes reach the agreement through the consensus mechanism, the intelligent contract is successfully created, and the follow-up user can call the intelligent contract.
After the intelligent contract is established, a contract account corresponding to the intelligent contract appears on the block chain, and the block chain has a specific address; for example, "0 x68e12cf284 …" in each node in fig. 1 represents the address of the contract account created; the contract Code (Code) and account store (Storage) will be maintained in the account store for that contract account. The behavior of the intelligent contract is controlled by the contract code, while the account storage of the intelligent contract preserves the state of the contract. In other words, the intelligent contract causes a virtual account to be generated on the blockchain that contains the contract code and account storage.
As mentioned above, the Data field containing the transaction that created the intelligent contract may hold the byte code of the intelligent contract. A bytecode consists of a series of bytes, each of which can identify an operation. Based on the multiple considerations of development efficiency, readability and the like, a developer can select a high-level language to write intelligent contract codes instead of directly writing byte codes. For example, the high-level language may employ a language such as Solidity, Serpent, LLL, and the like. For intelligent contract code written in a high-level language, the intelligent contract code can be compiled by a compiler to generate byte codes which can be deployed on a blockchain.
Taking the Solidity language as an example, the contract code written by it is very similar to a Class (Class) in the object-oriented programming language, and various members including state variables, functions, function modifiers, events, etc. can be declared in one contract. A state variable is a value permanently stored in an account Storage (Storage) field of an intelligent contract to save the state of the contract.
As shown in FIG. 2, still taking the Etherhouse as an example, after Bob sends a transaction containing the information of the calling intelligent contract to the Etherhouse network, each node can execute the transaction in the EVM. In fig. 2, the From field of the transaction is used To record the address of the account initiating the intelligent contract invocation, the To field is used To record the address of the intelligent contract invocation, and the Data field of the transaction is used To record the method and parameters of the intelligent contract invocation. After invoking the smart contract, the account status of the contract account may change. Subsequently, a client may view the account status of the contract account through the accessed block link point (e.g., node 1 in fig. 2).
The intelligent contract can be independently executed at each node in the blockchain network in a specified mode, and all execution records and data are stored on the blockchain, so that after the transaction is executed, transaction certificates which cannot be tampered and lost are stored on the blockchain.
A schematic diagram of creating an intelligent contract and invoking the intelligent contract is shown in fig. 3. An intelligent contract is created in an Ethernet workshop and needs to be subjected to the processes of compiling the intelligent contract, changing the intelligent contract into byte codes, deploying the intelligent contract to a block chain and the like. The intelligent contract is called in the Ethernet workshop, a transaction pointing to the intelligent contract address is initiated, the EVM of each node can respectively execute the transaction, and the intelligent contract code is distributed and operated in the virtual machine of each node in the Ethernet workshop network.
The event mechanism of the intelligent contract is a mode for the interaction between the intelligent contract and the out-of-chain entity. For intelligent contracts deployed on blockchains, direct interaction with out-of-chain entities is generally not possible; for example, the intelligent contract cannot generally send the call result of the intelligent contract to the call initiator of the intelligent contract point to point after the call is completed.
The call results (including intermediate results and final call results) generated by the intelligent contract in the call process are usually recorded in the form of events (events) to the transaction log (transaction logs) of the transaction that called the intelligent contract, and stored in the storage space of the node device. The entity outside the chain which needs to interact with the intelligent contract can acquire the calling result of the intelligent contract by monitoring the transaction log stored in the storage space of the node equipment;
for example, in the case of an Etherhouse, the transaction log would ultimately be stored in the MPT receipt tree described above as part of the receipt (receipt) for the transaction that invoked the smart contract. And the entity outside the chain interacting with the intelligent contract can monitor the transaction receipts stored in the storage space of the node device on the MPT receipt tree and acquire the events generated by the intelligent contract from the monitored transaction receipts.
The intelligent contracts deployed on the blockchains can only reference data contents stored on the blockchains generally; in practical applications, for some complex business scenarios implemented based on the intelligent contract technology, the intelligent contract may need to refer to some external data on the data entities outside the chain.
In this scenario, the intelligent contract deployed on the blockchain may refer to data on the data entities outside the chain through the prediction machine, thereby implementing data interaction between the intelligent contract and the data entities in the real world. Data entities outside the chain may include, for example, centralized servers or data centers deployed outside the chain, and so on.
It should be noted that the cross-link relay is used to connect two block chains, and the prediction machine is used to connect the block chain and a data entity outside the chain, so as to implement data interaction between the block chain and the real world.
In practical application, when a predicting machine is deployed for an intelligent contract on a block chain, a predicting machine intelligent contract corresponding to the predicting machine can be deployed on the block chain; the intelligent contract of the prediction machine is used for maintaining external data sent to the intelligent contract on the block chain by the prediction machine; for example, external data sent by the predictive machine to the smart contract on the blockchain may be stored in the account storage space of the predictive machine smart contract.
When a target intelligent contract on the blockchain is called, external data required by the target intelligent contract can be read from the account storage space of the prediction machine intelligent contract to complete the calling process of the intelligent contract.
It should be noted that, when sending external data to the smart contract on the blockchain, the prediction engine may use an active sending method or a passive sending method.
In one implementation, the data entity outside the chain may send external data to be provided to the target intelligent contract to the intelligent contract of the language prediction machine after signing by using the private key of the language prediction machine; for example, in time, the signed external data may be sent to the intelligent contract of the prediction machine in a periodic sending manner;
the intelligent contract of the language predicting machine can maintain a CA (certificate authority) certificate of the language predicting machine, after external data sent by a data entity outside a chain is received, a signature of the external data can be verified by using a public key of the language predicting machine maintained in the CA certificate, and after the signature passes, the external data sent by the data entity outside the chain is stored in an account storage space of the intelligent contract of the language predicting machine.
In another implementation, when a target intelligent contract on a blockchain is called, if external data required by the target intelligent contract is not read from an account storage space of the intelligent contract of the language predictive controller, the intelligent contract of the language predictive controller may interact with the language predictive controller by using an event mechanism of the intelligent contract, and the language predictive controller sends the external data required by the target intelligent contract to the account storage space of the intelligent contract of the language predictive controller.
For example, when a target intelligent contract on a blockchain is called, if external data required by the target intelligent contract is not read from an account storage space of the intelligent contract of the language predictive machine, the intelligent contract of the language predictive machine can generate an external data acquisition event, record the external data acquisition event into a transaction log of the transaction calling the intelligent contract, and store the transaction log into a storage space of a node device; the predicting machine can monitor a transaction log generated by the predicting machine intelligent contract stored in the storage space of the node equipment, respond to the monitored external data acquisition event after monitoring the external data acquisition event in the transaction log, and send the external data required by the target intelligent contract to the predicting machine intelligent contract.
Referring to fig. 4, fig. 4 is a flowchart illustrating a block chain-based digital stamp using method according to an exemplary embodiment of the present disclosure.
The block chain-based digital seal using method can be applied to a block chain system; the block chain-based digital seal using method can comprise the following steps:
In an embodiment, a party (hereinafter, called a user-demanding party) having a use demand for the target digital stamp may directly initiate the digital stamp use transaction to the blockchain system; alternatively, the use demander may send a use request for the target digital seal to other participants, so that the other participants respond to the use request and initiate the digital seal use transaction to the blockchain system as a transaction initiator. In one case, the target digital seal may correspond to a plurality of legal users, and the transaction initiator initiates a digital seal usage transaction to the blockchain system in response to the usage request when the users belong to the legal users. In specific implementation, the target digital seal can have a unique seal identifier, the seal identifier is generated by a transaction initiator when the target digital seal is applied, the transaction initiator can also maintain the binding relationship between the seal identifier of the target digital seal and a pre-registered legal demand party, the legality of a demand party is authenticated according to the binding relationship, and if the transaction initiator receives a demand submitted by the demand party for the target digital seal, and confirms that the demand party is a legal demand party according to the binding relationship, the digital seal usage transaction is initiated to the blockchain system.
Further, assuming that the user demand party sends a request for using a target digital stamp to the transaction initiator so that the transaction initiator initiates a digital stamp using transaction to the blockchain system, the user demand party may select the target digital stamp to be used when sending the request, for example, a pattern image or a stamp name of all digital stamps owned by the user demand party is displayed on an operation interface of the user demand party, so that the user demand party can intuitively know each digital stamp owned by the user demand party and perform a selection operation. By carrying the seal identification of the digital seal designated by the selection operation of the user demand party in the use request, the transaction initiator can determine the target digital seal through the seal identification and verify the identity of the user demand party according to the binding relationship between the seal identification and the legal demand party.
In some scenarios, the blockchain system in the present specification includes a blockchain network in the related art, which is composed of a plurality of blockchain nodes. Participants, such as customers or transaction initiators, may actively generate blockchain transactions and submit blockchain transactions to the blockchain system, such as to a blockchain node in the blockchain system. In other scenarios, the Blockchain system in this specification includes the Blockchain network and a BaaS (Blockchain as a Service) server, so that any one of the participants can generate a corresponding Blockchain transaction by the BaaS server only by initiating a request to the BaaS server, and submit the Blockchain transaction to the Blockchain system.
In practical application, the user demanding party may specifically represent a country-related department, a public institution, a social group or an enterprise that needs to use a seal during work, and the user demanding party may be one user or a user group consisting of a plurality of users; the transaction initiator which is in butt joint with the use demand party can be a third-party seal service platform, and one or more legal demand parties registered in any digital seal in the third-party seal service platform can be provided; this is not limited by the present description.
Taking an enterprise as an example, the enterprise itself can be used as a user demand side, and corresponding digital seals exist for entity seals owned by the enterprise, such as a public seal, a contract seal, a financial seal, an invoice seal and the like. Taking the financial seal of an enterprise as an example, the enterprise may initiate a digital seal usage transaction for using the financial seal through a client that establishes a connection with the blockchain system, for example: financial staff of the enterprise can initiate digital seal use transaction through the client or send a digital seal use request aiming at the financial seal to a third-party seal service platform, the third-party seal service platform responds to the request and provides seal use transaction for requesting to use the digital seal of the financial seal to a block chain system, and the block system can respond to the digital seal use transaction and call intelligent contract codes in corresponding intelligent contracts for processing.
When the financial staff of the enterprise has a plurality of names, only part of the financial staff may have the qualification of using the digital seal of the financial seal, and then, the third-party seal service platform can maintain the binding relationship between the digital seal with the financial seal and the corresponding financial staff with legal use qualification. Assuming that only the financial person A is qualified to use the digital seal of the financial seal, the third-party seal service platform can determine whether the person currently initiating the digital seal use request for the financial seal is the financial person A according to the binding relationship. In specific implementation, the third-party seal service platform may use face recognition, fingerprint recognition and other modes to confirm the validity of the identity of the person who currently initiates the digital seal use request for the financial seal, which is not limited in this specification.
In this specification, the seal key corresponding to the target digital seal is generated by the transaction initiator when the target digital seal is claimed. The target digital seal comprises a digital certificate of the target digital seal and a target stamp, and after the seal key passes the authentication of the authentication center, the authentication center can respectively generate and store the digital certificate of the target digital seal and the target stamp corresponding to the seal key. The target impression can be maintained by the authentication center alone or by the authentication center to the transaction initiator. The authentication center can request the authentication center for the legality of the main body using the target digital stamp through authentication confirmation of the stamp secret key, and returns a digital certificate corresponding to the target digital stamp or returns the digital certificate and the target stamp under the condition that the main body requesting to use the target digital stamp is legal.
In particular, the blockchain system may receive a digital seal application transaction requesting generation of a target digital seal. The digital seal application transaction can be submitted by other participants as a transaction initiator (such as a third-party seal service platform). In specific implementation, a seal claimant may submit a request for registering a target digital seal through an electronic seal support platform identified by a national relevant department managing digital seals, and the electronic seal support platform initiates a digital seal application transaction to a blockchain system in response to the request for applying the target digital seal, or initiates the digital seal application transaction to the blockchain system through the transaction initiation party.
In this specification, the seal key of the target digital seal may be generated by the transaction initiator instead, and the seal key is included in the seal application transaction by the transaction initiator and transmitted to the blockchain system. The blockchain system calls a seal key to determine a contract in response to the digital seal application transaction, and the seal key determines the seal key corresponding to the target digital seal from the seal application transaction; after the seal key is determined, on one hand, the seal key is divided into a plurality of key fragments according to the number of authorized custody parties, and each key fragment is transmitted to the corresponding authorized custody party, and the specific information of the authorized custody party is written into the contract code of the seal key determination contract in advance. And on the other hand, the seal key is transmitted to an authentication center, so that the authentication center authenticates the seal key, and a digital certificate and a target stamp of the target digital seal are generated and stored. The seal claiming party may be one of authorized custody parties, for example, an enterprise may not only serve as the seal claiming party to submit a request for applying a target digital seal to the electronic seal supporting platform, but also serve as the authorized custody party to keep a corresponding key fragment.
Specifically, a seal claimant submits a request for registering a target digital seal through an electronic seal supporting platform, the electronic seal supporting platform forwards the request to a transaction initiator, the transaction initiator generates a unique seal identifier corresponding to the target digital seal applied by the seal claimant for the seal claimant, the seal identifier is transmitted to a block chain system when the secret key is called to determine a contract, and the block chain system establishes an association relationship between the seal identifier and a seal secret key. It should be noted that the seal key may be generated not only by the transaction initiator, but also by the certification authority, and the certification authority may pass through to the blockchain system through the predictive engine mechanism or other methods.
When the seal key is represented as a public key in a public-private key pair and is generated by a certification authority, the private key corresponding to the seal key is replaced by the certification authority, and the seal key transmitted to the blockchain system is the public key in the public-private key pair. When the seal key is represented as a public key in a public-private key pair and is generated by a transaction initiator, the private key corresponding to the seal key is maintained by the transaction initiator, and the seal key transmitted to the blockchain system is the public key in the public-private key pair.
It should be noted that "transparent transmission" mentioned here and in the following represents several different ways of interaction between the blockchain system and outside the chain, taking the example that the blockchain system transparently transmits each key fragment to the corresponding authorized depositor, the blockchain system may record the key fragment in the form of an event in the transaction log and store the key fragment in the receipt, and each authorized depositor may obtain the key fragment from the monitored transaction receipt through the monitoring mechanism, or the blockchain system may also transparently transmit the key fragment to each authorized depositor through the predictive engine mechanism.
As mentioned above, the target digital stamp refers to the stamp of the target digital stamp (i.e., the pattern image of the digital stamp) and the digital certificate corresponding to the target digital stamp. The process of generating the target digital seal by the certification center can be understood as the process of issuing a digital certificate by the seal key and generating the seal, of course, the seal can also be generated by other participants according to the material proxy submitted by the seal claimant, and the description does not limit the process. Specifically, if the blockchain system is registered at the authentication center, the generation party of the seal key transmitted to the blockchain system through the blockchain system is legal, the seal key can be authenticated, after the seal key is authenticated, the authentication center generates a digital certificate and a seal stamp based on the seal key, and the digital certificate and the seal stamp form a complete target digital seal.
For the requirement of confidentiality, the blockchain system can encrypt the corresponding key fragment by using the public key of each authorized depositor before transparently transmitting the key fragment to each authorized depositor. Only an authorized security manager with a corresponding private key can decrypt the encrypted key fragments, so that the security of the key fragments in the transmission process is ensured. In addition, the encrypted key fragment may be stored in a world state.
In an embodiment, the blockchain system may further transmit the generation information of the target digital seal to the transaction initiator and/or the electronic seal supporting platform, so that the transaction initiator and/or the electronic seal supporting platform records the issuing information of the target digital seal. For example, a transaction initiator and/or an electronic seal support platform may establish a correspondence between the identity of the digital seal and the seal claimant. And after the transaction initiator and/or the electronic seal supporting platform are filed, the issuing information evidence-saving transaction is submitted to the blockchain system, so that the blockchain system can upload and save the issuing information of the target digital seal according to the issuing information evidence-saving transaction.
It is worth noting that the target impression mentioned above is generated and maintained by the authentication center, and may also be submitted to be maintained by the transaction initiator by the authentication center. Specifically, after the authentication center generates the target stamp, the target stamp can be directly sent to the transaction initiator, and the transaction initiator associates the target stamp as the seal issuing information of the target digital seal according to the seal issuing information of the target digital seal; or after the authentication center generates the target stamp, the generation information of the target digital stamp and the target stamp can be transmitted to the transaction initiator, so that the transaction initiator stores the target stamp and records the stamp issuing information of the target digital stamp.
The target digital seal is maintained by the authentication center after being generated, and the authentication center also maintains the corresponding relation between the target digital seal and the seal key, and the corresponding relation can exist in the form of key value pairs at the authentication center. If the target digital seal is required to be used for signature operation, the seal key is required to be provided for the authentication center, the target digital seal is found out by the authentication center according to the corresponding relation between the target digital seal and the seal key, and then the target digital seal is returned. In this specification, the seal key is divided into a plurality of key fragments in advance and delivered to each authorized depositor for storage, so if a user wants to obtain a target digital seal stored by the authentication center, the user needs to obtain and synthesize the key fragments from each authorized depositor to obtain a complete seal key.
In this specification, a complete seal key may be obtained by calling a key verification contract deployed in a blockchain system:
digital seal usage transactions received by the blockchain system may invoke key verification contracts deployed in the blockchain system. The From field of the digital seal usage transaction is used to record the account address From which the transaction originated. The key verification contract is used as an intelligent contract, when the digital seal uses the transaction To call the key verification contract, the To field of the transaction is used for recording the address of the called key verification contract, and the Data field of the transaction is used for recording the method To be called and the required incoming parameters (namely the participation).
In one embodiment, a contract account of the key verification contract maintains a correspondence between a seal identifier of a digital seal and an authorized custody authority of a seal key fragment of the corresponding digital seal. The seal identification of the target digital seal to be used can be recorded in the Data field of the digital seal use transaction, so that the seal identification of the target digital seal can be read from the Data field by the key verification contract, and the authorized depositor of each seal key fragment corresponding to the target digital seal is determined according to the corresponding relation.
Further, the blockchain system can also generate an approval notice aiming at the digital seal use transaction, and the approval notice is transmitted to authorized custody parties, so that each authorized custody party confirms whether to provide the key fragments stored by itself or not, and returns the key fragments stored by each authorized custody party when the approval is passed. For example, the blockchain system may transmit the approval notification to the authorized policy holder and return the approval result through an external data source service, which is a blockchain predictive machine service implemented based on a Trusted Execution Environment (TEE) technology, the service is intended to provide trusted access to external data source capability for blockchain smart contracts, the external data source service deploys an external data source service contract in a blockchain system, the key verification contract sends an external data source request by invoking the service contract (for example, an approval notice is packaged into an http request and sent to each authorized depositor), the TEE external data source service under the chain interfaces the service contract, listens for the request of the key verification contract, and then, the corresponding external data source (namely each authorized custodian) is used for obtaining the key fragments returned after the approval is passed, and finally, the key fragments are returned to the key verification contract.
When the authorized custody party responds to the approval request to approve, the identity of the staff performing the approval operation can be checked, for example, the staff performing the approval operation can be subjected to face recognition, fingerprint recognition, request for uploading identity information and the like. After confirming that the staff performing the approval operation is the staff with the approval authority, the key fragment stored by the staff can be returned to the key verification contract.
When the authorized custody parties return the key fragments, in order to improve the security of the key fragments in the transmission process, any authorized custody party can use a public key in a public and private key pair mastered by a key verification contract to encrypt the key fragments custody by the authorized custody party, so that only the key verification contract can use a private key in the public and private key pair to decrypt to obtain the key fragments in a plaintext form.
When the key verification contract acquires all the key fragments, the key fragments can be combined into a complete seal key, and the complete seal key is transmitted to the authentication center, so that the authentication center can search the digital certificate of the target digital seal according to the corresponding relation between the seal key and the digital certificate. Specifically, the blockchain system can transmit the seal key to the authentication center, the authentication center determines the digital certificate of the target digital seal according to the corresponding relation between the seal key and the digital certificate, and if the target seal is only maintained by the authentication center, the digital certificate and the target seal can be returned at the same time, namely, the complete target digital seal is returned to the blockchain system; if the target stamp is also maintained by the transaction initiator, the authentication center may only return the digital certificate corresponding to the target digital stamp to the blockchain system.
After the blockchain system obtains the complete target digital seal, the target digital seal can be transmitted to the transaction initiator, and the transaction initiator performs signature operation on the electronic file to be signed by using the target digital seal; if the blockchain system only obtains the digital certificate corresponding to the target digital seal, the digital certificate of the target digital seal is only required to be transmitted to the transaction initiator, and the transaction initiator performs signature operation on the electronic file to be signed by using the obtained digital certificate and the target stamp maintained by the transaction initiator.
Further, the authorization code may be used to ensure that the transaction initiator does not abuse the target digital stamp after obtaining the target digital stamp. Specifically, the blockchain system may generate and passthrough an authorization code for the stamp use transaction to the transaction initiator. In the specific implementation, when the seal key is the seal public key, the seal use transaction can also comprise a digital signature carried out by adopting a seal private key; after the blockchain system acquires the seal use transaction, the combined seal public key is used for verifying the digital signature; and if the signature verification is successful, generating an authorization code aiming at the seal use transaction. In addition, the authorization code may be a random number obtained by the blockchain system through a prediction machine mechanism, and the specific form of the authorization code is not limited in this specification.
And the transaction initiator submits the authorized verification transaction to the blockchain system, and writes the use information and the authorization code aiming at the target digital seal into a Data field of the authorized verification transaction. And the blockchain system receives the authorized verification transaction, calls a seal signing contract in response to the authorized verification transaction, enables the seal signing contract to verify and verify the authorization code and transmits the use information to the electronic seal supporting platform so as to generate a signing record by the electronic seal supporting platform according to the use information. The electronic seal supporting platform can also submit the seal information deposit certificate transaction to the blockchain system after generating the signing record, and link the use information of the target digital seal to deposit certificate. The usage information may include time information of using the target digital stamp, information of a usage demanding party, and information of a transaction initiating party providing a stamp signing service, and the specification does not limit specific contents of the usage information. Because the subsequent step of chain-up certificate storage can be triggered only under the condition that the seal signs the contract approval code successfully, if the transaction initiator abuses the digital seal to carry out signature operation after obtaining the target digital seal, the block chain does not store the use information related to the certificate, so that the legality of the behavior of using the target digital seal by the transaction initiator can be verified through the approval code.
In practical applications, the file type of the electronic file to be signed may be a notice related to the enterprise, and a check, an invoice, a contract, and the like of the enterprise, which is not limited in this specification. It should be noted that, if the electronic file to be signed is a file stored in an image form (e.g., a PDF file, a picture obtained by scanning a paper file, etc.), the electronic file to be signed may be processed based on an OCR (Optical Character Recognition) algorithm to identify characters in the electronic file to be signed, and then the characters in the identified electronic file to be signed may be processed based on an NLP algorithm to identify a file type of the electronic file to be signed.
In an embodiment, when the electronic file to be signed is signed based on the digital seal, a signature position in the electronic file to be signed may be identified first, then a pattern image of a target digital seal is added to the signature position, and the pattern image of the digital seal added to the signature position and the electronic file to be signed are subjected to image fusion. And subsequently, displaying the image of the electronic file for the user to view, wherein the pattern image of the digital seal is arranged at the signature position. If the user clicks on the pattern image of the digital stamp, the digital certificate information of the digital stamp can also be displayed.
Fig. 5 is a flowchart of a block chain-based digital seal generation method according to an exemplary embodiment, which is applied to a block chain system, and the method may include the following steps:
The detailed embodiments of the above steps refer to the related descriptions above, and the description is not repeated herein.
Fig. 6 is a schematic diagram of a network environment shown in this specification, and the block chain-based digital stamp generating method and the block chain-based digital stamp using method provided in this specification can be applied to the network environment shown in fig. 6.
In a network environment as shown in fig. 6, intelligent contracts may be deployed in a blockchain system 61. The intelligent contract can comprise an intelligent contract code which is required by a digital seal generating process and a signing process of an electronic file; in particular, the smart contract code of the smart contract may include contract codes of smart contracts such as key determination contracts, key verification contracts, seal signing contracts, and the like. In practical application, by executing the contract code in the intelligent contract, the generation and the use of the target digital seal can be realized, and the signature processing flow of the electronic file to be signed based on the digital seal is completed.
It should be noted that, for a specific process of creating and invoking an intelligent contract, reference may be made to the foregoing process of creating and invoking an intelligent contract, which is not described herein again.
In specific implementation, a seal claiming party can initiate a request for applying a target digital seal through the electronic seal supporting platform 63, and the electronic seal supporting platform 63 is matched with the third party seal service platform 62 and the CA mechanism 64 to complete the claiming of the target digital seal. For a target digital seal which has been successfully claimed, a user who has a use demand for the target digital seal can send a seal use request to the third-party seal service platform 62 through the client 65 of the service system, the third-party seal service platform 62 connected with the blockchain system 61 initiates a transaction for performing signature operation on the target digital seal, and the transaction is matched with the CA mechanism 64 and the electronic seal supporting platform 63 to complete the signature operation. When the node device in the blockchain receives the transaction, the transaction can be sent to other node devices in the blockchain to perform consensus processing on the transaction, and after the transaction consensus passes, the intelligent contract code in the intelligent contract is executed to realize signature processing on the electronic file.
In practical applications, the client 65 of the service system may be deployed on an electronic device, where the electronic device may be a server, a computer, a mobile phone, a tablet device, a notebook computer, a palmtop computer (PDAs), or the like; similarly, the electronic device added to the block chain as a node device may also be a server, a computer, a mobile phone, a tablet device, a notebook computer, a palm computer, or the like; this is not limited by the present description.
Fig. 7 is a multi-party interaction diagram of a seal generation method according to an exemplary embodiment, and the interaction process is described in detail below with reference to fig. 6:
in step 702, the electronic seal support platform 63 receives a registration request sent by the seal claimant.
Specifically, the seal claimant may send a registration request to the electronic seal support platform 63 to claim the target digital seal. While sending the registration request, the seal claimant may also provide the materials required to apply for the digital seal for the electronic seal support platform 63 to audit. For example, when the seal claimant is an enterprise, the seal claimant may submit the business license of the enterprise, the identification card information of the legal representative, the digital seal application form, and other materials to the electronic seal support platform 63 for auditing.
In step 704, electronic seal support platform 63 sends a seal registration notification to third party seal service platform 62.
In this step, if the electronic seal support platform 63 passes through the material submitted by the seal claimant, a seal registration notification may be sent to the third party seal service platform 62, indicating that the enterprise as the seal claimant wants to register the target digital seal.
In step 706, the third party seal service platform 62 invokes the seal key to determine the contract.
In this step, the third-party seal service platform 62 may submit a seal application transaction To the blockchain system 61, fill in the To field of the seal application transaction with a contract address determined by the seal key To be called, and fill in the Data field of the seal application transaction with other information for generating the target digital seal.
At step 708, blockchain system 61 determines a seal key corresponding to the target digital seal.
And the blockchain system calls a seal key to determine a contract in response to the digital seal application transaction, and determines a seal key corresponding to the target digital seal according to the seal key.
In this specification, the stamp key of the target digital stamp may be generated by the third-party stamp service platform 62, and the third-party stamp service platform 62 transmits the stamp key included in the stamp application transaction to the blockchain system. Alternatively, the stamp key of the target digital stamp may be generated by the CA mechanism 64 instead, and the stamp key may be transmitted to the blockchain system by the CA mechanism 64. The process of determining the seal key corresponding to the target digital seal by the seal key determining contract may specifically be: the three-party seal service platform 62 generates a unique seal identifier corresponding to a target digital seal applied by the seal claimant for the seal claimant, and transmits the seal identifier to the blockchain system 61 when the key is called to determine a contract, and the blockchain system 61 establishes an association relationship between the seal identifier and the seal key, and the key associated with the target digital seal is the seal key of the target digital seal.
Step 710, key splitting.
After the seal key determines the contract to generate the seal key, on one hand, the seal key is divided into a plurality of key fragments according to the number of authorized custody parties, and each key fragment is transmitted to the corresponding authorized custody party, and the specific information of the authorized custody party is written into the contract code of the seal key determination contract in advance. For security reasons, blockchain system 61 may encrypt the key fragments using the public keys of the authorized depositors before passing the key fragments through to the authorized depositors. Only an authorized security manager with a corresponding private key can decrypt the encrypted key fragments, so that the security of the key fragments in the transmission process is ensured. In addition, the encrypted key fragment may be stored in a world state.
On the other hand, the stamp key is transmitted to the CA mechanism 64 as the certification center (step 712), the CA mechanism 64 certifies the generation side of the stamp key, and if the certification is passed, the digital certificate and the target stamp of the target digital stamp are generated and stored. The seal claiming party may be one of authorized custody parties, for example, the enterprise may not only serve as the seal claiming party to submit a request for applying a target digital seal to the electronic seal supporting platform 63, but also serve as the authorized custody party to keep the corresponding key fragment.
At step 714, CA facility 64 authenticates the stamp key.
The digital certificate issued by the CA authority 64 to the seal key represents the legitimacy of the party who the CA authority 64 approved the seal key of the target digital seal, and specifically, if the blockchain system is already registered at the certificate authority, the blockchain system is legitimate as the party who passed through the seal key to the CA authority 64, and the seal key can be authenticated.
In addition, the CA organization 64 may also generate a corresponding relationship between the stamp key and the digital certificate, so that the digital certificate of the target digital stamp may be found through the stamp key in the subsequent use process of the target digital stamp.
At step 716, CA mechanism 64 generates a digital stamp and a target stamp.
In one aspect, the target digital stamp refers to an impression of the target digital stamp (i.e., a pattern image of the digital stamp) and a digital certificate corresponding to the target digital stamp. The process of generating the target digital stamp by the CA organization 64 may be understood as a process of issuing a digital certificate by a stamp key and generating a stamp, and of course, the stamp may also be generated by other parties according to a material agent submitted by a stamp claimant, for example, the format image of the target digital stamp includes the name of an enterprise as the stamp claimant, the name of the enterprise may be filled in the Data field of the stamp application transaction by the stamp third-party stamp service platform 62 when generating the stamp application transaction, and further, the enterprise name may be transmitted to the CA organization 64 by the blockchain system 61, and the format image with the enterprise name is generated by the CA organization 64 as the format image of the target digital stamp.
In step 718, the blockchain system 61 transmits the seal generation information to the third party seal service platform 62.
In step 720, the third party seal service platform 62 records the seal issuing information of the target digital seal, for example, a corresponding relationship between the seal identifier of the target digital seal and the seal claimant may be established.
In step 722, the third party seal service platform 62 may send the seal generation information to the electronic seal supporting platform 63, so that the electronic seal supporting platform 63 records the seal issuing information of the target digital seal.
It is worth noting that the target stamp referred to above is generated and maintained by the CA mechanism 64, and may also be submitted to maintenance at the third party stamp service platform 62 by the CA mechanism 64. Specifically, after the CA mechanism 64 generates the target stamp, the target stamp may be directly sent to the third-party stamp service platform 62, and the third-party stamp service platform 62 associates the target stamp as the issue information of the target digital stamp according to the issue information of the target digital stamp; alternatively, after the CA mechanism 64 generates the target stamp, the generation information of the target digital stamp and the target stamp may be transmitted to the third party stamp service platform 62, so that the third party stamp service platform 62 stores the target stamp and records the issue information of the target digital stamp.
In step 724, the electronic seal supporting platform 63 submits the seal issuing information evidence storing transaction to the blockchain system 61.
At step 726, the blockchain system 61 performs uplink storage for the chapter information.
Fig. 8 is a multi-party interaction diagram of a block chain-based digital seal using method according to an exemplary embodiment, and the above interaction process is described in detail below with reference to fig. 6:
step 802, the service system 65 sends a seal use application to the third-party seal service platform 62, for example, when the service system 65 interacts with a user-demanding party of the target digital seal in the form of a client, the user-demanding party may send a seal use application to the third-party seal service platform 62 through the client of the service system 65, where the seal use application is used to request to use the target digital seal. When the user-demanding party is an enterprise, the user-demanding party may own a plurality of digital seals that can be used, and the user-demanding party may display each digital seal owned by the enterprise (for example, display the style image, name, etc. of each digital seal) on the interface of the business system 65, so that the user-demanding party can determine the target digital seal that needs to be used.
In step 804, the third party seal service platform 62 authenticates the identity of the user requiring party.
When the service system 65 sends a seal use application to the third party seal service platform 62, the seal identifier of the target digital seal may be carried, so that the third party seal service platform 62 determines the target digital seal, and determines the legal user of the target digital seal according to the binding relationship between the seal identifier of the digital seal and the legal user. Assuming that the user requiring party is enterprise a and the target digital seal is the financial seal of enterprise a, the legal user of the financial seal may be preset to the financial supervisor in the enterprise. The third party stamp service platform 62 can authenticate the identity of the user requiring party through face recognition, fingerprint recognition and the like. Specifically, a person who operates in the use demanding party is referred to as a current user, and the current user can upload a face photograph through the business system 65. The third party seal service platform 62 identifies the face photo uploaded by the current user to determine whether the face feature of the current user matches with the face feature of the preset financial supervisor, if so, it indicates that the user-required party is a legal user of the target digital seal, and then the process goes to step 806.
At step 806, the third party seal service platform 62 invokes a key verification contract.
In this step, third party seal service platform 62 may invoke the key verification contract maintained therein by submitting seal usage transactions to blockchain system 61. Specifically, the contract address of the key verification contract may be filled in the To field of the seal usage transaction, and the seal identifier of the target digital seal To be used may be recorded in the Data field of the digital seal usage transaction, so that the key verification contract may call the key verification contract through the contract address, and read the seal identifier of the target digital seal from the Data field.
Step 808, the blockchain system 61 obtains the stamp key fragments from each authorized depositor.
According to the embodiment of the digital seal generation method, the seal key of the target digital seal is split and then stored by each authorized custodian. The key verification contract in the block chain system 61 maintains the corresponding relationship between the seal identifier of the digital seal and the authorized custody manager of the seal key fragment of the corresponding digital seal, the seal identifier of the target digital seal can be read from the Data field, the authorized custody manager of each seal key fragment corresponding to the target digital seal is determined according to the corresponding relationship, and the authorized custody manager transparently transmits an approval notice to each determined authorized custody manager. In a specific implementation, the seal key fragment of a digital seal is usually stored by four authorized custody parties, and if the digital seal is a public seal of an enterprise a, the seal key fragment of the public seal is usually stored by the enterprise a, a security department, a city prison bureau and a business bureau respectively. The enterprise a may serve as a seal claimant for claiming the digital seal, an authorized custody party for claiming the seal key fragment, and a user demand party for requesting to use the digital seal, which are not limited in this specification, and of course, the user demand party may also serve as a participant other than the authorized custody party and the seal claimant, which may be flexibly adjusted specifically according to the specific use mode of the digital seal.
For example, the blockchain system 61 may transmit the approval notification to the authorized policy holder through an external data source service and return the approval result, where the external data source service is a blockchain predictive server service implemented based on a Trusted Execution Environment (TEE) technology, the service is intended to provide a capability of Trusted access to an external data source for a blockchain smart contract, the external data source service deploys an external data source service contract in the blockchain system, the key verification contract sends an external data source request by calling the service contract (for example, the approval notification is encapsulated into an http request and sent to each authorized policy holder), the TEE external data source service under the chain is connected to the service contract, monitors the request of the key verification contract, and then goes to the corresponding external data source (i.e., each authorized policy holder) to obtain the key fragment returned after approval, and finally, returning the key fragment to the key verification contract. When the authorized custody party responds to the approval request to approve, the identity of the staff performing the approval operation can be checked, for example, the staff performing the approval operation can be subjected to face recognition, fingerprint recognition, request for uploading identity information and the like. After confirming that the staff performing the approval operation is the staff with the approval authority, the key fragment stored by the staff can be returned to the key verification contract. Or, the blockchain system 61 may also pass the approval notification through the monitoring mechanism to the authorized policy holder, and the authorized policy holder calls the key verification contract again in the form of submitting the transaction to the blockchain system 61 after approval, and includes the key fragment to be returned to the Data field of the transaction.
In step 810, the blockchain system 61 merges the obtained seal key fragments.
When the authorized custody parties return the key fragments, in order to improve the security of the key fragments in the transmission process, any authorized custody party can use a public key in a public and private key pair mastered by a key verification contract to encrypt the key fragments custody by the authorized custody party, so that only the key verification contract can use a private key in the public and private key pair to decrypt to obtain the key fragments in a plaintext form. After the key verification contract obtains each key fragment, each key fragment can be combined to form a complete seal key.
At step 812, blockchain system 61 passes the seal key through to CA mechanism 64.
After the blockchain system 61 obtains the complete seal key, the seal key needs to be transmitted to the CA mechanism 64 for authentication.
In step 814, CA mechanism 64 determines the digital certificate corresponding to the target digital stamp.
Specifically, the blockchain system 61 may transmit the seal key to the CA mechanism 64, and the CA mechanism 64 may determine the digital certificate of the target digital seal from the correspondence between the digital certificate of the digital seal that is maintained by the CA mechanism 64 and the seal key, and further, may return the digital certificate of the target digital seal to the blockchain system 61.
In step 816, the CA facility 64 returns the digital certificate for the target digital stamp to the blockchain system 61.
In this step, if the target stamp of the target digital stamp is maintained only at the CA mechanism 64, then the CA mechanism 64 returns the digital certificate of the target digital stamp and the target stamp to the blockchain system 61; if a target stamp is also maintained at the third party stamp service platform 62, the CA facility 64 need only return a digital certificate for the target digital stamp to the blockchain system 61.
In step 818, the blockchain system 61 transparently transmits the digital certificate and the authorization code of the target digital stamp to the third party stamp service platform 62.
In this step, the blockchain system 61 may generate an authorization code for the stamp use transaction and transparently transmit the authorization code to the third-party stamp service platform 62. In the concrete implementation, when the seal key is a seal public key, the seal use transaction can also comprise a digital signature carried out by adopting a seal private key; after the blockchain system acquires the seal use transaction, the combined seal public key is used for verifying the digital signature; and if the signature verification is successful, generating an authorization code aiming at the seal use transaction. In addition, the authorization code may be a random number obtained by the blockchain system 61 through a predictive engine mechanism, and the specific form of the authorization code is not limited in this specification.
The third party seal service platform 62 performs a seal operation on the electronic document to be sealed by using the target digital seal, namely step 820. The digital certificate of the target digital stamp used by the third party stamp service platform 62 is derived from the blockchain system 61, and the target stamp of the target digital stamp can be obtained from itself or from the blockchain system 61.
Further, when the third-party seal service platform 62 performs the signature processing on the electronic file to be signed based on the digital seal, it may first identify a signature position in the electronic file to be signed, then add the pattern image of the target digital seal to the signature position, and perform image fusion on the pattern image of the digital seal added to the signature position and the electronic file to be signed. Subsequently, the pattern image of the digital seal is displayed in the image of the electronic file for the user to check, and if the user clicks the pattern image at the signature position, the digital certificate information of the target digital seal can be displayed.
In step 822, third party seal service platform 62 invokes a seal signing contract.
In this step, the third-party seal service platform 62 completes the signature operation, and in order to prevent the third-party seal service platform 62 from abusing the obtained target digital seal, the usage behavior of the target digital seal by the third-party seal service platform 62 can be standardized by the authorization code. Specifically, the third-party seal service platform 62 submits an authorized verification transaction to the blockchain system 61, and writes the use information and the authorization code for the target digital seal into a Data field of the authorized verification transaction, where the use information may include an identifier, a use time, and identity information of a use demand party of the target digital seal used this time. Blockchain system 61 receives the authorized audit transaction and invokes a seal signing contract in response to the authorized audit transaction.
At step 824, the blockchain system 61 executes a contract code of the seal signing contract to verify the authorization code.
At step 826, block chain system 61 passes the stamp usage information through to electronic stamp support platform 63.
In the event that the authorization code is successfully verified, the blockchain system 61 may pass the usage information through to the electronic seal support platform 63 to proceed to step 828: and generating a signing record by the electronic seal supporting platform 63 according to the use information.
In step 830, the electronic seal supporting platform 63 submits the verification transaction of the used seal information to the blockchain system 61, and the blockchain system 61 executes step 832 to chain the use information of the current target digital new account for verification. Because the subsequent cochain certificate storing step is triggered only when the block chain system 61 verifies and releases the authorization code successfully, if the third-party seal service platform 62 abuses the digital seal to perform the signature operation after obtaining the target digital seal, the block chain system 61 does not store the relevant use information, so that the legality of the behavior of using the target digital seal by the third-party seal service platform 62 can be checked through the authorization code.
FIG. 9 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 9, at the hardware level, the apparatus includes a processor 902, an internal bus 904, a network interface 906, a memory 908, and a non-volatile memory 910, but may also include hardware required for other services. One or more embodiments of the present description may be implemented in software, such as by the processor 902 reading a corresponding computer program from the non-volatile storage 910 into the memory 908 and then running. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Referring to fig. 10, the block chain-based digital stamp using apparatus may be applied to the device shown in fig. 9 to implement the technical solution of the present specification. The device for using a digital seal based on a blockchain may include a first receiving unit 1002, a first calling unit 1004, and a returning unit 1006:
a first receiving unit 1002 configured to receive a digital seal usage transaction for requesting usage of a target digital seal; the target digital seal comprises a digital certificate of the target digital seal and a target stamp die; the seal key corresponding to the target digital seal is divided into a plurality of key fragments respectively maintained by a plurality of authorized custody parties in advance;
a first invoking unit 1004, configured to invoke a key verification smart contract, merge key fragments respectively submitted by each authorized policy holder by the key verification smart contract to form a complete seal key, and transparently transmit the seal key formed by the merging to an authentication center, where the authentication center maintains a pre-generated digital certificate of the target digital seal;
the returning unit 1006 transparently transmits the digital certificate of the target digital stamp returned by the authentication center according to the stamp key to a transaction initiator of the transaction using the digital stamp, so that the transaction initiator performs a signature operation using the digital certificate of the target digital stamp and the target stamp.
Optionally, the target impression is generated by the authentication center; the target impression is maintained by the authentication center or by the authentication center to the transaction initiator.
Optionally, the digital seal transaction is initiated by a party requiring the use of the target digital seal; alternatively, the first and second electrodes may be,
the transaction initiator maintains the binding relationship between the target digital seal and a pre-registered legal demand party, and initiates the digital seal use transaction under the condition that the transaction initiator receives a use request submitted by the demand party for the target digital seal and confirms that the demand party is a legal demand party according to the binding relationship.
Optionally, a contract account of the digital seal usage contract maintains a corresponding relationship between the seal identifier of the digital seal and an authorized custody manager of the seal key shard of the corresponding digital seal; the key verification smart contract is further configured to: and determining the seal identification of the target digital seal contained in the transaction of using the digital seal, and determining the authorized custody manager of each seal key fragment corresponding to the target digital seal according to the corresponding relation.
Optionally, the blockchain system is configured to: and generating an approval notice aiming at the digital seal use transaction, and transmitting the approval notice to the authorization and management party so that the authorization and management party returns the key fragment under the condition that the digital seal use transaction is approved and passed.
Optionally, the key fragment is encrypted by a public key of a corresponding authorized administrator and then stored in a world state.
Optionally, the first invoking unit 1004 is further configured to:
and transparently transmitting the combined seal key to an authentication center, so that the authentication center searches a digital certificate corresponding to the target digital seal according to the corresponding relation between the seal key and the digital certificate of the digital seal.
Optionally, the apparatus further includes an authorization code generating unit 1008: the authorization code is used for generating an authorization code aiming at the seal use transaction, and the authorization code is transparently transmitted to the transaction initiator;
receiving an authorized verification transaction, wherein the authorized verification transaction comprises the authorization code and the use information of the target digital seal;
responding to the authorized verification transaction, calling a seal signing contract, verifying the authorized code by the seal signing contract and transmitting the use information to an electronic seal supporting platform so as to generate a signing record by the electronic seal supporting platform according to the use information;
and linking the use information of the target digital seal for deposit according to the received use information deposit transaction, wherein the use information deposit transaction is initiated by the electronic seal supporting platform after generating a signing record.
Optionally, the seal key includes a seal public key; the seal use transaction comprises a digital signature carried out by adopting a seal private key;
the authorization code generation unit 1008 is further configured to:
using the combined seal public key to verify the digital signature; and if the signature verification is successful, generating an authorization code aiming at the seal use transaction.
Referring to fig. 11, the block chain-based digital stamp using apparatus may be applied to the device shown in fig. 9 to implement the technical solution of the present specification. The device for using a digital seal based on a block chain may include a second receiving unit 1102, a second calling unit 1104, and a sending unit 1106:
a second receiving unit 1102, configured to receive a digital seal application transaction, where the digital seal application transaction is used to request generation of a target digital seal, and the target digital seal includes a digital certificate and a target stamp corresponding to the target digital seal;
a second invoking unit 1104, invoking a seal key determination contract in response to the digital seal application transaction, the seal key determination contract being used for:
determining a seal key corresponding to the target digital seal;
splitting the seal key into a plurality of key fragments according to the number of authorized custody providers, and transparently transmitting each key fragment to a corresponding authorized custody provider;
a sending unit 1106, configured to transparently transmit the seal key to an authentication center, so that the authentication center generates a digital certificate and a target stamp corresponding to the target digital seal.
Optionally, the authorized custody party includes a seal claimant party.
Optionally, the digital seal application transaction is initiated by a transaction initiator based on a registration request submitted by a seal claimant on an electronic seal support platform.
Optionally, the apparatus further comprises: a filing unit 1108, configured to transparently transmit the generation information of the target digital seal to the transaction initiator, so that the transaction initiator and the electronic seal support platform record the seal issuing information of the target digital seal.
Optionally, the apparatus further includes: the evidence storing unit 1110 links the seal issuing information of the target digital seal to store an evidence according to the received seal issuing information evidence storing transaction, wherein the seal issuing information evidence storing transaction is initiated by the electronic seal supporting platform after being filed.
Optionally, the apparatus further comprises: an encrypting unit 1112, configured to invoke a seal key determination contract, where the seal key determination contract is used to encrypt a corresponding key fragment using a public key of any authorized administrator, and store the encrypted key fragment in a world state.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a server system. Of course, this description does not exclude that, as future computer technology advances, the computer implementing the functionality of the above-described embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. For example, if the terms first, second, etc. are used to denote names, they do not denote any particular order.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
The above description is merely exemplary of one or more embodiments of the present disclosure and is not intended to limit the scope of one or more embodiments of the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.
Claims (19)
1. A block chain-based digital seal using method is applied to a block chain system, and the method comprises the following steps:
receiving a digital seal usage transaction requesting use of a target digital seal; the target digital seal comprises a digital certificate of the target digital seal and a target stamp die; the seal key corresponding to the target digital seal is divided into a plurality of key fragments respectively maintained by a plurality of authorized custody parties in advance;
calling a key verification intelligent contract, combining the key fragments submitted by each authorized custody manager respectively by the key verification intelligent contract to form a complete seal key, and transmitting the seal key formed by combination to an authentication center, wherein the authentication center maintains a pre-generated digital certificate of the target digital seal;
and transmitting the digital certificate of the target digital seal returned by the authentication center according to the seal key to a transaction initiator of the transaction for using the digital seal, so that the transaction initiator uses the digital certificate of the target digital seal and the target stamp to perform signature operation.
2. The method of claim 1, the target impression being generated by the authentication center; the target impression is maintained by the authentication center or by the authentication center to the transaction initiator.
3. The method of claim 1, wherein the first and second light sources are selected from the group consisting of,
the digital seal transaction is initiated by the use demand party of the target digital seal; alternatively, the first and second electrodes may be,
the transaction initiator maintains the binding relationship between the target digital seal and a pre-registered legal demand party, and initiates the digital seal use transaction under the condition that the transaction initiator receives a use request submitted by the demand party for the target digital seal and confirms that the demand party is a legal demand party according to the binding relationship.
4. The method according to claim 1, wherein a contract account of the digital seal usage contract is maintained with a correspondence between a seal identifier of the digital seal and an authorized custody authority of a seal key shard of the corresponding digital seal; the key verification smart contract is further configured to: and determining the seal identification of the target digital seal contained in the transaction of using the digital seal, and determining the authorized custody manager of each seal key fragment corresponding to the target digital seal according to the corresponding relation.
5. The method of claim 1, the blockchain system to: and generating an approval notice aiming at the digital seal use transaction, and transmitting the approval notice to the authorization and management party so that the authorization and management party returns the key fragment under the condition that the digital seal use transaction is approved and passed.
6. The method of claim 1, wherein the key fragment is stored in a world state after being encrypted by a public key of a corresponding authorized depositor.
7. The method of claim 1, wherein transparently transmitting the combined seal key to an authentication center comprises:
and transparently transmitting the combined seal key to an authentication center, so that the authentication center searches a digital certificate corresponding to the target digital seal according to the corresponding relation between the seal key and the digital certificate of the digital seal.
8. The method of claim 1, further comprising:
generating an authorization code aiming at the seal use transaction, and transparently transmitting the use code to the transaction initiator;
receiving an authorized verification transaction, wherein the authorized verification transaction comprises the authorization code and the use information of the target digital seal;
responding to the authorized verification transaction, calling a seal signing contract, verifying the authorized code by the seal signing contract and transmitting the use information to an electronic seal supporting platform so as to generate a signing record by the electronic seal supporting platform according to the use information;
and linking the use information of the target digital seal for deposit according to the received use information deposit transaction, wherein the use information deposit transaction is initiated by the electronic seal supporting platform after generating a signing record.
9. The method of claim 8, said stamp key comprising a stamp public key; the seal use transaction comprises a digital signature carried out by adopting a seal private key;
the generating an authorization code for the seal use transaction includes:
using the combined seal public key to verify the digital signature; and if the signature verification is successful, generating an authorization code aiming at the seal use transaction.
10. A block chain-based digital seal generation method is applied to a block chain system, and comprises the following steps:
receiving a digital seal application transaction, wherein the digital seal application transaction is used for requesting to generate a target digital seal, and the target digital seal comprises a digital certificate and a target stamp corresponding to the target digital seal;
invoking a seal key determination contract in response to the digital seal application transaction, the seal key determination contract being for:
determining a seal key corresponding to the target digital seal;
splitting the seal key into a plurality of key fragments according to the number of authorized custody providers, and transparently transmitting each key fragment to a corresponding authorized custody provider;
and transparently transmitting the seal key to an authentication center so that the authentication center generates a digital certificate and a target stamp corresponding to the target digital seal.
11. The method of claim 10, the authorized custody party comprising a seal claimant party.
12. The method according to claim 11, wherein the digital seal application transaction is initiated by a transaction initiating party based on a registration request submitted by a seal claimant at the electronic seal support platform.
13. The method of claim 12, further comprising:
and transmitting the generated information of the target digital seal to the transaction initiator so that the transaction initiator and the electronic seal supporting platform record the seal issuing information of the target digital seal.
14. The method of claim 13, further comprising:
and linking and storing the issuing information of the target digital seal according to the received issuing information and storing certificate transaction, wherein the issuing information and storing certificate transaction is initiated by the electronic seal supporting platform after being recorded.
15. The method of claim 10, further comprising:
and calling a seal key to determine a contract, wherein the seal key determination contract is used for encrypting corresponding key fragments by using a public key of any authorized custody manager and storing the encrypted key fragments in a world state.
16. A block chain based digital seal using device is applied to a block chain system, and the device comprises:
a first receiving unit for receiving a digital seal usage transaction for requesting usage of a target digital seal; the target digital seal comprises a digital certificate of the target digital seal and a target stamp die; the seal key corresponding to the target digital seal is divided into a plurality of key fragments respectively maintained by a plurality of authorized custody parties in advance;
the first calling unit is used for calling a key verification intelligent contract, combining the key fragments respectively submitted by each authorized custody manager by the key verification intelligent contract to form a complete seal key, and transparently transmitting the seal key formed by combination to an authentication center, wherein the authentication center maintains a pre-generated digital certificate of the target digital seal;
and the return unit is used for transparently transmitting the digital certificate of the target digital seal returned by the authentication center according to the seal key to a transaction initiator of the transaction for using the digital seal so as to enable the transaction initiator to use the digital certificate of the target digital seal and the target stamp to perform signature operation.
17. A block chain-based digital seal generation device is applied to a block chain system, and the device comprises:
the second receiving unit is used for receiving a digital seal application transaction, wherein the digital seal application transaction is used for requesting to generate a target digital seal, and the target digital seal comprises a digital certificate and a target stamp corresponding to the target digital seal;
the second calling unit is used for calling a seal key to determine a contract in response to the digital seal application transaction, and the seal key is used for:
determining a seal key corresponding to the target digital seal;
splitting the seal key into a plurality of key fragments according to the number of authorized custody providers, and transparently transmitting each key fragment to a corresponding authorized custody provider;
and the sending unit is used for transmitting the seal key to an authentication center so as to generate the digital certificate of the target digital seal and the target stamp by the authentication center.
18. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1-15 by executing the executable instructions.
19. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 1 to 15.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111655401.7A CN114331437A (en) | 2021-12-30 | 2021-12-30 | Block chain-based digital seal using method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111655401.7A CN114331437A (en) | 2021-12-30 | 2021-12-30 | Block chain-based digital seal using method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114331437A true CN114331437A (en) | 2022-04-12 |
Family
ID=81019230
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111655401.7A Pending CN114331437A (en) | 2021-12-30 | 2021-12-30 | Block chain-based digital seal using method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114331437A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116866087A (en) * | 2023-09-01 | 2023-10-10 | 北京天润基业科技发展股份有限公司 | Data transmission method, decryption method, device, equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090031135A1 (en) * | 2007-07-27 | 2009-01-29 | Raghunathan Kothandaraman | Tamper Proof Seal For An Electronic Document |
| CN109492983A (en) * | 2018-09-26 | 2019-03-19 | 深圳壹账通智能科技有限公司 | E-seal based on block chain intelligence contract signs method and apparatus |
| CN111277417A (en) * | 2020-01-15 | 2020-06-12 | 浙江华云信息科技有限公司 | Electronic signature implementation method based on national network security technology architecture |
| CN112100588A (en) * | 2020-09-10 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | Block chain-based digital seal application method and device and electronic equipment |
| CN112101938A (en) * | 2020-09-10 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | Block chain-based digital seal using method and device and electronic equipment |
| CN112200569A (en) * | 2020-10-09 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Block chain-based digital seal using method and device and electronic equipment |
| CN113469658A (en) * | 2021-07-12 | 2021-10-01 | 支付宝(杭州)信息技术有限公司 | Block chain-based physical seal using method and device and electronic equipment |
-
2021
- 2021-12-30 CN CN202111655401.7A patent/CN114331437A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090031135A1 (en) * | 2007-07-27 | 2009-01-29 | Raghunathan Kothandaraman | Tamper Proof Seal For An Electronic Document |
| CN109492983A (en) * | 2018-09-26 | 2019-03-19 | 深圳壹账通智能科技有限公司 | E-seal based on block chain intelligence contract signs method and apparatus |
| CN111277417A (en) * | 2020-01-15 | 2020-06-12 | 浙江华云信息科技有限公司 | Electronic signature implementation method based on national network security technology architecture |
| CN112100588A (en) * | 2020-09-10 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | Block chain-based digital seal application method and device and electronic equipment |
| CN112101938A (en) * | 2020-09-10 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | Block chain-based digital seal using method and device and electronic equipment |
| CN112200569A (en) * | 2020-10-09 | 2021-01-08 | 支付宝(杭州)信息技术有限公司 | Block chain-based digital seal using method and device and electronic equipment |
| CN113469658A (en) * | 2021-07-12 | 2021-10-01 | 支付宝(杭州)信息技术有限公司 | Block chain-based physical seal using method and device and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 王祖喜;赵湘媛;刘新伟;胡汉平;: "基于电子图章的电子票据认证技术", 华中科技大学学报(自然科学版), no. 11, 28 November 2006 (2006-11-28) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116866087A (en) * | 2023-09-01 | 2023-10-10 | 北京天润基业科技发展股份有限公司 | Data transmission method, decryption method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bhutta et al. | A survey on blockchain technology: Evolution, architecture and security | |
| US20200242221A1 (en) | System and method for mapping decentralized identifiers to real-world entities | |
| WO2021000337A1 (en) | System and method for mapping decentralized identifiers to real-world entities | |
| US20190058595A1 (en) | Platform for generating authenticated data objects | |
| CN107358440B (en) | Method and system for customized tracking of digital currency | |
| CN111047443B (en) | User scoring method and device, electronic equipment and computer readable storage medium | |
| CN112101938B (en) | Digital seal using method and device based on block chain and electronic equipment | |
| CN113468602B (en) | Data inspection method, device and equipment | |
| CN112215608A (en) | Data processing method and device | |
| CN109617699A (en) | A kind of key generation method, block chain network service platform and storage medium | |
| EP3962135B1 (en) | Information sharing methods, apparatuses, and devices | |
| CN112200569B (en) | Digital seal using method and device based on block chain and electronic equipment | |
| CN110580411A (en) | permission query configuration method and device based on intelligent contract | |
| US20220278845A1 (en) | Honest behavior enforcement via blockchain | |
| CN111818186A (en) | Information sharing method and system | |
| CN112074861A (en) | Block chain based messaging service for time sensitive events | |
| CN115296794A (en) | Key management method and device based on block chain | |
| CN111274597A (en) | Data processing method and equipment | |
| CN114266680A (en) | Block chain-based electronic contract signing method, device and system | |
| KR101120059B1 (en) | Billing verifying apparatus, billing apparatus and method for cloud computing environment | |
| CN114331437A (en) | Block chain-based digital seal using method and device | |
| CN112074862A (en) | Storage management based on message feedback | |
| CN116975810A (en) | Identity verification method, device, electronic equipment and computer readable storage medium | |
| CN113761496B (en) | Identity verification method and device based on blockchain and electronic equipment | |
| CN116975901A (en) | Identity verification method, device, equipment, medium and product based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |