CN117057788A - Transaction processing method, device, system, equipment and storage medium - Google Patents

Transaction processing method, device, system, equipment and storage medium Download PDF

Info

Publication number
CN117057788A
CN117057788A CN202211471716.0A CN202211471716A CN117057788A CN 117057788 A CN117057788 A CN 117057788A CN 202211471716 A CN202211471716 A CN 202211471716A CN 117057788 A CN117057788 A CN 117057788A
Authority
CN
China
Prior art keywords
transaction
information
client
user
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211471716.0A
Other languages
Chinese (zh)
Inventor
韩学洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202211471716.0A priority Critical patent/CN117057788A/en
Publication of CN117057788A publication Critical patent/CN117057788A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application discloses a transaction processing method, a device, a system, equipment and a storage medium, wherein the method comprises the steps that a block chain link point receives a transaction request sent by a client, and the transaction request carries user information of the client and information of target transaction; the block chain link point determines authority information of the client according to the user information; and if the block link point determines that the client has the execution authority of the target transaction according to the authority information, executing the target transaction. According to the scheme, the member authority information of the client in the blockchain network can be accurately determined, so that the authority information of the client is controlled in a finer granularity mode, when the fact that the client has the execution authority of the target transaction is determined, corresponding blockchain network resources are accurately opened for the client, the target transaction is executed, and then the safety of the blockchain system is effectively improved.

Description

Transaction processing method, device, system, equipment and storage medium
Technical Field
The present application relates generally to the field of blockchain technologies, and in particular, to a transaction processing method, apparatus, system, device, and storage medium.
Background
With the rapid development of internet technology, blockchains have been increasingly used in the fields of finance, management, medical treatment, the internet, supply chains and the like due to their characteristics of decentralization, non-tampering, traceability and the like. For public chains in the blockchain, node joining is not limited, data on the chains can be completely opened, the method is suitable for some publicization and does not relate to private information storage, however for some private chains and alliance chains, due to the fact that some private data storage is related, in order to guarantee the security of the data storage, authority control on the blockchain is important.
Currently, in the related art, a blockchain network user registers through a blockchain client, then logs in the blockchain network, can initiate a transaction to the blockchain network, signs the transaction content to generate signature information, then verifies the signature information, and when the verification is correct, the blockchain network opens all resources to the user.
However, in the scheme, only the signature information of the transaction is correctly verified, so that the verification of the user is rough, and the security of the blockchain system is affected.
Disclosure of Invention
In view of the foregoing drawbacks or shortcomings in the prior art, it is desirable to provide a transaction processing method, apparatus, system, device, and storage medium that increases authentication in terms of user rights, improves authentication of users before transaction execution, and thereby improves security of a blockchain system. The technical scheme is as follows:
in a first aspect, an embodiment of the present application provides a transaction processing method, including:
the block link point receives a transaction request sent by a client, wherein the transaction request carries user information of the client and information of target transaction;
the block chain link point determines authority information of the client according to the user information;
and if the block link point determines that the client has the execution authority of the target transaction according to the authority information, executing the target transaction.
In one embodiment, the block link point determines authority information of the client according to the user information, including:
and acquiring a first field corresponding to the authority information in the user information, and determining the authority information according to the first field.
In one embodiment, the block link point determines authority information of the client according to the user information, including:
acquiring a second field corresponding to the user identifier in the user information, and determining the user identifier according to the second field;
And determining the authority information according to the user identification.
In one embodiment, the method further comprises:
determining the role of the client in the blockchain network to which the blockchain point belongs according to the authority information, and determining whether the client has the execution authority of the target transaction according to the role; or,
and determining a group to which the client belongs and a role of the client in the group according to the authority information, and determining whether the client has the execution authority of the target transaction according to the group and the role, wherein the group is a group divided by a blockchain network to which the blockchain node belongs.
In one embodiment, performing a target transaction includes:
the client is allowed to access a target resource associated with the target transaction and execute the target transaction based on the target resource.
In one embodiment, the transaction request further includes a transaction signature,
if the block link point determines that the client has the execution authority of the target transaction according to the authority information, executing the target transaction, including:
and if the block link point determines that the client has the execution authority of the target transaction according to the authority information and the transaction signature passes verification, executing the target transaction.
In one embodiment, the method further comprises:
Decrypting the transaction signature according to the user information to obtain first data;
carrying out hash processing on the information of the target transaction to obtain second data;
and determining whether the transaction signature passes verification according to the matching result of the first data and the second data.
In one embodiment, the method further comprises:
if the block link point determines that the client does not have the execution authority of the target transaction according to the authority information, a transaction failure message is sent to the client, wherein the transaction failure message carries a failure reason parameter, and the failure reason parameter is used for indicating that the transaction failure reason does not have the transaction authority.
In a second aspect, an embodiment of the present application provides a transaction processing method, including:
the client generates user information according to the authority information and generates a transaction request according to the user information and the information of the target transaction;
the client sends a transaction request to the block link point, wherein the transaction request comprises user information and information of target transaction, so that when the block link point determines that the client has the execution right of the target transaction according to the user information, the target transaction is executed.
In one embodiment, the method further comprises:
the client sends a registration request to a registration node, wherein the registration request comprises a user identifier and right information to be applied;
The client receives a registration response sent by the registration node, wherein the registration response comprises target authority information determined by the registration node from the authority information to be applied according to the user identification;
and the client determines the authority information according to the target authority information.
In one embodiment, generating user information from rights information includes:
and filling the authority information into a first field corresponding to the authority information in the user information, and filling the user identification into a second field corresponding to the user identification in the user information.
In one embodiment, generating user information from rights information includes:
the client acquires the user identification, and encrypts the authority information and the user identification to obtain the user information.
In one embodiment, generating a transaction request based on user information and information of a target transaction includes:
the client acquires a user private key, wherein the user private key is generated according to user information by adopting an identification cryptographic algorithm;
the client side signs the information of the target transaction by adopting a user private key to obtain a transaction signature;
the client generates a transaction request according to the transaction signature and the information of the target transaction.
In a third aspect, an embodiment of the present application provides a transaction processing apparatus, including:
The receiving module is used for receiving a transaction request sent by the client, wherein the transaction request carries user information of the client and information of target transaction;
the permission determining module is used for determining permission information of the client according to the user information;
and the transaction execution module is used for executing the target transaction if the block link point determines that the client has the execution authority of the target transaction according to the authority information.
In a fourth aspect, an embodiment of the present application provides a transaction processing apparatus, including:
the transaction generation module is used for generating user information according to the authority information and generating a transaction request according to the user information and the information of the target transaction;
and the sending module is used for sending a transaction request to the block link point, wherein the transaction request comprises user information and information of target transaction, so that when the block link point determines that the client has the execution right of the target transaction according to the user information, the target transaction is executed.
In a fifth aspect, embodiments of the present application provide a transaction processing system comprising a client and a blockchain node;
the client is used for generating user information according to the authority information, generating a transaction request according to the user information and the target transaction information, and sending the transaction request to the blockchain node;
The blockchain node is used for receiving a transaction request sent by the client, determining authority information of the client according to the user information, and executing the target transaction if the client is determined to have the execution authority of the target transaction according to the user information.
In a sixth aspect, embodiments of the present application provide a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a transaction processing method as described above when executing the program.
In a seventh aspect, embodiments of the present application provide a computer-readable storage medium having stored thereon a computer program for implementing a transaction processing method as described in the embodiments of the present application.
In an eighth aspect, embodiments of the present application provide a computer program product comprising instructions that when executed implement a transaction processing method as described in embodiments of the present application.
The block link point receives a transaction request sent by a client, wherein the transaction request is written with user information of the client and information of target transaction, then permission information of the client is determined according to the user information, and if the block link point determines that the client has permission of the target transaction according to the permission information, the target transaction is executed. In the application, the transaction request sent by the client carries the user information, the blockchain node determines the authority information of the client according to the user information, the authority control is carried out on the client based on the authority information, and when the client is determined to have the execution authority of the target transaction according to the authority information, the corresponding blockchain network resource is accurately opened for the client to execute the target transaction. Compared with the prior technical scheme of verifying the user by means of the transaction signature, the verification of the user authority is increased, the verification of the user before the transaction is executed is perfected, the problem that the safety of the blockchain system is coarsely affected by the verification of the user is avoided, and the safety of the blockchain system can be effectively improved.
Additional aspects and advantages of the application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the application.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the accompanying drawings in which:
FIG. 1 is a schematic flow chart of transaction processing in the related art according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a transaction processing system according to an embodiment of the present application;
FIG. 3 is a block diagram of a block chain network according to an embodiment of the present application;
FIG. 4 is a flow chart of a transaction processing method according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a transaction processing method according to an embodiment of the present application;
FIG. 6 is a flow chart of a transaction processing method according to another embodiment of the present application;
fig. 7 is a schematic structural diagram of user information according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of user information according to an embodiment of the present application;
FIG. 9 is a flowchart of a method for determining whether a client has an execution authority according to user information according to another embodiment of the present application;
Fig. 10 is a schematic structural diagram of user information according to an embodiment of the present application;
FIG. 11 is a flowchart of a method for determining whether a client has an execution authority according to user information according to another embodiment of the present application;
fig. 12 is a flowchart of a method for sending a transaction request to a block link by a client according to an embodiment of the present application;
fig. 13 is a schematic flow chart of determining authority information by a client according to an embodiment of the present application;
FIG. 14 is a schematic diagram of a transaction failure message according to an embodiment of the present application;
fig. 15 is a schematic flow chart of a client generating a transaction request according to an embodiment of the present application;
FIG. 16 is a schematic diagram of a transaction request data structure according to an embodiment of the present application;
FIG. 17 is a schematic diagram of a transaction request data structure according to an embodiment of the present application;
FIG. 18 is a flow chart of a transaction processing method according to an embodiment of the present application;
FIG. 19 is a schematic diagram of a transaction request data structure according to an embodiment of the present application;
FIG. 20 is a schematic diagram of a transaction processing device according to an embodiment of the present application;
FIG. 21 is a schematic diagram of a transaction processing device according to an embodiment of the present application;
FIG. 22 is a schematic diagram of a transaction processing system according to another embodiment of the present application;
Fig. 23 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The application is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be noted that, for convenience of description, only the portions related to the application are shown in the drawings.
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments. For ease of understanding, some technical terms related to embodiments of the present application are explained below:
rights information: refers to the rights that a user has to access resources in a blockchain network system. For example, for a federated chain, each different member organization and member role represents a different identity in the federated chain system, the rights information for a user to access blockchain network resources may be determined from each different member organization and member role.
It can be appreciated that blockchain is a completely new distributed infrastructure and computing method that uses a blockchain data structure to verify and store data, a distributed node consensus algorithm to generate and update data, a cryptographic way to secure data transmission and access, and an intelligent contract consisting of automated script code to program and manipulate data. In the alliance chain system, data is only disclosed to users with access rights, and when a node in the blockchain network receives blockchain transactions of the users, the rights of the users need to be verified, so that whether corresponding data are opened to the users is determined.
Referring to fig. 1, in the related art, a blockchain client performs blockchain network user registration through a registration module 10, generates a signature private key according to a user identifier, logs in to a blockchain network through a login module 20, initiates a transaction to the blockchain network through a transaction module 30, hashes transaction contents to obtain a digital digest, signs the digital digest of the transaction contents through the signature private key by using an identification cryptographic algorithm to obtain signature information, and the blockchain network uses a verification module 40 to verify the transaction and verifies the signature information by using the identification cryptographic algorithm. However, in the scheme, only the signature information of the transaction is correctly verified, so that the verification of the user is rough, and the security of the blockchain network is affected.
Based on the defects, compared with the prior art, the transaction processing method, device, system, equipment and medium provided by the application have the advantages that the transaction request sent by the client carries the user information, the blockchain node determines the authority information of the client according to the user information, the authority control is carried out on the client based on the authority information, and when the client is determined to have the execution authority of the target transaction according to the authority information, the corresponding blockchain network resource is accurately opened for the client to execute the target transaction. Compared with the prior technical scheme of verifying the user by means of the transaction signature, the verification of the user authority is increased, the verification of the user before the transaction is executed is perfected, the problem that the safety of the blockchain system is coarsely affected by the verification of the user is avoided, and the safety of the blockchain system can be effectively improved.
The system according to the embodiment of the present application may be a distributed system formed by connecting a client and a plurality of nodes (any form of computing device in an access network, such as a server and a user terminal) through a network communication.
Taking a distributed system as an example of a blockchain system, please refer To fig. 2, fig. 2 is a schematic structural diagram of the distributed system applied To the blockchain system, as shown in fig. 2, the blockchain system may be formed by a plurality of nodes 200 (any type of computing devices in an access network, such as servers and user terminals) and clients 300, and a Peer-To-Peer (P2P, peer To Peer) network is formed between the nodes, where the P2P protocol is an application layer protocol running on top of a transmission control protocol (TCP, transmission Control Protocol) protocol. In a distributed system, any machine, such as a server, a terminal, may join to become a node, including a hardware layer, an intermediate layer, an operating system layer, and an application layer.
Referring to the functionality of each node in the blockchain system shown in fig. 2, the functionality of a node in the blockchain system may include:
(1) Each node in the blockchain system may have basic functionality for supporting communication between nodes, such as routing functionality may be included in node 200 in the blockchain system.
The nodes in the blockchain system may have the following functions in addition to the routing function:
(2) The application can be used for being deployed in a blockchain, realizing specific service according to actual service requirements, recording data related to the realization function to form recorded data, carrying a digital signature in the recorded data to represent the source of task data, sending the recorded data to other nodes in the blockchain system, and adding the recorded data into a temporary block when the source and the integrity of the recorded data are verified by the other nodes.
For example, the services implemented by the application may include:
wallet: the wallet can be used for providing the function of conducting electronic money transaction, and comprises the steps of initiating the transaction, namely sending a transaction record of the current transaction to other nodes in the blockchain system, and after the other nodes are verified successfully, storing record data of the transaction into a temporary block of the blockchain as a response for acknowledging that the transaction is valid; of course, the wallet also supports inquiry of electronic money remaining in the electronic money address.
Sharing account book: the shared ledger can be used for providing functions of operations such as storing, inquiring, modifying and the like of account data, sending record data of the operations on the account data to other nodes in the blockchain system, after other nodes verify that the account data is valid, storing the record data into a temporary block as a response for acknowledging that the account data is valid, and sending confirmation to the node initiating the operations.
Intelligent contract: smart contracts may refer to computerized agreements for executing terms of a contract, implemented by code disposed on a shared ledger for execution upon satisfaction of certain conditions, for completing automated transactions based on actual business demand codes, such as querying the physical distribution status of goods purchased by a buyer, transferring electronic money of the buyer to the merchant's address after the buyer signs for the goods; of course, the smart contract is not limited to executing the contract for the transaction, and may execute a contract that processes the received information.
(3) The Blockchain (Blockchain) is a chained data structure formed by combining data blocks (blocks) in a sequential connection manner according to a time sequence, and is a distributed account book which is not tamperable and not falsified in a cryptographic manner, and the new blocks are not removed once added into the Blockchain, and record data submitted by nodes in the Blockchain system are recorded in the blocks.
The blockchain node in the blockchain system can be a server or a user terminal, wherein the server can be a physical server independently, can be a server cluster or a distributed system formed by a plurality of physical servers, and can also be a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content distribution networks (content delivery network, CDN), basic cloud computing services such as big data and artificial intelligent platforms and the like. The user terminal may include a smart phone, tablet, notebook, palm, mobile internet device (mobile internet device, MID), wearable device (e.g., smart watch, smart bracelet, etc.), etc. terminal.
Referring to fig. 3, fig. 3 is a schematic diagram of a block structure in a blockchain according to an embodiment of the present application, where the blockchain may be composed of a plurality of blocks, and an originating block includes a block header and a block body, and each block includes a hash value of a transaction record stored in the block (a hash value of the block) and a hash value of a previous block, and the blocks are connected by the hash values to form the blockchain. In addition, the block may include information such as a time stamp at the time of block generation. The Blockchain (Blockchain), which is essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains associated information that is used to verify the validity (anti-counterfeiting) of its information and to generate the next block.
Specifically, the client is used for generating a transaction request and sending the transaction request to the blockchain node, the blockchain node is used for receiving and responding to the transaction request, executing a target transaction corresponding to the transaction request, generating a transaction execution result, and then sending the transaction execution result to the client so as to realize a transaction processing process.
The trade processing scheme provided by the embodiment of the application can be applied to various application scenes such as securities, trade finance, derivative products, payment, insurance, enterprise systems, supply chains, clinical trials, cancer research and the like.
In addition, the client may run on a terminal device, and an operating system may run on the terminal device, where the operating system may include, but is not limited to, an android system, an IOS system, a Linux system, a Unix system, a windows system, and the like, and may further include a User Interface (UI) layer, and may provide a display of a transaction request and a display of a transaction execution result through the UI layer, and may send a transaction request required for executing a transaction to a blockchain node based on an application program Interface (Application Programming Interface, API).
And the terminal running with the client and the blockchain node establish communication connection through a wired or wireless network. Alternatively, the wireless network or wired network described above uses standard communication techniques and/or protocols. The network is typically the Internet, but may be any network including, but not limited to, a local area network (Local Area Network, LAN), metropolitan area network (Metropolitan Area Network, MAN), wide area network (Wide Area Network, WAN), a mobile, wired or wireless network, a private network, or any combination of virtual private networks.
For ease of understanding and explanation, embodiments of the present application provide a transaction processing method, apparatus, system, device, and storage medium, as described in detail below with reference to fig. 4-23.
Fig. 4 is a flow chart illustrating a transaction processing method according to an embodiment of the application. The method may be performed by a blockchain node in the system shown in fig. 2, as described above, which can be a computer device, which can be a server or a terminal, or a combination of a terminal and a server. As shown in fig. 4, the method includes:
s101, the block chain link point receives a transaction request sent by a client, wherein the transaction request carries user information of the client and information of target transaction.
Specifically, when a user needs to execute a transaction in the blockchain network, the user can log in the client, generate a transaction request according to information of a target transaction to be executed by the client, and then send the transaction request to a blockchain node in the blockchain network, so that the blockchain node receives the transaction request, wherein the transaction request carries user information and information of the target transaction.
The user information may include authority information of the client and a user identifier, where the authority information is used to uniquely represent information corresponding to the client when the client accesses to the blockchain resource in the blockchain network. The user identifier is used for uniquely representing the identity information corresponding to the user logging in the client, and the user identifier can be, for example, a user mailbox, a mobile phone number, a user identity card identifier and the like.
The information of the target transaction refers to target transaction content that needs to be executed in the blockchain network, and may include transaction type, transaction data amount, transaction initiator account information, transaction receiver account information, and the like. The transaction initiator account information may include, for example, transaction initiator address information and interface information, and the transaction recipient account information may include, for example, transaction recipient address information and interface information. The transaction type may be, for example, transfer, deposit, traceability, etc.
Optionally, the transaction request further includes a transaction signature, where the transaction signature is used to verify the validity of the transaction request.
In this embodiment, since the transaction request received by the block link point carries the user information of the client, accurate data guiding information can be provided for the subsequent determination permission, so that the subsequent permission of the client can be determined in a targeted manner.
S102, determining authority information of the client by the block link point according to the user information.
It should be noted that, for each participant in the blockchain network, there is a corresponding identity role in the blockchain network, and a preset authority allocation rule may be adopted to allocate authority information of a corresponding access blockchain resource to each participant according to the role of each participant. The blockchain resource may be, for example, a blockchain ledger in a blockchain network, or may be execution operation information in the blockchain network.
The authority information refers to information corresponding to information access authority possessed by the client in the blockchain network. The authority information may be generally related to an organization architecture of an enterprise or an organization, and may uniquely determine resource information owned by the client in the blockchain network according to the authority information, where the authority information may include, for example, operation execution authority and may also include information acquisition authority.
It will be appreciated that when the blockchain is a coalition chain, the identity roles corresponding to the participants may include: chain administrators, system administrators, transaction users, supervisors, and the like. Wherein each participation role corresponds to different authority information in the affiliated alliance chain. For example, the rights information for the chain manager may include rights for user management and "assign rights," such as user A, B, C, D in the federation chain, and the rights information corresponding to user a may be rights assigned to user B, C, D assuming user a is defined as the chain manager. Wherein a plurality of chain administrators may be set, and any user may modify various rights without distinction if a chain administrator is not set.
The authority information of the system administrator may include: node management (adding and deleting nodes), system parameter modification, modifying CNS contract naming, enabling contract and table deployment, block size configuration, etc. The authority of the system administrator can be that the chain administrator allocates the authority according to the commonly agreed governance rules, for example, only the appointed account deployment authority is allowed, the contract deployment authority is set for the chain administrator, and other users cannot optionally deploy contracts.
The rights information of the transaction user may include: user table rights, rights to invoke a contract interface, rights to transfer transactions. For the user table authority, the user table is taken as granularity, and certain accounts can be controlled to rewrite certain user tables so as to avoid accidental modification of the user tables by others.
The authority information of the supervisor can be formulated according to specific supervision rules, if the supervisor reads all data only, only the read-only data authority is configured, and other special authorities are not required to be set.
As an implementation manner, after receiving a transaction request sent by a client, the blockchain node may directly analyze a field corresponding to user information in the transaction request, and determine authority information of the client.
As another implementation manner, after receiving the transaction request sent by the client, the blockchain node may determine whether the transaction is legal according to a blockchain transaction determination rule, obtain a transaction signature of the transaction request when the transaction is legal, verify the correctness of the transaction signature according to a signature verification algorithm of the identification password, and determine authority information of the client according to user information after verification is passed.
Alternatively, the identification password algorithm may be an SM9 algorithm or an IBC identification password algorithm, and may also be other identification password algorithms. The IBC identification cipher algorithm uses an asymmetric cipher system, two different sets of keys are used for encryption and decryption, and the public key of each person is an identity, such as a recognizable name, an emali address, an identity card number, a mobile phone number and the like of a user.
The blockchain transaction judgment rule is obtained by summarizing and arranging historical transaction information. For different types of blockchain networks, the transaction judgment rules for judging whether the transaction is legal are different. For example, it may be determined whether a specific field in the transaction request conforms to a preset format, whether information of a target transaction in the transaction request is complete, etc.
As another implementation manner, after receiving the transaction request sent by the client, the blockchain node can judge whether the transaction is legal according to a blockchain transaction judgment rule, and when the transaction is legal, the blockchain node performs consensus with other blockchain nodes in the blockchain network to which the blockchain node belongs, and when the consensus passes, obtains a transaction signature of the transaction request, verifies the correctness of the transaction signature according to a signature verification algorithm of the identification password, and determines authority information of the client according to user information after the verification passes.
Wherein, the following consensus algorithm can be adopted in the consensus: consensus algorithms such as Proof of Work (POW), proof of stock (POS), proof of commission (Delegated Proof of Stake, DPOS) and the like can also be used, and consensus algorithms such as barthological fault tolerance (Practical Byzantine Fault Tolerance, PBFT) and the like can also be used.
It should be noted that, the above implementations of determining the authority information of the client according to the user information are merely examples, and the embodiments of the present application are not limited thereto.
In the embodiment, the blockchain node can accurately determine the member authority information of the client in the blockchain network according to the user information of the client, so that the authority information of the client is controlled in a finer granularity, and the safety of a blockchain system is improved.
And S103, if the block link point determines that the client has the execution authority of the target transaction according to the authority information, executing the target transaction.
After determining the authority information, the blockchain node can determine the identity information of the client in the blockchain network to which the blockchain node belongs according to the authority information, wherein the identity information can comprise member organization/group/mechanism and member roles of the client in the blockchain network to which the blockchain node belongs.
Specifically, the blockchain node analyzes the authority information by adopting an authority identification strategy, determines a member role of the client in the blockchain network to which the blockchain node belongs, then determines whether the client has the execution authority of the target transaction according to the member role, obtains an authority identification result, allows the client to access target resources related to the target transaction when the authority identification result represents that the client has the execution authority of the target transaction, and executes the target transaction based on the target resources.
It should be understood that the target resource refers to a resource that the client needs to access when executing the target transaction in the blockchain network, for example, the target resource may be data related to a blockchain ledger in the blockchain network, or may be function information of each blockchain node in the blockchain network.
When determining that the client has the execution right of the target transaction, the blockchain node allows the client to access target resources related to the target transaction, for example, by opening blockchain account book data required for executing the target transaction, and executing the target transaction according to the account book data and the information of the target transaction.
The rights identification policy refers to a policy for rights identification preset according to the data characteristics of the historical rights information and the corresponding rights information, and may be, for example, a trained rights identification model, a rights identification algorithm, or the like. The rights identification algorithm may for example comprise a mapping between data features of the rights information, which may be field features, and the member roles, there being different mappings between data features of different rights information and the member roles. The data features can also be data formats, and the authority identification strategies corresponding to the authority information of different data formats are different.
As an implementation manner, the authority information can be subjected to data identification processing through the authority identification model, so that the member roles of the client are obtained. The authority identification model is a network structure model with authority identification capability which is learned by training sample data. The permission identification model is a neural network model which is input as permission information, output as a member role corresponding to the permission information, has the capability of carrying out data identification on the permission information and can identify the member role. The authority identification model may include a multi-layer network structure, where the network structures of different layers perform different processes on data input thereto, and transmit output results thereof to a next network layer until the last network layer performs the process to obtain a member role.
As another implementation manner, the authority information characteristic information of the determined unknown member roles can be compared with the authority information characteristic of the authority information characteristic library of the known member roles by inquiring the authority information characteristic library of the known member roles, and the member roles corresponding to the authority information with the same authority information characteristic are determined as the member roles corresponding to the authority information. The authority information feature library can be constructed by integrating, classifying and sorting authority information data of features such as different authority information types, authority information formats and the like. The member roles are used for identifying the identity information of the client in the blockchain network to which the blockchain link points belong, so that whether the client has the execution authority of the target transaction or not can be quickly obtained through the member roles.
It can be appreciated that the blockchain network may sort the authority information of each member role in the blockchain in advance, and construct a corresponding authority information table, where the authority information table includes the member roles and the corresponding authority information. And then searching the corresponding authority information table according to the member roles to determine whether the client has the execution authority of the target transaction.
After determining the member roles of the client in the blockchain network, the client can first search whether the member roles exist in the right information table, and if not, the client does not have the execution authority of the target transaction. If the member role exists in the authority information table, the authority information corresponding to the member role is searched, and then whether the client has the execution authority of the target transaction is judged according to the authority information, namely, when the authority information comprises the execution authority of the target transaction, the client is indicated to have the execution authority of the target transaction; when the right information does not include the execution right of the target transaction, the client side is indicated to have no execution right of the target transaction.
In addition, after executing the target transaction, the blockchain node may write the transaction record corresponding to the execution target transaction into a block of the blockchain network, and then generate a response message according to the transaction execution result obtained by executing the target transaction and send the response message to the client. The transaction execution result can comprise a transaction type and prompt information of successful transaction execution.
If the block link point determines that the client does not have the execution authority of the target transaction according to the authority information, a transaction failure message is sent to the client, wherein the transaction failure message carries a failure reason parameter, and the failure reason parameter is used for indicating that the transaction failure reason does not have the transaction authority.
The transaction failure cause parameter may be filled in a specific field of the transaction failure message, for example, when the data content corresponding to the specific field is "11", it is determined that the transaction failure cause does not have the transaction authority.
Referring to fig. 5, a blockchain node receives a transaction request sent by a client, where the transaction request carries user information 5-1 of the client and information 5-2 of a target transaction, and the blockchain node determines authority information 5-3 of the client according to the user information 5-1, determines whether the client has an execution authority of the target transaction according to the authority information 5-3 of the client, and when determining that the client has the execution authority of the target transaction, allows the client to access a target resource related to the target transaction, executes the target transaction 5-4 according to the target resource and the information of the target transaction, generates a transaction execution result 5-5, and then sends the transaction execution result 5-5 to the client. When it is determined that the client does not have the execution right for the target transaction, a transaction failure message 5-6 is generated and sent to the client.
When the block chain link point receives a transaction request sent by a client a, the transaction request comprises information of target transaction '10 elements transferred to a b account' and user information, wherein the user information comprises user identification and authority information, the authority information is 'common user of A organization', the information of the target transaction comprises an initiator a account, a receiver b account and a transfer amount 10 elements, the block chain node determines the authority information of the client according to the user information, then determines that the member role of the client is the common user role of A organization based on the authority information, determines that the client has the transfer execution authority, allows the open client to access the authority of the target transaction, and executes the target transaction according to the information of the target transaction and target resources.
Compared with the prior art, on one hand, the technical scheme of the application can provide accurate data guiding information for the follow-up determination permission because the transaction request received by the blockchain node carries the user information of the client, so that the follow-up determination permission of the client can be determined in a targeted manner. On the other hand, the authority information of the client is determined through the user information, so that the member authority information of the client in the blockchain network can be accurately determined, the authority information of the client is further subjected to distinguishing control in a finer granularity, when the fact that the client has the execution authority of the target transaction is determined, corresponding blockchain network resources are accurately opened for the client, the target transaction is executed according to the information of the target transaction, and the safety of the blockchain system is further effectively improved.
In another embodiment of the present application, in order to determine whether the client has the execution authority of the target transaction, the authority information of the client needs to be determined according to the user information. Referring to fig. 6, the embodiment provides a specific implementation manner of determining authority information of a client by using block link points according to user information.
S201, a first field corresponding to the authority information in the user information is acquired, and the authority information is determined according to the first field.
The first field refers to a field for indicating rights information in the user information. The user information may include a plurality of fields, each field being correspondingly populated with a different data content, each field having a corresponding field identification. The field identifies identity information for uniquely representing the field.
It can be appreciated that, in order to ensure that the block link points acquire the rights information, the client may pre-establish a protocol with the block link points. As an implementation manner, referring to fig. 7, the method may include filling each data in the user information, for example, according to the method that the protocol client fills the authority information into a first field of the user information when generating the user information, and stores the user identifier into a second field of the user information, so that the blockchain node may obtain the first field corresponding to the authority information in the user information according to the protocol, and then determine the authority information according to the first field.
Specifically, after the blockchain node obtains the user information, each field identifier in the user information can be determined, then a first field corresponding to the authority information in the user information is searched according to the first field identifier, and the data content filled in the first field is read to obtain the authority information.
As another implementation manner, the protocol co-formulated by the client and the blockchain node may include encrypting and decrypting the rights information between the client and the blockchain node by means of a key. For example, when generating user information according to a protocol, the client may fill the authority information into a first field, then encrypt the first field corresponding to the authority information by using a key to obtain an encrypted result of the first field, and fill the user identifier into a second field, so that the blockchain node may acquire the first field corresponding to the authority information in the user information according to the protocol, and then determine the authority information according to the first field.
Specifically, after obtaining the user information, the blockchain node may determine each field identifier in the user information, then search the encryption result of the first field corresponding to the authority information in the user information according to the first field identifier, and then perform operation processing, such as decryption processing, on the encryption result of the first field by using a decryption algorithm through a key, and read the data content filled in the first field to obtain the authority information.
In another embodiment of the present application, a specific implementation manner of determining authority information of a client by a blockchain node according to user information is also provided. The method comprises the following steps:
s202, acquiring a second field corresponding to the user identifier in the user information, and determining the user identifier according to the second field;
s203, determining authority information according to the user identification.
It should be noted that, the second field refers to a field in the user information for indicating the user identifier. The user identifier is used for uniquely representing the identity information corresponding to the user logging in the client, and can be, for example, an identity card identifier, a mailbox address, a mobile phone number and the like of the user.
As an implementation manner, the client may pre-formulate a protocol with the blockchain node, where the protocol may include encrypting and decrypting the user identifier between the client and the blockchain node by using a key. For example, when generating user information according to the protocol, the client may fill the authority information into the first field, fill the user identifier into the second field, and then encrypt the second field corresponding to the user identifier by using the key to obtain an encryption result of the second field. The blockchain node can acquire a second field corresponding to the user identifier in the user information according to the protocol, then determine the user identifier according to the second field, and further determine the authority information according to the user identifier.
Specifically, after the blockchain node obtains the user information, each field identifier in the user information can be determined, then an encryption result of a second field corresponding to the user identifier in the user information is searched according to the second field identifier, then the encryption result of the second field is subjected to operation processing, such as decryption processing, by adopting a decryption algorithm through a secret key to obtain the user identifier, and the authority information is determined according to the mapping relation existing between the user identifier and the authority information.
As another implementation manner, the protocol co-formulated by the client and the blockchain node may include encrypting and decrypting the user identifier and the authority information between the client and the blockchain node by means of a key. For example, when generating user information according to the protocol, the client fills the authority information into the first field, fills the user identifier into the second field, and then encrypts the first field and the second field by adopting the key to obtain a third encryption result. The blockchain node can acquire a second field corresponding to the user identifier in the user information according to the protocol, then acquire a first field corresponding to the authority information in the user information, and determine the authority information according to the first field and the second field.
Specifically, after obtaining the user information, the blockchain node may determine each field identifier in the user information, then search for a third encryption result in the user information according to the first field identifier and the second field identifier, and perform an operation processing on the third encryption result by using a key, for example, a decryption processing to obtain a processing result, and then read the data content filled in the first field to obtain the permission information.
In another embodiment of the present application, a specific implementation manner of determining whether the client has the execution authority of the target transaction according to the authority information is also provided.
In one possible implementation manner, a role of the client in the blockchain network to which the blockchain point belongs may be determined according to the authority information, and whether the client has the execution authority of the target transaction is determined according to the role.
It will be appreciated that in order to ensure that the individual participants of the blockchain network are separated, a corresponding identity role needs to be determined for each participant according to its organization architecture in the enterprise or organization, so that the corresponding blockchain network resource is allocated to each participant according to the role, and the authority information may include the operation authority to the blockchain network resource and the information access authority to the blockchain network resource.
It should be noted that, the roles of the client in the blockchain network to which the blockchain points belong refer to identity information of the client in the blockchain network. When a group is included in the blockchain network, there is a one-to-one mapping relationship between roles and rights information in the blockchain network. When the blockchain network comprises a plurality of groups, each group corresponds to a plurality of roles, and a one-to-one mapping relation exists between the roles in the groups and authority information in the blockchain network. Alternatively, the mapping relationship may be stored in a rights information table in which rights information is stored.
Specifically, referring to fig. 8, the user information includes authority information and a user identifier, where the authority information may include a member role. Referring to fig. 9, after obtaining the user information, the blockchain node determines the authority information according to the user information, and can determine the member roles of the client in the blockchain network to which the blockchain node belongs according to the authority information, further search the authority information table, determine the authority information of the role in the authority information table according to the mapping relationship between the roles and the authority information, determine whether the authority information is matched with the execution authority of the target transaction, and determine that the client has the execution authority of the target transaction when the authority information is matched with the execution authority of the target transaction. And when the target transaction is not matched, determining that the client does not have the execution authority of the target transaction.
When a group is included in the blockchain network, and it is determined that a role of the client in the blockchain network to which the blockchain point belongs is a transaction user according to the authority information, determining authority information of the role (the transaction user) in the authority information table according to the role by searching the authority information table includes: the user list authority, the authority for calling the contract interface and the authority for transferring the transaction, namely the authority information is matched with the execution authority of the target transaction, the client is determined to have the authority for executing the transaction, and then the target transaction is executed according to the information of the target transaction.
Optionally, in the specific implementation of determining whether the client has the execution authority of the target transaction according to the role, a resource related to the target transaction in the blockchain network may be determined, whether the client has the access authority of the target resource is determined according to the role of the client in the blockchain network, and if the client has the access authority of the target resource, the client is determined to have the execution authority of the target transaction; and if the client does not have the access right to the target resource, determining that the client does not have the execution right of the target transaction.
In another possible implementation manner, a group to which the client belongs and a role of the client in the group are determined according to the authority information, and whether the client has the execution authority of the target transaction or not is determined according to the group and the role, wherein the group is a group divided by a blockchain network to which the blockchain node belongs.
It should be noted that, the group refers to an organization or organization to which the client belongs in the blockchain network. The group may be determined by the organization or organization's job in the blockchain network. Each group is correspondingly provided with a plurality of different roles, and the authority information allocated by each role is different.
Optionally, in the specific implementation of determining whether the client has the execution authority of the target transaction according to the group and the role, the resource related to the target transaction may be determined, and whether the client has the access authority of the target resource is determined according to the group to which the client belongs in the blockchain network and the role in the group, if the client has the access authority of the target resource, the client is determined to have the execution authority of the target transaction; and if the client does not have the access right to the target resource, determining that the client does not have the execution right of the target transaction.
Referring to fig. 10, the above-mentioned user information includes authority information and a user identifier, where the authority information may include a member group and a member role of the client in the member group. Referring to fig. 11, after determining the user information, the blockchain node determines the authority information according to the user information, and can determine the group of the member to which the client belongs in the blockchain network to which the blockchain node belongs and the role of the member in the group according to the authority information, further search the authority information table, determine the authority information of the role in the authority information table according to the mapping relationship between the role and the authority information, determine whether the authority information is matched with the execution authority of the target transaction, and determine that the client has the execution authority of the target transaction when the authority information is matched with the execution authority of the target transaction. And when the target transaction is not matched, determining that the client does not have the execution authority of the target transaction.
Illustratively, when the blockchain network includes a plurality of groups, for example, a first group, a second group and a third group, each group corresponds to a plurality of roles, and when determining, according to the authority information, that the group to which the client belongs in the blockchain network to which the blocklink point belongs and the role of the client in the group are transaction users of the first group, determining, according to the role, by looking up the authority information table, the authority information of the role (the transaction users of the first group) in the authority information table includes: and the permission of the contract interface and the permission of the transfer transaction are called, namely, the permission information is matched with the execution permission of the target transaction, the client is determined to have the permission of executing the target transaction, then the target resource which is required to be accessed by the client for executing the target transaction in the blockchain network is opened, for example, the target data which is required when the client is allowed to access the blockchain ledger for executing the target transaction can be obtained, and the target transaction is executed according to the information of the target transaction and the target data.
For example, when the target transaction is a transfer transaction, and the information of the target transaction includes: obtaining the balance of an a account and transferring 10 yuan to a b account when the balance is greater than 10 yuan, when the execution right of a target transaction (transfer transaction) of a client is determined according to a member group and a member role, the blockchain node can determine a corresponding target resource according to the information of the target transaction and the transfer right of the target transaction (transfer transaction), wherein the target resource is, for example, the balance data of the a account stored in a blockchain account book, then opening the balance data of the a account stored in the blockchain account book to the client, obtaining the balance data of the a account and judging whether the balance data of the a account is greater than 10 yuan, when the balance data of the a account is judged to be greater than 10 yuan, indicating that the balance of the a account is sufficient, obtaining an a account address, a b account address and transfer amount from the information of the target transaction, and executing the target transaction of the a account to the b account for transferring 10 yuan.
In the embodiment, the authority information of the client in the blockchain network can be accurately determined, so that the authority information of the client is distinguished and controlled in a finer granularity, when the client is determined to have the execution authority of the target transaction, corresponding blockchain network resources are accurately opened for the client, the target transaction is executed according to the information of the target transaction, and the safety of the blockchain system is effectively improved.
In another embodiment of the present application, before the block link point determines the authority information of the client according to the user information, a specific implementation manner of verifying the transaction signature is further included, and the method includes: and if the block link point determines that the client has the execution authority of the target transaction according to the authority information and the transaction signature passes verification, executing the target transaction.
It should be noted that the transaction request further includes a transaction signature, which may be used to verify the correctness of the source of the transaction request and the integrity of the transaction request.
It will be appreciated that users used by the blockchain network typically have one or more sets of public-private key pairs corresponding thereto, which may be recorded in the corresponding user state or otherwise stored in a distributed database of the blockchain network and made available to any node device in the blockchain network. The private key corresponding to the public key is stored in a local database or other hardware equipment of the user for the user to carry out digital signature. Upon receiving a transaction request, the blockchain node may verify the correctness of the transaction request based on a transaction signature contained in the transaction request. Correctness verification may generally include: the correctness of the source of the transaction request and the integrity of the transaction request are verified. Verifying the correctness of the source of the transaction request means that the transaction request is indeed initiated by the client, and verifying the integrity of the transaction request means that the transaction request is not tampered with during transmission from the client to the blockchain node.
Specifically, after receiving the transaction request, the blockchain node can perform correctness verification on the transaction request, can use the user information as a public key, verify the transaction signature by adopting an identification cryptographic algorithm, firstly perform decryption processing on the transaction signature according to the user information to obtain first data, then perform hash processing on the information of the target transaction to obtain second data, and determine whether the transaction signature passes the verification according to a matching result of the first data and the second data.
Decrypting the transaction signature according to the user information, wherein the obtained first data can be a first hash value, then carrying out hash processing on the information of the target transaction, and the obtained second data can be a second hash value, and when the first hash value is the same as the second hash value, determining that the transaction signature passes verification; when the first hash value is different from the second hash value, determining that the transaction signature is not verified. The first hash value and the second hash value may be obtained by adopting the same hash algorithm or adopting the same hash function to perform hash processing.
And when the block link point determines that the transaction signature passes verification and the client side has the execution right of the target transaction, executing the target transaction according to the information of the target transaction. When the block link point determines that the transaction signature fails verification, a transaction failure message is sent to the client, wherein the transaction failure message carries a failure reason parameter, and the failure reason parameter is used for indicating that the transaction failure reason is not verified by the transaction signature.
In the embodiment, by verifying the transaction signature in the transaction request, on one hand, the transaction request can be ensured to be really sent by the user logging in the client, and on the other hand, the transaction request can be ensured not to be tampered, so that the security of the transaction request in the blockchain network is improved.
On the other hand, fig. 12 is a flowchart of a transaction processing method according to an embodiment of the present application, as shown in fig. 12, where the method may be performed by a client, and the method includes:
s301, the client generates user information according to the authority information, and generates a transaction request according to the user information and the information of the target transaction.
S302, the client transmits a transaction request to the block link point, wherein the transaction request comprises user information and information of target transaction, so that when the block link point determines that the client has the execution right of the target transaction according to the user information, the target transaction is executed.
The authority information refers to the authority information which is checked and passed. Before the client generates the user information according to the authority information, the authority information needs to be acquired first, and then the user information is generated according to the authority information. The authority information can be authority information required when the client side submits the authority information to be checked through the third party equipment and the target transaction is executed. The third party device may be, for example, a registration node, or may be other devices with a function of auditing authority information besides the registration node.
As an implementation manner, fig. 13 is a schematic flow chart of auditing user identifier and rights information to be applied by a registration node, referring to fig. 13, a user logging in a client needs to register with the registration node, so that the registration node audits the user identifier and rights information to be applied, and the method may include:
s401, the client sends a registration request to the registration node, wherein the registration request comprises a user identifier and right information to be applied.
S402, the registration node receives and responds to the registration request, and the user identification and the authority information to be applied are checked.
S403, after the registration node passes the verification, a registration response is sent to the client, wherein the registration response comprises target authority information determined by the registration node from the authority information to be applied according to the user identification.
S404, the client receives the registration response sent by the registration node and determines the authority information according to the target authority information.
The client sends a registration request to the registration node, wherein the registration request comprises a user identifier and authority information to be applied, and the authority information to be applied refers to authority information which needs to be applied to the registration node, and the authority information can be multiple or one. When receiving a registration request, the registration node responds to the registration request to respectively audit the user identifier and the authority information to be applied, wherein the user identifier can be audited firstly and then the authority information to be applied can be audited, and the authority information to be applied can be audited firstly and then the user identifier can be audited.
In the process of auditing the user identifier, the registration node can search whether the user identifier exists in a preset user identifier library, and if so, the user identifier is audited to pass; if not, the user identification is not checked. The user identification library is a pre-stored user identification which is checked and passed. Optionally, the registration node may also check the user identifier type, and determine a corresponding checking mode according to the user identifier type to check, for example, when the user identifier type is a mobile phone number, the mobile phone verification code may be sent to a device corresponding to the mobile phone number and stored, then the device sends the mobile phone verification code to the registration node, and when the mobile phone verification code is consistent with the stored mobile phone verification code, the user identifier checking is indicated to pass; and when the mobile phone verification code is inconsistent with the stored mobile phone verification code, the user identification is not checked. For another example, when the user identifier type is a mailbox address, a mailbox verification code can be sent to a device corresponding to the mailbox address and stored, then the device sends the mailbox verification code to a registration node, and when the mailbox verification code is consistent with the stored mailbox verification code, the verification of the user identifier is indicated to pass; and when the mailbox verification code is inconsistent with the stored mailbox verification code, the user identification is not checked.
It will be appreciated that each group and each role in the blockchain network may be pre-stored in the registration node so that the registration node may audit the rights information to be audited. The registration node checks whether the authority information to be applied exists or not in the process of checking the authority information to be applied, and checks whether the authority information to be applied is matched with the prestored authority information or not when the authority information to be applied exists, and determines the matched authority information to be applied as target authority information passing the checking; and when the unmatched rights information to be applied is determined to pass the audit. And when checking that the authority information to be applied does not exist, determining that the authority information to be applied is not checked.
After the registration node passes the audit of the user identifier and the authority information to be applied, a registration response is sent to the client, wherein the registration response comprises target authority information determined by the registration node from the authority information to be applied according to the user identifier, the registration response can be a response message, the response message carries the target authority information, and the target authority information is the authority information which passes the audit determined from the authority information to be applied. The number of the target authority information may be one or a plurality. And then the client determines the authority information required when sending the transaction request according to the target authority information, and determines the corresponding authority information when executing the target transaction from the target authority information.
When any one of the verification of the user identification and the authority information to be applied is not passed by the registration node, the registration node sends a registration failure message to the client, wherein the registration failure message carries a failure reason parameter, and the failure reason parameter is used for indicating that the registration failure reason is that the verification of the authority information is not passed or that the verification of the user identification is not passed. When the authority information audit is failed, the registration failure reason for indicating the failure reason parameter carried in the registration failure message is that the authority information audit is failed; when the user identification audit is not passed, the registration failure reason for indication, which is carried by the failure reason parameter in the registration failure message, is that the user identification audit is not passed. After receiving the registration failure message, the client acquires the failure reason parameter, thereby obtaining the registration failure reason.
As another implementation manner, the authority information which is checked and passed in advance can be stored through other external devices or databases, so that the client can import and acquire the authority information from the other external devices or acquire the authority information from the databases.
After the client acquires the authority information, the client can generate user information according to the authority information and generate a transaction request according to the user information and the information of the target transaction. In the process of generating the user information according to the authority information, the user identification and the authority information may be spliced to obtain the user information, or the user information and the authority information may be encrypted to obtain the user information.
After generating the user information, the client acquires the information of the target transaction, which may be that the information of the target transaction is spliced with the user information to obtain a transaction request; or the information of the target transaction and the user information are encrypted to obtain a transaction request; the method comprises the steps of firstly adopting a user private key to encrypt information of target transaction to obtain a transaction signature, and then carrying out splicing processing on the information of the target transaction, the user information and the transaction signature to obtain a transaction request; or firstly, the user private key is adopted to encrypt the information of the target transaction to obtain a transaction signature, then the information of the target transaction, the user information and the transaction signature are encrypted to generate a transaction request, and then the transaction request is sent to the blockchain node.
In another possible implementation manner, after the registration node checks the user identifier and the authority information to be applied, user information can be generated according to the authority information, the user information is used as a user public key, then an identifier cryptographic algorithm is adopted to generate a user private key according to the user information, the user private key and the user information are sent to the client, so that the client generates a transaction request according to the user information and the information of the target transaction, then the transaction request is sent to the blockchain node, and when the blockchain node determines that the client has the execution authority of the target transaction according to the user information, the target transaction is executed.
In addition, as shown in fig. 14, when the client may also receive the transaction failure message sent by the blockchain node, then parse the transaction failure message to obtain a specific field corresponding to the failure cause parameter, and then obtain the data content corresponding to the specific field, thereby determining the failure cause of the transaction.
For example, when the acquired failure cause parameter is "11", it is determined that the transaction failure cause is the transaction failure cause, and it is determined that the client does not have the transaction right. When the acquired failure cause parameter is 10, determining that the transaction failure cause is not verified by the transaction signature.
In the embodiment, the client generates the user information according to the authority information, generates the transaction request according to the user information and the target transaction information, and transmits the transaction request to the block link point, so that the block link point accurately determines the member authority information of the client in the block chain network according to the user information, thereby controlling the authority information of the client in a finer granularity, and further effectively improving the safety of the block chain system.
In another embodiment of the present application, after determining the rights information, user information needs to be generated according to the rights information. The specific implementation mode of generating the user information according to the authority information is also provided, the authority information is filled into a first field corresponding to the authority information in the user information, and the user identification is filled into a second field corresponding to the user identification in the user information.
Specifically, after determining the authority information and the user identification, the client determines a first field and a second field in the user information, fills the authority information into the first field corresponding to the authority information in the user information, fills the user identification into the second field corresponding to the user identification in the user information, and then performs splicing processing on the first field filled with the authority information and the second field filled with the user identification, so that the user information is obtained.
In another embodiment of the present application, a specific implementation manner of generating user information according to authority information is further provided, where the client performs encryption processing on the authority information and the user identifier by obtaining the user identifier, so as to obtain the user information.
As an implementation manner, after the client obtains the authority information and the user identifier, the client may fill the authority information into the first field, then encrypt the first field corresponding to the authority information by using the key to obtain an encrypted result of the first field, fill the user identifier into the second field, and splice the encrypted result of the first field and the second field filled with the user identifier to obtain the user information.
As another implementation manner, after the client acquires the authority information and the user identifier, the client may fill the authority information into the first field and fill the user identifier into the second field, then encrypt the second field corresponding to the user identifier by using the key to obtain an encryption result of the second field, and splice the encryption result of the second field with the first field filled with the authority information to obtain the user information.
As still another implementation manner, after the client obtains the permission information and the user identifier, the client may fill the permission information into the first field and fill the user identifier into the second field, then encrypt the first field filled with the permission information and the second field filled with the user identifier with the key to obtain a third encryption result, and use the third encryption result as the user information.
In another embodiment of the present application, there is further provided a specific implementation manner of generating a transaction request according to user information and information of a target transaction, referring to fig. 15, the method includes:
s501, the client acquires a user private key, and the user private key is generated according to user information by adopting an identification password algorithm.
S502, the client side signs and processes information of the target transaction by adopting a user private key to obtain a transaction signature;
s503, the client generates a transaction request according to the transaction signature and the information of the target transaction.
The private key of the user can be obtained from a database by the client, can be imported and obtained from other external devices, and can be obtained from a registration node. The user private key is determined according to user information by adopting an identification password algorithm and is used for signing the information of the target transaction to obtain a transaction signature.
As an implementation manner, after generating the user information according to the authority information, the client may use the user information as a user public key, and then generate a user private key according to the user information by adopting an identification cryptographic algorithm.
As another implementation manner, after the registration node audits the user identifier and the authority information to be applied, the registration node may generate user information according to the authority information, use the user information as a user public key, then generate a user private key according to the user information by adopting an identifier cryptographic algorithm, and send the user private key and the user information to the client.
In one embodiment, after the client obtains the user private key, the client may use the user private key to sign the information of the target transaction to obtain a transaction signature, and then generate a transaction request according to the transaction signature and the information of the target transaction.
Referring to fig. 16, in the process of generating a transaction request, a first field, a second field and a third field of a transaction request data structure may be determined, then information of a target transaction is filled into the first field of the transaction request, a transaction signature is filled into the second field of the transaction request, user information is filled into the third field of the transaction request, and then the first field filled with the information of the target transaction, the second field filled with the transaction signature and the third field filled with the user information are spliced, thereby obtaining the transaction request.
Optionally, after the client obtains the transaction signature, the client may further fill the information of the target transaction into the first field of the transaction request, then encrypt the first field corresponding to the information of the target transaction with the key to obtain an encrypted result of the information of the target transaction, fill the transaction signature into the second field of the transaction request, fill the user information into the third field of the transaction request, and splice the encrypted result of the information of the target transaction, the second field filled with the transaction signature and the third field filled with the user information, thereby obtaining the transaction request.
In another implementation manner, after the client obtains the transaction signature, the client may further fill the information of the target transaction into the first field of the transaction request, fill the transaction signature into the second field of the transaction request, fill the user information into the third field of the transaction request, encrypt the second field corresponding to the transaction signature with the key to obtain an encryption result of the transaction signature, and splice the first field filled with the information of the target transaction, the encryption result of the transaction signature and the third field filled with the user information to obtain the transaction request.
In another implementation manner, after the client obtains the transaction signature, the client may further fill the information of the target transaction into the first field of the transaction request, fill the transaction signature into the second field of the transaction request, fill the user information into the third field of the transaction request, encrypt the third field corresponding to the user information with the key to obtain an encrypted result of the user information, and splice the first field filled with the information of the target transaction, the second field filled with the transaction signature and the encrypted result of the user information to obtain the transaction request.
Further, after the client generates the transaction request, the transaction request is sent to the blockchain node, so that the blockchain node executes the target transaction when determining that the client has the execution right of the target transaction according to the user information.
The process of generating the transaction request by the client corresponds to the process of analyzing the transaction request by the blockchain node to acquire the information, the user information and the transaction signature of the target transaction, and the same secret key is used for encryption and decryption. For example, the client encrypts the transaction signature to obtain an encryption result of the transaction signature, then performs splicing processing on the first field filled with the information of the target transaction, the encryption result of the transaction signature and the third field filled with the user information to obtain a transaction request, and when the transaction request is analyzed, the blockchain node decrypts the encryption result of the transaction signature by adopting the same key as the encryption process to obtain the transaction signature, thereby obtaining the user information and the information of the target transaction.
The information of the target transaction may include transaction type, transaction data amount, transaction amount, account information of transaction initiator, account information of transaction receiver, transaction random number, etc. The information of the target transaction is to fill the corresponding fields of the information of the target transaction, such as transaction type, transaction data amount, transaction amount, account information of a transaction initiator, account information of a transaction receiver, transaction random number and the like, according to a preset data structure.
It will be appreciated that the transaction random number is used to prevent replay attacks when executing a transaction, i.e. to prevent multiple executions of a transaction. Wherein the transaction random number is an ever-increasing number that uniquely identifies the transaction, and a transaction random number can only be used once until the transaction is mined out. Replay Attacks (Replay Attacks), also known as Replay Attacks, or freshness Attacks, refer to the fact that an attacker sends a packet that has been received by a destination host, so as to achieve the purpose of spoofing the system.
For example, referring to fig. 17, fig. 17 shows a schematic diagram of a data structure of a transaction request. Wherein the transaction type of the target transaction is transfer, from refers to the account address of the transfer initiator; to refers To the account address of the transfer receiver; amountrefers to the transfer Amount; nonce refers to a transaction random number used to prevent replay attacks; the user information is information comprising authority information and user identification and is used as a user public key to participate in verification of transaction signature; the transaction signature refers to signature information of the target transaction, and is used for verifying the validity of the target transaction.
In the embodiment, the client obtains the transaction signature by obtaining the user private key and adopting the user private key to carry out signature processing on the information of the target transaction, so that the transaction request is prevented from being tampered in the transmission process, and the transaction request is generated according to the transaction signature and the information of the target transaction, so that the transaction request carries the user information, and accurate data guiding information can be provided when the client permission is determined for the subsequent blockchain node, so that the client permission is determined in a targeted manner.
For a better understanding of the embodiments of the present application, a complete flowchart of the method of transaction processing presented herein is presented below. As shown in fig. 18, the method may include the steps of:
s601, a client sends a registration request to a registration node, wherein the registration request comprises a user identifier and right information to be applied.
S602, the registration node examines the user identification and the authority information to be applied, and determines target authority information from the authority information to be applied.
Specifically, when the client needs to determine the authority information, a registration request may be sent to the registration node, where the registration request includes a user identifier and authority information to be applied, where the user identifier is used to uniquely identify identity information of a user, and the authority information to be applied refers to the authority information to be applied to the registration node, and the authority information to be applied may include a user organization and a user role. For example, the registration request sent by the client to the registration node includes a user identifier and rights information < [email protected], org1, admin >, where [email protected] is the user identifier, org1 is the user organization in the rights information to be applied, and admin is the user role in the rights information to be applied.
The registration node receives and responds to the registration request, respectively examines the user identifier [email protected] and the user organization org1 and the user role admin in the authority information to be applied, and determines authority information which is examined and passed in the authority information to be applied as target authority information, for example, determines the user organization org1 and the user role admin as target authority information after the user identifier [email protected] and the user organization org1 and the user role admin in the authority information to be applied are both examined and passed.
S603, the registration node determines authority information according to the target authority information, and generates user information according to the authority information and the user identification.
S604, the registration node takes the user information as a user public key, and generates a user private key according to the user public key.
And S605, the registration node sends the user private key and the user information to the client.
When the registration node determines the target authority information, the registration node may determine the authority information from the target authority information according to the authority information required for executing the target transaction, for example, the target authority information < user organization org1, user role admin > may be determined as the authority information corresponding to executing the target transaction, then generate the user information according to the authority information < user organization org1, user role admin > and user identifier [email protected], fill the authority information into a first field corresponding to the authority information in the user information, fill the user identifier into a second field corresponding to the user identifier in the user information, and then splice the first field filled with the authority information and the second field filled with the user identifier, thereby obtaining the user information, and use the user information as a public key publickey=org1 & admin & [email protected].
The registration node adopts an identification password algorithm to operate according to a public key publickey of the user to obtain a private key of the user, and then the private key of the user and the public key of the user information are sent to the client.
S606, the client receives the user private key and the user information, acquires the information of the target transaction, signs the information of the target transaction by adopting the user private key, and generates a transaction signature.
S607, the client generates a transaction request according to the transaction signature, the user information and the information of the target transaction.
S608, the client sends a transaction request to the blockchain node, wherein the transaction request carries user information of the client and information of target transaction.
The client receives the private key and the public key of the user sent by the registration node, and obtains information of a target transaction, wherein the target transaction can be, for example, a transfer transaction, and the information of the corresponding target transaction can comprise, for example, from, to, amount and Nonce. Wherein From refers to the account address of the transfer initiator; to refers To the account address of the transfer receiver; amountrefers to the transfer Amount; nonce refers to a transaction random number used to prevent replay attacks.
After the information of the target transaction is obtained, signature processing is carried out on the information of the target transaction by adopting a user private key to obtain a transaction signature, a first field, a second field and a third field of a data structure in a transaction request are determined, then the information of the target transaction is filled into the first field of the transaction request, the transaction signature is filled into the second field of the transaction request, the user information public is filled into the third field of the transaction request, then the first field filled with the information of the target transaction, the second field filled with the transaction signature and the third field filled with the user information public are subjected to splicing processing, so that the transaction request is obtained and sent to a blockchain node. The data structure of the transaction request may be shown in fig. 19, where the user information and the information of the target transaction may be collectively referred to as a transaction body.
S609, the block chain link point receives the transaction request and determines authority information of the client according to the user information.
And S610, if the block link point determines that the client has the execution authority of the target transaction according to the authority information, executing the target transaction, and generating a transaction execution result.
S611, the blockchain node sends a transaction execution result to the client.
The block chain link point receives the transaction request, can be commonly known with other block chain nodes in the block chain network to carry out transaction request, analyzes the transaction request to obtain a transaction signature, user information publickey and information of target transaction under the condition that the transaction request passes the common knowledge, then adopts an identification password algorithm to carry out decryption processing on the transaction signature through the user information publickey to obtain first data, carries out hash processing on the information of the target transaction to obtain second data, when the first data and the second data are matched, indicates that the transaction signature passes verification, and when the first data and the second data are not matched, indicates that the transaction signature does not pass verification, the block chain node sends a transaction failure message to the client, wherein the transaction failure message carries a failure reason parameter, for example, the failure reason parameter is 10, and the failure reason parameter is used for indicating that the transaction failure reason is not verified.
When the transaction signature passes verification, a first field corresponding to authority information in a user information publickey is obtained, then the first field determines authority information < user organization org1 and user role admin >, the group of the blockchain network to which the client belongs at the blockchain link point and the role of the client in the group are determined according to the authority information, so that the group of the blockchain network to which the client belongs at the blockchain link point is org1, the role is admin, whether the client has the execution authority of target transaction or not is determined according to the group org1 and the role admin, when the client is determined to have the execution authority of the target transaction, target resources which are required to be accessed for executing the target transaction are opened for the client, and the target transaction is executed according to the target resources and the information of the target transaction, namely transfer transaction is executed. After the transaction is completed, a transaction execution result may be generated and sent to the client, and the transaction execution result may include, for example, a prompt message of "successful transaction execution. When the client does not have the execution authority of the target transaction, the blockchain node sends a transaction failure message to the client, wherein the transaction failure message carries a failure reason parameter, and the failure reason parameter is, for example, "11", for indicating that the transaction failure reason does not have the transaction authority.
In this embodiment, the user information of the client is carried in the transaction request received by the block link point, so that accurate data guiding information can be provided for the subsequent determination authority, so that the authority of the client can be determined in a targeted manner, the member authority information of the client in the block chain network can be determined accurately by determining the authority information of the client through the user information, and therefore the authority information of the client is controlled in a finer granularity, when the client is determined to have the execution authority of the target transaction, the corresponding block chain network resource is opened for the client accurately, the target transaction is executed, and the security of the block chain system is further effectively improved.
It should be noted that although the operations of the method of the present invention are depicted in the drawings in a particular order, this does not require or imply that the operations must be performed in that particular order or that all of the illustrated operations be performed in order to achieve desirable results. Rather, the steps depicted in the flowcharts may change the order of execution. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
Fig. 20 is a schematic structural diagram of a transaction processing device according to an embodiment of the present application. The apparatus may be an apparatus within a blockchain node, as shown in fig. 20, which may include:
the receiving module 610 is configured to receive a transaction request sent by a client, where the transaction request carries user information of the client and information of a target transaction;
a permission determining module 620, configured to determine permission information of the client according to the user information;
the transaction execution module 630 is configured to execute the target transaction if the block link point determines that the client has the execution authority of the target transaction according to the authority information.
Optionally, the permission determining module 620 is specifically configured to:
and acquiring a first field corresponding to the authority information in the user information, and determining the authority information according to the first field.
Optionally, the permission determining module 620 is further configured to:
acquiring a second field corresponding to the user identifier in the user information, and determining the user identifier according to the second field;
and determining the authority information according to the user identification.
Optionally, the device is specifically configured to:
determining the role of the client in the blockchain network to which the blockchain point belongs according to the authority information, and determining whether the client has the execution authority of the target transaction according to the role; or,
And determining a group to which the client belongs and a role of the client in the group according to the authority information, and determining whether the client has the execution authority of the target transaction according to the group and the role, wherein the group is a group divided by a blockchain network to which the blockchain node belongs.
Optionally, the transaction execution module 630 is specifically configured to:
the client is allowed to access a target resource associated with the target transaction and execute the target transaction based on the target resource.
Optionally, the device is specifically configured to:
if the client side has the execution authority of the target transaction according to the authority information, executing the target transaction, including:
and if the client side has the execution authority of the target transaction according to the authority information and the transaction signature passes verification, executing the target transaction.
Optionally, the device is further configured to:
decrypting the transaction signature according to the user information to obtain first data;
carrying out hash processing on the information of the target transaction to obtain second data;
and determining whether the transaction signature passes verification according to the matching result of the first data and the second data.
Optionally, the device is further configured to:
if the client does not have the execution authority of the target transaction according to the authority information, a transaction failure message is sent to the client, the transaction failure message carries a failure reason parameter, and the failure reason parameter is used for indicating that the transaction failure reason is not provided with the transaction authority.
On the other hand, fig. 21 is a schematic structural diagram of a transaction processing device according to an embodiment of the present application. The device may be a device in a client, as shown in fig. 21, including:
a transaction generating module 710, configured to generate user information according to the authority information, and generate a transaction request according to the user information and information of a target transaction;
and a sending module 720, configured to send the transaction request to a blockchain node, where the transaction request includes the user information and the information of the target transaction, so that the blockchain node executes the target transaction when determining that the client has the execution right of the target transaction according to the user information.
Optionally, the device is specifically configured to:
sending a registration request to a registration node, wherein the registration request comprises a user identifier and right information to be applied;
receiving a registration response sent by the registration node, wherein the registration response comprises target authority information determined by the registration node from the authority information to be applied according to the user identification;
and determining authority information according to the target authority information.
Optionally, the transaction generating module 710 is specifically configured to:
and filling the authority information into a first field corresponding to the authority information in the user information, and filling the user identification into a second field corresponding to the user identification in the user information.
Optionally, the transaction generating module 710 is specifically configured to:
and the client acquires a user identifier, and encrypts the authority information and the user identifier to obtain the user information.
Optionally, the device is further configured to:
acquiring a user private key, wherein the user private key is generated according to user information by adopting an identification cryptographic algorithm;
carrying out signature processing on the information of the target transaction by adopting a user private key to obtain a transaction signature;
a transaction request is generated based on the transaction signature and information of the target transaction.
In summary, in the transaction processing device provided in this embodiment, the transaction request sent by the client carries user information, the blockchain node determines authority information of the client according to the user information, performs authority control on the client based on the authority information, and when determining that the client has the execution authority of the target transaction according to the authority information, precisely opens corresponding blockchain network resources for the client to execute the target transaction. Compared with the prior technical scheme of verifying the user by means of the transaction signature, the verification of the user authority is increased, the verification of the user before the transaction is executed is perfected, the problem that the safety of the blockchain system is coarsely affected by the verification of the user is avoided, and the safety of the blockchain system can be effectively improved.
In another aspect, embodiments of the present application provide a transaction processing system, as shown in FIG. 2, that includes a client 300 and a blockchain node 200. The client 300 is configured to generate user information according to the authority information, generate a transaction request according to the user information and information of a target transaction, and send the transaction request to the blockchain node; the blockchain node 200 is configured to receive a transaction request sent by a client, determine authority information of the client according to user information, and execute a target transaction if the client is determined to have an execution authority of the target transaction according to the user information.
The blockchain node is specifically configured to obtain a first field corresponding to the authority information in the user information, determine the authority information according to the first field, or obtain a second field corresponding to the user identifier in the user information, determine the user identifier according to the second field, and determine the authority information according to the user identifier.
The block chain node is also used for determining the role of the client in the block chain network to which the block chain node belongs according to the authority information, and determining whether the client has the execution authority of the target transaction according to the role; or determining a group to which the client belongs and a role of the client in the group according to the authority information, and determining whether the client has the execution authority of the target transaction according to the group and the role, wherein the group is a group divided by a blockchain network to which the blockchain node belongs.
The blockchain node is also used for allowing the client to access target resources related to target transactions and executing the target transactions based on the target resources.
The block chain node is further used for decrypting the transaction signature according to the user information to obtain first data, carrying out hash processing on the information of the target transaction to obtain second data, and determining whether the transaction signature passes verification according to a matching result of the first data and the second data.
The blockchain node is further configured to send a transaction failure message to the client if it is determined that the client does not have the execution authority of the target transaction according to the authority information, where the transaction failure message carries a failure cause parameter, and the failure cause parameter is used to indicate that the transaction failure cause does not have the transaction authority.
The client is used for sending a registration request comprising a user identifier and rights information to be applied to a registration node, receiving a registration response sent by the registration node, wherein the registration response comprises target rights information determined by the registration node from the rights information to be applied according to the user identifier, and determining rights information according to the target rights information.
The client is specifically configured to populate a first field corresponding to the authority information in the user information, and populate a second field corresponding to the user identifier in the user information, or configured to obtain the user identifier, and encrypt the authority information and the user identifier to obtain the user information.
The client is also used for acquiring a user private key, signing the information of the target transaction by adopting the user private key to obtain a transaction signature, and generating a transaction request according to the transaction signature and the information of the target transaction.
Referring to fig. 22, the system may further include a registration node 100, where the registration node 100 establishes a communication connection with the client 300.
The registration node is used for receiving and responding to the registration request sent by the client, auditing the user identifier and the authority information to be applied, generating a registration response and sending the registration response to the client.
Optionally, the registration node may be a server, or a user terminal, where the server may be a physical server independently, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (content delivery network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms. The user terminal may include a smart phone, tablet, notebook, palm, mobile internet device (mobile internet device, MID), wearable device (e.g., smart watch, smart bracelet, etc.), etc. terminal.
Referring now to another aspect of the drawings, a computing device provided by an embodiment of the present application includes a memory, a processor, and a computer program stored on the memory and executable on the processor, which when executed implements a transaction processing method as described above.
Referring now to FIG. 23, there is illustrated a schematic diagram of a computer system 1000 suitable for use in implementing embodiments of the present application.
As shown in fig. 23, the computer system 1000 includes a Central Processing Unit (CPU) 1001, which can execute various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage section 1008 into a Random Access Memory (RAM) 1003. In the RAM1003, various programs and data required for the operation of the system 1000 are also stored. The CPU1001, ROM1002, and RAM1003 are connected to each other by a bus 1004. An input/output (I/O) interface 1006 is also connected to bus 1004.
The following components are connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, and the like; an output portion 1007 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), etc., and a speaker, etc.; a storage portion 1008 including a hard disk or the like; and a communication section 1009 including a network interface card such as a LAN card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the internet. The drive 1010 is also connected to the I/O interface 1006 as needed. A removable medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed as needed in the drive 1010, so that a computer program read out therefrom is installed as needed in the storage section 1008.
In particular, the processes described above with reference to fig. 3-5 may be implemented as computer software programs according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the methods of fig. 3-5. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 1009, and/or installed from the removable medium 1011.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules involved in the embodiments of the present application may be implemented in software or in hardware. The described units or modules may also be provided in a processor, for example, as: a processor includes a receiving module, a permission determination module, and a transaction execution module. The names of these units or modules do not in some cases limit the units or modules themselves, and for example, the receiving module may also be described as "receiving a transaction request sent by a client, where the transaction request carries user information of the client and information of a target transaction".
As another aspect, the present application also provides a computer-readable medium that may be contained in the electronic device described in the above embodiment; or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to implement the transaction processing method as described in the above embodiments.
For example, the computer device may implement the method as shown in fig. 4:
the block link point receives a transaction request sent by a client, wherein the transaction request carries user information of the client and information of target transaction;
the block chain link point determines authority information of the client according to the user information;
and if the block link point determines that the client has the execution authority of the target transaction according to the authority information, executing the target transaction.
As another example, the computer device may implement the steps shown in the method flow diagrams described above.
In summary, in the transaction processing method, device, system, equipment and storage medium provided in the embodiments of the present application, the block link point receives a transaction request sent by a client, the transaction request is written with user information of the client and information of a target transaction, then permission information of the client is determined according to the user information, and if the block link point determines that the client has permission of the target transaction according to the permission information, then the target transaction is executed. In the application, the transaction request sent by the client carries the user information, the blockchain node determines the authority information of the client according to the user information, the authority control is carried out on the client based on the authority information, and when the client is determined to have the execution authority of the target transaction according to the authority information, the corresponding blockchain network resource is accurately opened for the client to execute the target transaction. Compared with the prior technical scheme of verifying the user by means of the transaction signature, the verification of the user authority is increased, the verification of the user before the transaction is executed is perfected, the problem that the safety of the blockchain system is coarsely affected by the verification of the user is avoided, and the safety of the blockchain system can be effectively improved.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc. From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware.
The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application referred to in the present application is not limited to the specific combinations of the technical features described above, but also covers other technical features formed by any combination of the technical features described above or their equivalents without departing from the inventive concept. Such as the above-mentioned features and the technical features disclosed in the present application (but not limited to) having similar functions are replaced with each other.

Claims (19)

1. A transaction processing method, comprising:
the block link point receives a transaction request sent by a client, wherein the transaction request carries user information of the client and information of target transaction;
the block chain link point determines authority information of the client according to the user information;
and if the block link point determines that the client has the execution authority of the target transaction according to the authority information, executing the target transaction.
2. The method of claim 1, wherein the blockchain node determining rights information for the client from the user information comprises:
And acquiring a first field corresponding to the authority information in the user information, and determining the authority information according to the first field.
3. The method of claim 1, wherein the blockchain node determining rights information for the client from the user information comprises:
acquiring a second field corresponding to a user identifier in the user information, and determining the user identifier according to the second field;
and determining the authority information according to the user identification.
4. The method according to claim 1, wherein the method further comprises:
determining the role of the client in the blockchain network to which the blockchain node belongs according to the authority information, and determining whether the client has the execution authority of the target transaction according to the role; or,
and determining a group to which the client belongs and a role of the client in the group according to the authority information, and determining whether the client has the execution authority of the target transaction according to the group and the role, wherein the group is a group divided by a blockchain network to which the blockchain node belongs.
5. The method of claim 4, wherein the performing the target transaction comprises:
allowing the client to access a target resource related to the target transaction, and executing the target transaction based on the target resource.
6. The method of claim 1, wherein the transaction request further comprises a transaction signature,
and if the block link point determines that the client has the execution authority of the target transaction according to the authority information, executing the target transaction, including:
and if the block link point determines that the client has the execution authority of the target transaction according to the authority information and the transaction signature passes verification, executing the target transaction.
7. The method of claim 6, wherein the method further comprises:
decrypting the transaction signature according to the user information to obtain first data;
carrying out hash processing on the information of the target transaction to obtain second data;
and determining whether the transaction signature passes verification according to a matching result of the first data and the second data.
8. The method according to claim 1, wherein the method further comprises:
And if the block link point determines that the client does not have the execution authority of the target transaction according to the authority information, sending a transaction failure message to the client, wherein the transaction failure message carries a failure reason parameter, and the failure reason parameter is used for indicating that the transaction failure reason does not have the transaction authority.
9. A transaction processing method, comprising:
the client generates user information according to the authority information and generates a transaction request according to the user information and the information of the target transaction;
the client sends the transaction request to a blockchain node, wherein the transaction request comprises the user information and the information of the target transaction, so that the blockchain node executes the target transaction when determining that the client has the execution right of the target transaction according to the user information.
10. The method according to claim 9, wherein the method further comprises:
the client sends a registration request to a registration node, wherein the registration request comprises a user identifier and right information to be applied;
the client receives a registration response sent by the registration node, wherein the registration response comprises target authority information determined by the registration node from the authority information to be applied according to the user identification;
And the client determines the authority information according to the target authority information.
11. The method of claim 9, wherein generating user information from the rights information comprises:
and filling the authority information into a first field corresponding to the authority information in the user information, and filling the user identification into a second field corresponding to the user identification in the user information.
12. The method of claim 9, wherein generating user information from the rights information comprises:
and the client acquires a user identifier, and encrypts the authority information and the user identifier to obtain the user information.
13. The method of claim 9, wherein generating a transaction request based on the user information and information for a target transaction comprises:
the client acquires a user private key, wherein the user private key is generated according to the user information by adopting an identification password algorithm;
the client side adopts the user private key to carry out signature processing on the information of the target transaction to obtain a transaction signature;
and the client generates the transaction request according to the transaction signature and the information of the target transaction.
14. A transaction processing device, the device comprising:
the receiving module is used for receiving a transaction request sent by a client, wherein the transaction request carries user information of the client and information of target transaction;
the permission determining module is used for determining permission information of the client according to the user information;
and the transaction execution module is used for executing the target transaction if the block link point determines that the client has the execution authority of the target transaction according to the authority information.
15. A transaction processing device, the device comprising:
the transaction generation module is used for generating user information according to the authority information and generating a transaction request according to the user information and the information of the target transaction;
and the sending module is used for sending the transaction request to a blockchain node, wherein the transaction request comprises the user information and the information of the target transaction, so that the blockchain node executes the target transaction when determining that the client has the execution right of the target transaction according to the user information.
16. A transaction processing system, comprising: a client and a blockchain node;
The client is used for generating user information according to the authority information, generating a transaction request according to the user information and the information of target transaction, and sending the transaction request to the blockchain node;
and the blockchain node is used for receiving a transaction request sent by the client, determining authority information of the client according to the user information, and executing the target transaction if the client is determined to have the execution authority of the target transaction according to the user information.
17. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor for implementing a transaction processing method according to any of claims 1-13 when the program is executed.
18. A computer readable storage medium having stored thereon a computer program for implementing a transaction processing method according to any of claims 1-13.
19. A computer program product comprising instructions which, when executed, implement the transaction processing method according to any of claims 1 to 13.
CN202211471716.0A 2022-11-22 2022-11-22 Transaction processing method, device, system, equipment and storage medium Pending CN117057788A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211471716.0A CN117057788A (en) 2022-11-22 2022-11-22 Transaction processing method, device, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211471716.0A CN117057788A (en) 2022-11-22 2022-11-22 Transaction processing method, device, system, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117057788A true CN117057788A (en) 2023-11-14

Family

ID=88652414

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211471716.0A Pending CN117057788A (en) 2022-11-22 2022-11-22 Transaction processing method, device, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117057788A (en)

Similar Documents

Publication Publication Date Title
US10887275B2 (en) Token based network service among IoT applications
US20240144280A1 (en) Blockchain architecture with record security
CN110769035B (en) Block chain asset issuing method, platform, service node and storage medium
AU2017313687A1 (en) Dynamic cryptocurrency aliasing
WO2018213880A1 (en) System for blockchain based domain name and ip number register
CN112733178B (en) Cross-chain trust method, device, equipment and medium based on digital certificate authentication
KR20220093198A (en) Execution of transactions using dedicated and open blockchains
CN110674531B (en) Residential information management method, device, server and medium based on block chain
CN114567643B (en) Cross-blockchain data transfer method, device and related equipment
CN115292684A (en) Block chain based inquiry letter data processing method and block chain system
US11611435B2 (en) Automatic key exchange
CN115705601A (en) Data processing method and device, computer equipment and storage medium
CN113328854A (en) Service processing method and system based on block chain
CN112150158A (en) Block chain transaction delivery verification method and device
CN117057788A (en) Transaction processing method, device, system, equipment and storage medium
KR20200133140A (en) Method and system for high speed processing of transaction based on hybrid blockchain
CN113672988A (en) Block chain-based information management method, system, medium, and electronic device
CN117061089B (en) Voting management method, device, equipment and storage medium
TWI822441B (en) Account settlement method and system based on blockchain
Alam et al. Utilizing hyperledger fabric based private blockchain and ipfs to secure educational certificate management
RU2794054C2 (en) Automated system for independent confirmation of transactions
US20230409400A1 (en) System for resource allocation and monitoring
US20230396445A1 (en) Multi-signature wallets in public trust ledger actions via a database system
Malamas Distributed security and trust management in multi-authority and multi-domain environments based on blockchain. Case studies in healthcare and supply chain management systems
Köberl et al. A Novel Approach for Providing Client-Verifiable and Efficient Access to Private Smart Contracts

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication