[go: up one dir, main page]

CN117792616A - Key management method, device, equipment, medium and program based on blockchain - Google Patents

Key management method, device, equipment, medium and program based on blockchain Download PDF

Info

Publication number
CN117792616A
CN117792616A CN202211151547.2A CN202211151547A CN117792616A CN 117792616 A CN117792616 A CN 117792616A CN 202211151547 A CN202211151547 A CN 202211151547A CN 117792616 A CN117792616 A CN 117792616A
Authority
CN
China
Prior art keywords
node
key
transaction
signature
service node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211151547.2A
Other languages
Chinese (zh)
Inventor
张慧
蓝虎
王宗友
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202211151547.2A priority Critical patent/CN117792616A/en
Publication of CN117792616A publication Critical patent/CN117792616A/en
Pending legal-status Critical Current

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the application discloses a key management method, a device, equipment, a medium and a program based on a blockchain, wherein the method comprises the following steps: receiving a key update transaction aiming at a service node, and acquiring a key update signature carried by the key update transaction; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node; adopting a management node public key of the management node to carry out signature verification processing on the key update signature, and if the key update signature passes the signature verification processing, carrying out uplink processing on the key update transaction; when first transaction data sent by a service node are received, a first transaction signature carried by the first transaction data is obtained, signature verification processing is carried out on the first transaction signature by adopting a first node public key, and if the first transaction signature passes the signature verification processing, the first transaction data is subjected to uplink processing. By adopting the method and the device, the security of key management and the fluency of key switching can be improved.

Description

Key management method, device, equipment, medium and program based on blockchain
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, a medium, and a program for managing a key based on a blockchain.
Background
For each service node, the node key of each service node is equivalent to the identity symbol of the corresponding service node, and when each service node participates in a transaction, other service nodes acquire the identity information of the service node through the node key of the service node, so that the storage of the node key is an extremely important part. At present, a cryptographic engine is generally used to store the node secret key, however, the cryptographic engine has higher cost and higher debugging difficulty, so that the management efficiency of the node secret key is low. Alternatively, the node key may be stored by the trusted execution environment (Trusted Execution Environments, TEE), and when the hardware fails, such as a central processing unit (central processing unit, CPU) fails, the node key stored in the TEE may be lost and cannot be retrieved. In general, a common node key is negotiated in a plurality of hardware devices to realize multi-hardware backup of the key, and the mode has the advantages of complex flow, high requirement on hardware resources, high realization difficulty, complex management, and low security of the whole system, thereby leading to low security of key management.
Disclosure of Invention
The embodiment of the application provides a key management method, device, equipment, medium and program based on a blockchain, which can improve the security of key management and the fluency of key switching.
In one aspect, an embodiment of the present application provides a key management method based on a blockchain, where the method includes:
receiving a key update transaction aiming at a service node, and acquiring a key update signature carried by the key update transaction; the key update transaction includes a service node identification of the service node and a first node public key of the service node; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node;
acquiring a management node public key of the management node, adopting the management node public key to carry out signature verification processing on the key update signature, and if the key update signature passes the signature verification processing, carrying out uplink processing on the key update transaction;
when first transaction data sent by a service node are received, a first transaction signature carried by the first transaction data is obtained, signature verification processing is carried out on the first transaction signature by adopting a first node public key, and if the first transaction signature passes the signature verification processing, the first transaction data is subjected to uplink processing.
In one aspect, an embodiment of the present application provides a key management method based on a blockchain, where the method includes:
the service node stores a first node private key in a trusted execution environment, sends a key update request to the management node, and sends service node information of the service node to the management node based on the key update request so that the management node performs identity verification on the service node based on the service node information, and generates a key update transaction for the service node and a key update signature for the key update transaction when the service node passes the identity verification; the key update transaction includes a service node identification of the service node and a first node public key of the service node;
the service node generates a first transaction signature of the first transaction data by adopting a first node private key, and sends the first transaction data and the first transaction signature to the blockchain node so that the blockchain node performs signature verification processing on the first transaction signature, and when the signature verification processing on the first transaction signature passes, the first transaction data is subjected to uplink processing.
In one aspect, an embodiment of the present application provides a key management device based on a blockchain, where the device includes:
the transaction receiving module is used for receiving the key updating transaction aiming at the service node;
The first signature acquisition module is used for acquiring a key update signature carried by the key update transaction; the key update transaction includes a service node identification of the service node and a first node public key of the service node; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node;
the first signature verification module is used for acquiring a management node public key of the management node, and carrying out signature verification processing on the key update signature by adopting the management node public key;
the first uplink module is used for carrying out uplink processing on the key updating transaction if the key updating signature passes the signature verification;
the second signature verification module is used for acquiring a first transaction signature carried by the first transaction data when the first transaction data sent by the service node is received, and carrying out signature verification processing on the first transaction signature by adopting a first node public key;
and the second uplink module is used for carrying out uplink processing on the first transaction data if the signature verification of the first transaction signature passes.
Wherein the apparatus further comprises:
the number acquisition module is used for acquiring the historical key updating number corresponding to the service node;
the signature verification triggering module is used for executing the step of acquiring the management node public key of the management node if the update times of the history secret key are smaller than the update times threshold value;
The abnormal feedback module is used for sending a key update abnormal message to the service node if the historical key update times are greater than or equal to the update times threshold, wherein the key update abnormal message is used for indicating the service node and applying for key exception processing to the management node.
Wherein, this number of times obtains the module, includes:
the block inquiring unit is used for acquiring a target historical key updating block associated with the service node identifier, and acquiring the historical key updating times corresponding to the service node identifier from the target historical key updating block; the target historical key updating block is the block with the largest generation time in the historical key updating blocks associated with the service node identifiers;
the first uplink module includes:
the number updating unit is used for updating the historical key updating number to obtain the target key updating number;
and the block generating unit is used for generating a key updating block according to the target key updating times and the key updating transaction, and carrying out uplink processing on the key updating block when the key updating block is commonly recognized.
Wherein, this number of times obtains the module, includes:
a block obtaining unit, configured to obtain a history key update block associated with the service node identifier; the history key updating block refers to a block comprising history key updating transaction corresponding to the service node identifier;
And the block statistics unit is used for determining the number of the history key updating blocks as the history key updating times corresponding to the service node.
Wherein the apparatus further comprises:
the block searching module is used for searching an asset management block associated with the service node;
the asset acquisition module is used for acquiring the residual electronic asset corresponding to the service node from the asset management block if the asset management block is found;
the second signature acquisition module is used for acquiring an asset transfer signature generated by the service node by adopting the first node private key;
and the asset transfer module is used for generating an asset transfer block according to the residual electronic asset and the asset transfer signature, and carrying out uplink processing on the asset transfer block when the common identification of the asset transfer block passes.
Wherein, this second signature acquisition module includes:
the asset encryption unit is used for encrypting the residual electronic asset by adopting the first node public key to obtain a residual asset ciphertext;
the asset checking unit is used for sending the residual asset ciphertext to the service node so that the service node adopts the first node private key to decrypt the residual asset ciphertext to obtain the residual electronic asset, and when the residual electronic asset passes the verification, the first node private key is adopted to generate an asset transfer signature for the residual electronic asset;
And the signature acquisition unit is used for acquiring the asset transfer signature generated by the service node.
Wherein the apparatus further comprises:
the third signature acquisition module is used for acquiring a second transaction signature carried by the second transaction data when the second transaction data sent by the service node are received;
the public key acquisition module is used for acquiring a target secret key update block associated with the service node identifier and acquiring a second node public key corresponding to the service node from the target secret key update block; the target key update block refers to a block with the largest block generation time among blocks including key update transactions corresponding to service node identifiers;
the third signature verification module is used for carrying out signature verification processing on the second transaction signature by adopting the second node public key;
the fourth signature acquisition module is used for acquiring the target electronic asset associated with the second transaction data and the target transaction signature associated with the target electronic asset if the second transaction signature passes the signature verification;
and the fourth signature verification module is used for carrying out signature verification processing on the target transaction signature by adopting the second node public key, and if the target transaction signature passes the signature verification processing, the second transaction data is subjected to the uplink processing, and the business transaction indicated by the second transaction data is executed based on the target electronic asset.
Wherein the apparatus further comprises:
the history acquisition module is used for acquiring a secret key update block associated with the service node identifier if signature verification of the target transaction fails, and acquiring a history node public key corresponding to the service node from the secret key update block; the key update block includes a target key update block;
the fifth signature verification module is used for carrying out signature verification processing on the target transaction signature by adopting the history node public key;
and the third uplink module is used for carrying out uplink processing on the second transaction data if the history node public key passing through the signature verification of the target transaction exists in the history node public key, and executing the business transaction indicated by the second transaction data based on the target electronic asset.
In one aspect, an embodiment of the present application provides a key management device based on a blockchain, where the device includes:
the private key updating module is used for storing the private key of the first node in the trusted execution environment by the service node and sending a key updating request to the management node;
the identity verification module is used for sending service node information of the service node to the management node based on the key update request so that the management node can perform identity verification on the service node based on the service node information, and when the identity verification of the service node passes, a key update transaction for the service node and a key update signature for the key update transaction are generated; the key update transaction includes a service node identification of the service node and a first node public key of the service node;
The transaction signature module is used for generating a first transaction signature of the first transaction data by the service node through the first node private key, sending the first transaction data and the first transaction signature to the blockchain node so that the blockchain node performs signature verification processing on the first transaction signature, and performing uplink processing on the first transaction data when the first transaction signature passes the signature verification processing.
Wherein the apparatus further comprises:
the block searching module is used for searching a block comprising a first node public key when the service node generates first transaction data;
the signature triggering module is used for executing the step that the service node generates a first transaction signature of the first transaction data by adopting the first node private key if the block comprising the first node public key is found; the block comprising the first node public key is obtained by uplink processing of the key update transaction when the key update signature passes the verification;
and the query request module is used for sending a key update progress query request to the management node if the block comprising the first node public key is not found, and acquiring key update progress information aiming at the first node public key.
Wherein the apparatus further comprises:
the program integration module is used for the service node to acquire a key management program and integrate the key management program into the service node; the key management program comprises a key management intelligent contract;
The secret key acquisition module is used for acquiring a first node public key and a first node private key by the service node;
the private key updating module comprises:
the key initialization unit is used for the service node to store the first node private key in the trusted execution environment, trigger the key management program and initialize the first node public key and the first node private key based on the key management program;
an update request unit, configured to trigger a key management intelligent contract, derive a public key of a first node, and send a key update request to a management node; the key update request includes a first node public key and a service node identification of the service node.
Wherein, this transaction signature module includes:
the first environment switching unit is used for generating first transaction data by the service node, calling a first environment switching instruction, acquiring a first node private key in a trusted execution environment, signing the first transaction data by adopting the first node private key, and generating a first transaction signature; the first environment switching instruction is used for switching from the normal execution environment to the trusted execution environment;
the second environment switching unit is used for calling a second environment switching instruction and sending the first transaction data and the first transaction signature to the blockchain node in the conventional execution environment; the second context switch instruction is for switching from the trusted execution environment to the regular execution environment.
In one aspect, a computer device is provided, including a processor, a memory, and an input/output interface;
the processor is respectively connected with the memory and the input/output interface, wherein the input/output interface is used for receiving data and outputting data, the memory is used for storing a computer program, and the processor is used for calling the computer program so that the computer equipment comprising the processor executes the key management method based on the block chain in the aspect of the embodiment of the application.
An aspect of the present application provides a computer readable storage medium storing a computer program adapted to be loaded and executed by a processor to cause a computer device having the processor to perform the blockchain-based key management method of an aspect of the present application.
In one aspect, the present application provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from the computer-readable storage medium by a processor of a computer device, and executed by the processor, cause the computer device to perform the methods provided in the various alternatives in an aspect of the embodiments of the present application. In other words, the computer instructions, when executed by a processor, implement the methods provided in various alternatives in an aspect of the embodiments of the present application.
Implementation of the embodiment of the application has the following beneficial effects:
in the embodiment of the application, a key update transaction for a service node is received, and a key update signature carried by the key update transaction is obtained; the key update transaction includes a service node identification of the service node and a first node public key of the service node; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node; acquiring a management node public key of the management node, adopting the management node public key to carry out signature verification processing on the key update signature, and if the key update signature passes the signature verification processing, carrying out uplink processing on the key update transaction; when first transaction data sent by a service node are received, a first transaction signature carried by the first transaction data is obtained, signature verification processing is carried out on the first transaction signature by adopting a first node public key, and if the first transaction signature passes the signature verification processing, the first transaction data is subjected to uplink processing. Through the above process, the node secret key of the service node can be stored in the trusted execution environment to ensure the security of the node secret key, meanwhile, the security replacement of the node secret key is realized by utilizing the structural characteristic of the blockchain, when equipment failure occurs, the service node can bind a new node secret key and uplink the node public key in the new node secret key, and the node public key related to the service node is stored based on the order of updating the node secret key of the service node due to the order guarantee of the transaction on the chain, so that the smooth replacement of the node secret key is realized, and the smoothness of secret key switching is improved. And the updating of the node secret key is ensured by the secret key updating signature generated by the management node, so that the security of secret key management is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1a is a block chain based key management network interaction architecture diagram provided in an embodiment of the present application;
FIG. 1b is a diagram of another network interaction architecture for blockchain-based key management provided by embodiments of the present application;
FIG. 2a is a schematic diagram of a key management scenario based on blockchain according to an embodiment of the present application;
FIG. 2b is a schematic diagram of another key management scenario based on blockchain according to an embodiment of the present application;
FIG. 3 is a flowchart of a method for blockchain-based key management provided by an embodiment of the present application;
FIG. 4 is a flowchart of another method for blockchain-based key management provided by embodiments of the present application;
FIG. 5 is a schematic diagram of a trusted execution environment management scenario provided in an embodiment of the present application;
FIG. 6 is a schematic diagram of a key management interaction flow according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a transaction processing scenario provided in an embodiment of the present application;
FIG. 8 is a schematic diagram of a key management device based on blockchain according to an embodiment of the present disclosure;
FIG. 9 is a schematic diagram of another blockchain-based key management device according to an embodiment of the present disclosure;
fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
If the data of the object (such as a user) needs to be collected in the application, before and during collection, a prompt interface or a popup window is displayed, wherein the prompt interface or the popup window is used for prompting the user that XXXX data is currently collected, and only after the confirmation operation of the user on the prompt interface or the popup window is obtained, the relevant step of data acquisition is started, otherwise, the process is ended. The acquired user data is used in a reasonable and legal scene, application, or the like. Optionally, in some scenarios where user data is required but not authorized by the user, authorization may be requested from the user, and the user data may be reused when authorization passes.
First, the blockchain, and consensus mechanism mentioned in the embodiments of the present application are described.
1. Blockchain: in a narrow sense, the blockchain is a chain data structure taking a block as a basic unit, and the block uses a digital abstract to verify the previous transaction history, so that the requirements of tamper resistance and expandability in a distributed billing scene are met; in a broad sense, blockchain also refers to distributed accounting techniques implemented by blockchain structures, including distributed consensus, privacy and security protection, point-to-point communication techniques, network protocols, smart contracts, and the like. The goal of the blockchain is to implement a distributed data logging ledger that allows only additions and not deletions. The basic structure of the ledger floor is a linear linked list. The linked list is formed by serially connecting blocks, the Hash value of the preceding block is recorded in the following blocks, and whether each block (and the transaction in the block) is legal or not can be rapidly checked by calculating the Hash value. If a node in the network proposes to add a new block, it must be acknowledged by the consensus mechanism.
2. Block (Block): all transactions and status results occurring within a period of time are recorded and are a consensus of the current ledger status. Specifically, for a blockchain, each time data is written, the transaction process described above creates a block.
3. Chain (Chain): the system is formed by serially connecting blocks according to the occurrence sequence, and is a log record of the state change of the whole account book.
4. Consensus mechanism: the verification and confirmation of the transaction is completed in a short time by voting of the special nodes, and the aim is to enable all honest nodes to store a consistent block chain diagram.
Specifically, a blockchain is composed of blocks, each of which includes two parts: a chunk header and a chunk, and the chunk header includes a timestamp, a current hash value, and a successor hash value. The time stamp is used for recording the generation time of the block; the current hash value is the hash value of the block; the preceding hash value is the hash value of the preceding block of the block; and the block body is transaction information stored for the block body. Specifically, taking the example that the second block is added to the blockchain, the new block is generated as follows:
when a block exists in the blockchain, the block is used for indicating first transaction data generated by a first transaction, if a second transaction occurs, second transaction data is generated through the second transaction, and if the second transaction data passes verification, a second block is generated through the second transaction data and is used as a subsequent block of the first block to be added into the blockchain. The time stamp contained in the block head of the second block is used for recording the generation time of the second block; the current hash value is a hash value generated by the blockchain system through data contained in the second block; the preceding hash value is the hash value of the first chunk; the block body of the second block is used for recording second transaction data.
Similarly, a third chunk is added to the blockchain, the third chunk being used to indicate third transaction data generated by a third transaction. If a new transaction occurs in the transaction chain indicated by the blockchain, generating a subsequent block and adding the subsequent block into the blockchain according to the mode of generating a new block by the same principle.
The trusted execution environment is a technology based on hardware protection data and algorithm, also called TEE (Trusted Execution Environments), is an isolated environment of a processor and a memory, only a CPU can access an application program running in an encrypted memory, and accesses to a TEE by other layers (hardware, kernel and other application programs) are blocked by the CPU.
In this embodiment of the present application, please refer to fig. 1a, fig. 1a is a network interaction architecture diagram of a blockchain-based key management provided in this embodiment of the present application, as shown in fig. 1a, a system for managing a key may be referred to as a key management system, where the key management system may include a service node 101, a blockchain node 102, a management node 103, and the like, where the number of service nodes 101 may be one or more; the number of blockchain nodes 102 may be one or more; the management node 103 refers to a node having management authority for each service node, and the number of the nodes may be one or more, and the management node 103 may be considered as a node associated with an authority, a department, or the like, and may be used to manage node keys, identity information, and the like of each service node. When the node key changes, the service node 101 may send the node public key included in the new node key to the management node 103; the management node 103 may verify the received node public key, and when the verification passes, send the node public key included in the new node key to the blockchain node 102, and the blockchain node 102 may perform uplink processing on the node public key included in the new node key.
Optionally, referring also to fig. 1b, fig. 1b is another network interaction architecture diagram for blockchain-based key management according to an embodiment of the present application. As shown in fig. 1b, the key management system may include service nodes 104, management nodes 105, and the like, where the number of service nodes 104 is one or more, and the number of management nodes 105 is one or more. When the service node 104 updates the node key, the service node may send the node public key included in the new node key to the management node 105, and the management node 105 may verify the received node public key, and when the verification passes, perform the uplink processing on the node public key included in the new node key.
The new node key may be referred to as a first node key, where the first node key includes a first node public key and a first node private key.
Specifically, referring to fig. 2a, fig. 2a is a schematic diagram of a key management scenario based on blockchain according to an embodiment of the present application. As shown in fig. 2a, when the service node 201 updates the node key, a first node key is generated, where the first node key includes a first node public key and a first node private key, and the first node private key may be stored in a trusted execution environment, and the first node public key is sent to the management node 202. When the public key of the first node passes through the public key verification, the management node 202 creates a key update transaction for the service node 201, generates a key update signature for the key update transaction, and sends the key update transaction and the key update signature to the blockchain node 203, where the blockchain node 203 may be any node in a blockchain network. The blockchain node 203 may verify the key update transaction, and when the verification passes, perform uplink processing on the key update transaction, specifically, may generate a key update block according to the key update transaction, and add the key update block to the transaction blockchain 204. The transaction blockchain 204 may be a blockchain for managing node keys of each service node, or may be an integral blockchain for managing node keys of each service node, transactions generated in the blockchain network, and the like.
Further, after the first node public key is successfully uplink, that is, the first node public key is successfully backed up in the blockchain network, when the service node 201 generates the first transaction data, the first node private key may be used to generate the first transaction signature of the first transaction data, the first transaction signature, and the like are sent to the blockchain node 203, and when the blockchain node 203 verifies the first transaction data and the first transaction signature, the first transaction data and the first transaction signature may be uplink processed, specifically, a service transaction block may be generated according to the first transaction data and the first transaction signature, and the service transaction block is added to the transaction blockchain 204.
Alternatively, referring to fig. 2b, fig. 2b is a schematic diagram of another key management scenario based on blockchain according to an embodiment of the present application. As shown in fig. 2b, the service node 205 may store the first node key in a trusted execution environment, or store a first node private key included in the first node key, etc. The service node 205 may send the first node public key to the management node for identity verification, and obtain the key update signature sent by the management node. The service node 205 may send the first node public key to the core chain, specifically, may send the service node identifier of the service node 205 and the first node public key to the core chain in association with each other, for example, < service node identifier, first node public key >, may be denoted as < ID, pubkey2>, and may also send the key update signature to the core chain. Any blockchain node in the core chain may perform uplink processing on the service node identifier and the first node public key when the first node public key passes through the verification, specifically may generate a key update block according to the service node identifier and the first node public key, and add the key update block to the transaction blockchain 206, so that the node public key associated with the service node 205 is updated to the first node public key by the history node public key (e.g. denoted as pubkey 1), that is, the < service node identifier, the history node public key > (i.e. the < ID, pubkey1 >) — (i.e. the < service node identifier), the first node public key > (i.e. the < ID, pubkey2 >), where the ID refers to the service node identifier, and the history node public key is the node public key associated with the service node 205 that is the last of the first node public key.
It is understood that the service node, the management node, or the blockchain node mentioned in the embodiments of the present application may be a computer device, and the computer device in the embodiments of the present application includes, but is not limited to, a terminal device or a server. In other words, the computer device may be a server or a terminal device, or may be a system formed by the server and the terminal device. The above-mentioned terminal device may be an electronic device, including but not limited to a mobile phone, a tablet computer, a desktop computer, a notebook computer, a palm computer, a vehicle-mounted device, an augmented Reality/Virtual Reality (AR/VR) device, a head-mounted display, a smart television, a wearable device, a smart speaker, a digital camera, a camera, and other mobile internet devices (mobile internet device, MID) with network access capability, or a terminal device in a scene such as a train, a ship, or a flight. The servers mentioned above may be independent physical servers, or may be server clusters or distributed systems formed by a plurality of physical servers, or may be cloud servers that provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, vehicle-road collaboration, content distribution networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Alternatively, the data related to the embodiments of the present application may be stored in a computer device, or may be stored based on a cloud storage technology or the like, which is not limited herein.
Further, referring to fig. 3, fig. 3 is a flowchart of a method for blockchain-based key management according to an embodiment of the present application. As shown in fig. 3, taking a blockchain node as an execution body, the blockchain-based key management process includes the following steps:
step S301, receiving a key update transaction for a service node, and obtaining a key update signature carried by the key update transaction.
In this embodiment of the present application, when the service node performs a key update, a key update request may be sent to the management node, where the key update request may include a service node identifier of the service node and a public key of the first node, and optionally, the key update request may further include service node information of the service node. The management node may perform authentication on the service node based on the service node information, and may generate a key update signature for the key update request by using a management node private key of the management node when the authentication of the service node passes. The service node information may be used to represent identity related information of the service node, such as, but not limited to, object qualification or communication verification information. Further, the management node may send a key update transaction to the blockchain node for the service node, or the management node may send a key update signature to the service node, which sends a key update transaction to the blockchain node for the service node. The blockchain node may receive a key update transaction for the service node, and obtain a key update signature carried by the key update transaction. The key update transaction may include a service node identifier of the service node and a first node public key of the service node, i.e., < service node identifier, first node public key >.
The service node obtains a first node secret key to be updated when the service node updates the secret key, wherein the first node secret key comprises the first node public key and the first node secret key, and optionally, the service node can store the first node secret key into the trusted execution environment or store the first node secret key into the trusted execution environment.
Optionally, the update times threshold of each service node to the node secret key can be limited, that is, each service node can update the node secret key N times, N is a positive integer, N is the update times threshold, and since the service node generally does not have a large number of node secret key replacement, the update times threshold of each service node to the node secret key can be limited, and the security of secret key management is improved. Specifically, the blockchain node may obtain the number of times of updating the historical key corresponding to the service node. Or, the number of updating the node key by each service node in a period of time may be limited, that is, the number of updating the history key corresponding to the service node in the default duration may be obtained. If the number of updating the history key is smaller than the threshold number of updating times, step S302 is executed to obtain the public key of the management node, and verify the key updating transaction. If the historical key updating times is greater than or equal to the updating times threshold, a key updating abnormal message is sent to the service node, the key updating abnormal message is used for indicating the service node, and the management node is applied for key abnormal processing.
Specifically, when the number of times of updating the history key is greater than or equal to the threshold value of the number of times of updating, the service node may send a key exception handling request to the management node, where the key exception handling request may include the number of times of updating the history key and a key update reason for performing the node key update each time; the management node may determine an exception result for the service node based on the historical key update times and the key update reason. If the key update reason accords with the seal releasing piece, determining a key update permission result as an abnormal processing result of the service node, wherein the key update permission result can comprise key update permission times and the like; if the reason for updating the secret key does not meet the unpacking condition, determining the secret key updating refusing result as an abnormal processing result for the service node, and optionally, sending an abnormal processing method to the service node so that the service node re-requests the management node to perform secret key abnormal processing and the like based on the abnormal processing method. Further optionally, the management node may perform uplink processing on the exception handling result of the service node, and may also send the exception handling result to the service node.
When the exception processing result is a key update permission result, the management node may determine the key update permission number as an update number threshold of the service node, and perform uplink processing on the updated update number threshold. When the service node receives the exception processing result, a key update transaction can be sent to the blockchain node so that the blockchain node executes step S302; alternatively, the management node may trigger step S302 based on the updated update times threshold in the blockchain network after the updated update times threshold is uplink.
When the history key updating times corresponding to the service node are acquired, the blockchain node can acquire a target history key updating block associated with the service node identifier, and acquire the history key updating times corresponding to the service node identifier from the target history key updating block; the target historical key updating block is the block with the largest generation time in the historical key updating blocks associated with the service node identifiers. That is, the key update times corresponding to the service node may be synchronously stored during the key update transaction, for example, the key update times of the service node may be denoted as key_num, the key_num may be searched from the target history key update block, and the value of the key_num is determined as the history key update times of the service node. Alternatively, the blockchain node may obtain a history key update block associated with the service node identification; the history key updating block refers to a block comprising history key updating transaction corresponding to the service node identifier; and determining the number of the history key updating blocks as the history key updating times corresponding to the service node. Of course, if the number of updating the node key by each service node in a period of time is limited, the history key updating blocks associated with the service node identifier in the default time period can be obtained, and the number of the history key updating blocks is determined as the number of history key updating times corresponding to the service node.
Step S302, a management node public key of the management node is obtained, the management node public key is adopted to carry out signature verification processing on the key update signature, and if the key update signature verification is passed, the key update transaction is carried out uplink processing.
In the embodiment of the application, the blockchain node can acquire the management node public key of the management node, and the management node public key is adopted to carry out signature verification processing on the secret key update signature. If the signature verification of the key update is not passed, a key update failure message is sent to the service node, so that the service node can send a key update request to the management node again based on the key update failure message, and the node key update is carried out again. If the key update signature passes the verification, a key update block can be generated according to the key update transaction and the key update signature carried by the key update transaction, and the key update block is added into the transaction block chain when the key update block passes the common identification.
Optionally, the blockchain node may update the historical key update times to obtain the target key update times, generate a key update block according to the target key update times and the key update transaction, and perform uplink processing on the key update block when the key update block passes through the common knowledge, where the key update block may further include a key update signature.
Further alternatively, the blockchain node may perform asset transfer processing on the business node after the key update transaction is uplink processed. Specifically, a blockchain node may find an asset management block associated with a business node, the asset management block referring to a block associated with an electronic asset of the business node. If the asset management block is found, the remaining electronic assets corresponding to the service node are obtained from the asset management block, the service node obtains an asset transfer signature generated by the first node private key, the asset transfer block is generated according to the remaining electronic assets and the asset transfer signature, and when the asset transfer block is commonly known to pass, the asset transfer block is subjected to uplink processing. Specifically, when the asset transfer signature generated by the service node by adopting the first node private key is obtained, the blockchain node can encrypt the residual electronic asset by adopting the first node public key to obtain a residual asset ciphertext; the method comprises the steps that a residual asset ciphertext is sent to a service node, so that the service node decrypts the residual asset ciphertext by adopting a first node private key to obtain a residual electronic asset, and when the residual electronic asset passes verification, an asset transfer signature aiming at the residual electronic asset is generated by adopting the first node private key; and acquiring an asset transfer signature generated by the service node. Through the process, when the node secret key of the service node changes, the transfer of the residual electronic asset of the service node can be realized, so that the residual electronic asset of the service node is transferred to a new asset address of the service node, namely, the asset address indicated by the first node secret key, thereby realizing the smooth transfer of the residual electronic asset of the service node, the service node can directly call the residual electronic asset by adopting the first node secret key, realizing the functions of recovering the electronic asset, recovering the service and the like when the node secret key is lost, further improving the security of secret key management, the fluency of secret key switching and the like.
Step S303, when first transaction data sent by a service node is received, a first transaction signature carried by the first transaction data is obtained, signature verification processing is performed on the first transaction signature by adopting a first node public key, and if the first transaction signature passes the signature verification processing, uplink processing is performed on the first transaction data.
In the embodiment of the application, if the signature passes through the first transaction signature verification, a first business transaction block can be generated according to the first transaction data, and when the first business transaction block passes through the identification, uplink processing is performed on the first business transaction block; if the signature verification of the first transaction signature fails, a transaction identity exception message and the like can be sent to the service node, and the service node can regenerate the first transaction data and the first transaction signature aiming at the first transaction data based on the transaction identity exception message.
Optionally, when receiving the second transaction data sent by the service node, a second transaction signature carried by the second transaction data is obtained. The blockchain node can acquire a target key updating block associated with the service node identifier, and acquire a second node public key corresponding to the service node from the target key updating block; the target key update block refers to a block with the largest block generation time, that is, a second node public key obtained through the target key update block, among blocks including key update transactions corresponding to service node identifiers, and is the latest node public key of the service node authenticated by the management node. If the process is performed after step S302, the second node public key may be the first node public key, etc. Further, the second node public key may be used to sign the second transaction signature. If signature verification of the second transaction signature fails, a transaction exception message may be sent to the service node, where the transaction exception message is used to indicate that the service node does not pass the management node authentication, or is not the latest node private key when signing the second transaction data.
Further, if the second transaction signature passes the verification, the target electronic asset associated with the second transaction data and the target transaction signature associated with the target electronic asset may be obtained. The target transaction signature may be subject to a signature verification process using the second node public key. And if the signature verification of the target transaction passes, the second transaction data is subjected to uplink processing, and the business transaction indicated by the second transaction data is executed based on the target electronic asset. If signature verification of the target transaction signature fails, a secret key updating block associated with the service node identification is obtained, and a history node public key corresponding to the service node is obtained from the secret key updating block; the key update block includes a target key update block, and the history node public key may include a second node public key. The target transaction signature may be subjected to signature verification processing using the historical node public key, where the target transaction signature may be subjected to signature verification processing using a node public key other than the second node public key in the historical node public key since the target transaction signature has been subjected to signature verification processing using the second node public key. Alternatively, if the second transaction signature passes the verification, the blockchain node may obtain the target electronic asset associated with the second transaction data and the target transaction signature associated with the target electronic asset. And acquiring a key updating block associated with the service node identifier, and acquiring a history node public key corresponding to the service node from the key updating block. And further adopting the history node public key to carry out signature verification processing on the target transaction signature.
Further, if a history node public key passing through the signature verification of the target transaction signature exists in the history node public key, performing uplink processing on the second transaction data, and executing the business transaction indicated by the second transaction data based on the target electronic asset; and if the history node public key which passes the signature verification of the target transaction does not exist in the history node public key, sending a transaction failure message to the service node. By the method, when the node secret key of the service node changes, the electronic asset managed by the previous node identity (namely the node private key) can still be used, so that the replacement of the node secret key of the service node can not influence the asset use, service execution and the like of the service node, and the smoothness of secret key switching and the efficiency and effect of secret key management are improved.
In the embodiment of the application, the blockchain node can receive the key update transaction aiming at the service node and acquire the key update signature carried by the key update transaction; the key update transaction includes a service node identification of the service node and a first node public key of the service node; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node; acquiring a management node public key of the management node, adopting the management node public key to carry out signature verification processing on the key update signature, and if the key update signature passes the signature verification processing, carrying out uplink processing on the key update transaction; when first transaction data sent by a service node are received, a first transaction signature carried by the first transaction data is obtained, signature verification processing is carried out on the first transaction signature by adopting a first node public key, and if the first transaction signature passes the signature verification processing, the first transaction data is subjected to uplink processing. Through the above process, the node secret key of the service node can be stored in the trusted execution environment to ensure the security of the node secret key, meanwhile, the security replacement of the node secret key is realized by utilizing the structural characteristic of the blockchain, when equipment failure occurs, the service node can bind a new node secret key and uplink the node public key in the new node secret key, and the node public key related to the service node is stored based on the order of updating the node secret key of the service node due to the order guarantee of the transaction on the chain, so that the smooth replacement of the node secret key is realized, and the smoothness of secret key switching is improved. And the updating of the node secret key is ensured by the secret key updating signature generated by the management node, so that the security of secret key management is improved.
Further, referring to fig. 4, fig. 4 is a flowchart of another method for blockchain-based key management according to an embodiment of the present application. As shown in fig. 4, taking a service node as an execution body as an example, the key management process based on the blockchain includes the following steps:
in step S401, the service node stores the private key of the first node in the trusted execution environment, sends a key update request to the management node, and sends service node information of the service node to the management node based on the key update request.
In this embodiment of the present application, the service node stores a first node private key in the trusted execution environment, or stores a first node private key in the trusted execution environment, where the first node private key includes the first node private key and the first node public key. The service node can send a key update request to the management node, and send service node information of the service node to the management node based on the key update request, so that the management node performs identity verification on the service node based on the service node information, and when the identity verification on the service node passes, a key update transaction for the service node and a key update signature for the key update transaction are generated; the key update transaction includes a service node identification of the service node and a first node public key of the service node; and when the authentication of the service node fails, sending an authentication failure message to the service node. When receiving a key update transaction for a service node, the blockchain node may use a public key of a management node to perform signature verification processing on the key update signature, and perform uplink processing on the key update transaction when the key update signature verification passes, specifically, refer to the related descriptions of step S301 to step S302 in fig. 3, which are not described herein.
The management node may be considered as a node associated with an authority or a department, that is, data authenticated by the management node has authority, notarization, and the like, the management node may perform data verification, the management node may perform authentication on the service node based on service node information, where the service node information may include, but is not limited to, object qualification proof or communication verification information, for example, the management node may perform communication verification on the service node, the service node information may include communication verification information, and the like, for example, the management node may send a verification code to a registration communication signal (such as a mobile phone number) of the service node, obtain a verification code to be tested submitted by the service node in a specified time, where the verification code to be tested is communication verification information, and if the verification code to be tested is different from the verification code sent by the management node, it may be determined that the authentication on the service node fails. Optionally, the management node may adopt one or more authentication modes to perform authentication on the service node. If multiple identity verification modes exist, when the service node is verified to pass through the multiple identity verification modes, determining that the service node passes through the identity verification; and in a plurality of authentication modes, when an authentication mode which fails to authenticate the service node exists, determining that the authentication fails to authenticate the service node.
Optionally, the service node obtains a key management program, and integrates the key management program into the service node; the key management program includes a key management smart contract. The key management program can be regarded as an application program library obtained by packaging the capability of the trusted execution environment to manage the node key, the key management program can provide the functions of initializing, sealing, persistence storage, node private key signature, node public key encryption and the like of the node key, the service node can integrate the key management program into the service node, so that the service node can use the functions of trusted computing and the like of the trusted execution environment like a common application program, and the blockchain node can use the functions integrated by the key management program in any computer equipment supporting the trusted execution environment to realize the local safe storage, safe computing and the like of the node key. Alternatively, the service node may employ the internet (intel) based trusted environment technology (sgx), and the system wide security method (trust zone) of the processor (AdvancedRISCMachines, ARM) to generate the key management program. The key management program may include a conventional key management sub-program running in a conventional execution environment, a trusted key management sub-program running in a trusted execution environment, and the like. Alternatively, the key management smart contract may include a conventional key management subcontech and a trusted key management subcontech. Further, when the service node updates the node key or generates the node key for the first time, the service node may acquire the first node public key and the first node private key, that is, acquire the first node key.
Further, when the service node stores the first node private key in the trusted execution environment and sends a key update request to the management node, the service node stores the first node private key or the first node private key in the trusted execution environment, triggers a key management program, and initializes the first node public key and the first node private key based on the key management program. Triggering a key management intelligent contract, deriving a first node public key, and sending a key update request to a management node; the key update request includes a first node public key and a service node identification of the service node. For example, referring to fig. 5, fig. 5 is a schematic view of a trusted execution environment management scenario provided in an embodiment of the present application. As shown in fig. 5, the service node may integrate a key management program 501, call a first environment switching instruction to switch to a trusted execution environment 502, initialize a first node key 503 in the trusted execution environment 502, and further trigger a key management intelligent contract to derive a first node public key from the first node key 503; and calling a second environment switching instruction to switch to a conventional execution environment, and sending a key update request to the management node based on the first node public key in the conventional execution environment. Wherein the trusted execution environment 502 may have a minimum security boundary 504.
Alternatively, when the service node generates the first transaction data, a block including the first node public key may be looked up. If a block including the first node public key is found, it indicates that the first node public key has been authenticated and stored in the uplink, and the blockchain network recognizes the identity of the service node under the first node secret key, and step S402 may be triggered to execute the step that the service node generates the first transaction signature of the first transaction data using the first node private key. The block comprising the first node public key is obtained by uplink processing of the key update transaction when the key update signature passes through verification. If the block including the first node public key is not found, a key update progress query request is sent to the management node to acquire key update progress information for the first node public key, and optionally, related data of key update can be supplemented based on the key update progress information, so that the management node can update the node key of the service node more conveniently and rapidly.
Optionally, when the service node generates the first transaction data, step S402 may be directly triggered, a first transaction signature of the first transaction data is generated, the first transaction data is sent to the blockchain node, and the blockchain node verifies the first transaction data and the first transaction signature, which may be specifically referred to as related description shown in step S303 in fig. 3.
In step S402, the service node generates a first transaction signature of the first transaction data using the first node private key, and sends the first transaction data and the first transaction signature to the blockchain node.
In this embodiment of the present application, the service node generates a first transaction signature of the first transaction data by using the first node private key, and sends the first transaction data and the first transaction signature to the blockchain node, so that the blockchain node performs signature verification processing on the first transaction signature, and performs uplink processing on the first transaction data when the first transaction signature passes through the signature verification processing, which may be specifically described in the related description shown in step S303 of fig. 3.
Optionally, the service node generates first transaction data, can call a first environment switching instruction, can be marked as an ecall, obtains a first node private key in a trusted execution environment, signs the first transaction data by adopting the first node private key, and generates a first transaction signature; the first context switch instruction is for switching from a regular execution environment to a trusted execution environment. Invoking a second environment switching instruction, which can be denoted as ocal, in a conventional execution environment, sending first transaction data and a first transaction signature to a blockchain node; the second context switch instruction is for switching from the trusted execution environment to the regular execution environment. Wherein the conventional execution environment may be considered as an unsecure zone and the trusted execution environment may be considered as a secure zone.
Further, referring to fig. 6, fig. 6 is a schematic diagram of a key management interaction flow provided in an embodiment of the present application. As shown in fig. 6, the process may include the steps of:
in step S601, a first node key is generated.
In the embodiment of the application, the service node may generate a first node key, which may also be distributed by the key distribution node. That is, the service node may generate a first node key; or, sending a key acquisition request to the key distribution node, and acquiring the first node key distributed by the key distribution node based on the key acquisition request. The first node key may include a first node public key and a first node private key.
Step S602, a key update request is sent.
In this embodiment of the present application, a service node may send a key update request to a management node, where the key update request may include a first node public key and a service node identifier of the service node, that is, the service node is indicated by the service node identifier, and a node public key used by the service node is associated with the service node identifier, so as to implement updating of a node key of the service node.
Step S603, performing identity verification.
In this embodiment of the present application, the management node may perform authentication on the service node, which may be referred to as the description related to step S301 in fig. 3 and step S401 in fig. 4.
Step S604, whether the verification is passed.
In the embodiment of the present application, the management node detects whether the authentication of the service node passes, and if the authentication of the service node passes, step S605 is executed; if the authentication of the service node fails, an authentication failure message is sent to the service node.
Step S605 generates a key update transaction, and performs a uplink process on the key update transaction.
In the embodiment of the application, the management node may generate the key update transaction based on the service node identifier and the first node public key, and generate the key update signature of the key update transaction by using the management node private key. The management node may trigger an intelligent contract for uplink of the key update transaction, and perform uplink processing on the key update transaction; alternatively, the management node may send the key update transaction and the key update signature to the blockchain node, which performs the uplink processing on the key update transaction. The management node public key of the management node can be adopted to perform signature verification processing on the key update signature, when the key update signature passes through, a key update block is generated according to the key update transaction and the key update signature, and when the key update block passes through, the key update block is subjected to uplink processing. See the relevant description in steps S301 to S302 of fig. 3 and in step S401 of fig. 4.
Step S606, generating first transaction data, triggering a uplink process for the first transaction data.
In this embodiment of the present application, the procedure may refer to the procedure of the uplink of the first transaction data and the procedure of the uplink of the second transaction data in step S303 of fig. 3, and may refer to the related description in step S402 of fig. 4. The process of uplink the first transaction data may be performed by the service node, or the service node may send the first transaction data and the first transaction signature to the blockchain node, and the first transaction signature is performed by the blockchain node.
The blockchain node may be considered as a full-scale node, and the service node may be a full-scale node or a light node.
For example, referring to fig. 7, fig. 7 is a schematic diagram of a transaction processing scenario provided in an embodiment of the present application. As shown in fig. 7, the service node may generate a first transaction signature 702 of the first transaction data using the current node private key 701. Optionally, the service node may send the first transaction data and the first transaction signature 702 to the blockchain node 703, where the blockchain node 703 may obtain a target key update block 705 associated with the service node identifier from the transaction blockchain 704, and obtain a second node public key 706 corresponding to the service node from the target key update block 705, where the target key update block refers to a block including a key update transaction corresponding to the service node identifier, where the block generation time is the largest. Blockchain node 703 may use second node public key 706 to perform a signature verification process on first transaction signature 702 to obtain a signature verification result 707. If the signature verification result 707 is used to indicate that the signature verification of the first transaction signature 702 is passed, historical transaction data associated with the first transaction data and the historical transaction signature associated with the historical transaction data may be obtained. A key updating block 708 associated with the service node identifier is acquired, a history node public key 709 corresponding to the service node is acquired from the key updating block 708, and the history node public key 709 is adopted to perform signature verification processing on the history transaction signature. If there is a history node public key in the history node public key 709 that passes the history transaction signature verification, the first transaction data and the first transaction signature 702 are linked and uplink, i.e. added to the transaction blockchain 704. Through the process, after the service node changes the node secret key, the identity verification can be carried out on the currently used node secret key by adopting the previously used point public key, so that the service node can still use the previous service data (such as electronic assets or services and the like) after the node secret key is changed, the smooth switching of the node secret key of the service node is realized, the continuity of service transaction executed by the service node is ensured, and the effect and the flexibility of secret key management are further improved.
Further, referring to fig. 8, fig. 8 is a schematic diagram of a key management device based on blockchain according to an embodiment of the present application. The blockchain-based key management device may be a computer program (including program code, etc.) running in a computer device, for example, the blockchain-based key management device may be an application software; the device can be used for executing corresponding steps in the method provided by the embodiment of the application. As shown in fig. 8, the blockchain-based key management device 800 may be used in the computer device in the embodiment corresponding to fig. 3, and specifically, the device may include: a transaction receiving module 11, a first signature acquisition module 12, a first signature verification module 13, a first uplink module 14, a second signature verification module 15 and a second uplink module 16.
A transaction receiving module 11, configured to receive a key update transaction for a service node;
a first signature acquisition module 12, configured to acquire a key update signature carried by a key update transaction; the key update transaction includes a service node identification of the service node and a first node public key of the service node; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node;
The first signature verification module 13 is configured to obtain a management node public key of the management node, and perform signature verification processing on the key update signature by using the management node public key;
a first uplink module 14, configured to perform uplink processing on the key update transaction if the key update signature passes the verification;
the second signature verification module 15 is configured to, when receiving first transaction data sent by the service node, obtain a first transaction signature carried by the first transaction data, and perform signature verification processing on the first transaction signature by using a public key of the first node;
the second uplink module 16 is configured to perform uplink processing on the first transaction data if the signature passes.
Wherein the apparatus 800 further comprises:
the number acquisition module 17 is configured to acquire a number of update times of a history key corresponding to the service node;
the signature verification triggering module 18 is configured to perform a step of acquiring a management node public key of the management node if the number of updating times of the history key is smaller than the threshold value of the number of updating times;
the exception feedback module 19 is configured to send a key update exception message to the service node if the number of times of updating the historical key is greater than or equal to the threshold number of times of updating, where the key update exception message is used to instruct the service node to apply for key exception processing to the management node.
Wherein the number acquisition module 17 includes:
a block query unit 171, configured to obtain a target history key update block associated with the service node identifier, and obtain a history key update number corresponding to the service node identifier from the target history key update block; the target historical key updating block is the block with the largest generation time in the historical key updating blocks associated with the service node identifiers;
the first uplink module 14 includes:
a number updating unit 141, configured to update the number of times of updating the history key to obtain the number of times of updating the target key;
the block generating unit 142 is configured to generate a key update block according to the target number of key updates and the key update transaction, and perform uplink processing on the key update block when the key update block is commonly known.
Wherein the number acquisition module 17 includes:
a block obtaining unit 172, configured to obtain a history key update block associated with the service node identifier; the history key updating block refers to a block comprising history key updating transaction corresponding to the service node identifier;
the block statistics unit 173 is configured to determine the number of history key update blocks as the number of history key updates corresponding to the service node.
Wherein the apparatus 800 further comprises:
a block lookup module 20 for looking up asset management blocks associated with the service nodes;
the asset acquisition module 21 is configured to acquire, if the asset management block is found, remaining electronic assets corresponding to the service node from the asset management block;
a second signature acquisition module 22, configured to acquire an asset transfer signature generated by the service node using the first node private key;
and the asset transfer module 23 is used for generating an asset transfer block according to the residual electronic asset and the asset transfer signature, and performing uplink processing on the asset transfer block when the consensus of the asset transfer block passes.
Wherein the second signature acquisition module 22 comprises:
an asset encryption unit 221, configured to encrypt the remaining electronic assets with a first node public key to obtain a remaining asset ciphertext;
the asset checking unit 222 is configured to send the remaining asset ciphertext to the service node, so that the service node decrypts the remaining asset ciphertext by using the first node private key to obtain a remaining electronic asset, and when the remaining electronic asset passes the verification, generates an asset transfer signature for the remaining electronic asset by using the first node private key;
a signature acquisition unit 223 for acquiring the asset transfer signature generated by the service node.
Wherein the apparatus 800 further comprises:
a third signature acquisition module 24, configured to acquire, when receiving second transaction data sent by the service node, a second transaction signature carried by the second transaction data;
a public key obtaining module 25, configured to obtain a target key update block associated with the service node identifier, and obtain a second node public key corresponding to the service node from the target key update block; the target key update block refers to a block with the largest block generation time among blocks including key update transactions corresponding to service node identifiers;
a third signature verification module 26, configured to perform signature verification processing on the second transaction signature by using the second node public key;
a fourth signature acquisition module 27, configured to acquire the target electronic asset associated with the second transaction data and the target transaction signature associated with the target electronic asset if the second transaction signature passes the verification;
and the fourth signature verification module 28 is configured to perform signature verification processing on the target transaction signature by using the second node public key, and if the signature verification processing passes on the target transaction signature, perform uplink processing on the second transaction data, and execute the business transaction indicated by the second transaction data based on the target electronic asset.
Wherein the apparatus 800 further comprises:
a history obtaining module 29, configured to obtain a key update block associated with the service node identifier if signing the target transaction fails, and obtain a history node public key corresponding to the service node from the key update block; the key update block includes a target key update block;
a fifth signature verification module 30, configured to perform signature verification processing on the target transaction signature by using the history node public key;
and the third uplink module 31 is configured to perform uplink processing on the second transaction data if there is a history node public key that passes the signature verification of the target transaction in the history node public key, and execute the business transaction indicated by the second transaction data based on the target electronic asset.
Further, referring to fig. 9, fig. 9 is a schematic diagram of another key management device based on blockchain according to an embodiment of the present application. The blockchain-based key management device may be a computer program (including program code, etc.) running in a computer device, for example, the blockchain-based key management device may be an application software; the device can be used for executing corresponding steps in the method provided by the embodiment of the application. As shown in fig. 4, the blockchain-based key management device 900 may be used in the computer device in the embodiment corresponding to fig. 4, and specifically, the device may include: a private key update module 41, an authentication module 42, and a transaction signature module 43.
The private key updating module 41 is configured to store a private key of the first node in a trusted execution environment by using the service node, and send a key updating request to the management node;
the authentication module 42 is configured to send service node information of the service node to the management node based on the key update request, so that the management node performs authentication on the service node based on the service node information, and generates a key update transaction for the service node and a key update signature for the key update transaction when the authentication of the service node passes; the key update transaction includes a service node identification of the service node and a first node public key of the service node;
the transaction signature module 43 is configured to generate a first transaction signature of the first transaction data by using the first node private key by using the service node, and send the first transaction data and the first transaction signature to the blockchain node, so that the blockchain node performs signature verification processing on the first transaction signature, and performs uplink processing on the first transaction data when the first transaction signature passes the signature verification.
Wherein, this device 900 still includes:
a block searching module 44 for searching a block including the public key of the first node when the service node generates the first transaction data;
A signature triggering module 45, configured to execute a step of generating a first transaction signature of the first transaction data by the service node using the first node private key if the block including the first node public key is found; the block comprising the first node public key is obtained by uplink processing of the key update transaction when the key update signature passes the verification;
the query request module 46 is configured to send a key update progress query request to the management node if the block including the first node public key is not found, and obtain key update progress information for the first node public key.
Wherein, this device 900 still includes:
a program integration module 47, configured to obtain a key management program from the service node, and integrate the key management program into the service node; the key management program comprises a key management intelligent contract;
a key obtaining module 48, configured to obtain a first node public key and a first node private key by using a service node;
the private key update module 41 includes:
a key initialization unit 411, configured to store a first node private key in a trusted execution environment by a service node, trigger a key management program, and initialize a first node public key and a first node private key based on the key management program;
An update request unit 412, configured to trigger a key management intelligent contract, derive a public key of a first node, and send a key update request to a management node; the key update request includes a first node public key and a service node identification of the service node.
Wherein the transaction signature module 43 comprises:
the first environment switching unit 431 is configured to generate first transaction data by using the service node, call a first environment switching instruction, obtain a first node private key in a trusted execution environment, sign the first transaction data by using the first node private key, and generate a first transaction signature; the first environment switching instruction is used for switching from the normal execution environment to the trusted execution environment;
the second environment switching unit 432 is configured to invoke a second environment switching instruction, and in a conventional execution environment, send the first transaction data and the first transaction signature to the blockchain node; the second context switch instruction is for switching from the trusted execution environment to the regular execution environment.
The embodiment of the application provides a key management device based on a blockchain, which can receive a key update transaction aiming at a service node and acquire a key update signature carried by the key update transaction; the key update transaction includes a service node identification of the service node and a first node public key of the service node; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node; acquiring a management node public key of the management node, adopting the management node public key to carry out signature verification processing on the key update signature, and if the key update signature passes the signature verification processing, carrying out uplink processing on the key update transaction; when first transaction data sent by a service node are received, a first transaction signature carried by the first transaction data is obtained, signature verification processing is carried out on the first transaction signature by adopting a first node public key, and if the first transaction signature passes the signature verification processing, the first transaction data is subjected to uplink processing. Through the above process, the node secret key of the service node can be stored in the trusted execution environment to ensure the security of the node secret key, meanwhile, the security replacement of the node secret key is realized by utilizing the structural characteristic of the blockchain, when equipment failure occurs, the service node can bind a new node secret key and uplink the node public key in the new node secret key, and the node public key related to the service node is stored based on the order of updating the node secret key of the service node due to the order guarantee of the transaction on the chain, so that the smooth replacement of the node secret key is realized, and the smoothness of secret key switching is improved. And the updating of the node secret key is ensured by the secret key updating signature generated by the management node, so that the security of secret key management is improved.
Referring to fig. 10, fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 10, the computer device in the embodiment of the present application may include: one or more processors 1001, memory 1002, and an input-output interface 1003. The processor 1001, memory 1002, and input/output interface 1003 are connected by a bus 1004. The memory 1002 is configured to store a computer program, where the computer program includes program instructions, and the input/output interface 1003 is configured to receive data and output data, for example, for data interaction between a service node and a blockchain node, or for data interaction between a service node and a management node, or for data interaction between a management node and a blockchain node; the processor 1001 is configured to execute program instructions stored in the memory 1002.
Wherein the processor 1001 is in a blockchain node, the following operations may be performed:
receiving a key update transaction aiming at a service node, and acquiring a key update signature carried by the key update transaction; the key update transaction includes a service node identification of the service node and a first node public key of the service node; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node;
Acquiring a management node public key of the management node, adopting the management node public key to carry out signature verification processing on the key update signature, and if the key update signature passes the signature verification processing, carrying out uplink processing on the key update transaction;
when first transaction data sent by a service node are received, a first transaction signature carried by the first transaction data is obtained, signature verification processing is carried out on the first transaction signature by adopting a first node public key, and if the first transaction signature passes the signature verification processing, the first transaction data is subjected to uplink processing.
Wherein the processor 1001 is in a service node, the following operations may be performed:
the service node stores a first node private key in a trusted execution environment, sends a key update request to the management node, and sends service node information of the service node to the management node based on the key update request so that the management node performs identity verification on the service node based on the service node information, and generates a key update transaction for the service node and a key update signature for the key update transaction when the service node passes the identity verification; the key update transaction includes a service node identification of the service node and a first node public key of the service node;
The service node generates a first transaction signature of the first transaction data by adopting a first node private key, and sends the first transaction data and the first transaction signature to the blockchain node so that the blockchain node performs signature verification processing on the first transaction signature, and when the signature verification processing on the first transaction signature passes, the first transaction data is subjected to uplink processing.
In some possible implementations, the processor 1001 may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (digital signal processor, DSP), application specific integrated circuits (application specific integrated circuit, ASIC), off-the-shelf programmable gate arrays (field-programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 1002 may include read only memory and random access memory, and provides instructions and data to the processor 1001 and input output interface 1003. A portion of memory 1002 may also include non-volatile random access memory. For example, the memory 1002 may also store information of a device type.
In a specific implementation, the computer device may execute, through each functional module built in the computer device, an implementation manner provided by each step in fig. 3 or fig. 4, and specifically, the implementation manner provided by each step in fig. 3 or fig. 4 may be referred to, which is not described herein again.
Embodiments of the present application provide a computer device, comprising: the processor, the input/output interface and the memory are used for acquiring a computer program in the memory through the processor, executing the steps of the method shown in fig. 3 and performing key management operation based on the blockchain. According to the embodiment of the application, the node secret keys of the service nodes are stored in the trusted execution environment, so that the safety of the node secret keys is guaranteed, meanwhile, the safety replacement of the node secret keys is realized by utilizing the structural characteristics of the blockchain, when equipment faults occur, the service nodes can bind new node secret keys and uplink the node public keys in the new node secret keys, and due to the sequential guarantee of transactions on the chains, the node public keys related to the service nodes are stored based on the sequence of updating the node secret keys of the service nodes, so that the smooth replacement of the node secret keys is realized, and the smoothness of secret key switching is improved. And the updating of the node secret key is ensured by the secret key updating signature generated by the management node, so that the security of secret key management is improved.
The embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program is adapted to be loaded and executed by the processor to perform the blockchain-based key management method provided by each step in fig. 3 or fig. 4, and specifically refer to an implementation manner provided by each step in fig. 3 or fig. 4, which is not described herein again. In addition, the description of the beneficial effects of the same method is omitted. For technical details not disclosed in the embodiments of the computer-readable storage medium according to the present application, please refer to the description of the method embodiments of the present application. As an example, a computer program may be deployed to be executed on one computer device or on multiple computer devices at one site or distributed across multiple sites and interconnected by a communication network.
The computer readable storage medium may be a blockchain-based key management device provided in any of the foregoing embodiments or an internal storage unit of the computer device, such as a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, a flash card (flash card) or the like, which are provided on the computer device. Further, the computer-readable storage medium may also include both internal storage units and external storage devices of the computer device. The computer-readable storage medium is used to store the computer program and other programs and data required by the computer device. The computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and executes the computer instructions, so that the computer device executes the methods provided in various alternative modes in fig. 3 or fig. 4, the node keys of the service nodes are stored in the trusted execution environment, so that the security of the node keys is ensured, meanwhile, the security replacement of the node keys is realized by utilizing the structural characteristics of the blockchain, when the device fails, the service nodes can bind new node keys and uplink the node public keys in the new node keys, and the order of the transaction on the links ensures that the node public keys related to the service nodes are stored based on the order of updating the node keys of the service nodes, so that the smooth replacement of the node keys is realized, and the smoothness of key switching is improved. And the updating of the node secret key is ensured by the secret key updating signature generated by the management node, so that the security of secret key management is improved.
The terms first, second and the like in the description and in the claims and drawings of the embodiments of the present application are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the term "include" and any variations thereof is intended to cover a non-exclusive inclusion. For example, a process, method, apparatus, article, or device that comprises a list of steps or elements is not limited to the list of steps or modules but may, in the alternative, include other steps or modules not listed or inherent to such process, method, apparatus, article, or device.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in this description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The methods and related devices provided in the embodiments of the present application are described with reference to the method flowcharts and/or structure diagrams provided in the embodiments of the present application, and each flowchart and/or block of the method flowcharts and/or structure diagrams may be implemented by computer program instructions, and combinations of flowcharts and/or blocks in the flowchart and/or block diagrams. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable block-chain based key management device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable block-chain based key management device, create means for implementing the functions specified in the flowchart block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable blockchain-based key management device to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable blockchain-based key management device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer implemented process such that the instructions which execute on the computer or other programmable device provide steps for implementing the functions specified in the flowchart flow or flows and/or structures block or blocks.
The steps in the method of the embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs.
The modules in the device of the embodiment of the application can be combined, divided and deleted according to actual needs.
The foregoing disclosure is only illustrative of the preferred embodiments of the present application and is not intended to limit the scope of the claims herein, as the equivalent of the claims herein shall be construed to fall within the scope of the claims herein.

Claims (17)

1. A blockchain-based key management method, the method comprising:
receiving a key update transaction aiming at a service node, and acquiring a key update signature carried by the key update transaction; the key update transaction includes a service node identification of the service node and a first node public key of the service node; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node;
acquiring a management node public key of a management node, adopting the management node public key to carry out signature verification processing on the secret key update signature, and if the secret key update signature passes the signature verification processing, carrying out uplink processing on the secret key update transaction;
When first transaction data sent by the service node are received, a first transaction signature carried by the first transaction data is obtained, signature verification processing is carried out on the first transaction signature by adopting the first node public key, and if the signature verification processing is passed on the first transaction signature, uplink processing is carried out on the first transaction data.
2. The method of claim 1, wherein the method further comprises:
acquiring the history key updating times corresponding to the service node;
if the update times of the history secret key is smaller than the update times threshold, executing the step of acquiring the management node public key of the management node;
and if the historical key updating times are greater than or equal to the updating times threshold, sending a key updating abnormal message to the service node, wherein the key updating abnormal message is used for indicating the service node and applying for key abnormal processing to a management node.
3. The method of claim 2, wherein the obtaining the number of history key updates corresponding to the service node comprises:
acquiring a target historical key updating block associated with the service node identifier, and acquiring the historical key updating times corresponding to the service node identifier from the target historical key updating block; the target historical key updating block is the block with the largest block generation time in the historical key updating blocks associated with the service node identifiers;
The uplink processing of the key update transaction comprises the following steps:
updating the history secret key updating times to obtain target secret key updating times;
and generating a key updating block according to the target key updating times and the key updating transaction, and carrying out uplink processing on the key updating block when the key updating block is commonly recognized.
4. The method of claim 2, wherein the obtaining the number of history key updates corresponding to the service node comprises:
acquiring a history key update block associated with the service node identifier; the history key updating block refers to a block comprising history key updating transaction corresponding to the service node identifier;
and determining the number of the history key updating blocks as the history key updating times corresponding to the service node.
5. The method of claim 1, wherein the method further comprises:
searching an asset management block associated with the service node;
if the asset management block is found, acquiring the residual electronic asset corresponding to the service node from the asset management block, acquiring an asset transfer signature generated by the service node by adopting the first node private key, generating an asset transfer block according to the residual electronic asset and the asset transfer signature, and performing uplink processing on the asset transfer block when the residual electronic asset and the asset transfer signature are commonly recognized and pass through.
6. The method of claim 5, wherein the obtaining the asset transfer signature generated by the service node using the first node private key comprises:
encrypting the residual electronic asset by adopting the first node public key to obtain a residual asset ciphertext;
the residual asset ciphertext is sent to the service node, so that the service node decrypts the residual asset ciphertext by adopting the first node private key to obtain the residual electronic asset, and when the residual electronic asset passes verification, an asset transfer signature aiming at the residual electronic asset is generated by adopting the first node private key;
and acquiring the asset transfer signature generated by the service node.
7. The method of claim 1, wherein the method further comprises:
when second transaction data sent by the service node are received, a second transaction signature carried by the second transaction data is obtained;
acquiring a target secret key updating block associated with the service node identifier, and acquiring a second node public key corresponding to the service node from the target secret key updating block; the target key updating block refers to a block with the largest block generation time among blocks comprising key updating transactions corresponding to the service node identifiers;
Performing signature verification processing on the second transaction signature by adopting the second node public key, and if the second transaction signature passes the signature verification processing, acquiring a target electronic asset associated with the second transaction data and a target transaction signature associated with the target electronic asset;
and adopting the second node public key to perform signature verification processing on the target transaction signature, and if the target transaction signature passes the signature verification processing, performing uplink processing on the second transaction data, and executing the business transaction indicated by the second transaction data based on the target electronic asset.
8. The method of claim 7, wherein the method further comprises:
if signature verification of the target transaction signature fails, a key updating block associated with the service node identifier is obtained, and a history node public key corresponding to the service node is obtained from the key updating block; the key update block includes the target key update block;
and adopting the history node public key to carry out signature verification processing on the target transaction signature, if the history node public key passing through the signature verification of the target transaction signature exists in the history node public key, carrying out uplink processing on the second transaction data, and executing the business transaction indicated by the second transaction data based on the target electronic asset.
9. A blockchain-based key management method, the method comprising:
the service node stores a first node private key in a trusted execution environment, sends a key update request to a management node, and sends service node information of the service node to the management node based on the key update request so that the management node performs identity verification on the service node based on the service node information, and generates a key update transaction for the service node and a key update signature for the key update transaction when the service node passes the identity verification; the key update transaction includes a service node identification of the service node and a first node public key of the service node;
the service node generates a first transaction signature of first transaction data by adopting the first node private key, and sends the first transaction data and the first transaction signature to a blockchain node so that the blockchain node performs signature verification processing on the first transaction signature, and when the first transaction signature passes through the signature verification processing, the first transaction data is subjected to uplink processing.
10. The method of claim 9, wherein the method further comprises:
Searching a block comprising the first node public key when the service node generates first transaction data;
if the block comprising the first node public key is found, executing the step that the service node adopts the first node private key to generate a first transaction signature of first transaction data; the block comprising the first node public key is obtained by uplink processing of the key update transaction when the key update signature passes the signature verification;
and if the block comprising the first node public key is not found, sending a key update progress query request to the management node, and acquiring key update progress information aiming at the first node public key.
11. The method of claim 9, wherein the method further comprises:
the service node acquires a secret key management program and integrates the secret key management program into the service node; the key management program comprises a key management intelligent contract;
the service node acquires the first node public key and the first node private key;
the service node stores the private key of the first node in a trusted execution environment, and sends a key update request to the management node, including:
The service node stores the first node private key in a trusted execution environment, triggers the key management program, and initializes the first node public key and the first node private key based on the key management program;
triggering the key management intelligent contract, leading out the public key of the first node, and sending a key update request to a management node; the key update request includes the first node public key and a service node identification of the service node.
12. The method of claim 11, wherein the service node generating a first transaction signature for first transaction data using the first node private key, transmitting the first transaction data and the first transaction signature to a blockchain node, comprising:
the service node generates first transaction data, calls a first environment switching instruction, acquires a first node private key in the trusted execution environment, signs the first transaction data by adopting the first node private key, and generates a first transaction signature; the first environment switching instruction is used for switching from a normal execution environment to the trusted execution environment;
invoking a second environment switching instruction, in the conventional execution environment, sending the first transaction data and the first transaction signature to a blockchain node; the second context switch instruction is to switch from the trusted execution environment to the regular execution environment.
13. A blockchain-based key management device, the device comprising:
the transaction receiving module is used for receiving the key updating transaction aiming at the service node;
the first signature acquisition module is used for acquiring a key update signature carried by the key update transaction; the key update transaction includes a service node identification of the service node and a first node public key of the service node; the first node private key corresponding to the first node public key is stored in a trusted execution environment of the service node;
the first signature verification module is used for obtaining a management node public key of a management node and carrying out signature verification processing on the secret key update signature by adopting the management node public key;
the first uplink module is used for carrying out uplink processing on the key updating transaction if the key updating signature passes the signature verification;
the second signature verification module is used for acquiring a first transaction signature carried by the first transaction data when receiving the first transaction data sent by the service node, and carrying out signature verification processing on the first transaction signature by adopting the first node public key;
and the second uplink module is used for carrying out uplink processing on the first transaction data if the signature verification of the first transaction signature passes.
14. A blockchain-based key management device, the device comprising:
the private key updating module is used for storing the private key of the first node in the trusted execution environment by the service node and sending a key updating request to the management node;
the identity verification module is used for sending service node information of a service node to the management node based on the key update request, so that the management node performs identity verification on the service node based on the service node information, and when the identity verification on the service node passes, a key update transaction for the service node and a key update signature for the key update transaction are generated; the key update transaction includes a service node identification of the service node and a first node public key of the service node;
and the transaction signature module is used for generating a first transaction signature of first transaction data by the service node by adopting the first node private key, and sending the first transaction data and the first transaction signature to a blockchain node so that the blockchain node performs signature verification processing on the first transaction signature, and performs uplink processing on the first transaction data when the first transaction signature passes the signature verification processing.
15. A computer device, comprising a processor, a memory, and an input-output interface;
the processor is connected to the memory and the input-output interface, respectively, wherein the input-output interface is used for receiving data and outputting data, the memory is used for storing a computer program, and the processor is used for calling the computer program to enable the computer device to execute the method of any one of claims 1-8 or execute the method of any one of claims 9-12.
16. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program adapted to be loaded and executed by a processor to cause a computer device having the processor to perform the method of any of claims 1-8 or to perform the method of any of claims 9-12.
17. A computer program product comprising computer programs/instructions which, when executed by a processor, implement the method of any of claims 1-8 or perform the method of any of claims 9-12.
CN202211151547.2A 2022-09-20 2022-09-20 Key management method, device, equipment, medium and program based on blockchain Pending CN117792616A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211151547.2A CN117792616A (en) 2022-09-20 2022-09-20 Key management method, device, equipment, medium and program based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211151547.2A CN117792616A (en) 2022-09-20 2022-09-20 Key management method, device, equipment, medium and program based on blockchain

Publications (1)

Publication Number Publication Date
CN117792616A true CN117792616A (en) 2024-03-29

Family

ID=90385525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211151547.2A Pending CN117792616A (en) 2022-09-20 2022-09-20 Key management method, device, equipment, medium and program based on blockchain

Country Status (1)

Country Link
CN (1) CN117792616A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120750656A (en) * 2025-08-31 2025-10-03 苏州元脑智能科技有限公司 Key management method, electronic device, storage medium, and program product

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120750656A (en) * 2025-08-31 2025-10-03 苏州元脑智能科技有限公司 Key management method, electronic device, storage medium, and program product

Similar Documents

Publication Publication Date Title
CN111144881B (en) Selective access to asset transfer data
US12105823B2 (en) Protecting sensitive data
JP7710448B2 (en) Partially Ordered Blockchain
US20210117385A1 (en) Database snapshot for managing state synchronization
CN108076057B (en) Data security system and method based on block chain
JP2022541048A (en) Security layer for configuring blockchain
JP7762476B2 (en) Noise Transactions for Data Protection
US10721076B2 (en) Method, device, terminal, and server for a security check
CN119397600B (en) Information management method and system for access control card chip
CN111260475B (en) Data processing method, block link point equipment and storage medium
CN103457919A (en) Safety verification method and device for virtual machine mirror images
CN110502889B (en) Login method, login device, computer readable storage medium and computer equipment
CN112069529B (en) Block chain-based volume management method and device, computer and storage medium
CN119484028A (en) A method and system for realizing security authentication of Internet of Things devices based on blockchain technology
CN117595996A (en) Electronic signature processing method and device, electronic equipment and storage medium
US20250356423A1 (en) Data processing method and apparatus based on blockchain, device, and storage medium
CN117792616A (en) Key management method, device, equipment, medium and program based on blockchain
CN116886444B (en) Cross-chain data processing method, device, computer, storage medium and program product
CN116032494B (en) Data interaction method, blockchain predictor, device and medium
CN111162970B (en) Method and device for testing decentralized application server in block chain system
CN117997519A (en) Data processing method, apparatus, program product, computer device, and medium
CN116938500A (en) Data processing method, device, equipment and computer readable storage medium
US12506605B1 (en) Controlling access to cryptographic resources using offline storage
Liu Improving the security and reliability of application systems with blockchain technology
CN119205323A (en) Transaction management method, device, computer and storage medium based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination