CN114666064B - Digital asset management method, device, storage medium and equipment based on blockchain - Google Patents
Digital asset management method, device, storage medium and equipment based on blockchain Download PDFInfo
- Publication number
- CN114666064B CN114666064B CN202210300769.XA CN202210300769A CN114666064B CN 114666064 B CN114666064 B CN 114666064B CN 202210300769 A CN202210300769 A CN 202210300769A CN 114666064 B CN114666064 B CN 114666064B
- Authority
- CN
- China
- Prior art keywords
- node
- public key
- transaction
- resource
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 54
- 238000000034 method Methods 0.000 claims description 22
- 238000012795 verification Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 5
- 238000012544 monitoring process Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003862 health status Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application provides a digital asset management method, a device, a storage medium and computer equipment based on a blockchain, wherein the digital asset management method comprises the following steps: responding to a resource storage request initiated by a first node, and storing the resource to be stored by the first node to a blockchain system; the resource is a digital asset encrypted by a first node according to a preset authority level by adopting an asset encryption private key in a corresponding asset encryption key pair; responding to a public key storage request initiated by a first node, and storing asset encryption public keys in asset encryption key pairs corresponding to each authority level to a blockchain system; executing the intelligent contract to send the target resource to the second node when the intelligent contract created by the first node is received; and when receiving an access request initiated by the second node, sending the public key storage address to the second node. The application can enhance the privacy protection of digital assets.
Description
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a blockchain-based digital asset management method, device, storage medium, and computer apparatus.
Background
Blockchains are widely applied to scenes such as asset transfer, auction and the like as a multiparty collaboration-oriented technology. One of the important reasons that blockchain technology can be widely used in the digital asset arts is to protect the privacy of accounts and transactions. However, in the existing blockchain technology, it is difficult to protect the privacy of the resources and endanger the privacy of the owners of the assets.
Disclosure of Invention
The embodiment of the application provides a digital asset management method, a digital asset management device, a digital asset management storage medium and a digital asset management computer device based on a blockchain, which can enhance the privacy protection of digital assets.
The application provides a digital asset management method based on a blockchain, which comprises the following steps:
Responding to a resource storage request initiated by a first node, and storing the resource to be stored by the first node to a blockchain system; the resource is a digital asset which is encrypted by the first node according to a preset authority level by adopting an asset encryption private key in a corresponding asset encryption key pair;
Responding to a public key storage request initiated by the first node, and storing asset encryption public keys in asset encryption key pairs corresponding to each authority level to the blockchain system;
executing the intelligent contract to send the target resource to the second node when the intelligent contract created by the first node is received; the intelligent contract comprises an identity account number of a second node, access rights of the second node and identification information of a target resource, wherein the identification information is used for acquiring the target resource from the blockchain system; the access right is used for distributing the right of accessing the resource to the second node;
When an access request initiated by the second node is received, a public key storage address is sent to the second node; and the node corresponding to the public key storage address is used for storing an asset encryption public key corresponding to the access authority, so that the second node obtains the asset encryption public key based on the public key storage address and is used for decrypting the target resource.
In one embodiment, the digital asset management method further comprises:
Verifying the identity information of the first node based on a zero knowledge proof algorithm;
When the identity information of the first node is verified to be effective, a first transaction public key in a first transaction key pair generated by the first node is obtained;
And storing the first transaction public key as an identity account number of the first node so as to add the first node into a blockchain node.
In one embodiment, the obtaining the first transaction public key of the transaction key pair generated by the first node includes:
transmitting an authentication public key of an authentication key pair to the first node;
acquiring a first ciphertext packet uploaded after the first node encrypts the first transaction public key by using the authentication public key;
And decrypting the first ciphertext package by using an authentication private key in the authentication key pair to obtain the first transaction public key.
In one embodiment, the executing the smart contract to send the target resource to the second node when the smart contract created by the first node is received includes:
When receiving an intelligent contract created by the first node, verifying zero knowledge proof on the validity of a target resource in the intelligent contract by using the first transaction public key; the intelligent combination is about the first node to upload the first transaction private key signature corresponding to the first transaction public key to the blockchain system to finish creation;
Upon verifying that the target resource is valid, executing the smart contract to send the target resource to the second node.
In one embodiment, the digital asset management method further comprises:
verifying the identity information of the second node based on a zero knowledge proof algorithm;
When the identity information of the second node is verified to be effective, a second transaction public key in a second transaction key pair generated by the second node is obtained;
And storing the second transaction public key as an identity account number of the second node so as to add the second node into a blockchain node.
In one embodiment, the obtaining the second transaction public key of the second transaction key pair generated by the second node includes:
Transmitting an authentication public key of the authentication key pair to the second node;
Acquiring a second ciphertext packet uploaded after the second node encrypts the second transaction public key by using the authentication public key;
And decrypting the second ciphertext package by using the authentication private key in the authentication key pair to obtain the second transaction public key.
In one embodiment, the access rights include a level of rights to access the resource and an access time to access the resource for the second node.
The application also provides a digital asset management device based on the block chain, which comprises:
The resource storage module is used for responding to a resource storage request initiated by a first node and storing the resource to be stored by the first node to the blockchain system; the resource is a digital asset which is encrypted by the first node according to a preset authority level by adopting an asset encryption private key in a corresponding asset encryption key pair;
The key storage module is used for responding to a public key storage request initiated by the first node and storing asset encryption public keys in the asset encryption key pairs corresponding to the authority levels to a blockchain system;
The business execution module is used for executing the intelligent contract when receiving the intelligent contract created by the first node so as to send the target resource to the second node; the intelligent contract comprises an identity account number of a second node, access rights of the second node and identification information of a target resource, wherein the identification information is used for acquiring the target resource from the blockchain system; the access right is used for distributing the right of accessing the resource to the second node;
The public key storage address sending module is used for sending the public key storage address to the second node when receiving the access request initiated by the second node; and the node corresponding to the public key storage address is used for storing an asset encryption public key corresponding to the access authority, so that the second node obtains the asset encryption public key based on the public key storage address and is used for decrypting the target resource.
The present application also provides a storage medium having stored therein computer readable instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of the blockchain-based digital asset management method of any of the embodiments above.
The present application also provides a computer device comprising: one or more processors, and memory;
the memory has stored therein computer readable instructions that, when executed by the one or more processors, perform the steps of the blockchain-based digital asset management method as described in any of the embodiments above.
From the above technical solutions, the embodiment of the present application has the following advantages:
According to the blockchain-based digital asset management method, the device, the storage medium and the computer equipment, a plurality of resources obtained by encrypting the digital asset through asset encryption private keys with different authority levels by the first node are stored in the blockchain system through response to a resource storage request initiated by the first node, the asset encryption public keys corresponding to the different authority levels are also stored in the blockchain system and separated from the resources, the decentralized distributed storage of the resources and the secret keys is realized, the storage safety is improved, when a certain resource is required to serve as a target resource to be accessed to the second node, the first node can create an intelligent contract containing an identity account number of the second node, the access authority of the second node and identification information of the target resource, the block chain link point executes the intelligent contract to send the target resource to the second node, when the second node initiates the access request, the second node can acquire the asset encryption public key which is matched with the access authority of the second node and is used for decrypting the target resource according to the public key, the second node can decrypt the target resource by utilizing the asset encryption public key, the access authority of the second node can realize that the access to the target resource can only be ensured that the access authority of the digital asset can be accessed by the first node (namely, the access authority of the digital asset can be only access to the digital asset of the user can be ensured, and the access to the access person can be only access the digital asset can be allowed to access the digital asset can be protected, and the access to the digital asset can be only access to the digital owner can be ensured.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the application, and that other drawings can be obtained from these drawings without inventive faculty for a person skilled in the art.
FIG. 1 is a flow chart of a method of digital asset management in one embodiment;
FIG. 2 is a flow chart of a method of digital asset management in another embodiment;
FIG. 3 is a flowchart showing the steps for obtaining a first transaction public key in a first transaction key pair generated by a first node, in one embodiment;
FIG. 4 is a flowchart of the steps performed by a first node to send a target resource to a second node upon receiving a smart contract created by the first node, in one embodiment;
FIG. 5 is a flow chart of a method of digital asset management in yet another embodiment;
FIG. 6 is a flowchart showing the steps for obtaining a second transaction public key in a second transaction key pair generated by a second node, in one embodiment;
FIG. 7 is a block diagram of a digital asset management device, in one embodiment;
FIG. 8 is an internal block diagram of a computer device, in one embodiment.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The embodiment of the application is applied to a block chain system, and the block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The blockchain (Blockchain), essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeit) of its information and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.
The blockchain underlying platform may include processing modules for user management, basic services, smart contracts, operation monitoring, and the like. The user management module is responsible for identity information management of all blockchain participants, including maintenance of public and private key generation (account management), key management, maintenance of corresponding relation between the real identity of the user and the blockchain address (authority management) and the like, and under the condition of authorization, supervision and audit of transaction conditions of certain real identities, and provision of rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node devices, is used for verifying the validity of a service request, recording the service request on a storage after the effective request is identified, for a new service request, the basic service firstly analyzes interface adaptation and authenticates the interface adaptation, encrypts service information (identification management) through an identification algorithm, and transmits the encrypted service information to a shared account book (network communication) in a complete and consistent manner, and records and stores the service information; the intelligent contract module is responsible for registering and issuing contracts, triggering contracts and executing contracts, a developer can define contract logic through a certain programming language, issue the contract logic to a blockchain (contract registering), invoke keys or other event triggering execution according to the logic of contract clauses to complete the contract logic, and simultaneously provide a function of registering contract upgrading; the operation monitoring module is mainly responsible for deployment in the product release process, modification of configuration, contract setting, cloud adaptation and visual output of real-time states in product operation, for example: alarms, monitoring network conditions, monitoring node device health status, etc.
The platform product service layer provides basic capabilities and implementation frameworks of typical applications, and developers can complete the blockchain implementation of business logic based on the basic capabilities and the characteristics of the superposition business. The application service layer provides the application service based on the block chain scheme to the business participants for use.
The system according to the embodiment of the present application may be a blockchain system formed by connecting a client and a plurality of nodes (any form of computing device in an access network, such as a server and a user terminal) through a network communication.
The embodiment of the application provides a digital asset management method based on a blockchain, as shown in fig. 1, comprising the following steps of S101-S104, wherein:
in step S101, in response to a resource storage request initiated by the first node, the resource to be stored by the first node is stored in the blockchain system.
The resource is a digital asset encrypted by a first node according to a preset authority level by adopting an asset encryption private key in a corresponding asset encryption key pair; digital assets are non-monetary assets that are owned or controlled by an enterprise or individual, exist in electronic data form, are held in daily activities for sale or are in the process of production; the first node refers to one of the computing devices in the access blockchain system.
And step S102, in response to a public key storage request initiated by the first node, storing the asset encryption public keys in the asset encryption key pairs corresponding to each authority level to the blockchain system.
The asset encryption key pair is generated for the first node and used for encrypting the asset encryption private key of the digital asset and used for decrypting the resource to obtain the encrypted asset encryption public key of the digital asset, the asset encryption key pairs corresponding to different authority levels are different, and at least one pair of asset encryption key pairs exists in each authority level. The public key storage request is used for requesting the blockchain system to store the asset encryption public keys in the asset encryption key pairs generated by the first node, and the blockchain system responds to the public key storage request to store the asset encryption public keys of each authority level, in particular, the blockchain system can store each asset encryption public key to the user management module.
It should be noted that, the user management module does not refer to a specific computing device, but refers to a portion for implementing identity information management of all participants in the blockchain system, and may be a certain computing device, multiple computing devices, or a part of a computing area of each computing device.
Step S103, when receiving the smart contract created by the first node, executing the smart contract to send the target resource to the second node.
The intelligent contract comprises an identity account number of the second node, access authority of the second node and identification information of target resources, wherein the identification information is used for acquiring the target resources from the blockchain system; the access right is used for distributing the right of accessing the resource for the second node; the target resource is the digital asset which is stored in the blockchain system in an encrypted manner and is to be accessed by the second node.
An intelligent contract is a computer protocol that aims to propagate, verify, or execute contracts in an informative manner. When the first node needs to conduct transaction with the second node, the transaction needs to be achieved through an intelligent contract, and the blockchain system can execute the intelligent contract to complete the transaction between the first node and the second node. The identity account number of the second node is a code number used for representing the identity of the second node in the blockchain system, and in the blockchain system, one identity account number corresponds to one node, so that the second node which needs to be transacted by the first node can be determined by recording the identity account number of the second node in the intelligent contract, and further the blockchain system can determine both transacting sides. The identification information is information that the blockchain uses to locate and invoke the target resource, and specifically, the identification information may include a storage address of the target resource.
In order to ensure the privacy of the digital asset during the transaction, the first node allocates the permission level corresponding to the digital asset which is allowed to be accessed to the second node, so that the second node can acquire the asset encryption public key for decrypting the target resource.
In one embodiment, the access rights include a level of rights to the resource accessible to the second node and an access time to the resource. The access time may be understood as the time that the asset encryption public key can be acquired, and if the second node does not apply for acquiring the asset encryption public key beyond this time, the second node cannot acquire the asset encryption public key in the current transaction, that is, the access authority of the second node will be invalid. The embodiment can further improve the safety of the digital asset and avoid the abuse of the access rights of visitors.
Step S104, when an access request initiated by the second node is received, the public key storage address is sent to the second node.
The node corresponding to the public key storage address is used for storing an asset encryption public key corresponding to the access authority, so that the second node obtains the asset encryption public key based on the public key storage address and is used for decrypting the target resource. The access request is a request that the second node applies for obtaining a public key storage address from the blockchain system so that the asset encryption public key can be obtained to decrypt the target resource.
According to the digital asset management method based on the blockchain, a plurality of resources obtained by encrypting the digital asset by adopting the asset encryption private keys with different authority levels through the first node are stored in the blockchain system by responding to the resource storage request initiated by the first node, and the asset encryption public keys corresponding to the different authority levels are also stored in the blockchain system and separated from the resources, so that the decentralized distributed storage of the resources and the secret keys is realized, and the storage safety is improved. When a certain resource is required to be provided as a target resource to a second node for access, a first node creates an intelligent contract containing an identity account number of the second node, access rights of the second node and identification information of the target resource, a block chain link point executes the intelligent contract to send the target resource to the second node, when the second node initiates an access request, the block chain link point sends a public key storage address to the second node, the second node can acquire an asset encryption public key which is matched with the access rights of the second node and is used for decrypting the target resource according to the public key storage address, the second node can decrypt the target resource by utilizing the asset encryption public key, access to digital assets in the second node is realized, the fact that the digital assets of an asset holder (namely the first node) can only be accessed by visitors who are allowed to access is guaranteed, and the visitors can only access the digital assets which are endowed with the access rights, so that privacy protection of the digital assets is enhanced.
It should be noted that, the term "transaction" in the present application should not be interpreted as narrowly as the mutual behavior of the buyer and the seller on the valuable goods and services, but may be interpreted as information transfer implemented in the blockchain system, including data access, asset exchange, etc.
In one embodiment, as shown in FIG. 2, the digital asset management method further comprises steps S201-S203, wherein:
step S201, verifying the identity information of the first node based on the zero knowledge proof algorithm.
Where a zero knowledge proof algorithm refers to a proof of knowledge party that is able to make a proof of knowledge party trust that a certain assertion is correct without providing any useful information to the proof party. In this embodiment, the blockchain system believes that the identity information of the first node is valid without the first node providing useful information about the identity to the blockchain system.
Specifically, zero knowledge proof based on RSA digital signature can be adopted to realize the identity information verification of the first node:
the first node sends identity information m to a trusted authority center CA, the CA randomly generates two large prime numbers of p and q according to an RSA key generation algorithm, calculates n=p×q, then takes an integer e and calculates d, meets the requirement of ed=1 mod phi (n), wherein (n, e) is a public key, (p, d, q) is a private key, p and q can be destroyed, and d is taken as the private key; the CA signs the RSA digital signature of the identity information m as s=md (mod n), and the signed file is an identity certificate, and comprises the information m and the signature s; the CA sends the identity certificate, the public key (n, e) and the private key d to the first node, and the first node stores the identity certificate, the public key (n, e) and the private key d;
the first node sends the identity certificate and the public key (n, e) to B; (2) B receiving the information, calculating m '=se (mod n) using the public key d, and if the information m=m', proving that the signature is correct; (3) If the signature is checked to be correct, performing a zero knowledge proof authentication process; (4) The identity authentication is carried out by adopting an interactive zero knowledge proof method, and the user A executes the following zero knowledge proof protocol:
Wherein α represents secret information of the user, that is, RSA signature on identity information m, H (·) is {0,1} → {0,1} l public anti-collision hash function, (n, e) and H (m) are shared information, P represents identity of the user a, which may be a fixed IP or a name marked in a public key certificate, etc., timestamp is a Timestamp marking zero knowledge proof, and Nonce is a one-time random number preventing replay attack.
Authentication server B optionalTo the first node, which optionallyAnd (3) calculating:
the first node calculates with its digital signature s And is also provided with
The first node passes zero knowledge proof evidence { s1, c, k, pid, timestamp, nonce } to the blockchain system, which, upon receiving the zero knowledge proof evidence, verifies whether the following equation holds:
If the equation is true, it is believed that the first node owns the digital signature, and the proof is accepted, indicating that the identity of the first node is truly legitimate, i.e., the identity information of the first node is valid.
Step S202, when the identity information of the first node is verified to be valid, a first transaction public key in a first transaction key pair generated by the first node is obtained.
Step S203, the first transaction public key is stored as an identity account of the first node, so as to add the first node to the blockchain node.
The first transaction key pair is an identity credential for the first node to use for conducting transactions in the blockchain system, and other nodes can verify through the first transaction public key whether the transaction was created for the first node. The first transaction public key is used as an identity account number of the first node, and the blockchain system can be positioned to the first node through the first transaction public key. The first node may encrypt information that needs to be uploaded to the blockchain system using a first transaction private key corresponding to the first transaction public key.
According to the embodiment, the authentication of the first node is realized by using zero knowledge proof, so that the identity information privacy of the first node can be protected, and the data security is improved.
In one embodiment, as shown in fig. 3, obtaining the first transaction public key of the first transaction key pair generated by the first node includes steps S301-S303, where:
step S301, transmitting an authentication public key of the authentication key pair to the first node.
The authentication key pair is used for encrypting and decrypting the information interacted in the authentication process by the blockchain system.
Step S302, the first node encrypts the first transaction public key with the authentication public key and then uploads the first ciphertext package.
The first ciphertext packet is a data packet obtained by encrypting the first transaction public key by the first node by using the authentication public key, namely the encrypted first transaction public key.
Step S303, decrypting the first ciphertext package by using the authentication private key in the authentication key pair to obtain a first transaction public key.
The blockchain system decrypts the first ciphertext package by using the authentication private key to obtain a first transaction public key of the first node.
In the embodiment, the authentication key pair is utilized to realize the encrypted transmission of the first transaction public key, so that the privacy is improved, and the identity security of the first node is protected.
In one embodiment, as shown in fig. 4, when receiving the smart contract created by the first node, the smart contract is executed to send the target resource to the second node, including steps S401-S402, wherein:
Step S401, when receiving the intelligent contract created by the first node, verifying the validity of the target resource in the intelligent contract by using the first transaction public key through zero knowledge proof.
The intelligent closing first node signs by using a first transaction private key corresponding to the first transaction public key and then uploads the first transaction private key to the blockchain system to complete creation.
The verification process of the validity of the target resource may refer to the process of verifying the identity information of the first node in the foregoing embodiment, which is not described herein.
Step S402, when verifying that the target resource is valid, executing the smart contract to send the target resource to the second node.
If the target resource verifies as invalid, i.e., the current transaction may be an abnormal transaction, then only that contract will not be executed.
According to the embodiment, through zero knowledge proof verification, the blockchain system can realize verification of the effectiveness of the target resource under the condition that the encrypted digital asset of the target resource is not known, so that the transaction safety is ensured, the privacy of the digital asset is enhanced, and the leakage of the digital asset in the process of maintaining the blockchain account book by other nodes in the blockchain system is avoided.
In one embodiment, as shown in FIG. 5, the digital asset management method further comprises steps S501-S503, wherein:
Step S501, verifying the identity information of the second node based on the zero knowledge proof algorithm.
The authentication of the identity information of the second node based on the zero knowledge proof algorithm is to enable the blockchain system to trust that the identity information of the second node is valid under the condition that the second node does not provide useful information about identity to the blockchain system.
The authentication of the identity information of the second node may be implemented by using the zero knowledge proof based on the RSA digital signature, and the specific process may refer to the authentication process of the identity information of the first node in the foregoing embodiment, which is not described herein.
Step S502, when the identity information of the second node is verified to be valid, a second transaction public key in a second transaction key pair generated by the second node is obtained.
Step S503, the second transaction public key is stored as the identity account number of the second node, so as to add the second node into the blockchain node.
The second transaction key pair is an identity credential that is used by the second node to conduct transactions in the blockchain system, and other nodes can verify through the second transaction public key whether the transaction was created for the second node. The second transaction public key is used as an identity account number of the second node, and the blockchain system can be positioned to the second node through the second transaction public key. The second node may encrypt information that needs to be uploaded to the blockchain system using a second transaction private key corresponding to the second transaction public key.
According to the embodiment, the authentication of the second node is realized by using zero knowledge proof, so that the privacy of the identity information of the second node can be protected, and the data security is improved.
In one embodiment, as shown in fig. 6, obtaining the second transaction public key in the second transaction key pair generated by the second node includes steps S601-S603, wherein:
Step S601, sending an authentication public key of the authentication key pair to the second node.
The authentication key pair is used for encrypting and decrypting the information interacted in the authentication process by the blockchain system.
Step S602, obtaining a second ciphertext packet uploaded after the second node encrypts the second transaction public key with the authentication public key.
The second ciphertext packet is a data packet obtained by encrypting the second transaction public key by the second node by using the authentication public key, namely the encrypted second transaction public key.
Step S603, decrypt the second ciphertext package with the authentication private key of the authentication key pair, and obtain the second transaction public key.
The blockchain system decrypts the second ciphertext package by using the authentication private key to obtain a second transaction public key of the second node.
In the embodiment, the encrypted transmission of the second transaction public key is realized by using the authentication key pair, so that the privacy is improved, and the identity security of the second node is protected.
It should be understood that, although the steps in the flowcharts of fig. 1-6 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 1-6 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the sub-steps or stages are performed necessarily occur in sequence, but may be performed alternately or alternately with at least a portion of the other steps or sub-steps or stages of other steps.
The text processing device provided by the embodiment of the application is described below, and the text processing device described below and the text processing method described above can be referred to correspondingly.
As shown in fig. 7, the present application further provides a digital asset management device 700 based on a blockchain, comprising:
A resource storage module 710, configured to store, in response to a resource storage request initiated by the first node, a resource to be stored by the first node to the blockchain system; the resource is a digital asset encrypted by a first node according to a preset authority level by adopting an asset encryption private key in a corresponding asset encryption key pair;
A key storage module 720, configured to store, in response to a public key storage request initiated by the first node, an asset encryption public key in an asset encryption key pair corresponding to each authority level to the blockchain system;
A service execution module 730, configured to execute the smart contract when receiving the smart contract created by the first node, so as to send the target resource to the second node; the intelligent contract comprises an identity account number of the second node, access authority of the second node and identification information of target resources, wherein the identification information is used for acquiring the target resources from the blockchain system; the access right is used for distributing the right of accessing the resource for the second node;
The public key storage address sending module 740 is configured to send the public key storage address to the second node when receiving the access request initiated by the second node; the node corresponding to the public key storage address is configured to store an asset encryption public key corresponding to the access rights, so that the second node obtains the asset encryption public key based on the public key storage address for decrypting the target resource.
In one embodiment, the digital asset management device further comprises:
The first node verification module is used for verifying the identity information of the first node based on a zero knowledge proof algorithm;
The first transaction public key acquisition module is used for acquiring a first transaction public key in a first transaction key pair generated by the first node when the identity information of the first node is verified to be effective;
and the first storage module is used for storing the first transaction public key as an identity account number of the first node so as to add the first node into the blockchain node.
In one embodiment, the first public transaction key acquisition module comprises:
a first public key transmitting unit configured to transmit an authentication public key in the authentication key pair to a first node;
The first ciphertext package acquisition unit is used for acquiring a first ciphertext package uploaded after the first node encrypts a first transaction public key by using an authentication public key;
and the first decryption unit is used for decrypting the first ciphertext package by using the authentication private key in the authentication key pair to obtain a first transaction public key.
In one embodiment, the service execution module includes:
the contract verification unit is used for verifying zero knowledge proof of the validity of the target resource in the intelligent contract by utilizing the first transaction public key when the intelligent contract created by the first node is received; the intelligent closing first node signs by using a first transaction private key corresponding to the first transaction public key and then uploads the first transaction private key to the blockchain system to finish creation;
And the data sending unit is used for executing the intelligent contract to send the target resource to the second node when verifying that the target resource is valid.
In one embodiment, the digital asset management device further comprises:
the second node verification module is used for verifying the identity information of the second node based on a zero knowledge proof algorithm;
the second transaction public key acquisition module is used for acquiring a second transaction public key in a second transaction key pair generated by the second node when the identity information of the second node is verified to be valid;
and the second storage module is used for storing the second transaction public key as an identity account number of the second node so as to add the second node into the blockchain node.
In one embodiment, the second transaction public key acquisition module comprises:
a first public key transmitting unit configured to transmit an authentication public key in the authentication key pair to the second node;
The second ciphertext package acquisition unit is used for acquiring a second ciphertext package uploaded after the second node encrypts a second transaction public key by using the authentication public key;
and the second decryption unit is used for decrypting the second ciphertext package by using the authentication private key in the authentication key pair to obtain a second transaction public key.
The division of the various modules in the blockchain-based digital asset management device described above is for illustration only, and in other embodiments, the digital asset management device may be divided into different modules as desired to perform all or part of the functions of the digital asset management device described above.
For specific limitations on the digital asset management device, reference may be made to the limitations of the digital asset management method hereinabove, and no further description is given herein. The various modules in the digital asset management device described above may be implemented in whole or in part in software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, the present application also provides a storage medium having stored therein computer readable instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of the blockchain-based digital asset management method as in any of the above embodiments.
In one embodiment, the present application also provides a computer device having stored therein computer readable instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of the blockchain-based digital asset management method as in any of the embodiments above.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 8. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing transaction data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a blockchain-based digital asset management method.
It will be appreciated by those skilled in the art that the structure shown in FIG. 8 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
Any reference to memory, storage, database, or other medium used in the present application may include non-volatile and/or volatile memory. The nonvolatile Memory may include a ROM (Read-Only Memory), a PROM (Programmable Read-Only Memory), an EPROM (Erasable Programmable Read-Only Memory ), an EEPROM (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory), or a flash Memory. Volatile memory can include RAM (Random Access Memory ), which acts as external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as SRAM (Static Random Access Memory ), DRAM (Dynamic Random Access Memory, dynamic random access memory), SDRAM (Synchronous Dynamic Random Access Memory ), double data rate DDR SDRAM (Double Data Rate Synchronous Dynamic Random Access memory, double data rate synchronous dynamic random access memory), ESDRAM (Enhanced Synchronous Dynamic Random Access memory ), SLDRAM (SYNC LINK DYNAMIC Random Access Memory, synchronous link dynamic random access memory), RDRAM (Rambus Dynamic Random Access Memory, bus dynamic random access memory), DRDRAM (Direct Rambus Dynamic Random Access Memory, interface dynamic random access memory).
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the description of the present application, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise. Also, the term "and/or" as used in this specification includes any and all combinations of the associated listed items.
In the present specification, each embodiment is described in a progressive manner, and each embodiment focuses on the difference from other embodiments, and may be combined according to needs, and the same similar parts may be referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A blockchain-based digital asset management method, the method comprising:
Responding to a resource storage request initiated by a first node, and storing the resource to be stored by the first node to a blockchain system; the resource is a digital asset which is encrypted by the first node according to a preset authority level by adopting an asset encryption private key in a corresponding asset encryption key pair;
Responding to a public key storage request initiated by the first node, and storing asset encryption public keys in asset encryption key pairs corresponding to each authority level to the blockchain system;
Executing the intelligent contract when receiving the intelligent contract created by the first node, so as to send the target resource to a second node; the intelligent contract comprises an identity account number of a second node, access rights of the second node and identification information of a target resource, wherein the identification information is used for acquiring the target resource from the blockchain system; the access authority is used for distributing the authority of accessing the resource to the second node, and the target resource is a digital asset which is to be accessed by the second node and is stored in the blockchain system in an encrypted mode;
when an access request initiated by the second node is received, a public key storage address is sent to the second node; the node corresponding to the public key storage address is used for storing an asset encryption public key corresponding to the access authority, so that the second node obtains the asset encryption public key based on the public key storage address and is used for decrypting the target resource;
Verifying the identity information of the first node based on a zero knowledge proof algorithm;
When the identity information of the first node is verified to be effective, a first transaction public key in a first transaction key pair generated by the first node is obtained;
Storing the first transaction public key as an identity account number of the first node to add the first node to a blockchain node;
verifying the identity information of the second node based on a zero knowledge proof algorithm;
When the identity information of the second node is verified to be effective, a second transaction public key in a second transaction key pair generated by the second node is obtained;
And storing the second transaction public key as an identity account number of the second node so as to add the second node into a blockchain node.
2. The digital asset management method of claim 1, wherein said obtaining a first transaction public key of a first transaction key pair generated by the first node comprises:
transmitting an authentication public key of an authentication key pair to the first node;
acquiring a first ciphertext packet uploaded after the first node encrypts the first transaction public key by using the authentication public key;
And decrypting the first ciphertext package by using an authentication private key in the authentication key pair to obtain the first transaction public key.
3. The digital asset management method of claim 1, wherein said executing the smart contract to send the target resource to the second node upon receiving the smart contract created by the first node comprises:
When receiving an intelligent contract created by the first node, verifying zero knowledge proof on the validity of a target resource in the intelligent contract by using the first transaction public key; the intelligent combination is about the first node to upload the first transaction private key signature corresponding to the first transaction public key to the blockchain system to finish creation;
Upon verifying that the target resource is valid, executing the smart contract to send the target resource to the second node.
4. The asset management method of claim 1, wherein the obtaining the second transaction public key of the second transaction key pair generated by the second node comprises:
Transmitting an authentication public key of the authentication key pair to the second node;
Acquiring a second ciphertext packet uploaded after the second node encrypts the second transaction public key by using the authentication public key;
And decrypting the second ciphertext package by using the authentication private key in the authentication key pair to obtain the second transaction public key.
5. The digital asset management method of claim 1, wherein the access rights comprise a level of rights to access a resource and an access time to access the resource for the second node.
6. A blockchain-based digital asset management device, comprising:
The resource storage module is used for responding to a resource storage request initiated by a first node and storing the resource to be stored by the first node to the blockchain system; the resource is a digital asset which is encrypted by the first node according to a preset authority level by adopting an asset encryption private key in a corresponding asset encryption key pair;
The key storage module is used for responding to a public key storage request initiated by the first node and storing asset encryption public keys in the asset encryption key pairs corresponding to the authority levels to a blockchain system;
The service execution module is used for executing the intelligent contract when receiving the intelligent contract created by the first node so as to send the target resource to the second node; the intelligent contract comprises an identity account number of a second node, access rights of the second node and identification information of a target resource, wherein the identification information is used for acquiring the target resource from the blockchain system; the access authority is used for distributing the authority of accessing the resource to the second node, and the target resource is a digital asset which is to be accessed by the second node and is stored in the blockchain system in an encrypted mode;
The public key storage address sending module is used for sending the public key storage address to the second node when receiving the access request initiated by the second node; the node corresponding to the public key storage address is used for storing an asset encryption public key corresponding to the access authority, so that the second node obtains the asset encryption public key based on the public key storage address and is used for decrypting the target resource;
The first node verification module is used for verifying the identity information of the first node based on a zero knowledge proof algorithm;
the first transaction public key acquisition module is used for acquiring a first transaction public key in a first transaction key pair generated by the first node when the identity information of the first node is verified to be effective;
the first storage module is used for storing the first transaction public key as an identity account number of the first node so as to add the first node into a blockchain node;
the second node verification module is used for verifying the identity information of the second node based on a zero knowledge proof algorithm;
The second transaction public key acquisition module is used for acquiring a second transaction public key in a second transaction key pair generated by the second node when the identity information of the second node is verified to be effective;
and the second storage module is used for storing the second transaction public key as an identity account number of the second node so as to add the second node into the blockchain node.
7. A storage medium, characterized by: the storage medium having stored therein computer readable instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of the blockchain-based digital asset management method of any of claims 1 to 5.
8. A computer device, comprising: one or more processors, and memory;
Stored in the memory are computer readable instructions that, when executed by the one or more processors, perform the steps of the blockchain-based digital asset management method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210300769.XA CN114666064B (en) | 2022-03-25 | 2022-03-25 | Digital asset management method, device, storage medium and equipment based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210300769.XA CN114666064B (en) | 2022-03-25 | 2022-03-25 | Digital asset management method, device, storage medium and equipment based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666064A CN114666064A (en) | 2022-06-24 |
| CN114666064B true CN114666064B (en) | 2024-08-06 |
Family
ID=82032163
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210300769.XA Active CN114666064B (en) | 2022-03-25 | 2022-03-25 | Digital asset management method, device, storage medium and equipment based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666064B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115643074B (en) * | 2022-10-14 | 2024-11-05 | 中国科学技术大学 | Data circulation method, system, storage medium and electronic device based on alliance chain |
| CN115473747B (en) * | 2022-11-14 | 2023-03-24 | 苏州浪潮智能科技有限公司 | A state change method, device, equipment and storage medium |
| CN115809770A (en) * | 2022-11-24 | 2023-03-17 | 网易(杭州)网络有限公司 | Resource allocation method, device, electronic equipment and storage medium |
| CN116091180A (en) * | 2023-02-08 | 2023-05-09 | 中银金融科技有限公司 | Confirmation method, device, electronic equipment and computer storage medium of sum of assets |
| CN116245646A (en) * | 2023-03-14 | 2023-06-09 | 重庆新致金服信息技术有限公司 | Electronic resource transaction method, electronic resource transaction device, electronic equipment and readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107273759A (en) * | 2017-05-08 | 2017-10-20 | 上海点融信息科技有限责任公司 | Method, equipment and computer-readable recording medium for protecting block chain data |
| CN109040057A (en) * | 2018-07-26 | 2018-12-18 | 百色学院 | A kind of multi-key cipher cascade protection privacy system and method based on block chain |
Family Cites Families (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106534097B (en) * | 2016-10-27 | 2018-05-18 | 上海亿账通区块链科技有限公司 | Permission method of control and system based on the transaction of block chain |
| CN110290094B (en) * | 2018-03-19 | 2022-03-11 | 华为技术有限公司 | A method and device for controlling data access authority |
| CN113989047B (en) * | 2018-07-27 | 2025-04-22 | 蚂蚁链技术有限公司 | Blockchain-based asset publishing method and device, and electronic device |
| US20200084027A1 (en) * | 2018-09-06 | 2020-03-12 | Bank Of Montreal | Systems and methods for encryption of data on a blockchain |
| KR102009160B1 (en) * | 2018-10-19 | 2019-08-09 | 빅픽처랩 주식회사 | Information trust engine system based on block-chain |
| CN110033258B (en) * | 2018-11-12 | 2021-03-23 | 创新先进技术有限公司 | Service data encryption method and device based on block chain |
| CN109936626B (en) * | 2019-02-19 | 2020-05-29 | 阿里巴巴集团控股有限公司 | Method, node and storage medium for implementing privacy protection in block chain |
| CN109981622B (en) * | 2019-03-15 | 2021-06-18 | 智链万源(北京)数字科技有限公司 | Reverse proxy method and device for block chain network node authority |
| CN110213268A (en) * | 2019-05-31 | 2019-09-06 | 联想(北京)有限公司 | A kind of data processing method, data processing equipment and computer system |
| CN110458558A (en) * | 2019-07-04 | 2019-11-15 | 重庆金融资产交易所有限责任公司 | Data encryption method, device and computer equipment based on block chain |
| CN110766550B (en) * | 2019-09-05 | 2021-06-22 | 创新先进技术有限公司 | Asset query method and device based on block chain and electronic equipment |
| CN110581768B (en) * | 2019-10-11 | 2022-08-02 | 上海应用技术大学 | Registration login system based on block chain zero-knowledge proof and application |
| CN110765488B (en) * | 2019-10-28 | 2021-11-16 | 联想(北京)有限公司 | Data storage and reading method and electronic equipment |
| CN113542191A (en) * | 2020-04-14 | 2021-10-22 | 华为技术有限公司 | Block chain based data access and verification method and device |
| US11366915B2 (en) * | 2020-04-21 | 2022-06-21 | Ledgendd Technologies Inc. | Method and system for document authorization and distribution |
| CN114124422B (en) * | 2020-08-31 | 2023-09-12 | 北京书生网络技术有限公司 | Key management method and device |
| CN112446039B (en) * | 2020-11-19 | 2025-01-17 | 杭州趣链科技有限公司 | Blockchain transaction processing method, device, equipment and storage medium |
| CN112347516B (en) * | 2020-11-27 | 2024-12-03 | 网易(杭州)网络有限公司 | Asset certification method and device based on blockchain |
| CN112801664B (en) * | 2021-03-17 | 2021-12-28 | 农夫铺子发展集团有限公司 | Intelligent contract supply chain trusted service method based on block chain |
| CN113392430B (en) * | 2021-05-27 | 2023-05-19 | 中国联合网络通信集团有限公司 | Digital resource management method and system based on smart contract authentication |
-
2022
- 2022-03-25 CN CN202210300769.XA patent/CN114666064B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107273759A (en) * | 2017-05-08 | 2017-10-20 | 上海点融信息科技有限责任公司 | Method, equipment and computer-readable recording medium for protecting block chain data |
| CN109040057A (en) * | 2018-07-26 | 2018-12-18 | 百色学院 | A kind of multi-key cipher cascade protection privacy system and method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666064A (en) | 2022-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114666064B (en) | Digital asset management method, device, storage medium and equipment based on blockchain | |
| JP7602539B2 (en) | Quantum Safe Networking | |
| EP3673435B1 (en) | Improving integrity of communications between blockchain networks and external data sources | |
| TWI709314B (en) | Data processing method and device | |
| EP3619889B1 (en) | Retrieving public data for blockchain networks using highly available trusted execution environments | |
| EP3619884B1 (en) | Secure dynamic threshold signature scheme employing trusted hardware | |
| CN108768664B (en) | Key management method, device, system, storage medium and computer equipment | |
| CN110417750B (en) | Block chain technology-based file reading and storing method, terminal device and storage medium | |
| CN109450843B (en) | A blockchain-based SSL certificate management method and system | |
| CN108880995B (en) | Block chain-based unfamiliar social network user information and message pushing encryption method | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN110942382A (en) | Electronic contract generating method and device, computer equipment and storage medium | |
| JP2007511810A (en) | Proof of execution using random number functions | |
| CN111460457A (en) | Real estate property registration supervision method, device, electronic equipment and storage medium | |
| CN106790045A (en) | One kind is based on cloud environment distributed virtual machine broker architecture and data integrity support method | |
| WO2024139273A1 (en) | Federated learning method and apparatus, readable storage medium, and electronic device | |
| CN112948789B (en) | Identity authentication method and device, storage medium and electronic equipment | |
| CN117938509A (en) | A method for encrypting and storing data of traditional Chinese medicine production line based on Hyperledger Fabric alliance chain | |
| CN117395012A (en) | A secure sharing method for industrial Internet of Things data based on batch verification signatures | |
| CN115865320A (en) | A blockchain-based security service management method and system | |
| CN107409043B (en) | Distributed processing of products based on centrally encrypted stored data | |
| CN114866236A (en) | Data sharing method for Internet of things in cloud based on alliance chain | |
| CN114124515A (en) | Bidding transmission method, key management method, user verification method and corresponding device | |
| KR20200041490A (en) | Method and apparatus for providing contract service based on blockchain | |
| Lyu et al. | JRS: A joint regulating scheme for secretly shared content based on blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |