[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN108777625B - Signature verification method, device and system, storage medium and electronic device - Google Patents

Signature verification method, device and system, storage medium and electronic device Download PDF

Info

Publication number
CN108777625B
CN108777625B CN201810691308.3A CN201810691308A CN108777625B CN 108777625 B CN108777625 B CN 108777625B CN 201810691308 A CN201810691308 A CN 201810691308A CN 108777625 B CN108777625 B CN 108777625B
Authority
CN
China
Prior art keywords
nodes
node
request
signature
signatures
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810691308.3A
Other languages
Chinese (zh)
Other versions
CN108777625A (en
Inventor
周洪飞
王慧星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd, Tencent Cloud Computing Beijing Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201810691308.3A priority Critical patent/CN108777625B/en
Priority to CN201910718387.7A priority patent/CN110417558B/en
Publication of CN108777625A publication Critical patent/CN108777625A/en
Application granted granted Critical
Publication of CN108777625B publication Critical patent/CN108777625B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a signature verification method, a signature verification device, a signature verification system, a storage medium and an electronic device. Wherein, the method comprises the following steps: acquiring a first request of a target account, wherein the first request is used for initiating a transaction event; sending a second request to a plurality of first nodes in the blockchain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event; acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second requests; the signature of the transaction event by the plurality of first nodes is verified by the plurality of second nodes. The invention solves the technical problem of lower efficiency of verifying endorsement signatures in the related technology.

Description

Signature verification method, device and system, storage medium and electronic device
Technical Field
The invention relates to the field of Internet, in particular to a signature verification method, a signature verification device, a signature verification system, a storage medium and an electronic device.
Background
Blockchains are a decentralized, distributed accounting technique derived from bitcoin that generates persistent, non-modifiable records by time-wise stacking of encrypted blockdata and stores the records in nodes of a blockchain network, such that the nodes participating in the blockchain collectively maintain a reliable distributed data store. Therefore, the blockchain has the technical advantages of decentralization, non-tampering, transparent and traceable process and the like, and is considered to have wide application prospects in numerous fields of finance, credit investigation, internet of things, economic trade settlement, asset management and the like.
Blockchains are generally classified into three types, public, alliance, and private, according to their participants, with alliance being a popular form of business application. Federation chains in practice there are a variety of services that require multiple organization endorsements to be submittable, e.g., adding/removing federation chain organization members, etc. The endorsement mechanism in the related art needs to traverse all organizations in the blockchain to obtain a certain number of endorsements and then verify endorsement signatures one by one, which greatly limits the endorsement efficiency of the federation chain.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a signature verification method, a signature verification device, a signature verification system, a storage medium and an electronic device, and at least solves the technical problem of low efficiency of verifying endorsement signatures in the related art.
According to an aspect of an embodiment of the present invention, there is provided a signature verification method, including: acquiring a first request of a target account, wherein the first request is used for initiating a transaction event; sending a second request to a plurality of first nodes in the blockchain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event; acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second requests; the signature of the transaction event by the plurality of first nodes is verified by the plurality of second nodes.
According to another aspect of the embodiments of the present invention, there is also provided a signature verification apparatus, including: the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a first request of a target account, and the first request is used for initiating a transaction event; the sending unit is used for sending a second request to a plurality of first nodes in the block chain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event; the second acquisition unit is used for acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second request; a verification unit for verifying signatures of the transaction events by the plurality of first nodes by the plurality of second nodes.
According to another aspect of the embodiments of the present invention, there is also provided a signature verification system, including: the system comprises a cloud cluster and a plurality of first nodes, wherein the fourth nodes in the cloud cluster are used for acquiring a first request of a target account, the first request is used for initiating a transaction event, a block chain is adopted, the plurality of first nodes in the block chain are used for receiving a second request sent by the fourth nodes in the cloud cluster and returning a signature of the transaction event to the fourth nodes in the cloud cluster, and the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event; and the resource pool, wherein the plurality of second nodes in the resource pool are used for verifying the signatures of the plurality of first nodes on the transaction events.
According to another aspect of the embodiments of the present invention, there is also provided a storage medium including a stored program which, when executed, performs the above-described method.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the above method through the computer program.
In the embodiment of the invention, a first request of a target account is acquired, wherein the first request is used for initiating a transaction event; sending a second request to a plurality of first nodes in the blockchain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event; acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second requests; the signatures of the first nodes to the transaction events are verified through the second nodes, the receiving of the first request and the signature verification are processed by different nodes, and the signature verification through the second nodes is higher in processing efficiency compared with the verification through one node, so that the technical problem that the endorsement signature verification efficiency in the related technology is lower can be solved, and the technical effect of improving the verification efficiency is achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic diagram of a hardware environment for a method of verification of a signature according to an embodiment of the invention;
FIG. 2 is a flow diagram of an alternative method of signature verification according to an embodiment of the invention;
FIG. 3 is a flow diagram of an alternative method of signature verification according to an embodiment of the invention;
FIG. 4 is a flow diagram of an alternative method of signature verification according to an embodiment of the invention;
FIG. 5 is a schematic diagram of an alternative signed verification system according to an embodiment of the present invention;
FIG. 6 is a flow diagram of an alternative method of signature verification according to an embodiment of the invention;
FIG. 7 is a schematic diagram of an alternative client according to an embodiment of the present invention;
FIG. 8 is a flow diagram of an alternative method of signature verification according to an embodiment of the invention;
FIG. 9 is a schematic diagram of an alternative signed verification device according to an embodiment of the present invention;
and
fig. 10 is a block diagram of a terminal according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an aspect of embodiments of the present invention, there is provided method embodiments of a method of verifying a signature.
Optionally, in this embodiment, the signature verification method may be applied to a hardware environment formed by the cloud cluster 101, the terminal 103, and the block chain 105 as shown in fig. 1. As shown in fig. 1, the cloud cluster 101 is connected to the terminal 103 through a network, and the cloud cluster 101 is connected to the block chain 105 through a network, where the network includes but is not limited to: the terminal 103 is not limited to a PC, a mobile phone, a tablet computer, etc. in a wide area network, a metropolitan area network, or a local area network.
The signature verification method of the embodiment of the present invention may be executed by the cloud cluster 101, may also be executed by the terminal 103, and may also be executed by both the cloud cluster 101 and the terminal 103. The terminal 103 may execute the signature verification method according to the embodiment of the present invention by a client installed thereon.
Fig. 2 is a flow chart of an alternative signature verification method according to an embodiment of the present invention, which may include the following steps, as shown in fig. 2:
step S202, a fourth node in the cloud cluster acquires a first request of the target account, and the first request is used for initiating a transaction event.
The cloud cluster is a cluster including one or more nodes (the nodes include the fourth node for specifically executing the method of the present application), and may be a set of system for implementing multi-network unified access, forwarding of external network requests, and supporting automatic load balancing, such as TGW (fully time GateWay), where the nodes belong to a logical concept, and multiple nodes of different types may operate on the same physical server, or one node may operate on one physical server.
The first request is a request sent by a client, the client may be installed on the user terminal, and the client logs in a target account or another account associated with the target account.
The transaction event can be understood as an event requiring payment of a transaction token (e.g. bitcoin) in the blockchain, and the event can be specifically: securities trading, electronic commerce, file storage, etc.
Step S204, a fourth node in the cloud cluster sends a second request to the first nodes in the block chain, and the second request is used for acquiring the signatures of the first nodes on the transaction events.
The nodes in the blockchain are communication entities of the blockchain, the nodes also belong to a logic concept, and a plurality of nodes of different types can run on the same physical server or one node can run on one physical server. The first node is an endorsement node (Fabric endorser) or endorser, and the node plays a role of endorsement by using an endorsement policy (endorsery policy); the endorsement strategy is a condition for endorsement of a transaction, namely, to obtain the successful conclusion of endorsement, the condition given in the endorsement strategy needs to be met, and a typical endorsement strategy is to specify certain nodes to endorse to form an endorsement node set and complete signature of the endorsement node set, namely, joint signature.
In step S206, the fourth node in the cloud cluster acquires signatures of the transaction events returned by the plurality of first nodes in response to the second request.
In step S208, the fourth node in the cloud cluster verifies the signatures of the transaction events from the first nodes through the second nodes.
The signature verification method of the embodiment of the present invention may be executed by the cloud cluster 101, or may be executed by the cloud cluster 101, the terminal 103, and the block chain 105 together. The method for verifying the signature performed by the cloud cluster 101 according to the embodiment of the present invention may also be performed by a client installed on a node of the cloud cluster 101.
Through the steps S202 to S208, a first request of the target account is obtained, where the first request is used to initiate a transaction event; sending a second request to a plurality of first nodes in the blockchain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event; acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second requests; the signatures of the first nodes to the transaction events are verified through the second nodes, the receiving of the first request and the signature verification are processed by different nodes, and the signature verification through the second nodes is higher in processing efficiency compared with the verification through one node, so that the technical problem that the endorsement signature verification efficiency in the related technology is lower can be solved, and the technical effect of improving the verification efficiency is achieved.
In an alternative embodiment, endorsement may be implemented using an endorsement policy as shown in FIG. 3:
step S302, a client submits a node request transaction to a peer in a block chain;
step S304, the peer submission node of the blockchain specifies to an intelligent contract (british name Smart contract) that all endorsement nodes (including endorsement node 1 to endorsement node n) request digital certificate private key signatures for all organizations of the blockchain, the intelligent contract being a computer protocol intended to propagate, verify or execute the contract in an informative manner, the intelligent contract allowing trusted transactions without third parties, which transactions are traceable and irreversible;
step S306, waiting for endorsement signatures of all organizations required by the intelligent contract to return;
step S308, the peer submitting node verifies the signature by all the digital certificate public keys in series.
In the above embodiment, the user client may connect any peer submission node in the block chain, and all the organization certificate public keys are retained on each organization peer submission node by using an endorsement mechanism of the block chain, wherein each organization certificate private key is only on the organization endorsement node, and all the signatures are signed on the endorsement node selected by the intelligent contract; the submitting node retains the organization certificate public keys to perform signature verification serially on the submitting node.
In yet another alternative embodiment, endorsement may be implemented using an endorsement policy as shown in FIG. 4:
step S402, the client submits a node request transaction to a peer in the block chain;
step S404, the block chain peer submitting node appoints all endorsement nodes to the intelligent contract to request the digital certificate private key signatures of all organizations of the block chain;
step S406, waiting for endorsement signatures of all organizations required by the intelligent contract to return;
and step S408, the peer submitting node serially verifies the signature by using all the organized digital certificate public keys through the connected high-speed encryption and decryption nodes.
In the above embodiment, the user client may connect any node of the block chain, modify the endorsement mechanism of the block chain in the previous embodiment, and all the organization certificate public keys are all stored in the high-speed encryption/decryption machine connected to each organization peer submission node, wherein each organization certificate private key is only stored in the endorsement node of the organization, and all the signature operations are performed on the endorsement node selected by the intelligent contract; and reserving the public keys of all the organization certificates on the high-speed encryption and decryption machine connected with the submission node, and carrying out signature verification on the encryption and decryption machine.
The two schemes both have the problem which cannot be avoided: firstly, the client can be connected with any submitting node, so that the control difficulty on the transaction request frequency and the request total amount of the user of the client is very high, each submitting node needs real-time data synchronization, and the transaction cannot be realized under the condition that the number of submitting nodes is large; secondly, the peer submitting node needs to use all the digital certificate public keys of the organization to serially verify the signature, the processing efficiency is extremely low, even if the encryption and decryption machine is used for serial verification, the processing efficiency is limited by the single-machine performance, and even if the performance is higher, the processing efficiency is also limited.
In the embodiment of the present application, the fourth node in the cloud cluster verifies the signatures of the transaction events from the first nodes through the second nodes: 1) the processing of the first request and the verification are carried out separately, the signatures of the first nodes on the transaction event are verified through the second nodes, and the verification is not carried out by the fourth node in the cloud cluster, in other words, the fourth node in the cloud cluster does not process the first request and carry out verification, so that the service pressure of the transaction event can be reduced; 2) the signature of a plurality of first nodes to a transaction event is verified through a plurality of second nodes, in other words, if a plurality of first requests exist, the signature corresponding to each first request can be processed by the plurality of second nodes respectively, namely, the signature verification corresponding to the plurality of first requests is verified in parallel, for example, each second node processes the signature verification corresponding to one first request and does not need to process the signature verification on one node in series, so that the response speed to the plurality of first requests can be improved; 3) the signature corresponding to each first request can be verified in parallel on a plurality of second nodes, and since one transaction event needs to obtain the signatures of a plurality of first nodes, and the signature of each first node needs to be verified, the verification of the signatures of the plurality of first nodes can be executed in parallel on a plurality of second nodes, for example, one second node at least verifies the signature of one first node, so that the corresponding speed of a single first request can be improved; 4) the object that processes the first request is the fourth node in the cloud cluster, not the peer commit node.
The technical solution of the present application is further detailed below with reference to the steps shown in fig. 2:
in the technical solution provided in step S202, as shown in fig. 5, when the client has a service requirement, if data in the service data block chain needs to be accessed, a first request may be sent to the cloud cluster, a fourth node in the cloud cluster may receive a first request of a target account on the client, the first request is used to initiate a transaction event (e.g., an event of accessing service data), and the cloud cluster may implement a signature through a node in the right data block chain.
Optionally, the cloud flexible expansion capability may be utilized, load balancing of the middleware cluster is dynamically achieved according to the transaction request amount and the endorsement check signature number of the user, and the obtaining of the first request of the target account number includes: calculating the load rate of each node in the cloud cluster (the load rate may be represented as a ratio of the computing resource already used by a certain node to all the computing resources of the node), and acquiring the first request of the target account by a fourth node in the cloud cluster, where the load rate of the fourth node is not greater than the load rates of nodes in the cloud cluster except the fourth node.
Before or after the first request of the target account is acquired through the fourth node in the cloud cluster, under the condition that the load rates of all nodes in the cloud cluster in the active state reach the first threshold value, in other words, under the condition that the load of the middleware cluster is high, the state of the standby node configured for the cloud cluster is switched from the standby state to the active state and is added into the cloud cluster, wherein the standby node can be configured in advance, or can be configured at the required current moment.
In the above embodiment, the nodes may be automatically added to reduce the load of the cloud cluster when the load of the middleware cluster is high, and certainly, resource recovery may also be performed when the load of the cloud cluster is low, when the load ratios of all nodes in the cloud cluster in the active state are smaller than the second threshold, the state of an unused node in the cloud cluster is switched from the active state to the standby state, and the unused node is deleted from the cloud cluster, where the second threshold is a positive number smaller than the first threshold, and the meaning of deletion from the cloud cluster includes recovering hardware resources occupied by the node and retaining the node, but the node is in the unavailable state (or referred to as a standby state).
In the above embodiment, when the load rates of all nodes in an active state in the cloud cluster reach the first threshold, sending a prompt message to a client sending the first request, where the prompt message is used to prompt that the load rates of all nodes in the cloud cluster reach the first threshold; meanwhile, the request sending frequency of the target account can be counted, the target account is prompted through the prompt message, the frequency of the requests sent by the target account is too high (the cloud load rate is too high), the first requests sent by the target account are not processed within a certain time, and the transaction request frequency and the request total amount control of the block chain user are achieved through the middleware layer.
In the technical solution provided in step S204, a fourth node in the cloud cluster sends a second request to the plurality of first nodes in the block chain, where the second request is used to obtain signatures of the plurality of first nodes on the transaction event.
In the technical solution provided in step S206, the fourth node in the cloud cluster acquires signatures of the transaction events returned by the plurality of first nodes in response to the second request.
The first node may be a peer endorsement node in the block chain, each organization certificate private key is only on the endorsement node of the organization, and all signatures are signed on the endorsement nodes (i.e. the plurality of first nodes) selected by the intelligent contract.
In the technical solution provided in step S208, the fourth node in the cloud cluster verifies the signatures of the transaction events from the first nodes through the second nodes.
Optionally, after the signatures of the plurality of first nodes on the transaction event are verified by the plurality of second nodes, determining that the transaction event is a legal transaction if the verification of the signatures of the plurality of first nodes by the plurality of second nodes is passed; in the event that the verification of the signature of the first node by the at least one second node fails, it is determined that the transaction event is not a legitimate transaction.
Optionally, the middleware layer may implement distribution of cloud-distributed P2P computing resources for a blockchain organization digital certificate public key, and obtain a plurality of public keys of all organizations from a plurality of first nodes before verifying signatures of the plurality of first nodes on transaction events by a plurality of second nodes, where each public key of the plurality of public keys is used for verifying a signature of one first node by a second node; the multiple public keys are sent to a third node (namely, a control node, which may be a designated node or any node in the peer-to-peer network) in the peer-to-peer P2P network, the multiple public keys are transmitted to other nodes in the peer-to-peer network through the third node, the nodes in the peer-to-peer network are nodes using a field programmable gate array FPGA processor, and any node in the peer-to-peer network is used for transmitting the received multiple public keys to a node in communication connection with any node in case of receiving the multiple public keys, in other words, the digital certificate public keys of each organization can be obtained by the nodes through virus propagation of the P2P network adjacent to the nodes.
In the above embodiment, verifying, by the plurality of second nodes, the signature of the transaction event by the plurality of first nodes may comprise: the signature of one first node is verified to be correct through each second node in the plurality of second nodes, the first nodes to which the signatures verified by any two second nodes belong are different, in other words, the signatures are not verified repeatedly among the second nodes, one node in the plurality of second nodes executes the signature operation on the transaction event in a first time period, the other node in the plurality of second nodes executes the signature operation on the transaction event in a second time period, and the first time period and the second time period are partially or completely overlapped, namely, the verification operations of any two second nodes can be executed in parallel.
Optionally, verifying, by each of the plurality of second nodes, whether the signature of one first node is correct comprises: sending the third request to a third node in the peer-to-peer network, in other words, the middleware layer only needs to transmit the third request to the P2P network once without transmitting the third request to each second node, and the third node transmits the third request to a plurality of second nodes in the peer-to-peer network, and the third request received by any one second node originates from the third node or another second node; after the second node completes signing by using the signature private key, the signature is returned to the third node, and then the fourth node in the cloud cluster receives the signatures of the plurality of second nodes returned by the third node.
In the above embodiment, sending the third request to one of the third nodes in the peer-to-peer network may comprise: and sending a third request to a third node in the resource pool, wherein all the resource nodes in the resource pool are connected by adopting a peer-to-peer network, the third node is a control node of the resource pool and is used for selecting a second node from all the resource nodes, and the load rate of the second node is smaller than that of the resource nodes except the second node.
According to the application, the cloud flexible expansion capacity is utilized, the load balance of the middleware cluster and the flexible expansion of distributed P2P cloud computing signature checking resources are dynamically realized according to the user transaction request amount and the endorsement signature checking number, the middleware cluster distributes and collects distributed P2P cloud computing resource endorsement signature checking results in parallel, and the cloud distributed efficient FPGA computing resources are utilized to efficiently complete block chain endorsement verification. The scheme supports deployment under public cloud and private cloud.
As an alternative embodiment, the following description will take an example of applying the technical solution of the present application to an internet data center IDC.
The Internet data center is characterized in that an Internet service provider such as telecommunication and the like utilizes the existing Internet communication line and bandwidth resources to establish a standardized telecommunication professional computer room environment and provide omnibearing services in the aspects of server hosting, renting, related value adding and the like for enterprises and governments; the popular point can be understood as a machine room, namely cross-domain, namely cross-IDC. The Cloud Storage system can include private network VPC, Cloud server CVM (all named Cloud Virtual Machine), data center network cluster DCI, Cloud disk CBS (all named Cloud Block Storage), Cloud specific Host CDH (all named CVM differentiated Host), Cloud Message Service CMQ (all named Cloud Message Queue), elastic cache CRS (all named Cloud Redis Storage), Cloud Container Service CCS (all named Cloud Container Service), File Storage CFS (all named Cloud File Storage), and other components.
The cloud private network VPC is a network space which can be customized by a user, and the user can deploy cloud service resources such as a cloud host, load balancing, a database, Nosql fast storage and the like in the private network. A user can freely divide network segments and formulate a routing strategy, a private network can configure a public network gateway to access the Internet, meanwhile, public network configuration or private line access is supported to build a hybrid cloud, network logic isolation is realized among private networks, and a service requested by a first request in the application can be stored in the cloud private network.
The cloud private network can be provided with a cloud server CVM, the cloud server is a high-performance and high-stability cloud virtual machine, the size-adjustable computing capacity can be provided in the cloud, and the difficulty of pre-estimation of computing scale by a client is reduced; the customer can easily purchase a model with custom configuration, acquire a new server within a few minutes, and use the mirror image to rapidly expand capacity according to the needs of the customer.
The cloud private network can be provided with a cloud hard disk CBS, the cloud hard disk is a network block device which is high in availability, high in reliability, low in cost and customizable, and can be used as an independent extensible hard disk of a cloud server. The method provides data storage at a data block level, and adopts a three-copy distributed mechanism to provide data reliability guarantee for the CVM. The CBS supports automatic copying in the available area and backs up the data of the client on different machines, thereby avoiding the problems of data loss and the like caused by the failure of a single machine and improving the availability and the durability of the data. According to different performances, the system is divided into two types of common cloud hard disks and SSD cloud hard disks.
The cloud special host computer CDH is different from the Tengcong cloud server CVM, can provide physical server resources which are exclusively shared by users, is a supplement of cloud server products, and meets the requirements of exclusive sharing of client resources, physical isolation of resources, safety and compliance. The user can buy and manage resources in a mode of singly sharing the whole host machine. After purchase, free CVM instances can be created on the CVM, and the specification and the number of the instances support autonomous definition and autonomous planning.
The elastic cache CRS is a cache and storage service (such as storage of the business data) which is created for the cloud and compatible with a redis protocol, provides a master-slave version and a cluster version, has rich data structures, can help people complete development of different types of business scenes, supports master-slave hot standby, and provides a complete set of database services such as automatic disaster recovery switching, data backup, fault migration, instance monitoring, online capacity expansion, data backout and the like.
The cloud container service CCS, which is a highly scalable high performance container management service, allows customers to easily run applications on hosted cloud server instance clusters. By using the service, the Docker application program can be started and stopped, the complete state of the cluster can be inquired, and various cloud services can be used only by carrying out simple API calling without installing, operating and maintaining and expanding the cluster management infrastructure. The placement of containers in your cluster can be arranged according to customer resource needs and availability requirements to meet specific requirements of a business or application (e.g., the method of the present application can operate in this manner).
The CFS provides a standard NFS file system access protocol, provides a shared data source for a plurality of CVM instances, supports infinite capacity and performance expansion, can be mounted and used without modification in the existing application, is a highly-available and highly-reliable distributed file system, and is suitable for scenes such as big data analysis, media processing, content management and the like.
CKafka (collectively called Cloud Kafka) is a distributed, high-throughput and high-expandability message system, CKafka enables asynchronous interaction between a producer and a consumer through message decoupling based on a publish/subscribe mode without waiting for each other, and CKafka has the advantages of data compression, simultaneous support of offline and real-time data processing and the like, is suitable for scenes such as log compression collection and monitoring data aggregation, and can be used for communication in this way among a block chain, Cloud cluster middleware and a distributed signature verification computing resource pool, or among components in the block chain, the Cloud cluster middleware and the distributed signature verification computing resource pool.
In the technical solution of the present application, the architecture is as shown in fig. 6:
a client: a client used by a client at a blockchain terminal, fig. 7 shows an optional client, where a user may perform operations such as "add an account", "set an authority" on a background management interface of a certain service;
cloud cluster middleware: the cloud load balancing cluster can be used for replacing a block chain submission node, and mainly provides distribution service;
an endorsement node: the system is responsible for endorsement strategy signature, stores the private key of the organization and issues the public key to the cluster middleware;
the distributed signature verification computing resource pool comprises: and the system is responsible for endorsement policy signature verification and receiving and storing public keys of all organizations.
A specific software flow of a selectable cloud cluster middleware is as follows:
step S602, the cloud cluster middleware receives a client transaction request (i.e., a first request), and TGW may be used between the cloud cluster middleware to implement multi-network unified access, extranet network request forwarding, and support automatic load balancing.
The cloud message service CMQ can be adopted among middleware in the cloud cluster, the cloud message service provides distributed message queue service, a reliable asynchronous communication mechanism based on messages can be provided among different applications deployed in a distributed mode or among different components of one application, the messages are stored in a CMQ queue with high reliability and high availability, and multiple processes can read and write at the same time and do not interfere with each other.
Step S604, accepting the certificate public key upload request.
Step S606, a transaction endorsement request (i.e. a second request) is submitted to the endorsement node according to the intelligent contract requirement.
Step S608, issuing the certificate public key to the P2P network distributed signature verification computing resource pool.
In step S610, the endorsement node returns an endorsement signature.
Step S612, submitting a signature verification request (i.e., a third request) to the P2P network distributed signature verification computing resource pool according to the requirement of the intelligent contract.
And step S614, returning a signature checking result.
In the technical scheme of the application, unified access, frequency control and request total amount control of client requests are supported. The cloud middleware and the cloud P2P network distributed computing resources can be flexibly expanded according to the client request amount and the signature verification frequency. The digital certificate distribution and management of the cloud P2P network distributed computing resource pool are supported, and the parallel signature checking high-performance computing is supported. The method comprises the following specific steps:
step S802, the client side connects to the cloud cluster middleware through domain name resolution and sends a transaction request to request transaction.
Step S804, the cloud cluster middleware sends endorsement signature requests (namely initiates transaction endorsement requests) to a limited number of organization endorsement nodes specified by the intelligent contract through load balancing and stateless according to the transaction request intelligent contract.
In step S806, the limited number of organization endorsement nodes returns endorsement signatures to the cluster middleware.
Step S808, the cloud cluster middleware judges whether the endorsement policy signature rule is satisfied according to the transaction request intelligent contract, and submits a signature cluster (one-stage submission) list.
And step S810, the cloud cluster middleware distributes the signature checking requests to a cloud P2P network distributed FPGA high-speed computing resource pool according to the submitted signature cluster list, each computing node of the resource pool receives a limited number of signature checking computing requests in the signature list according to the current load condition, and transmits the rest of the signature checking computing requests in the P2P network distributed FPGA high-speed computing resource pool until all the computing requests are sent in the resource pool to complete signature checking computation.
In step S812, the cloud P2P network distributed FPGA high-speed computing resource pool returns the signature checking result to the cloud cluster middleware.
Step S814, the cloud cluster middleware judges whether the endorsement policy signature check rule is met according to the transaction request intelligent contract, and submits a signature check cluster (two-stage submission) list.
In step S816, the cloud cluster middleware returns the transaction result to the requesting client.
By adopting the technical scheme of the application, the method has the following advantages:
the technical scheme of the application supports cluster deployment, can improve disaster tolerance and availability of a scheduling system, namely realizes cluster domain name disaster tolerance scheduling, can synchronously request the request times of users, the user transaction frequency and the request total amount configuration of the client end on line between clusters, replaces a plurality of submission nodes by the cloud cluster middleware, perfectly controls the user transaction request frequency and the request total amount of the client end through cluster access, and can dynamically increase or decrease the number of load balancing components of the cluster middleware according to the request of the client end;
the digital certificate public keys of all organizations are distributed to distributed high-efficiency FPGA computing resources of a cloud P2P network through a cloud cluster middleware, all the distributed high-efficiency FPGA computing resources do not need to be directly connected with the cloud cluster middleware, and the digital certificate public keys of all the organizations can be obtained only through virus type transmission of a P2P network close to the nodes; the distributed efficient FPGA computing resource pool can be dynamically increased and decreased according to the computing task of customer signature verification.
Through the cloud cluster middleware, the client transaction request is concurrently processed according to the following flow (omitting block chain consensus, sequencing and distributed accounting flows) of requesting two-stage stateless submission, and the calculation tasks of signature and signature verification are efficiently completed.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
According to another aspect of the embodiment of the present invention, there is also provided a signature verification apparatus for implementing the above signature verification method. Fig. 9 is a schematic diagram of an alternative signature verification apparatus according to an embodiment of the present invention, and as shown in fig. 9, the apparatus may include:
a first obtaining unit 901, configured to obtain a first request of a target account, where the first request is used to initiate a transaction event.
The cloud cluster is a cluster including one or more nodes (the nodes include the fourth node for specifically executing the method of the present application), and may be a set of system for implementing multi-network unified access, forwarding of external network requests, and supporting automatic load balancing, such as TGW (fully time GateWay), where the nodes belong to a logical concept, and multiple nodes of different types may operate on the same physical server, or one node may operate on one physical server.
The first request is a request sent by a client, the client may be installed on the user terminal, and the client logs in a target account or another account associated with the target account.
The transaction event can be understood as an event requiring payment of a transaction token (e.g. bitcoin) in the blockchain, and the event can be specifically: securities trading, electronic commerce, file storage, etc.
A sending unit 903, configured to send a second request to the plurality of first nodes in the blockchain, where the second request is used to obtain signatures of the plurality of first nodes on the transaction event.
The nodes in the blockchain are communication entities of the blockchain, the nodes also belong to a logic concept, and a plurality of nodes of different types can run on the same physical server or one node can run on one physical server. The first node is an endorsement node (Fabric endorser) or endorser, and the node plays a role of endorsement by using an endorsement policy (endorsery policy); the endorsement strategy is a condition for endorsement of a transaction, namely, to obtain the successful conclusion of endorsement, the condition given in the endorsement strategy needs to be met, and a typical endorsement strategy is to specify certain nodes to endorse to form an endorsement node set and complete signature of the endorsement node set, namely, joint signature.
A second obtaining unit 905, configured to obtain signatures of the transaction events returned by the plurality of first nodes in response to the second request.
A verification unit 907 for verifying signatures of the transaction events by the plurality of first nodes by the plurality of second nodes.
It should be noted that the initiating module 72 in this embodiment may be configured to execute the step S202 in this embodiment, the opening module 74 in this embodiment may be configured to execute the step S204 in this embodiment, the sending module 76 in this embodiment may be configured to execute the step S206 in this embodiment, and the first closing module 78 in this embodiment may be configured to execute the step S208 in this embodiment.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules described above as a part of the apparatus may operate in a hardware environment as shown in fig. 1, and may be implemented by software or hardware.
Acquiring a first request of a target account through the module, wherein the first request is used for initiating a transaction event; sending a second request to a plurality of first nodes in the blockchain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event; acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second requests; the signatures of the first nodes to the transaction events are verified through the second nodes, the receiving of the first request and the signature verification are processed by different nodes, and the signature verification through the second nodes is higher in processing efficiency compared with the verification through one node, so that the technical problem that the endorsement signature verification efficiency in the related technology is lower can be solved, and the technical effect of improving the verification efficiency is achieved.
In an embodiment of the present application, a fourth node in the cloud cluster verifies, through a plurality of second nodes, signatures of a plurality of first nodes on a transaction event: 1) the processing of the first request and the verification are carried out separately, the signatures of the first nodes on the transaction event are verified through the second nodes, and the verification is not carried out by the fourth node in the cloud cluster, in other words, the fourth node in the cloud cluster does not process the first request and carry out verification, so that the service pressure of the transaction event can be reduced; 2) the signature of a plurality of first nodes to a transaction event is verified through a plurality of second nodes, in other words, if a plurality of first requests exist, the signature corresponding to each first request can be processed by the plurality of second nodes respectively, namely, the signature verification corresponding to the plurality of first requests is verified in parallel, for example, each second node processes the signature verification corresponding to one first request and does not need to process the signature verification on one node in series, so that the response speed to the plurality of first requests can be improved; 3) the signature corresponding to each first request can be verified in parallel on a plurality of second nodes, and since one transaction event needs to obtain the signatures of a plurality of first nodes, and the signature of each first node needs to be verified, the verification of the signatures of the plurality of first nodes can be executed in parallel on a plurality of second nodes, for example, one second node at least verifies the signature of one first node, so that the corresponding speed of a single first request can be improved; 4) the object that processes the first request is the fourth node in the cloud cluster, not the peer commit node.
In an alternative embodiment, the verification unit may be further operable to: and verifying whether the signature of one first node is correct or not through each of a plurality of second nodes, wherein the first nodes to which the signatures verified by any two second nodes belong are different, one of the plurality of second nodes executes the signature operation on the transaction event in a first time period, and the other of the plurality of second nodes executes the signature operation on the transaction event in a second time period, and the first time period and the second time period are partially or completely overlapped.
The verification unit may include: a sending module, configured to send a third request to a third node in the peer-to-peer network, where the third node is configured to transmit the third request to multiple second nodes in the peer-to-peer network, and a third request received by any one of the second nodes originates from the third node or another second node; and the receiving module can be used for receiving the signatures of the plurality of second nodes returned by the third node.
The sending module may be further configured to: and sending a third request to a third node in the resource pool, wherein all the resource nodes in the resource pool are connected by adopting a peer-to-peer network, the third node is a control node of the resource pool and is used for selecting a second node from all the resource nodes, and the second node has a load rate smaller than that of the resource nodes except the second node.
In yet another alternative embodiment, the verification unit, after verifying the signatures of the transaction events by the plurality of first nodes by the plurality of second nodes, is further operable to: determining that the transaction event is a legal transaction under the condition that the plurality of second nodes verify the signatures of the plurality of first nodes; in the event that the verification of the signature of the first node by the at least one second node fails, it is determined that the transaction event is not a legitimate transaction.
Optionally, the apparatus of the present application may further comprise: a third obtaining unit, configured to obtain a plurality of public keys from the plurality of first nodes before verifying signatures of the plurality of first nodes on the transaction event by the plurality of second nodes, where each of the plurality of public keys is used for verifying a signature of one first node by the second node; and the transmission unit is used for transmitting the plurality of public keys to a third node in the peer-to-peer network and transmitting the plurality of public keys to other nodes in the peer-to-peer network through the third node, wherein the other nodes in the peer-to-peer network are nodes adopting a field programmable gate array processor, and any node in the peer-to-peer network is used for transmitting the plurality of received public keys to a node in communication connection with any node under the condition of receiving the plurality of public keys.
Optionally, the first obtaining unit may be further configured to: the first request of the target account is obtained through a fourth node in the cloud cluster, wherein the load rate of the fourth node is not greater than the load rates of nodes except the fourth node in the cloud cluster.
Optionally, the apparatus of the present application may further comprise: the resource management unit is used for switching the state of a standby node configured for the cloud cluster from a standby state to an active state and adding the standby node into the cloud cluster when the load rates of all nodes in the cloud cluster in the active state reach a first threshold value before or after a first request of a target account is acquired through a fourth node in the cloud cluster; and under the condition that the load rates of all nodes in the activated state in the cloud cluster are smaller than a second threshold value, switching the state of the unused nodes in the cloud cluster from the activated state to a standby state, and deleting the unused nodes in the cloud cluster, wherein the second threshold value is smaller than the first threshold value.
Optionally, the apparatus of the present application may further comprise: and the prompting unit is used for sending prompting information to a client sending the first request under the condition that the load rates of all nodes in an activated state in the cloud cluster reach a first threshold, wherein the prompting information is used for prompting that the load rates of all nodes in the cloud cluster reach the first threshold.
The technical scheme of the application supports cluster deployment, can improve disaster tolerance and availability of a scheduling system, namely realizes cluster domain name disaster tolerance scheduling, can synchronously request the request times of users, the user transaction frequency and the request total amount configuration of the client end on line between clusters, replaces a plurality of submission nodes by the cloud cluster middleware, perfectly controls the user transaction request frequency and the request total amount of the client end through cluster access, and can dynamically increase or decrease the number of load balancing components of the cluster middleware according to the request of the client end;
the digital certificate public keys of all organizations are distributed to distributed high-efficiency FPGA computing resources of a cloud P2P network through a cloud cluster middleware, all the distributed high-efficiency FPGA computing resources do not need to be directly connected with the cloud cluster middleware, and the digital certificate public keys of all the organizations can be obtained only through virus type transmission of a P2P network close to the nodes; the distributed efficient FPGA computing resource pool can be dynamically increased and decreased according to the computing task of customer signature verification.
Through the cloud cluster middleware, the client transaction request is concurrently processed according to the following flow (omitting block chain consensus, sequencing and distributed accounting flows) of requesting two-stage stateless submission, and the calculation tasks of signature and signature verification are efficiently completed.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules described above as a part of the apparatus may be operated in a hardware environment as shown in fig. 1, and may be implemented by software, or may be implemented by hardware, where the hardware environment includes a network environment.
According to another aspect of the embodiment of the present invention, there is also provided a system for implementing the verification method of the signature, as shown in fig. 5.
And the fourth node in the cloud cluster is used for acquiring a first request of the target account, wherein the first request is used for initiating a transaction event.
And the plurality of first nodes in the block chain are used for receiving a second request sent by a fourth node in the cloud cluster and returning the signature of the transaction event to the fourth node in the cloud cluster, wherein the second request is used for acquiring the signature of the plurality of first nodes on the transaction event.
And the resource pool, wherein the plurality of second nodes in the resource pool are used for verifying the signatures of the plurality of first nodes on the transaction events.
Specific embodiments can be seen in the foregoing examples.
According to another aspect of the embodiment of the present invention, there is also provided a server or a terminal for implementing the verification method of the signature.
Fig. 10 is a block diagram of a terminal according to an embodiment of the present invention, and as shown in fig. 10, the terminal may include: one or more processors 1001 (only one of which is shown in fig. 10), memory 1003, and a transmission apparatus 1005, the terminal may further include an input-output device 1007, as shown in fig. 10.
The memory 1003 may be used to store software programs and modules, such as program instructions/modules corresponding to the signature verification method and apparatus in the embodiments of the present invention, and the processor 1001 executes various functional applications and data processing by running the software programs and modules stored in the memory 1003, that is, implements the signature verification method described above. The memory 1003 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 1003 may further include memory located remotely from the processor 1001, which may be connected to a terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmitting device 1005 is used for receiving or transmitting data via a network, and can also be used for data transmission between a processor and a memory. Examples of the network may include a wired network and a wireless network. In one example, the transmitting device 1005 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmitting device 1005 is a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
Among them, the memory 1003 is used to store an application program, in particular.
The processor 1001 may call an application stored in the memory 1003 via the transmitting device 1005 to perform the following steps:
acquiring a first request of a target account, wherein the first request is used for initiating a transaction event;
sending a second request to a plurality of first nodes in the blockchain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event;
acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second requests;
the signature of the transaction event by the plurality of first nodes is verified by the plurality of second nodes.
The processor 1001 is further configured to perform the following steps:
acquiring a plurality of public keys from a plurality of first nodes, wherein each public key in the plurality of public keys is used for verifying the signature of one first node by a second node;
and sending the plurality of public keys to a third node in the peer-to-peer network, and transmitting the plurality of public keys to other nodes in the peer-to-peer network through the third node, wherein the other nodes in the peer-to-peer network are nodes adopting a field programmable gate array processor, and any node in the peer-to-peer network is used for transmitting the plurality of received public keys to a node in communication connection with any node under the condition of receiving the plurality of public keys.
By adopting the embodiment of the invention, a first request of a target account is obtained, wherein the first request is used for initiating a transaction event; sending a second request to a plurality of first nodes in the blockchain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event; acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second requests; the signatures of the first nodes to the transaction events are verified through the second nodes, the receiving of the first request and the signature verification are processed by different nodes, and the signature verification through the second nodes is higher in processing efficiency compared with the verification through one node, so that the technical problem that the endorsement signature verification efficiency in the related technology is lower can be solved, and the technical effect of improving the verification efficiency is achieved.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments, and this embodiment is not described herein again.
It will be understood by those skilled in the art that the structure shown in fig. 10 is merely an illustration, and the terminal may be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, and a Mobile Internet Device (MID), a PAD, etc. Fig. 10 is a diagram illustrating a structure of the electronic device. For example, the terminal may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 10, or have a different configuration than shown in FIG. 10.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The embodiment of the invention also provides a storage medium. Alternatively, in this embodiment, the storage medium may be used to execute a program code of a signature verification method.
Optionally, in this embodiment, the storage medium may be located on at least one of a plurality of network devices in a network shown in the above embodiment.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps:
s12, acquiring a first request of a target account, wherein the first request is used for initiating a transaction event;
s14, sending a second request to a plurality of first nodes in the block chain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event;
s16, acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second request;
s18, verifying, by the plurality of second nodes, signatures of the transaction events by the plurality of first nodes.
Optionally, the storage medium is further arranged to store program code for performing the steps of:
s22, obtaining a plurality of public keys from the plurality of first nodes, wherein each public key in the plurality of public keys is used for the second node to verify the signature of one first node;
and S24, sending the public keys to a third node in the peer-to-peer network, and transmitting the public keys to other nodes in the peer-to-peer network through the third node, wherein the other nodes in the peer-to-peer network are nodes adopting a field programmable gate array processor, and any node in the peer-to-peer network is used for transmitting the received public keys to a node in communication connection with any node under the condition of receiving the public keys.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments, and this embodiment is not described herein again.
Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, which can store program codes.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing one or more computer devices (which may be personal computers, servers, network devices, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (15)

1. A method of verifying a signature, comprising:
acquiring a first request of a target account, wherein the first request is used for initiating a transaction event, and the target account logs in a client;
sending a second request to a plurality of first nodes in a blockchain, wherein the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event;
acquiring signatures of the transaction events returned by the plurality of first nodes in response to the second requests;
verifying, by a plurality of second nodes, signatures of the plurality of first nodes on the transaction event, wherein load rates of the second nodes are less than load rates of other resource nodes in the resource pool except the second nodes.
2. The method of claim 1, wherein verifying, by a plurality of second nodes, signatures of the transaction events by the plurality of first nodes comprises:
verifying whether the signature of one first node is correct through each second node in the plurality of second nodes, wherein the first nodes to which the signatures verified by any two second nodes belong are different, one of the plurality of second nodes executes the signature operation on the transaction event in a first time period, and the other of the plurality of second nodes executes the signature operation on the transaction event in a second time period, and the first time period and the second time period are partially or completely overlapped.
3. The method of claim 2, wherein verifying, by each of the plurality of second nodes, whether the signature of one of the first nodes is correct comprises:
sending a third request to a third node in the peer-to-peer network, wherein the third node is configured to transmit the third request to the plurality of second nodes in the peer-to-peer network, and the third request received by any one of the second nodes originates from the third node or another one of the second nodes;
receiving signatures of the plurality of second nodes returned by the third node.
4. The method of claim 3, wherein sending a third request to a third node in the peer-to-peer network comprises:
and sending the third request to the third node in a resource pool, wherein all resource nodes in the resource pool are connected by adopting the peer-to-peer network, the third node is a control node of the resource pool and is used for selecting the second node from all the resource nodes, and the second node is a node with a load rate smaller than that of the resource nodes except the second node.
5. The method of claim 2, wherein after verifying the signatures of the transaction events by the plurality of first nodes by a plurality of second nodes, the method further comprises:
determining that the transaction event is a legitimate transaction if the plurality of second nodes all verify the signatures of the plurality of first nodes;
determining that the transaction event is not a legitimate transaction if at least one of the second nodes fails to verify the signature of the first node.
6. The method of any one of claims 1 to 5, wherein prior to verifying the signature of the transaction event by the plurality of first nodes by a plurality of second nodes, the method further comprises:
obtaining a plurality of public keys from the plurality of first nodes, wherein each public key in the plurality of public keys is used for the second node to verify the signature of one first node;
and sending the public keys to a third node in a peer-to-peer network, and transmitting the public keys to other nodes in the peer-to-peer network through the third node, wherein the other nodes in the peer-to-peer network are nodes adopting a field programmable gate array processor, and any node in the peer-to-peer network is used for transmitting the received public keys to a node in communication connection with the any node under the condition of receiving the public keys.
7. The method according to any one of claims 1 to 5, wherein the obtaining of the first request for the target account includes:
the first request of the target account is obtained through a fourth node in a cloud cluster, wherein the load rate of the fourth node is not greater than the load rates of nodes except the fourth node in the cloud cluster.
8. The method of claim 7, wherein before or after obtaining the first request for the target account number via a fourth node in a cloud cluster, the method further comprises:
under the condition that the load rates of all nodes in an activated state in the cloud cluster reach a first threshold value, switching the state of a standby node configured for the cloud cluster from a standby state to an activated state, and adding the standby node into the cloud cluster; and/or the presence of a gas in the gas,
and under the condition that the load rates of all nodes in an activated state in the cloud cluster are smaller than a second threshold, switching the state of the unused nodes in the cloud cluster from the activated state to a standby state, and deleting the unused nodes in the cloud cluster, wherein the second threshold is smaller than the first threshold.
9. The method of claim 8, further comprising:
and sending prompt information to a client sending the first request under the condition that the load rates of all nodes in an activated state in the cloud cluster reach a first threshold, wherein the prompt information is used for prompting that the load rates of all nodes in the cloud cluster reach the first threshold.
10. An apparatus for verifying a signature, comprising:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a first request of a target account number, the first request is used for initiating a transaction event, and the target account number logs in a client;
a sending unit, configured to send a second request to a plurality of first nodes in a blockchain, where the second request is used to obtain signatures of the plurality of first nodes on the transaction event;
a second obtaining unit, configured to obtain signatures of the transaction events returned by the plurality of first nodes in response to the second request;
and the verification unit is used for verifying the signatures of the plurality of first nodes on the transaction events through a plurality of second nodes, wherein the load rate of the second nodes is less than that of other resource nodes except the second nodes in the resource pool.
11. The apparatus of claim 10, wherein the authentication unit is further configured to:
verifying whether the signature of one first node is correct through each second node in the plurality of second nodes, wherein the first nodes to which the signatures verified by any two second nodes belong are different, one of the plurality of second nodes executes the signature operation on the transaction event in a first time period, and the other of the plurality of second nodes executes the signature operation on the transaction event in a second time period, and the first time period and the second time period are partially or completely overlapped.
12. The apparatus of claim 11, wherein the authentication unit comprises:
a sending module, configured to send a third request to a third node in a peer-to-peer network, where the third node is configured to transmit the third request to the plurality of second nodes in the peer-to-peer network, and the third request received by any one of the second nodes originates from the third node or another second node;
and the receiving module is used for receiving the signatures of the plurality of second nodes returned by the third node.
13. A system for verifying a signature, comprising:
a fourth node in the cloud cluster is used for acquiring a first request of a target account, wherein the first request is used for initiating a transaction event, and the target account logs in a client;
the system comprises a block chain, a plurality of first nodes and a plurality of second nodes, wherein the plurality of first nodes in the block chain are used for receiving a second request sent by a fourth node in the cloud cluster and returning a signature of the transaction event to the fourth node in the cloud cluster, and the second request is used for acquiring the signatures of the plurality of first nodes on the transaction event;
and the resource pool is used for verifying the signature of the plurality of first nodes on the transaction event, wherein the load rate of the second nodes is less than that of other resource nodes except the second nodes in the resource pool.
14. A storage medium, characterized in that the storage medium comprises a stored program, wherein the program when executed performs the method of any of the preceding claims 1 to 9.
15. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the method of any of the preceding claims 1 to 9 by means of the computer program.
CN201810691308.3A 2018-06-28 2018-06-28 Signature verification method, device and system, storage medium and electronic device Active CN108777625B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810691308.3A CN108777625B (en) 2018-06-28 2018-06-28 Signature verification method, device and system, storage medium and electronic device
CN201910718387.7A CN110417558B (en) 2018-06-28 2018-06-28 Signature verification method and device, storage medium and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810691308.3A CN108777625B (en) 2018-06-28 2018-06-28 Signature verification method, device and system, storage medium and electronic device

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201910718387.7A Division CN110417558B (en) 2018-06-28 2018-06-28 Signature verification method and device, storage medium and electronic device

Publications (2)

Publication Number Publication Date
CN108777625A CN108777625A (en) 2018-11-09
CN108777625B true CN108777625B (en) 2020-08-11

Family

ID=64030612

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201910718387.7A Active CN110417558B (en) 2018-06-28 2018-06-28 Signature verification method and device, storage medium and electronic device
CN201810691308.3A Active CN108777625B (en) 2018-06-28 2018-06-28 Signature verification method, device and system, storage medium and electronic device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201910718387.7A Active CN110417558B (en) 2018-06-28 2018-06-28 Signature verification method and device, storage medium and electronic device

Country Status (1)

Country Link
CN (2) CN110417558B (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110471953B (en) * 2018-12-07 2023-05-26 深圳市智税链科技有限公司 Method, proxy node and medium for determining accounting node in blockchain network
CN110998580A (en) * 2019-04-29 2020-04-10 阿里巴巴集团控股有限公司 Method and apparatus for confirming transaction validity in blockchain system
CN110286849B (en) * 2019-05-10 2023-07-21 深圳物缘科技有限公司 Data processing method and device of data storage system
US11777738B2 (en) * 2019-06-04 2023-10-03 International Business Machines Corporation Metadata-based endorsement
CN110351263A (en) * 2019-07-01 2019-10-18 昆明理工大学 A kind of Internet of Things authentication method based on super account book fabric
CN110380871A (en) * 2019-08-29 2019-10-25 北京艾摩瑞策科技有限公司 The allograph method and device thereof of the user blocks chain private key of search platform
CN110545188A (en) * 2019-08-29 2019-12-06 北京艾摩瑞策科技有限公司 User block chain private key signing method and device related to self-media platform
CN110716724B (en) * 2019-09-25 2021-01-08 支付宝(杭州)信息技术有限公司 Method and device for realizing privacy block chain based on FPGA
CN112751694A (en) * 2019-10-30 2021-05-04 北京金山云网络技术有限公司 Management method and device of exclusive host and electronic equipment
CN110851813B (en) * 2019-11-11 2021-01-26 北京海益同展信息科技有限公司 Identity verification method, node device of block chain system and block chain system
CN110992030A (en) * 2019-12-03 2020-04-10 银清科技有限公司 Transaction method and system based on super account book fabric
CN111027099B (en) * 2019-12-09 2022-04-26 京东科技信息技术有限公司 Identity verification method, device, system and computer readable storage medium
CN111064793B (en) * 2019-12-19 2023-04-21 紫光云技术有限公司 Method and system for maintaining and managing elastic public network IP address pool under public cloud platform
CN113055345B (en) * 2019-12-27 2022-11-08 中国移动通信集团湖南有限公司 Block chain-based data security authentication method and device
CN111784351B (en) * 2020-06-26 2021-01-22 江苏蜂云供应链管理有限公司 Payment verification method based on block chain network and big data analysis and intelligent equipment
CN111786793B (en) * 2020-06-29 2023-11-03 新华三大数据技术有限公司 Signature information verification method and device
CN111988202B (en) * 2020-09-03 2022-05-03 深圳壹账通智能科技有限公司 Node switching method, device and storage medium
US11914755B2 (en) 2021-02-04 2024-02-27 International Business Machines Corporation Cluster resource signature verification
CN112968897B (en) * 2021-02-25 2022-04-08 浙江清华长三角研究院 Container calculation method operating in decentralized system
CN112907374A (en) * 2021-03-19 2021-06-04 中国工商银行股份有限公司 Signature verification method and device
CN113254210A (en) * 2021-05-31 2021-08-13 深圳高灯计算机科技有限公司 OFD file signature verification method, system and equipment based on cloud service
CN115118461B (en) * 2022-06-07 2024-07-26 讯飞智元信息科技有限公司 Data processing method and device, electronic equipment and storage medium
CN114938392B (en) * 2022-06-23 2023-06-30 成都质数斯达克科技有限公司 Distributed subscription and release system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107078910A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Generate method, device, node, signature device and the system of block chain block
CN107769925A (en) * 2017-09-15 2018-03-06 山东大学 Public key infrastructure system and its certificate management method based on block chain
CN108053211A (en) * 2017-12-27 2018-05-18 北京欧链科技有限公司 Transaction processing method and device based on block chain

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7096498B2 (en) * 2002-03-08 2006-08-22 Cipher Trust, Inc. Systems and methods for message threat management
EP3009972A1 (en) * 2014-10-14 2016-04-20 Gemalto SA A method for ensuring the genuine user has approved a payment transaction
US20170116693A1 (en) * 2015-10-27 2017-04-27 Verimatrix, Inc. Systems and Methods for Decentralizing Commerce and Rights Management for Digital Assets Using a Blockchain Rights Ledger
US10157295B2 (en) * 2016-10-07 2018-12-18 Acronis International Gmbh System and method for file authenticity certification using blockchain network
CN107342867B (en) * 2017-07-07 2020-10-09 深圳和信安达科技有限公司 Signature verification method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107078910A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Generate method, device, node, signature device and the system of block chain block
CN107769925A (en) * 2017-09-15 2018-03-06 山东大学 Public key infrastructure system and its certificate management method based on block chain
CN108053211A (en) * 2017-12-27 2018-05-18 北京欧链科技有限公司 Transaction processing method and device based on block chain

Also Published As

Publication number Publication date
CN110417558B (en) 2022-12-09
CN108777625A (en) 2018-11-09
CN110417558A (en) 2019-11-05

Similar Documents

Publication Publication Date Title
CN108777625B (en) Signature verification method, device and system, storage medium and electronic device
US11544254B2 (en) System and method for managing a blockchain cloud service
US11921703B2 (en) Dag based methods and systems of transaction processing in a distributed ledger
CN110868439B (en) Block chain system
CN111045690B (en) Block chain node service deployment method, device, system, computing equipment and medium
US10817345B2 (en) Distributed ledger for monitoring quality of services provided by cloud service providers
US11128437B1 (en) Distributed ledger for peer-to-peer cloud resource sharing
JP7551222B2 (en) Data processing method, device and computer device based on blockchain network
CN111327613B (en) Distributed service authority control method and device and computer readable storage medium
US11943360B2 (en) Generative cryptogram for blockchain data management
WO2020042929A1 (en) Block chain system
CN111667255B (en) Digital asset transfer system and method based on alliance chain
CN114616807B (en) Method and system for managing and controlling a communication network
CN111311254A (en) Service processing method, device and system based on block chain
CN113449322A (en) Data sharing method and device based on block chain, electronic equipment and readable medium
CN112950180A (en) Community certificate method and system based on alliance chain, electronic device and storage medium
CN114626100B (en) Consensus algorithm for distributed ledger wall technology
CN114584940A (en) Slicing service processing method and device
CN113919827A (en) Virtual resource account creating method and device, storage medium and electronic equipment
CN116743377B (en) Data processing method, device, equipment and storage medium based on blockchain key
CN116977073A (en) Transaction processing method, device, equipment and medium
CN118118550A (en) Business processing method, device, equipment and medium based on block chain network
CN118138593A (en) Consensus method and device based on block chain system
CN114124943A (en) Processing method, device and system for block chain nodes and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant