CN112712357A - A private key management method and system for multi-institution, multi-chain, multi-currency and multi-account - Google Patents
A private key management method and system for multi-institution, multi-chain, multi-currency and multi-account Download PDFInfo
- Publication number
- CN112712357A CN112712357A CN202011631059.2A CN202011631059A CN112712357A CN 112712357 A CN112712357 A CN 112712357A CN 202011631059 A CN202011631059 A CN 202011631059A CN 112712357 A CN112712357 A CN 112712357A
- Authority
- CN
- China
- Prior art keywords
- private key
- childpath
- account
- sub
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 claims abstract description 21
- 230000008520 organization Effects 0.000 claims abstract description 11
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 10
- 238000012545 processing Methods 0.000 claims abstract description 10
- 230000008859 change Effects 0.000 claims description 16
- 230000007246 mechanism Effects 0.000 claims description 14
- 230000001343 mnemonic effect Effects 0.000 claims description 13
- 238000005516 engineering process Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 108700038352 BIP protocol Proteins 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000005086 pumping Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
本发明公开了一种多机构多链多币种多账户的私钥管理方法与系统。所述方法包括:调整childPath结构规则,其中,依据childPath结构规则,将childPath定义为包括链类型和机构代码类型的多字符数据;根据协议生成主私钥,根据主私钥与childPath结构规则生成管理私钥;依据管理私钥进入重启的硬件系统,以管理私钥作为父私钥,业务方根据需求传入机构代表、币种类型和用户编码,以生成子账户的地址及childPath;业务方在需要使用子账户私钥进行签名时,传入子账户的地址、所述childPath和交易体Hash,硬件系统根据childPath选择预设的算法进行签名处理。本发明的技术方案能够将多种链,多种签名的私钥集中管理,企业不用再分散管理子账户私钥,此方案既能解决Keystore带来的风险,也能够解决HD钱包带来的不足。
The invention discloses a private key management method and system for multi-organization, multi-chain, multi-currency and multi-account. The method includes: adjusting the childPath structure rules, wherein, according to the childPath structure rules, the childPath is defined as multi-character data including a chain type and an organization code type; generating a master private key according to the protocol, and generating and managing the master private key and the childPath structure rules. Private key; enter the restarted hardware system according to the management private key, take the management private key as the parent private key, and the business party enters the agency representative, currency type and user code according to the requirements to generate the address and childPath of the sub-account; When the sub-account private key needs to be used for signature, the address of the sub-account, the childPath and the transaction body Hash are passed in, and the hardware system selects a preset algorithm to perform signature processing according to the childPath. The technical solution of the present invention can centrally manage private keys of multiple chains and multiple signatures, so that enterprises do not need to manage sub-account private keys in a decentralized manner. This solution can not only solve the risks brought by Keystore, but also solve the shortcomings brought by HD wallets .
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a private key management method and system for multiple mechanisms, multiple chains, multiple currencies and multiple accounts.
Background
The blockchain technology is a brand new distributed infrastructure and computing mode that uses blockchain data structures to verify and store data, uses distributed node consensus algorithms to generate and update data, uses cryptography to secure data transmission and access, and uses intelligent contracts composed of automated script codes to program and manipulate data.
Private key management is a very important and tricky thing for current enterprise project parties. The current ways of managing private keys are generally divided into two categories: keystore store, HD wallet.
First, keystore storage.
keystore storage is a file format (JSON) for etherhouse wallet storage private keys. It uses the user-defined password to encrypt the private key to achieve a degree of protection, and the degree of wallet protection depends on the strength of the password used by the user to encrypt the wallet. The keystore generally encrypts the private key with the scrypt algorithm. The scrypt not only needs long time for calculation, but also occupies more memory, and is extremely difficult to use for parallel calculation of a plurality of abstracts, so that the violent attack by using the rainbow table is more difficult.
When using the keystore, the user needs to remember the encryption password of the keystore, and once forgetting the encryption password, the user loses the use right of the keystore.
In addition, since most of the enterprise projects need to be processed automatically by programming, the keystore and the password are generally stored in a suitable place. However, when the keystore and the password can be accessed at the same time, the private key can be decrypted, and there is a certain risk.
For each item, each user needs to have a keystore and password for each currency. When a large number of keystores are present, there is a possibility that the trouble of access occurs, and if there is a problem such as a device failure, the keystores cannot be recovered if they are lost.
In summary, the deficiencies of the Keystore storage are as follows:
(1) the Keystore stores the disk + the key to store data, and the server disk has problems, so that the Keystore file is lost, and the account assets cannot be found back;
(2) the database fails, resulting in data loss and failure to retrieve. Account assets cannot be retrieved;
(3) the database is attacked by hackers and all data is taken away, resulting in the asset being transferred;
(4) the database is hacked and the data is emptied. Resulting in assets not being retrieved;
(5) the operation and maintenance are badly done, and the keystore and the password are illegally taken away, so that the assets are transferred and cannot be traced;
(6) under the condition of multiple projects and multiple users, a plurality of useless keystores need to be maintained, and maintenance resources are wasted.
And II, HD wallets.
An HD wallet is a wallet account generated based on the BIP protocol.
Ordinary private key generation is generally a random 256-bit private key generation. To facilitate management of the private key, the HD wallet replaces the random 256 private key with the BIP protocol.
The wallet is able to derive the child keys half the number from the parent key. And the generation of the child key adopts an irreversible HMAC-SHA512 encryption algorithm, so that the child key cannot derive a parent key upwards, and cannot derive a key at the same level horizontally.
In addition, if the mnemonics of the HD wallet and the path of the child private key are known, the child private key can be recovered.
The storage of HD purses is typically: a plurality of child private keys are stored in a wallet object. The Wallet encryption is then written to the DAT file using the password.
The sub-accounts in the HD wallet are directly stored sub-private keys, and if the outermost layer of encryption is violently cracked, all the sub-private keys can be visible to the outside.
Summarizing, the disadvantages of HD wallets are as follows:
(1) the HD wallet exists along with the node, and only a private key of a single currency can be stored; multiple currencies require multiple node maintenance;
(2) the private key of the account is stored in the HD wallet, and if the wallet password is cracked, all the sub private keys are exposed;
(3) when a server disk has a problem, the HD wallet is lost, and the account assets cannot be retrieved;
(4) the node can only sign a single signature and cannot sign multiple chains and multiple currencies;
(5) the server is attacked by hackers, and the HD wallet file is emptied, so that the assets cannot be retrieved;
(6) under the condition of multiple projects, the HD wallet cannot distinguish project parties, and the use is possibly disordered;
(7) the amount of users is too large, and the HD wallet needs to maintain a plurality of useless private keys; resource waste is caused;
therefore, there is a need to provide a new method and system for managing private keys of multiple organizations, multiple chains, multiple currencies and multiple accounts to solve the above-mentioned technical problems.
Disclosure of Invention
The invention mainly aims to provide a private key management method and system for a plurality of mechanisms, a plurality of chains, a plurality of currencies and a plurality of accounts, and aims to solve the technical problems of distributed management and higher security risk of private keys in the related technology.
In order to achieve the above purpose, the present invention provides a private key management method for multiple mechanisms, multiple chains, multiple currencies and multiple accounts, comprising the following steps:
s1, adjusting a childPath structure rule, wherein the childPath is defined as multi-character data including a chain type and a mechanism code type according to the adjusted childPath structure rule;
s2, generating a main private key according to a preset protocol, and generating a management private key according to the main private key and the childPath structure rule;
s3, entering a restarted hardware system according to the management private key, taking the management private key as a father private key, and introducing an organization representative, a currency type and a user code by a business party according to requirements to generate an address and a childPath of a sub-account;
s4, when the service party needs to use the private key of the sub-account to sign, the address of the sub-account, the childPath and the transaction body Hash are transmitted, and the hardware system selects a preset algorithm to sign according to the childPath.
Preferably, the multi-character data further includes a protocol type, a currency type, an account number, a change identifier, and an address index.
Preferably, the step of generating a master private key according to a preset protocol and generating a management private key according to the master private key and the childPath structure rule specifically includes the following steps:
generating mnemonics according to a BIP39 protocol, and generating corresponding seed data by using the mnemonics;
generating the main private key and the corresponding chainCode according to the BIP32 protocol and the seed data;
and performing basic processing on the main private key and the chainCode corresponding to the main private key, and outputting a character string, wherein the output character string is the management private key corresponding to the main private key.
Preferably, the hardware system refuses to store the private key, the address and the childPath of the sub-account; the business party only stores the address belonging to the account and the childPath.
In order to solve the above technical problem, the present invention further provides a multi-mechanism multi-chain multi-currency multi-account private key management system, comprising:
the adjusting module is used for adjusting the childPath structure rule, wherein the childPath is defined as multi-character data comprising a chain type and a mechanism code type according to the adjusted childPath structure rule;
the first generation module is used for generating a main private key according to a preset protocol and generating a management private key according to the main private key and the childPath structure rule;
the second generation module is used for entering a restarted hardware system according to the management private key, taking the management private key as a father private key, and transmitting an organization representative, a currency type and a user code into the business party according to requirements to generate an address and a childPath of a sub-account;
the signature module is used for transmitting the address of the sub-account, the childPath and the transaction body Hash when the service party needs to use the private key of the sub-account for signature, and the hardware system selects a preset algorithm to perform signature processing according to the childPath.
Preferably, the multi-character data further includes a protocol type, a currency type, an account number, a change identifier, and an address index.
Preferably, the first generating module is specifically configured to:
generating mnemonics according to a BIP39 protocol, and generating corresponding seed data by using the mnemonics;
generating the main private key and the corresponding chainCode according to the BIP32 protocol and the seed data;
and performing basic processing on the main private key and the chainCode corresponding to the main private key, and outputting a character string, wherein the output character string is the management private key corresponding to the main private key.
Preferably, the hardware system refuses to store the private key, the address and the childPath of the sub-account; the business party only stores the address belonging to the account and the childPath.
The private key management method and the private key management system for the multi-mechanism, multi-chain, multi-currency and multi-account, provided by the invention, can realize that the total private key in an enterprise project is kept by a general responsible person and the sub private keys are managed in a centralized way. The sub private keys are generated in real time, so that the sub private keys are prevented from being exposed after the wallet is violently cracked. The method can ensure that the private key of the sub-account cannot be exported from the system, and the private key of the sub-account is generated in real time when needed. Therefore, it can be ensured that the private key of the sub-account cannot be acquired even if operation and maintenance or development are bad. In addition, the childPath of the account is stored by the service party, the system is not stored, the service and the private key are separated, and the security is upgraded.
Because all the sub-accounts are derived by the manager, all the sub-accounts can be recovered, and even if the disk and the database fail, the account safety is not influenced.
Drawings
FIG. 1 is a flowchart of a preferred embodiment of a method for managing private keys of multiple institutions, multiple chains, multiple currencies and multiple accounts according to the present invention;
FIG. 2 is an architectural diagram of a hardware system in which the method of FIG. 1 operates;
FIG. 3 is a diagram of the address hierarchy in step S4 shown in FIG. 1;
fig. 4 is an architecture diagram of a preferred embodiment of the multi-organization multi-chain multi-currency multi-account private key management system provided by the present invention.
The objects, features and advantages of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a private key management method for a plurality of mechanisms, a plurality of chains, a plurality of currencies and a plurality of accounts.
Referring to fig. 1-3, in order to achieve the above object, in an embodiment of the present invention, a method for managing a private key of multiple mechanisms, multiple chains, multiple currencies and multiple accounts includes the following steps:
s1, adjusting a childPath structure rule, wherein the childPath is defined as multi-character data including a chain type and a mechanism code type according to the adjusted childPath structure rule;
s2, generating a main private key according to a preset protocol, and generating a management private key according to the main private key and the childPath structure rule;
s3, entering a restarted hardware system according to the management private key, taking the management private key as a father private key, and introducing an organization representative, a currency type and a user code by a business party according to requirements to generate an address and a childPath of a sub-account;
in this embodiment, when the hardware system is restarted, the owner of the management private key is directly input into the system, so that the wallet can be prevented from being stolen.
S4, when the service party needs to use the private key of the sub-account to sign, the address of the sub-account, the childPath and the transaction body Hash are transmitted, and the hardware system selects a preset algorithm to sign according to the childPath.
In this embodiment, the hardware system refuses to store the private key, the address and the childPath of the sub-account; the business party only stores the address belonging to the account and the childPath.
Specifically, the multi-character data further includes a protocol type, a currency type, an account number, a change identifier, and an address index.
Specifically, the structure of the multi-character data is as follows:
the input/output unit comprises a pumping '/chain _ type '/core _ type '/org '/account '/change/address _ index. Wherein, the purpose' is a protocol type, generally 44, and represents the BIP44 protocol; chain _ type' is a currency type; account' is an account number, and generally increases from 0; change is a change identifier, which represents whether the change account is changed or not, and 1 in BTC represents change, and 0 is usually used; the address _ index is an address index representing a plurality of address indexes under the user, and is incremented from 0. chain _ type is a chain type; org is an organization code type, which is used to represent organization codes.
The structure of the multi-character data can distinguish different mechanisms; and multiple currencies (e.g., tokens) on the same chain.
Specifically, the step S2 specifically includes the following steps:
generating mnemonics according to a BIP39 protocol, and generating corresponding seed data by using the mnemonics;
generating the main private key and the corresponding chainCode according to the BIP32 protocol and the seed data;
and performing basic processing on the main private key and the chainCode corresponding to the main private key, and outputting a character string, wherein the output character string is the management private key corresponding to the main private key.
Specifically, the primary private key + ChainCode + Index may form a new Hash value. Then 256 bits on the right side of the Hash are used as chainCode of the sub private key, and then 256 bits on the left side and the main private key are operated to obtain the sub private key (management private key).
The private key management method for the multi-mechanism multi-chain multi-currency multi-account provided by the invention can realize that the total private key in an enterprise project is kept by a general responsible person and the sub private keys are managed in a centralized way. The sub private keys are generated in real time, so that the sub private keys are prevented from being exposed after the wallet is violently cracked. The method can ensure that the private key of the sub-account cannot be exported from the system, and the private key of the sub-account is generated in real time when needed. Therefore, it can be ensured that the private key of the sub-account cannot be acquired even if operation and maintenance or development are bad. In addition, the childPath of the account is stored by the service party, the system is not stored, the service and the private key are separated, and the security is upgraded.
Because all the sub-accounts are derived by the manager, all the sub-accounts can be recovered, and even if the disk and the database fail, the account safety is not influenced.
The invention also provides a private key management system of the multi-mechanism, multi-chain, multi-currency and multi-account.
Referring to fig. 4, the multi-organization multi-chain multi-currency multi-account private key management system includes:
the adjusting module is used for adjusting the childPath structure rule, wherein the childPath is defined as multi-character data comprising a chain type and a mechanism code type according to the adjusted childPath structure rule;
the first generation module is used for generating a main private key according to a preset protocol and generating a management private key according to the main private key and the childPath structure rule;
the second generation module is used for entering a restarted hardware system according to the management private key, taking the management private key as a father private key, and leading the business party to enter an organization representative, currency type and user code according to the demand to generate the address of a sub account and childPath;
in this embodiment, when the hardware system is restarted, the owner of the management private key is directly input into the system, so that the wallet can be prevented from being stolen.
The signature module is used for transmitting the address of the sub-account, the childPath and the transaction body Hash when the service party needs to use the private key of the sub-account for signature, and the hardware system selects a preset algorithm to perform signature processing according to the childPath.
In this embodiment, the hardware system refuses to store the private key, the address and the childPath of the sub-account; the business party only stores the address belonging to the account and the childPath.
Specifically, the multi-character data further includes a protocol type, a currency type, an account number, a change identifier, and an address index.
Specifically, the structure of the multi-character data is as follows:
the input/output unit comprises a pumping '/chain _ type '/core _ type '/org '/account '/change/address _ index. Wherein, the purpose' is a protocol type, generally 44, and represents the BIP44 protocol; chain _ type' is a currency type; account' is an account number, and generally increases from 0; change is a change identifier, which represents whether the change account is changed or not, and 1 in BTC represents change, and 0 is usually used; the address _ index is an address index representing a plurality of address indexes under the user, and is incremented from 0. chain _ type is a chain type; org is an organization code type, which is used to represent organization codes.
The structure of the multi-character data can distinguish different mechanisms; and multiple currencies (e.g., tokens) on the same chain.
Specifically, the first generating module is specifically configured to:
generating mnemonics according to a BIP39 protocol, and generating corresponding seed data by using the mnemonics;
generating the main private key and the corresponding chainCode according to the BIP32 protocol and the seed data;
and performing basic processing on the main private key and the chainCode corresponding to the main private key, and outputting a character string, wherein the output character string is the management private key corresponding to the main private key.
Specifically, the primary private key + ChainCode + Index may form a new Hash value. Then 256 bits on the right side of the Hash are used as chainCode of the sub private key, and then 256 bits on the left side and the main private key are operated to obtain the sub private key (management private key).
The hardware system refuses to store the private key, the address and the childPath of the sub-account; the business party only stores the address belonging to the account and the childPath.
The multi-mechanism multi-chain multi-currency multi-account private key management system provided by the invention can realize that the total private key in an enterprise project is kept by a general responsible person and the sub private keys are managed in a centralized way. The sub private keys are generated in real time, so that the sub private keys are prevented from being exposed after the wallet is violently cracked. The method can ensure that the private key of the sub-account cannot be exported from the system, and the private key of the sub-account is generated in real time when needed. Therefore, it can be ensured that the private key of the sub-account cannot be acquired even if operation and maintenance or development are bad. In addition, the childPath of the account is stored by the service party, the system is not stored, the service and the private key are separated, and the security is upgraded.
Because all the sub-accounts are derived by the manager, all the sub-accounts can be recovered, and even if the disk and the database fail, the account safety is not influenced.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a computer-readable storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, and includes several instructions for enabling a terminal device to enter the method according to the embodiments of the present invention.
In the description herein, references to the description of the term "one embodiment," "another embodiment," or "first through xth embodiments," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, method steps, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (8)
1. A private key management method for multiple mechanisms, multiple chains, multiple currencies and multiple accounts is characterized by comprising the following steps:
s1, adjusting a childPath structure rule, wherein the childPath is defined as multi-character data including a chain type and a mechanism code type according to the adjusted childPath structure rule;
s2, generating a main private key according to a preset protocol, and generating a management private key according to the main private key and the childPath structure rule;
s3, entering a restarted hardware system according to the management private key, taking the management private key as a father private key, and introducing an organization representative, a currency type and a user code by a business party according to requirements to generate an address and a childPath of a sub-account;
s4, when the service party needs to use the private key of the sub-account to sign, the address of the sub-account, the childPath and the transaction body Hash are transmitted, and the hardware system selects a preset algorithm to sign according to the childPath.
2. The method of claim 1, wherein the multi-organization multi-chain multi-currency multi-account private key management system further comprises protocol type, currency type, account number, change identifier and address index.
3. The method as claimed in claim 1, wherein the step of generating a master private key according to a preset protocol and generating a management private key according to the master private key and the childPath structure rule comprises the following steps:
generating mnemonics according to a BIP39 protocol, and generating corresponding seed data by using the mnemonics;
generating the main private key and the corresponding chainCode according to the BIP32 protocol and the seed data;
and performing basic processing on the main private key and the chainCode corresponding to the main private key, and outputting a character string, wherein the output character string is the management private key corresponding to the main private key.
4. The method of claim 1, wherein the hardware system withholds the child account's private key, address, and child path; the business party only stores the address belonging to the account and the childPath.
5. A multi-organization multi-chain multi-currency multi-account private key management system is characterized by comprising:
the adjusting module is used for adjusting the childPath structure rule, wherein the childPath is defined as multi-character data comprising a chain type and a mechanism code type according to the adjusted childPath structure rule;
the first generation module is used for generating a main private key according to a preset protocol and generating a management private key according to the main private key and the childPath structure rule;
the second generation module is used for entering a restarted hardware system according to the management private key, taking the management private key as a father private key, and leading the business party to enter an organization representative, currency type and user code according to the demand to generate the address of a sub account and childPath;
the signature module is used for transmitting the address of the sub-account, the childPath and the transaction body Hash when the service party needs to use the private key of the sub-account for signature, and the hardware system selects a preset algorithm to perform signature processing according to the childPath.
6. The multi-organization multi-chain multi-currency multi-account private key management system of claim 5, wherein the multi-character data further comprises a protocol type, a currency type, an account number, a change identification, and an address index.
7. The multi-organization multi-chain multi-currency multi-account private key management system of claim 5, wherein the first generation module is specifically configured to:
generating mnemonics according to a BIP39 protocol, and generating corresponding seed data by using the mnemonics;
generating the main private key and the corresponding chainCode according to the BIP32 protocol and the seed data;
and performing basic processing on the main private key and the chainCode corresponding to the main private key, and outputting a character string, wherein the output character string is the management private key corresponding to the main private key.
8. The system for enterprise asset protection based on blockchain technology of claim 5 wherein said hardware system withholds a private key, an address of a sub-account and said childPath; the business party only stores the address belonging to the account and the childPath.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011631059.2A CN112712357B (en) | 2020-12-30 | 2020-12-30 | A multi-institution, multi-chain, multi-currency, and multi-account private key management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011631059.2A CN112712357B (en) | 2020-12-30 | 2020-12-30 | A multi-institution, multi-chain, multi-currency, and multi-account private key management method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112712357A true CN112712357A (en) | 2021-04-27 |
| CN112712357B CN112712357B (en) | 2025-02-07 |
Family
ID=75547777
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011631059.2A Active CN112712357B (en) | 2020-12-30 | 2020-12-30 | A multi-institution, multi-chain, multi-currency, and multi-account private key management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112712357B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113269642A (en) * | 2021-05-24 | 2021-08-17 | 深圳壹账通智能科技有限公司 | Transaction processing method, device, equipment and storage medium based on block chain |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102170356A (en) * | 2011-05-10 | 2011-08-31 | 北京联合智华微电子科技有限公司 | Authentication system realizing method supporting exclusive control of digital signature key |
| CN107623570A (en) * | 2017-11-03 | 2018-01-23 | 北京无字天书科技有限公司 | A kind of SM2 endorsement methods based on addition Secret splitting |
| CN108574571A (en) * | 2017-03-08 | 2018-09-25 | 华为技术有限公司 | Private key generation method, equipment and system |
| CN110838912A (en) * | 2019-11-18 | 2020-02-25 | 深圳前海微众银行股份有限公司 | Key management method, device, equipment and computer medium based on block chain |
| WO2020060094A1 (en) * | 2018-09-21 | 2020-03-26 | 김성완 | Node device constituting blockchain network and method for operation of node device |
| CN111130774A (en) * | 2019-12-26 | 2020-05-08 | 北京阿尔山区块链联盟科技有限公司 | Password generation method, device and equipment |
| CN111314057A (en) * | 2020-04-09 | 2020-06-19 | 北京俩撇科技有限公司 | Private key using method and device depending on user input |
| CN111386673A (en) * | 2019-11-29 | 2020-07-07 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for encryption key management based on blockchain system |
| CN111800262A (en) * | 2020-07-01 | 2020-10-20 | 北京金山云网络技术有限公司 | Digital asset processing method and device and electronic equipment |
| CN112069547A (en) * | 2020-07-29 | 2020-12-11 | 北京农业信息技术研究中心 | Supply chain responsibility main body identity authentication method and system |
-
2020
- 2020-12-30 CN CN202011631059.2A patent/CN112712357B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102170356A (en) * | 2011-05-10 | 2011-08-31 | 北京联合智华微电子科技有限公司 | Authentication system realizing method supporting exclusive control of digital signature key |
| CN108574571A (en) * | 2017-03-08 | 2018-09-25 | 华为技术有限公司 | Private key generation method, equipment and system |
| CN107623570A (en) * | 2017-11-03 | 2018-01-23 | 北京无字天书科技有限公司 | A kind of SM2 endorsement methods based on addition Secret splitting |
| WO2020060094A1 (en) * | 2018-09-21 | 2020-03-26 | 김성완 | Node device constituting blockchain network and method for operation of node device |
| CN110838912A (en) * | 2019-11-18 | 2020-02-25 | 深圳前海微众银行股份有限公司 | Key management method, device, equipment and computer medium based on block chain |
| CN111386673A (en) * | 2019-11-29 | 2020-07-07 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for encryption key management based on blockchain system |
| CN111130774A (en) * | 2019-12-26 | 2020-05-08 | 北京阿尔山区块链联盟科技有限公司 | Password generation method, device and equipment |
| CN111314057A (en) * | 2020-04-09 | 2020-06-19 | 北京俩撇科技有限公司 | Private key using method and device depending on user input |
| CN111800262A (en) * | 2020-07-01 | 2020-10-20 | 北京金山云网络技术有限公司 | Digital asset processing method and device and electronic equipment |
| CN112069547A (en) * | 2020-07-29 | 2020-12-11 | 北京农业信息技术研究中心 | Supply chain responsibility main body identity authentication method and system |
Non-Patent Citations (1)
| Title |
|---|
| 王小刚: "电子商务中基于PKI的用户私钥管理", 滁州职业技术学院学报, vol. 1, no. 3, pages 28 - 32 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113269642A (en) * | 2021-05-24 | 2021-08-17 | 深圳壹账通智能科技有限公司 | Transaction processing method, device, equipment and storage medium based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112712357B (en) | 2025-02-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sunyaev et al. | Distributed ledger technology | |
| JP7480222B2 (en) | Method and system for efficient transfer of cryptocurrency associated with payroll payments on a blockchain resulting in an automated payroll payment method and system based on smart contracts | |
| US20230410215A1 (en) | Cryptographic method and system for secure extraction of data from a blockchain | |
| US10992649B2 (en) | Systems and methods for privacy in distributed ledger transactions | |
| CN108009917B (en) | Transaction verification and registration method and system for digital currency | |
| EP3613008B1 (en) | Anonymity and traceability of digital property transactions on a distributed transaction consensus network | |
| US20200213121A1 (en) | Token management system and token management method | |
| KR20180115764A (en) | Tokenizing method and system for implementing exchange in a block chain | |
| CN113439281A (en) | Digital legal currency | |
| JP2022504637A (en) | Distributed ledger for encrypted digital IDs | |
| CN109074434A (en) | Method and system for verifying ownership of digital assets using distributed hash tables and point-to-point distributed ledgers | |
| EP3794768A1 (en) | Improved systems and methods for storage, generation and verification of tokens used to control access to a resource | |
| CN109478279A (en) | Method and system for realizing block chain | |
| WO2020051710A1 (en) | System and process for managing digitized security tokens | |
| JPH09507729A (en) | Cryptographic system and method with key escrow function | |
| US11818271B2 (en) | Linking transactions | |
| CN116057554A (en) | Method for managing transaction data sets, participant unit, transaction register and payment system | |
| CN111711521A (en) | Method and system for resetting private key of blockchain account | |
| CN112712357A (en) | A private key management method and system for multi-institution, multi-chain, multi-currency and multi-account | |
| Lashkami et al. | A blockchain based framework for complete secure data outsourcing with malicious behavior prevention | |
| Li et al. | Post‐Quantum Privacy‐Preserving Provable Data Possession Scheme Based on Smart Contracts | |
| CN114169888A (en) | Universal type multi-signature supporting encryption currency custody method | |
| Nath et al. | Impact of Blockchain to Secure E-Banking Transaction | |
| Shareef et al. | Decentralized Money Transaction Security System using HMBC algorithm | |
| Jondhale et al. | Blockchain in Cloud Computing: Design Challenges |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20241231 Address after: 1104, Building A, Zhiyun Industrial Park, No. 13 Huaxing Road, Tongsheng Community, Dalang Street, Longhua District, Shenzhen City, Guangdong Province, 518000 Applicant after: Shenzhen Hengyuan Zhida Information Technology Co.,Ltd. Country or region after: China Address before: 100123 Room 202, 2 / F, building F1, Dongyi International Media Industrial Park, No.8, Gaojing Cultural Park Road, Chaoyang District, Beijing Applicant before: Puhua Yunchuang Technology (Beijing) Co.,Ltd. Country or region before: China |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20250107 Address after: No. 191 Shuijing Road, Chengguan Town, Nanzhang County, Xiangyang City, Hubei Province, China 441500 Applicant after: Zhao Yueyan Country or region after: China Applicant after: Suzhou Yungang Digital Technology Group Co.,Ltd. Address before: 1104, Building A, Zhiyun Industrial Park, No. 13 Huaxing Road, Tongsheng Community, Dalang Street, Longhua District, Shenzhen City, Guangdong Province, 518000 Applicant before: Shenzhen Hengyuan Zhida Information Technology Co.,Ltd. Country or region before: China |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant |