技术领域technical field
本说明书实施例涉及区块链技术领域,更具体地,涉及一种向区块链中存入用户生物特征的方法和装置、以及一种重置区块链账户密钥的方法和装置。The embodiments of this specification relate to the field of blockchain technology, and more particularly, to a method and device for storing user biometric features in a blockchain, and a method and device for resetting a blockchain account key.
背景技术Background technique
在新一代区块链中,例如在以太坊中,新增了账户的概念,其中,由用户创建的账户为以太坊中的外部账户。通常,每个外部账户拥有一对公私钥,其中,私钥用于进行数字签名,公钥用于验证签名。另外,在各个节点中,在节点本地的数据库中以状态树的形式维持区块链中全部账户的数据表,该状态树为账户地址与账户内容之间的映射,所述账号内容包括,账户余额、账户密钥信息(哈希值)等。用户在进行交易之前,可通过查询状态树而获取对方余额、验证对方密钥信息等。然而,在以太坊中,用户在创建好账户之后必须保存好私钥,如果丢失或忘记私钥,用户将不能访问其账户,即,用户没有重置私钥或找回私钥的功能。而在现有技术的EOS区块链中,使用两个私钥的方式来进行密钥重置,其中,一个私钥用于进行数字签名,另一个私钥用于进行密钥重置。然而,密钥的增多增加了密钥的管理和使用成本。In a new generation of blockchains, such as in Ethereum, the concept of an account is added, in which an account created by a user is an external account in Ethereum. Typically, each external account has a pair of public and private keys, where the private key is used for digital signatures and the public key is used for signature verification. In addition, in each node, the data table of all the accounts in the blockchain is maintained in the form of a state tree in the local database of the node. The state tree is the mapping between the account address and the account content, and the account content includes: Balance, account key information (hash value), etc. Before making a transaction, the user can obtain the balance of the counterparty and verify the key information of the counterparty by querying the state tree. However, in Ethereum, the user must save the private key after creating the account. If the private key is lost or forgotten, the user will not be able to access his account, that is, the user has no function to reset or retrieve the private key. However, in the prior art EOS blockchain, two private keys are used to perform key reset, wherein one private key is used for digital signature and the other private key is used for key reset. However, the proliferation of keys increases the cost of key management and use.
因此,需要一种更有效的在区块链中重置账户密钥的方案。Therefore, a more efficient scheme for resetting account keys in the blockchain is needed.
发明内容SUMMARY OF THE INVENTION
本说明书实施例旨在提供一种更有效的重置区块链账户密钥的方法和装置,以解决现有技术中的不足。The embodiments of this specification aim to provide a more effective method and device for resetting a blockchain account key, so as to solve the deficiencies in the prior art.
为实现上述目的,本说明书一个方面提供一种向区块链中存入用户生物特征的方法,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述方法通过与第一用户的第一账户对应的区块链客户端执行,包括:In order to achieve the above purpose, one aspect of this specification provides a method for storing user biometrics into a blockchain, where the blockchain is a consortium chain, and each full node in the blockchain is the blockchain The consensus node of the chain, the method is executed by the blockchain client corresponding to the first account of the first user, including:
获取所述第一用户的生物特征;obtaining the biometrics of the first user;
获取信任用户列表,所述信任用户列表中包括至少一个第二用户各自的账户标识,所述至少一个第二用户为预设的所述第一用户的信任用户;以及obtaining a trusted user list, where the trusted user list includes respective account identifiers of at least one second user, and the at least one second user is a preset trusted user of the first user; and
向区块链中任一全节点发送用于设置生物特征的第一交易,以使得区块链中的各个全节点分别在其本地的账户数据库中设置与所述第一账户对应的生物特征和信任用户列表,其中,所述第一交易的数据字段中包括所述生物特征和所述信任用户列表。Send a first transaction for setting biometrics to any full node in the blockchain, so that each full node in the blockchain sets the biometrics and biometrics corresponding to the first account in their local account database respectively. A trusted user list, wherein the biometric feature and the trusted user list are included in a data field of the first transaction.
在一个实施例中,获取所述第一用户的生物特征包括,从生物特征采集装置接收所述第一用户的生物特征。In one embodiment, acquiring the biometrics of the first user includes receiving the biometrics of the first user from a biometric collection device.
在一个实施例中,所述生物特征包括以下至少一种特征:人脸、指纹和虹膜。In one embodiment, the biometric features include at least one of the following: a human face, a fingerprint, and an iris.
在一个实施例中,所述数据字段中包括生物特征密文,所述生物特征密文通过由所述客户端以预先获取的所述各个全节点共同协商的第一加密密钥对所述生物特征进行加密而获取。In one embodiment, the data field includes biometric ciphertext, and the biometric ciphertext encrypts the biometrics to the biometrics through a first encryption key pre-obtained by the client and negotiated by the respective full nodes. Features are encrypted and obtained.
本说明书另一方面提供一种向区块链中存入用户生物特征的方法,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述方法通过区块链中作为全节点的第一节点执行,包括:Another aspect of this specification provides a method for storing user biometrics into a blockchain, where the blockchain is a consortium chain, and each full node in the blockchain is a consensus node of the blockchain , the method is executed by the first node as a full node in the blockchain, including:
从区块链中接收由第一账户发出的用于设置生物特征的第一交易,其中,所述第一交易的数据字段中至少包括与第一账户对应的生物特征和信任用户列表;Receive from the blockchain a first transaction for setting biometrics sent by a first account, wherein a data field of the first transaction includes at least the biometrics corresponding to the first account and a list of trusted users;
在对所述第一交易的数字签名的验证通过之后,在本地的账户数据库中添加与所述第一账户对应的生物特征和信任用户列表;以及After the verification of the digital signature of the first transaction is passed, adding a biometric feature and a list of trusted users corresponding to the first account in the local account database; and
将所述第一交易打包到区块中并发送给区块链中的至少一个全节点。The first transaction is packaged into a block and sent to at least one full node in the blockchain.
在一个实施例中,在本地的账户数据库中添加与所述第一账户对应的生物特征和信任用户列表包括,在本地的账户数据库中添加与所述第一账户对应的生物特征密文和信任用户列表,其中,所述生物特征密文通过由所述第一节点以所述各个全节点共同协商的第二加密密钥对所述生物特征进行加密而获取。In one embodiment, adding the biometric feature and trusted user list corresponding to the first account in the local account database includes adding the biometric ciphertext and trust user list corresponding to the first account in the local account database A user list, wherein the biometric ciphertext is obtained by encrypting the biometric feature by the first node with a second encryption key jointly negotiated by the respective full nodes.
在一个实施例中,所述账户数据库为具有MPT树结构的状态树,其中,在本地的账户数据库中添加与所述第一账户对应的生物特征和信任用户列表包括,在本地的所述状态树中的与第一账户对应的叶子节点的值中添加所述生物特征和信任用户列表,并相应地更新所述状态树中与所述叶子节点相关的已有节点的值。In one embodiment, the account database is a state tree with an MPT tree structure, wherein adding the biometric feature and trusted user list corresponding to the first account in the local account database includes: The biometric feature and the list of trusted users are added to the value of the leaf node in the tree corresponding to the first account, and the value of the existing node in the state tree related to the leaf node is updated accordingly.
本说明书另一方面提供一种重置区块链账户密钥的方法,其中,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述各个全节点分别在其本地账户数据库中存储有与第一用户的第一账户对应的第一生物特征和信任用户列表,其中,所述信任用户列表中包括第二用户的第二账户的账户标识,所述方法通过与第二账户对应的区块链客户端执行,包括:Another aspect of this specification provides a method for resetting a blockchain account key, wherein the blockchain is a consortium chain, and each full node in the blockchain is a consensus node of the blockchain , each full node stores a first biometric feature corresponding to the first account of the first user and a list of trusted users in its local account database, wherein the list of trusted users includes the second account of the second user The account identifier of the second account, the method is executed by the blockchain client corresponding to the second account, including:
获取所述第一用户的第二生物特征;obtaining the second biometric feature of the first user;
获取所述第一账户的第二公钥,所述第二公钥将用于替换所述第一账户已有的第一公钥;以及obtaining a second public key of the first account, the second public key will be used to replace the existing first public key of the first account; and
向区块链中任一全节点发送用于重置第一账户公钥的第二交易,其中,所述第二交易的数据字段中包括所述第二生物特征和所述第二公钥,以使得区块链中的各个全节点以所述第二公钥替换其本地存储的所述第一账户的第一公钥。sending a second transaction for resetting the public key of the first account to any full node in the blockchain, wherein the data field of the second transaction includes the second biometric feature and the second public key, So that each full node in the blockchain replaces the first public key of the first account stored locally with the second public key.
在一个实施例中,所述第二交易的数据字段中包括第二生物特征密文,所述第二生物特征密文通过由所述客户端以预先获取的所述各个全节点共同协商的第三加密密钥对所述第二生物特征进行加密而获取。In one embodiment, the data field of the second transaction includes a second biometric ciphertext, and the second biometric ciphertext is obtained by the client with the first negotiated first negotiated by the respective full nodes in advance. Three encryption keys are obtained by encrypting the second biometric feature.
本说明书另一方面提供一种重置区块链账户密钥的方法,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述各个全节点分别在其本地账户数据库中存储有与第一用户的第一账户对应的第一生物特征和信任用户列表,其中,所述信任用户列表中包括第二用户的第二账户的账户标识,所述方法通过区块链中作为全节点的第二节点执行,包括:Another aspect of this specification provides a method for resetting a blockchain account key, where the blockchain is a consortium chain, and each full node in the blockchain is a consensus node of the blockchain, so Each full node stores a first biometric feature corresponding to the first account of the first user and a list of trusted users in its local account database, wherein the trusted user list includes the account of the second account of the second user identification, the method is executed by the second node as a full node in the blockchain, including:
从区块链中接收由所述第二账户发出的用于重置第一账户公钥的第二交易,其中,所述第二交易的数据字段中包括与第一账户对应的第二生物特征和第二公钥,所述第二公钥将用于替换所述第一账户已有的第一公钥;A second transaction sent by the second account for resetting the public key of the first account is received from the blockchain, wherein a data field of the second transaction includes a second biometric feature corresponding to the first account and a second public key, the second public key will be used to replace the existing first public key of the first account;
在对所述第二交易的数字签名的验证通过之后,确定所述第二账户的账户标识是否在所述信任用户列表中,并确定所述第二生物特征与所述第一生物特征是否一致;After the verification of the digital signature of the second transaction is passed, determine whether the account identifier of the second account is in the trusted user list, and determine whether the second biometric feature is consistent with the first biometric feature ;
在确定所述第二账户的账户标识在所述信任用户列表中、且所述第二生物特征与所述第一生物特征一致的情况中,以所述第二公钥替换本地存储的所述第一账户的第一公钥;以及In a case where it is determined that the account identification of the second account is in the trusted user list and the second biometric feature is consistent with the first biometric feature, the locally stored the first public key of the first account; and
将所述第二交易打包到区块中并发送给区块链中的至少一个全节点。The second transaction is packaged into a block and sent to at least one full node in the blockchain.
在一个实施例中,所述各个全节点分别在其本地的账户数据库中存储有与所述第一账户对应的第一生物特征密文,其中,所述第一生物特征密文以所述各个全节点共同协商的第二加密密钥加密,所述方法还包括,在确定所述第二生物特征与所述第一生物特征是否一致之前,使用所述各个全节点共同协商的第二解密密钥对所述第一生物特征密文解密,以获取所述第一生物特征。In one embodiment, each full node stores a first biometric ciphertext corresponding to the first account in its local account database, wherein the first biometric ciphertext is represented by the respective Encryption with a second encryption key jointly negotiated by all nodes, and the method further includes, before determining whether the second biometric feature is consistent with the first biometric feature, using the second decryption key jointly negotiated by all nodes decrypt the first biometric ciphertext with the key to obtain the first biometric.
在一个实施例中,所述第二交易的数据字段中包括第二生物特征密文,所述第二生物特征密文以所述各个全节点共同协商的第三加密密钥加密,所述方法还包括,在确定所述第二生物特征与所述第一生物特征是否一致之前,使用所述各个全节点共同协商的第三解密密钥对所述第一生物特征密文解密,以获取所述第一生物特征。In one embodiment, a data field of the second transaction includes a second biometric ciphertext, and the second biometric ciphertext is encrypted with a third encryption key negotiated by the respective full nodes. The method It also includes, before determining whether the second biometric feature is consistent with the first biometric feature, decrypting the first biometric ciphertext by using the third decryption key negotiated by all the full nodes to obtain the Describe the first biological feature.
在一个实施例中,所述账户数据库中还存储有所述第一账户的公钥哈希值,所述方法还包括,在以所述第二公钥替换本地存储的所述第一账户的第一公钥之后,更新本地的账户数据库中的所述第一账户的公钥哈希值。In one embodiment, the account database further stores a public key hash value of the first account, and the method further includes, replacing the locally stored first account's hash value with the second public key. After the first public key, update the public key hash value of the first account in the local account database.
本说明书另一方面提供一种向区块链中存入用户生物特征的装置,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述装置部署在与第一用户的第一账户对应的区块链客户端,包括:Another aspect of this specification provides a device for storing user biometrics into a blockchain, where the blockchain is a consortium chain, and each full node in the blockchain is a consensus node of the blockchain , the device is deployed on the blockchain client corresponding to the first account of the first user, including:
第一获取单元,配置为,获取所述第一用户的生物特征;a first acquiring unit, configured to acquire the biological characteristics of the first user;
第二获取单元,配置为,获取信任用户列表,所述信任用户列表中包括至少一个第二用户各自的账户标识,所述至少一个第二用户为预设的所述第一用户的信任用户;以及a second obtaining unit, configured to obtain a trusted user list, where the trusted user list includes respective account identifiers of at least one second user, and the at least one second user is a preset trusted user of the first user; as well as
发送单元,配置为,向区块链中任一全节点发送用于设置生物特征的第一交易,以使得区块链中的各个全节点分别在其本地的账户数据库中设置与所述第一账户对应的生物特征和信任用户列表,其中,所述第一交易的数据字段中包括所述生物特征和所述信任用户列表。The sending unit is configured to send a first transaction for setting the biometric feature to any full node in the blockchain, so that each full node in the blockchain sets the first transaction in its local account database with the first transaction. The biometric feature and the list of trusted users corresponding to the account, wherein the data field of the first transaction includes the biometric feature and the list of trusted users.
在一个实施例中,所述第一获取单元还配置为,从生物特征采集装置接收所述第一用户的生物特征。In one embodiment, the first acquisition unit is further configured to receive the biometrics of the first user from a biometrics acquisition device.
本说明书另一方面提供一种向区块链中存入用户生物特征的装置,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述装置部署在区块链中作为全节点的第一节点,包括:Another aspect of this specification provides a device for storing user biometrics into a blockchain, where the blockchain is a consortium chain, and each full node in the blockchain is a consensus node of the blockchain , the device is deployed in the blockchain as the first node of the full node, including:
接收单元,配置为,从区块链中接收由第一账户发出的用于设置生物特征的第一交易,其中,所述第一交易的数据字段中至少包括与第一账户对应的生物特征和信任用户列表;The receiving unit is configured to receive, from the blockchain, a first transaction sent by a first account for setting biometric features, wherein the data field of the first transaction includes at least the biometric feature corresponding to the first account and the list of trusted users;
添加单元,配置为,在对所述第一交易的数字签名的验证通过之后,在本地的账户数据库中添加与所述第一账户对应的生物特征和信任用户列表;以及The adding unit is configured to, after the verification of the digital signature of the first transaction is passed, add the biometric feature and the list of trusted users corresponding to the first account in the local account database; and
打包单元,配置为,将所述第一交易打包到区块中并发送给区块链中的至少一个全节点。The packaging unit is configured to package the first transaction into a block and send it to at least one full node in the blockchain.
在一个实施例中,所述添加单元还配置为,在本地的账户数据库中添加与所述第一账户对应的生物特征密文和信任用户列表,其中,所述生物特征密文通过由所述第一节点以所述各个全节点共同协商的第二加密密钥对所述生物特征进行加密而获取。In one embodiment, the adding unit is further configured to add a biometric ciphertext corresponding to the first account and a list of trusted users in the local account database, wherein the biometric ciphertext is passed by the The first node encrypts the biometric feature with the second encryption key negotiated by all the full nodes to obtain the biometric feature.
在一个实施例中,所述账户数据库为具有MPT树结构的状态树,其中,所述添加单元还配置为,在本地的所述状态树中的与第一账户对应的叶子节点的值中添加所述生物特征和信任用户列表,并相应地更新所述状态树中与所述叶子节点相关的已有节点的值。In one embodiment, the account database is a state tree with an MPT tree structure, wherein the adding unit is further configured to add to the value of the leaf node corresponding to the first account in the local state tree the list of biometrics and trusted users, and update the values of existing nodes in the state tree that are associated with the leaf nodes accordingly.
本说明书另一方面提供一种重置区块链账户密钥的装置,其中,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述各个全节点分别在其本地账户数据库中存储有与第一用户的第一账户对应的第一生物特征和信任用户列表,其中,所述信任用户列表中包括第二用户的第二账户的账户标识,所述装置部署在与第二账户对应的区块链客户端,包括:Another aspect of this specification provides an apparatus for resetting a blockchain account key, wherein the blockchain is a consortium chain, and each full node in the blockchain is a consensus node of the blockchain , each full node stores a first biometric feature corresponding to the first account of the first user and a list of trusted users in its local account database, wherein the list of trusted users includes the second account of the second user The account identifier of the device is deployed on the blockchain client corresponding to the second account, including:
第一获取单元,配置为,获取所述第一用户的第二生物特征;a first acquiring unit, configured to acquire the second biometric feature of the first user;
第二获取单元,配置为,获取所述第一账户的第二公钥,所述第二公钥将用于替换所述第一账户已有的第一公钥;以及a second obtaining unit configured to obtain a second public key of the first account, where the second public key will be used to replace the existing first public key of the first account; and
发送单元,配置为,向区块链中任一全节点发送用于重置第一账户公钥的第二交易,其中,所述第二交易的数据字段中包括所述第二生物特征和所述第二公钥,以使得区块链中的各个全节点以所述第二公钥替换其本地存储的所述第一账户的第一公钥。The sending unit is configured to send a second transaction for resetting the public key of the first account to any full node in the blockchain, wherein the data field of the second transaction includes the second biometric feature and all the second public key, so that each full node in the blockchain replaces the locally stored first public key of the first account with the second public key.
在一个实施例中,所述第二交易的数据字段中包括第二生物特征密文,所述第二生物特征密文通过由所述客户端以预先获取的所述各个全节点共同协商的第三加密密钥对所述第二生物特征进行加密而获取。In one embodiment, the data field of the second transaction includes a second biometric ciphertext, and the second biometric ciphertext is obtained by the client with the first negotiated first negotiated by the respective full nodes in advance. Three encryption keys are obtained by encrypting the second biometric feature.
本说明书另一方面提供一种重置区块链账户密钥的装置,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述各个全节点分别在其本地账户数据库中存储有与第一用户的第一账户对应的第一生物特征和信任用户列表,其中,所述信任用户列表中包括第二用户的第二账户的账户标识,所述装置部署在区块链中作为全节点的第二节点,包括:Another aspect of this specification provides a device for resetting a blockchain account key, where the blockchain is a consortium chain, and each full node in the blockchain is a consensus node of the blockchain, so Each full node stores a first biometric feature corresponding to the first account of the first user and a list of trusted users in its local account database, wherein the trusted user list includes the account of the second account of the second user identification, the device is deployed in the blockchain as the second node of the full node, including:
接收单元,配置为,从区块链中接收由所述第二账户发出的用于重置第一账户公钥的第二交易,其中,所述第二交易的数据字段中包括与第一账户对应的第二生物特征和第二公钥,所述第二公钥将用于替换所述第一账户已有的第一公钥;a receiving unit configured to receive, from the blockchain, a second transaction sent by the second account for resetting the public key of the first account, wherein a data field of the second transaction includes a connection with the first account a corresponding second biometric feature and a second public key, the second public key will be used to replace the existing first public key of the first account;
确定单元,配置为,在对所述第二交易的数字签名的验证通过之后,确定所述第二账户的账户标识是否在所述信任用户列表中,并确定所述第二生物特征与所述第一生物特征是否一致;a determining unit, configured to, after the verification of the digital signature of the second transaction is passed, determine whether the account identifier of the second account is in the trusted user list, and determine whether the second biometric feature is the same as the Whether the first biological feature is consistent;
替换单元,配置为,在确定所述第二账户的账户标识在所述信任用户列表中、且所述第二生物特征与所述第一生物特征一致的情况中,以所述第二公钥替换本地存储的所述第一账户的第一公钥;以及A replacement unit, configured to, in a case where it is determined that the account identifier of the second account is in the trusted user list and the second biometric feature is consistent with the first biometric feature, use the second public key replacing the locally stored first public key of the first account; and
打包单元,配置为,将所述第二交易打包到区块中并发送给区块链中的至少一个全节点。The packaging unit is configured to package the second transaction into a block and send it to at least one full node in the blockchain.
在一个实施例中,所述各个全节点分别在其本地的账户数据库中存储有与所述第一账户对应的第一生物特征密文,其中,所述第一生物特征密文以所述各个全节点共同协商的第二加密密钥加密,所述装置还包括,第一解密单元,配置为,在确定所述第二生物特征与所述第一生物特征是否一致之前,使用所述各个全节点共同协商的第二解密密钥对所述第一生物特征密文解密,以获取所述第一生物特征。In one embodiment, each full node stores a first biometric ciphertext corresponding to the first account in its local account database, wherein the first biometric ciphertext is represented by the respective Encryption with a second encryption key jointly negotiated by all nodes, the apparatus further includes a first decryption unit configured to, before determining whether the second biometric feature is consistent with the first biometric feature, use the respective full The second decryption key jointly negotiated by the nodes decrypts the first biometric ciphertext to obtain the first biometric feature.
在一个实施例中,所述第二交易的数据字段中包括第二生物特征密文,所述第二生物特征密文以所述各个全节点共同协商的第三加密密钥加密,所述装置还包括,第二解密单元,配置为,在确定所述第二生物特征与所述第一生物特征是否一致之前,使用所述各个全节点共同协商的第三解密密钥对所述第一生物特征密文解密,以获取所述第一生物特征。In one embodiment, the data field of the second transaction includes a second biometric ciphertext, and the second biometric ciphertext is encrypted with a third encryption key negotiated by the respective full nodes, and the device It also includes a second decryption unit, configured to, before determining whether the second biometric feature is consistent with the first biometric feature, use a third decryption key negotiated by each of the full nodes to decrypt the first biometric feature. The signature ciphertext is decrypted to obtain the first biometric signature.
在一个实施例中,所述账户数据库中还存储有所述第一账户的公钥哈希值,所述装置还包括,更新单元,配置为,在以所述第二公钥替换本地存储的所述第一账户的第一公钥之后,更新本地的账户数据库中的所述第一账户的公钥哈希值。In one embodiment, the account database further stores a public key hash value of the first account, and the apparatus further includes an update unit configured to replace the locally stored hash value with the second public key. After the first public key of the first account is obtained, the hash value of the public key of the first account in the local account database is updated.
本说明书另一方面提供一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行上述任一项方法。Another aspect of the present specification provides a computer-readable storage medium on which a computer program is stored, when the computer program is executed in a computer, the computer is made to execute any one of the above methods.
本说明书另一方面提供一种计算设备,包括存储器和处理器,其特征在于,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现上述任一项方法。Another aspect of the present specification provides a computing device including a memory and a processor, wherein executable code is stored in the memory, and when the processor executes the executable code, any one of the foregoing methods is implemented.
在根据本说明书实施例的方案中,通过结合用户生物特征及相应的账户数据库中对账户内容的配置,实现了区块链中的重置账户密钥的功能,相比于现有技术中使用两个私钥用于密钥重置的方案,节省了密钥的管理成本,方便了用户的操作。In the solution according to the embodiment of this specification, the function of resetting the account key in the blockchain is realized by combining the user's biometric characteristics and the configuration of the account content in the corresponding account database, which is compared with the use in the prior art. The scheme that two private keys are used for key reset saves the cost of key management and facilitates user operations.
附图说明Description of drawings
通过结合附图描述本说明书实施例,可以使得本说明书实施例更加清楚:By describing the embodiments of the present specification in conjunction with the accompanying drawings, the embodiments of the present specification can be made clearer:
图1示出根据本说明书实施例的区块链账户维护系统;FIG. 1 shows a blockchain account maintenance system according to an embodiment of the present specification;
图2示出根据本说明书实施例的一种向区块链中存入用户生物特征的方法;FIG. 2 shows a method for storing user biometrics into a blockchain according to an embodiment of the present specification;
图3示出根据本说明书实施例的一种重置区块链账户密钥的方法;3 shows a method for resetting a blockchain account key according to an embodiment of the present specification;
图4示出根据本说明书实施例的在第一客户端、第二客户端和区块链平台之间实施图2和图3所示方法的交互示意图;FIG. 4 shows a schematic diagram of interaction between the first client, the second client and the blockchain platform for implementing the methods shown in FIGS. 2 and 3 according to an embodiment of the present specification;
图5示出根据本说明书实施例的一种向区块链中存入用户生物特征的装置500;FIG. 5 shows an apparatus 500 for storing user biometrics into a blockchain according to an embodiment of the present specification;
图6示出根据本说明书实施例的一种向区块链中存入用户生物特征的装置600;FIG. 6 shows a device 600 for storing user biometric features into a blockchain according to an embodiment of the present specification;
图7示出根据本说明书实施例的一种重置区块链账户密钥的装置700;FIG. 7 shows an apparatus 700 for resetting a blockchain account key according to an embodiment of the present specification;
图8示出根据本说明书实施例的一种重置区块链账户密钥的装置800。FIG. 8 shows an apparatus 800 for resetting a blockchain account key according to an embodiment of the present specification.
具体实施方式Detailed ways
下面将结合附图描述本说明书实施例。The embodiments of the present specification will be described below with reference to the accompanying drawings.
图1示出根据本说明书实施例的区块链账户维护系统。如图1所示,所述系统中包括构成区块链的多个全节点(图中示意示出6个全节点),这些节点两两相连,其中例如包括节点11、节点12和节点13,所述区块链为联盟链,其中的各个全节点为联盟链中可参与共识的节点,其相当于区块链平台的各个服务器,并且所述各个全节点是可信任节点,其与至少一个可信任机构相对应。所述系统还包括区块链的客户端14、客户端15,所述客户端例如为区块链中的轻钱包节点,其依赖于上述各个全节点进行交易。其中,客户端14例如为第一用户的第一账户的客户端,客户端15例如为第二用户的第二账户的客户端。FIG. 1 shows a blockchain account maintenance system according to an embodiment of the present specification. As shown in Figure 1, the system includes multiple full nodes (6 full nodes are schematically shown in the figure) that constitute the blockchain, and these nodes are connected in pairs, including, for example, node 11, node 12 and node 13, The blockchain is a consortium chain, in which each full node is a node in the consortium chain that can participate in consensus, which is equivalent to each server of the blockchain platform, and each full node is a trusted node, which is associated with at least one Corresponding trusted institutions. The system also includes a client 14 and a client 15 of the blockchain, and the client is, for example, a light wallet node in the blockchain, which relies on each of the above-mentioned full nodes to perform transactions. The client 14 is, for example, the client of the first account of the first user, and the client 15 is, for example, the client of the second account of the second user.
在该区块链中,每个全节点本地都维护有账户数据库,其例如为图中右下部分所示的状态树,该状态树例如为MPT树,该MPT树的叶子节点为各个账户的账户内容(如包括账户余额、账户生物特征信息、信任账户列表、账户密钥信息等信息),MPT树在叶子节点上方的各个父节点包括账户的至少一个地址字符和对应于其全部子节点的哈希值,其中,该MPT树的根节点的值为该树的状态根。通过该状态树,节点在本地可通过账户地址获取用户的生物特征以用于重置用户的密钥。可以理解,所述账户数据库不限于为MPT状态树的形式,也可以为其它数据库形式,如Merkle树、Trie树等。In the blockchain, each full node maintains an account database locally, such as the state tree shown in the lower right part of the figure. The state tree is, for example, an MPT tree, and the leaf nodes of the MPT tree are each account Account content (such as account balance, account biometric information, trusted account list, account key information, etc.), each parent node above the leaf node of the MPT tree includes at least one address character of the account and corresponding to all its child nodes. Hash value, where the value of the root node of the MPT tree is the state root of the tree. Through this state tree, the node can locally obtain the user's biometrics through the account address for resetting the user's key. It can be understood that the account database is not limited to be in the form of an MPT state tree, and may also be in other database forms, such as a Merkle tree, a Trie tree, and the like.
例如,上述第一用户可通过其客户端14向任一全节点发送设置生物特征的交易,从而使得区块链中的各个全节点分别在其本地的账户数据库中设置与所述第一账户对应的生物特征和信任用户列表。For example, the above-mentioned first user can send a transaction for setting biometric features to any full node through its client 14, so that each full node in the blockchain can set the corresponding first account in its local account database respectively. list of biometrics and trusted users.
图中左下部示意示出了由客户端14发送的交易Tx,假设客户端14为第一用户Bob的客户端,(0xf5e…)为新生成的Bob的账户地址,客户端14将该交易发送给节点11,节点11的账户地址为(0x6f8…),其中“Data”为该交易中的数据字段,其例如为与所述第一用户的第一账户对应的生物特征和信任用户列表,图中的数字签名“0x93a”为通过第一账户的私钥对该交易中的数据字段进行加密所获取的加密数据。The lower left part of the figure schematically shows the transaction Tx sent by the client 14, assuming that the client 14 is the client of the first user Bob, (0xf5e...) is the account address of the newly generated Bob, and the client 14 sends the transaction For node 11, the account address of node 11 is (0x6f8...), wherein "Data" is the data field in the transaction, which is, for example, the biometric and trusted user list corresponding to the first account of the first user, Fig. The digital signature "0x93a" in is the encrypted data obtained by encrypting the data field in the transaction with the private key of the first account.
节点11在接收到该交易之后,用预先获取的第一账户的公钥验证该交易的数字签名,以验证交易数据的未被篡改,并将该交易发送给区块链中的其它全节点(例如节点12),从而扩散到区块链中的每个全节点。节点13例如被确定为该交易的记账节点,其在验证该交易数字签名之后,更新其本地的账户状态树,即,在状态树中更新与该账户地址对应的叶子节点的值,即在该叶子节点中增加所述生物特征和信任用户列表,并更新该状态树的其它相关节点的值,其中包括根节点的状态根(state root),并将该交易打包到区块中以存入区块链中,其中,所述区块的区块头中包括所述更新的状态根。节点13将新生成的区块发送给所述区块链中的至少一个全节点之后,在经过预定数目的全节点的验证之后达成共识,从而在区块链中生成新的区块,各个节点根据新生成的区块更新其本地的账户状态树,从而达到全网一致。After receiving the transaction, node 11 uses the pre-acquired public key of the first account to verify the digital signature of the transaction to verify that the transaction data has not been tampered with, and sends the transaction to other full nodes in the blockchain ( such as node 12), thus spreading to every full node in the blockchain. Node 13 is, for example, determined as the accounting node of the transaction, and after verifying the digital signature of the transaction, it updates its local account state tree, that is, updates the value of the leaf node corresponding to the account address in the state tree, that is, in the state tree. The leaf node adds the biometric feature and the list of trusted users, and updates the values of other related nodes in the state tree, including the state root of the root node, and packs the transaction into a block for storage in In the blockchain, the block header of the block includes the updated state root. After the node 13 sends the newly generated block to at least one full node in the blockchain, a consensus is reached after verification by a predetermined number of full nodes, so that a new block is generated in the blockchain, and each node Update its local account state tree according to the newly generated block, so as to achieve the consistency of the whole network.
所述信任用户列表例如包括上述第二用户的第二账户的账户标识,当第一用户丢失私钥希望重置密钥(即公钥)时,第一用户可通过第二用户进行第一账户密钥重置。第二用户在采集第一用户的生物特征之后,可通过与其第二账户对应的客户端15向区块链中任一全节点(例如节点11)发送用于重置第一账户公钥的第二交易,以使得区块链中的各个全节点以第一用户的新的公钥替换其本地存储的所述第一用户的之前使用的公钥。The trusted user list includes, for example, the account identifier of the second account of the above-mentioned second user. When the first user loses the private key and wishes to reset the key (ie, the public key), the first user can use the second user to make the first account. Key reset. After the second user collects the biometrics of the first user, the client 15 corresponding to his second account can send the first information for resetting the public key of the first account to any full node (eg node 11) in the blockchain. Second transaction, so that each full node in the blockchain replaces the previously used public key of the first user stored locally with the new public key of the first user.
下面将详细描述上述区块链账户密钥重置过程。The above-mentioned blockchain account key reset process will be described in detail below.
图2示出根据本说明书实施例的一种向区块链中存入用户生物特征的方法,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述方法通过第一用户的与第一账户对应的区块链客户端执行,包括:Fig. 2 shows a method for storing user biometrics into a blockchain according to an embodiment of the present specification, the blockchain is a consortium chain, and each full node in the blockchain is the block The consensus node of the chain, the method is executed by the first user's blockchain client corresponding to the first account, including:
在步骤S202,获取所述第一用户的生物特征;In step S202, obtain the biological characteristics of the first user;
在步骤S204,获取信任用户列表,所述信任用户列表中包括至少一个第二用户各自的账户标识,所述至少一个第二用户为预设的所述第一用户的信任用户;以及In step S204, a trusted user list is obtained, the trusted user list includes respective account identifiers of at least one second user, and the at least one second user is a preset trusted user of the first user; and
在步骤S206,向区块链中任一全节点发送用于设置生物特征的第一交易,以使得区块链中的各个全节点分别在其本地的账户数据库中设置与所述第一账户对应的生物特征和信任用户列表,其中,所述第一交易的数据字段中包括所述生物特征和所述信任用户列表。In step S206, send a first transaction for setting the biometric feature to any full node in the blockchain, so that each full node in the blockchain sets the corresponding first account in its local account database respectively The biometric feature and trusted user list, wherein the biometric feature and the trusted user list are included in the data field of the first transaction.
如上文所述,所述区块链为联盟链,所述区块链的各个全节点与至少一个信任机构相对应,其相当于是区块链平台的各个服务器,用于提供区块链中的存储功能和运算功能,如存储账户状态树、存储区块、验证交易、记账、共识等。用户以从其客户端(即区块链轻节点)向这些全节点发送交易的方式向区块链中存入其生物特征,即在各个全节点的账户状态树中分别存入其生物特征,从而用户在需要重置密钥时可通过各个全节点基于其本地的该用户的生物特征进行密钥重置。而各个全节点基于区块链架构保证了其各自的数据库中的数据的不可篡改性,相比于普通服务器增加了安全性。As mentioned above, the blockchain is a consortium chain, and each full node of the blockchain corresponds to at least one trust institution, which is equivalent to each server of the blockchain platform, which is used to provide information in the blockchain. Storage functions and computing functions, such as storing account state trees, storing blocks, verifying transactions, bookkeeping, consensus, etc. Users store their biometrics into the blockchain by sending transactions from their clients (ie, blockchain light nodes) to these full nodes, that is, store their biometrics in the account status tree of each full node, respectively. Therefore, when the user needs to reset the key, each full node can reset the key based on the local biometric characteristics of the user. Based on the blockchain architecture, each full node ensures that the data in its own database cannot be tampered with, which increases security compared to ordinary servers.
下面具体描述该方法的各个步骤的实施过程。The implementation process of each step of the method will be described in detail below.
首先,在步骤S202,获取所述第一用户的生物特征。First, in step S202, biometric features of the first user are acquired.
所述生物特征可以为人脸、指纹、虹膜等生物特征中的一种或多种特征。可通过对应的特征采集装置采集相应的生物特征。例如,可通过相机采集人脸、虹膜等特征,通过指纹采集装置采集指纹等。所述客户端可以指用户的终端,也可以指用户终端上的APP。在客户端为用户终端的情况中,该客户端可自带上述各种特征采集装置,以进行特征采集并获取相应的特征,或者该客户端可与相应的特征采集装置连接,并从该特征采集装置接收相应的特征。The biometrics may be one or more of biometrics such as face, fingerprint, and iris. Corresponding biological features can be collected through a corresponding feature collection device. For example, features such as face and iris can be collected by a camera, and fingerprints can be collected by a fingerprint collection device. The client may refer to a user's terminal, or may refer to an APP on the user's terminal. In the case where the client terminal is a user terminal, the client terminal may have its own various feature collection devices mentioned above to perform feature collection and obtain corresponding features, or the client terminal may be connected to a corresponding feature collection device, and the feature collection device may be used to obtain the corresponding features. The acquisition device receives the corresponding characteristics.
在步骤S204,获取信任用户列表,所述信任用户列表中包括至少一个第二用户各自的账户标识,所述至少一个第二用户为预设的所述第一用户的信任用户。In step S204, a trusted user list is obtained, where the trusted user list includes respective account identifiers of at least one second user, and the at least one second user is a preset trusted user of the first user.
所述第一用户在向区块链存入生物特征的同时,会存入该信任用户列表,以用于通过该第二用户进行基于生物特征的密钥重置。也就是说,第二用户是第一用户的可信任用户。例如,所述第一用户和第二用户可以为夫妻关系,第一用户的隐私信息可以不用对第二用户保留,从而,第一用户在丢失密钥时,可通过第二用户重置密钥。所述至少一个第二用户各自的账户标识例如为各个第二用户的区块链账户地址,可以理解,该账户标识不限于为账户地址,只要其与第二用户是唯一对应的即可,例如,用户的区块链账户地址是实名认证的,从而所述账户标识可以为第二用户的身份标识等等。When the first user saves the biometrics to the blockchain, the trusted user list is also stored for the biometrics-based key reset by the second user. That is, the second user is a trusted user of the first user. For example, the first user and the second user may be in a relationship of husband and wife, and the private information of the first user may not be kept for the second user. Therefore, when the first user loses the key, the second user can reset the key . The respective account identifier of the at least one second user is, for example, the blockchain account address of each second user. It can be understood that the account identifier is not limited to the account address, as long as it uniquely corresponds to the second user, for example , the user's blockchain account address is real-name authentication, so the account identifier can be the second user's identifier and so on.
在步骤S206,向区块链中任一全节点发送用于设置生物特征的第一交易,以使得区块链中的各个全节点分别在其本地的账户数据库中设置与所述第一账户对应的生物特征和信任用户列表,其中,所述第一交易的数据字段中包括所述生物特征和所述信任用户列表。In step S206, send a first transaction for setting the biometric feature to any full node in the blockchain, so that each full node in the blockchain sets the corresponding first account in its local account database respectively The biometric feature and trusted user list, wherein the biometric feature and the trusted user list are included in the data field of the first transaction.
如图1中所示,所述第一交易例如包括以下三个字段“From”、“To”和“Data”。其中“From”字段可填入发送者的账户地址,即第一账户的账户地址,其例如为图1中Bob的账户地址。“To”字段中可填入待发送节点的账户地址,例如图1中节点11的账户地址。可以理解,第一用户不限于将该交易发送给节点11,而是可以发送给区块链中的任一全节点。“Data”字段即交易中的数据字段,对于该第一交易,其数据字段中包括上述获取的生物特征和信任用户列表。As shown in FIG. 1 , the first transaction includes, for example, the following three fields "From", "To" and "Data". The "From" field can be filled with the sender's account address, that is, the account address of the first account, which is, for example, Bob's account address in FIG. 1 . The "To" field can be filled with the account address of the node to be sent, such as the account address of the node 11 in FIG. 1 . It can be understood that the first user is not limited to sending the transaction to node 11, but can send it to any full node in the blockchain. The "Data" field is the data field in the transaction. For the first transaction, the data field includes the biometric feature and trusted user list obtained above.
为了保证该交易的不可篡改性,第一用户将使用第一账户的私钥对该交易进行数字签名。客户端14在将带有上述数字签名的第一交易发送给节点11之后,节点11利用预先获取的第一账户的公钥对该数字签名进行解密以用于验证该数据字段未被篡改。节点11在对第一交易数字签名的验证通过之后,将该第一交易发送给其连接的至少一个全节点,从而将第一交易广播到区块链中。如图1中所示,节点13例如为用于存储该第一交易的记账节点,节点13在从区块链接收到该由第一账户发出的第一交易之后,首先与节点11一样地验证该交易的数字签名,并在验证通过之后更新本地的账户数据库。该账户数据库例如为MPT树结构,可将该账户数据库称为状态树。具体是,节点13在状态树中更新与该账户地址对应的叶子节点,即在与该账户地址对应的叶子节点中添加与该账户对应的生物特征和信任用户列表字段信息,并相应地更新该状态树中与该叶子节点相关的已有节点的值,所述相关节点包括该状态树的根节点,该根节点的值为该状态树的状态根,所述叶子节点的值为与该账户地址对应的账户内容。In order to ensure the immutability of the transaction, the first user will use the private key of the first account to digitally sign the transaction. After the client 14 sends the first transaction with the above digital signature to the node 11, the node 11 decrypts the digital signature using the pre-acquired public key of the first account to verify that the data field has not been tampered with. After passing the verification of the digital signature of the first transaction, the node 11 sends the first transaction to at least one full node connected to it, thereby broadcasting the first transaction to the blockchain. As shown in FIG. 1 , the node 13 is, for example, an accounting node for storing the first transaction. After receiving the first transaction sent by the first account from the block chain, the node 13 first performs the same procedure as the node 11. Verify the digital signature of the transaction and update the local account database after verification. The account database is, for example, an MPT tree structure, and the account database may be called a state tree. Specifically, the node 13 updates the leaf node corresponding to the account address in the state tree, that is, adds the biometric feature and trusted user list field information corresponding to the account in the leaf node corresponding to the account address, and updates the account accordingly. The value of the existing node related to the leaf node in the state tree, the relevant node includes the root node of the state tree, the value of the root node is the state root of the state tree, and the value of the leaf node is related to the account The content of the account corresponding to the address.
在更新所述第一账户的账户内容之后,所述账户内容至少包括以下字段:所述账户标识、所述账户的余额、用户生物特征、信任用户列表,所述账户内容不限于包括上述字段,例如,所述账户内容还可包括所述第一公钥的哈希值等字段信息。After updating the account content of the first account, the account content at least includes the following fields: the account identifier, the account balance, the user biometric feature, and the trusted user list, and the account content is not limited to including the above fields, For example, the account content may further include field information such as a hash value of the first public key.
节点13在更新状态树之后,如果该第一交易是将要打包的区块中的最后一个交易,节点13将该状态树的状态根写到该区块的区块头中的状态根字段中,另外还如本领域中已知的,在该区块头中还填入交易根、收据根等,从而生成一个新的区块,将该区块存入本地区块数据块中,并将该新生成的区块广播到区块链中,以存入到区块链中。After the node 13 updates the state tree, if the first transaction is the last transaction in the block to be packaged, the node 13 writes the state root of the state tree into the state root field in the block header of the block. Also as known in the art, the block header is also filled with transaction root, receipt root, etc., thereby generating a new block, storing the block in the local block data block, and generating the new block. The blocks are broadcast to the blockchain for deposit into the blockchain.
区块链中的预定数目的其它全节点在接收到该新生成的区块之后,通过区块头中的状态根、交易根、收据根等对该区块进行验证,并在验证通过之后,与节点13类似地更新本地的状态树,将该区块存入本地区块数据块中,从而对该区块的生成达成共识。区块链中的其它全节点然后可直接下载该区块,并基于该区块更新本地的状态树。After receiving the newly generated block, a predetermined number of other full nodes in the blockchain verify the block through the status root, transaction root, receipt root, etc. The node 13 similarly updates the local state tree and stores the block in the local block data block, thereby reaching a consensus on the generation of the block. Other full nodes in the blockchain can then directly download the block and update their local state tree based on the block.
在一个实施例中,在所述第一交易的数据字段中包括生物特征密文,所述生物特征密文通过由所述客户端14以预先获取的所述各个全节点共同协商的第一加密密钥对所述生物特征进行加密而获取。相应地,节点13可在本地账户状态树中存入该生物特征密文,并且在存入区块链的区块中也包括该生物特征密文,从而可进一步保护用户的隐私安全。In one embodiment, biometric ciphertext is included in the data field of the first transaction, and the biometric ciphertext is encrypted by the client 14 with the pre-acquired first encryption negotiated by each of the full nodes The key is obtained by encrypting the biometric feature. Correspondingly, the node 13 can store the biometric ciphertext in the local account state tree, and also include the biometric ciphertext in the block stored in the blockchain, so that the user's privacy can be further protected.
在一个实施例中,节点13在将第一用户的生物特征设置到状态树中的相应账户内容中之前,使用各个全节点共同协商的第二加密密钥对该生物特征进行加密,并将加密的生物特征设置到状态树中。在一个实施例中,如上文所述,在所述第一交易的数据字段中包括生物特征密文,所述生物特征密文通过由所述客户端14以预先获取的所述各个全节点共同协商的第一加密密钥对所述生物特征进行加密而获取,出于安全的考虑,节点13首先使用各个全节点共同协商的第一解密密钥对该生物特征密文进行解密,以获取生物特征的明文,再使用各个全节点共同协商的第二加密密钥对该生物特征进行加密,以获取新的生物特征密文并存入状态树中。In one embodiment, the node 13 encrypts the biometric feature of the first user using a second encryption key negotiated by all nodes before setting the biometric feature of the first user into the corresponding account content in the state tree, and encrypts the biometric feature. biometric settings into the state tree. In one embodiment, as described above, a biometric ciphertext is included in the data field of the first transaction, and the biometric ciphertext is shared by the client 14 with each of the full nodes pre-obtained The negotiated first encryption key is obtained by encrypting the biometric feature. For security reasons, the node 13 first decrypts the biometric ciphertext using the first decryption key negotiated by all nodes to obtain the biometric feature. The plaintext of the feature is encrypted, and the biometric feature is encrypted using the second encryption key negotiated by all nodes to obtain a new biometric feature ciphertext and store it in the state tree.
图3示出根据本说明书实施例的一种重置区块链账户密钥的方法,其中,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述各个全节点分别在其本地账户数据库中存储有与第一用户的第一账户对应的第一生物特征和信任用户列表,其中,所述信任用户列表中包括第二用户的第二账户的账户标识,所述方法通过与第二账户对应的区块链客户端执行,包括:3 shows a method for resetting a blockchain account key according to an embodiment of the present specification, wherein the blockchain is a consortium chain, and each full node in the blockchain is the block The consensus node of the chain, each full node stores in its local account database the first biometric feature corresponding to the first account of the first user and a list of trusted users, wherein the list of trusted users includes the second user The account identifier of the second account, the method is executed by the blockchain client corresponding to the second account, including:
在步骤S302,获取所述第一用户的第二生物特征;In step S302, acquiring the second biometric feature of the first user;
在步骤S304,获取所述第一账户的第二公钥,所述第二公钥将用于替换所述第一账户已有的第一公钥;以及In step S304, a second public key of the first account is obtained, and the second public key will be used to replace the existing first public key of the first account; and
在步骤S306,向区块链中任一全节点发送用于重置第一账户公钥的第二交易,其中,所述第二交易的数据字段中包括所述第二生物特征和所述第二公钥,以使得区块链中的各个全节点以所述第二公钥替换其本地存储的所述第一账户的第一公钥。In step S306, a second transaction for resetting the public key of the first account is sent to any full node in the blockchain, wherein the data field of the second transaction includes the second biometric feature and the first account. Second public key, so that each full node in the blockchain replaces the first public key of the first account stored locally with the second public key.
例如如图1中所示,客户端14在进行图2所示方法之后,使得区块链中各个全节点分别在其账户数据库中存入与第一账户对应的生物特征和信任用户列表之后,其中所述信任用户列表中包括第二用户的第二账户,从而,当第一用户丢失私钥时,其可以通过第二用户的客户端重置密钥。For example, as shown in FIG. 1, after the client 14 performs the method shown in FIG. 2, each full node in the blockchain stores the biometric feature corresponding to the first account and the list of trusted users in its account database, respectively, The trusted user list includes the second account of the second user, so that when the first user loses the private key, he can reset the key through the client of the second user.
具体是,首先,在步骤S302,获取所述第一用户的第二生物特征。例如,如图1所示,第一用户可来到客户端15所在地,以进行生物特征的采集,或者,第一用户可自行采集生物特征之后以安全的方式将该生物特征发送给第二用户的客户端15。这里,以第二生物特征表示通过客户端15获取的第一用户的生物特征,以与上文中通过客户端14获取的并存入状态树中的第一用户的生物特征(在此将其表示为第一生物特征)相区分。Specifically, first, in step S302, the second biometric feature of the first user is acquired. For example, as shown in FIG. 1 , the first user may come to the location of the client 15 to collect biometrics, or the first user may collect the biometrics by himself and then send the biometrics to the second user in a secure manner client 15. Here, the biometric characteristics of the first user acquired through the client terminal 15 are represented by the second biometric characteristics, so as to be the same as the biometric characteristics of the first user acquired through the client terminal 14 and stored in the state tree (herein represented as for the first biometric).
在步骤S304,获取所述第一账户的第二公钥,所述第二公钥将用于替换所述第一账户已有的第一公钥。In step S304, a second public key of the first account is obtained, and the second public key will be used to replace the existing first public key of the first account.
例如,客户端15可从客户端14接收重新生成的第一账户的第二公钥。或者,可由第二用户从第一用户获取该第二公钥,并由第二用户在客户端15输入该第二公钥等等。For example, client 15 may receive from client 14 a regenerated second public key for the first account. Alternatively, the second public key may be obtained by the second user from the first user, and the second public key may be input by the second user at the client 15, and so on.
在步骤S306,向区块链中任一全节点发送用于重置第一账户公钥的第二交易,其中,所述第二交易的数据字段中包括所述第二生物特征和所述第二公钥,以使得区块链中的各个全节点以所述第二公钥替换其本地存储的所述第一账户的第一公钥。In step S306, a second transaction for resetting the public key of the first account is sent to any full node in the blockchain, wherein the data field of the second transaction includes the second biometric feature and the first account. Second public key, so that each full node in the blockchain replaces the first public key of the first account stored locally with the second public key.
与上述第一交易类似地,第二交易的“From”字段可填入例如图1中客户端15对应的第二账户的账户地址,“To”字段中可填入待发送节点的账户地址,例如图1中节点11的账户地址,“Data”字段中包括上述获取的所述第二生物特征和所述第二公钥。Similar to the above-mentioned first transaction, the "From" field of the second transaction can be filled with, for example, the account address of the second account corresponding to the client 15 in FIG. 1, and the "To" field can be filled with the account address of the node to be sent, For example, in the account address of the node 11 in FIG. 1 , the "Data" field includes the second biometric feature and the second public key obtained above.
同样地,为了保证该交易的不可篡改性,第二用户将使用第二账户的私钥对该第二交易进行数字签名。客户端15在将带有上述数字签名的第二交易发送给节点11之后,节点11利用预先获取的第二账户的公钥对该数字签名进行解密以用于验证该数据字段未被篡改。节点11在对第二交易数字签名的验证通过之后,将该第二交易发送给其连接的至少一个全节点,从而将第一交易广播到区块链中。Likewise, in order to ensure the immutability of the transaction, the second user will use the private key of the second account to digitally sign the second transaction. After the client 15 sends the second transaction with the above digital signature to the node 11, the node 11 decrypts the digital signature using the pre-acquired public key of the second account to verify that the data field has not been tampered with. After the verification of the digital signature of the second transaction is passed, the node 11 sends the second transaction to at least one full node to which it is connected, thereby broadcasting the first transaction to the blockchain.
如图1中所示,节点13例如为用于存储该第二交易的记账节点,节点13在从区块链接收到该由第二账户发出的第二交易之后,首先与节点11一样地验证该交易的数字签名,并在验证通过之后,确定所述第二账户(客户端15对应的账户)的账户标识是否在第一账户的信任用户列表中,并确定所述第二生物特征与所述第一生物特征是否一致。具体是,节点13可从本地的账户状态树中获取与第一账户对应的信任用户列表和第一生物特征,从而基于该信任用户列表确定所述第二账户的账户标识是否在所述信任用户列表中,通过将第二交易中的第二生物特征与第一生物特征进行比较,从而确定所述第二生物特征与所述第一生物特征是否一致。在确定所述第二账户的账户标识在所述信任用户列表中、且所述第二生物特征与所述第一生物特征一致的情况中,节点13以所述第二公钥替换本地存储的所述第一账户的第一公钥,并将所述第二交易打包到区块中并发送给区块链中的至少一个全节点。在账户状态树中包括公钥哈希值的情况中,节点13还可以相应地更新本地状态树中的公钥哈希值。As shown in FIG. 1 , the node 13 is, for example, an accounting node for storing the second transaction. After receiving the second transaction sent by the second account from the block chain, the node 13 first performs the same procedure as the node 11. Verify the digital signature of the transaction, and after the verification is passed, determine whether the account identifier of the second account (the account corresponding to the client 15) is in the trusted user list of the first account, and determine whether the second biometric feature matches the Whether the first biometrics are consistent. Specifically, the node 13 can obtain the trusted user list and the first biometric feature corresponding to the first account from the local account status tree, so as to determine whether the account identifier of the second account is in the trusted user list based on the trusted user list In the list, by comparing the second biometric feature in the second transaction with the first biometric feature, it is determined whether the second biometric feature is consistent with the first biometric feature. In the case of determining that the account identifier of the second account is in the trusted user list, and the second biometric feature is consistent with the first biometric feature, the node 13 replaces the locally stored one with the second public key The first public key of the first account, and the second transaction is packaged into a block and sent to at least one full node in the blockchain. In the case where the public key hash value is included in the account state tree, the node 13 may also update the public key hash value in the local state tree accordingly.
区块链中的预定数目的其它全节点在接收到该新生成的区块之后,在对该区块验证通过之后,在本地存储该区块,与节点13类似地更新本地的第一用户的公钥,并对该区块的生成达成共识。区块链中的其它全节点然后可直接下载该区块,并基于该区块更新本地的第一用户的公钥。After receiving the newly generated block, a predetermined number of other full nodes in the blockchain store the block locally after passing the verification of the block, and update the local first user's information similarly to the node 13. public key and reach a consensus on the generation of the block. Other full nodes in the blockchain can then directly download the block and update the local first user's public key based on the block.
在一个实施例中,所述各个全节点分别在其本地的账户数据库中存储有与所述第一账户对应的第一生物特征密文,其中,所述第一生物特征密文以所述各个全节点共同协商的第二加密密钥加密,从而,节点13在确定所述第二生物特征与所述第一生物特征是否一致之前,使用所述各个全节点共同协商的第二解密密钥对所述第一生物特征密文解密,以获取所述第一生物特征。In one embodiment, each full node stores a first biometric ciphertext corresponding to the first account in its local account database, wherein the first biometric ciphertext is represented by the respective The second encryption key negotiated by all nodes is encrypted, so that before determining whether the second biometric feature is consistent with the first biometric feature, the node 13 uses the second decryption key pair negotiated by all nodes The first biometric ciphertext is decrypted to obtain the first biometric.
在一个实施例中,所述第二交易的数据字段中包括第二生物特征密文,所述第二生物特征密文通过由所述第二用户的客户端以预先获取的所述各个全节点共同协商的第三加密密钥对所述第二生物特征进行加密而获取,从而,节点13在确定所述第二生物特征与所述第一生物特征是否一致之前,使用所述各个全节点共同协商的第三解密密钥对所述第一生物特征密文解密,以获取所述第一生物特征。In one embodiment, the data field of the second transaction includes a second biometric ciphertext, and the second biometric ciphertext passes through the respective full nodes pre-obtained by the client of the second user. The jointly negotiated third encryption key is obtained by encrypting the second biometric feature. Therefore, before determining whether the second biometric feature is consistent with the first biometric feature, the node 13 uses the common The negotiated third decryption key decrypts the first biometric ciphertext to obtain the first biometric.
图4示出根据本说明书实施例的在第一客户端、第二客户端和区块链平台之间实施图2和图3所示方法的交互示意图。如图4中所示,第一客户端(例如图1中的客户端14)在步骤S402获取第一用户的生物特征,并在步骤S404获取第一用户的信任用户列表,在步骤S406,第一客户端将包括生物特征和信任用户列表的第一交易发送给区块链平台,这里,所述区块链平台可以具体为区块链中的任一全节点。在步骤S408,区块链平台根据第一交易将第一用户的生物特征和信任用户列表添加到平台的账户状态树中,这里,该平台的账户状态树可以具体为各个全节点本地的账户状态树。第二客户端(例如图1中的客户端15)在步骤S410获取第一用户的生物特征,并在步骤S412获取新的公钥,以用于进行对第一用户的密钥重置,在步骤S414,第二客户端将包括生物特征和新公钥的第二交易发送给区块链平台,这里,同样地,所述区块链平台可以具体为区块链中的任一全节点。在步骤S416,区块链平台验证第二客户端对应的第二用户的账户标识是否在第一用户的信任用户列表中、以及第二交易中的生物特征与状态树中存入的第一用户的生物特征是否一致,这里的区块链平台可具体为区块链中任一全节点,在步骤S418,在验证通过的情况中,区块链平台重置第一用户的公钥,即使用第二交易中的新的公钥替换第一用户原有的公钥,这里的区块链平台可具体为区块链中各个全节点。Fig. 4 shows a schematic diagram of interaction between the first client, the second client and the blockchain platform for implementing the methods shown in Figs. 2 and 3 according to an embodiment of the present specification. As shown in FIG. 4 , the first client (eg client 14 in FIG. 1 ) obtains the biometric characteristics of the first user in step S402, and obtains the trusted user list of the first user in step S404, and in step S406, the first user A client sends the first transaction including the biometric feature and the list of trusted users to the blockchain platform, where the blockchain platform may be any full node in the blockchain. In step S408, the blockchain platform adds the biometric features of the first user and the list of trusted users to the account status tree of the platform according to the first transaction. Here, the account status tree of the platform may specifically be the local account status of each full node Tree. The second client (eg client 15 in FIG. 1 ) obtains the biometric features of the first user in step S410, and obtains a new public key in step S412 for re-keying the first user, in step S412 Step S414, the second client sends the second transaction including the biometric feature and the new public key to the blockchain platform, where, similarly, the blockchain platform may be any full node in the blockchain. In step S416, the blockchain platform verifies whether the account identifier of the second user corresponding to the second client is in the trusted user list of the first user, as well as the biometric features in the second transaction and the first user stored in the state tree Whether the biometric features of the first user are consistent, the blockchain platform here can be any full node in the blockchain. In step S418, in the case of passing the verification, the blockchain platform resets the public key of the first user, that is, uses The new public key in the second transaction replaces the original public key of the first user, and the blockchain platform here may specifically be each full node in the blockchain.
图5示出根据本说明书实施例的一种向区块链中存入用户生物特征的装置500,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述装置部署在与第一用户的第一账户对应的区块链客户端,包括:FIG. 5 shows an apparatus 500 for storing user biometric features into a blockchain according to an embodiment of the present specification, the blockchain is a consortium chain, and each full node in the blockchain is the blockchain The consensus node of the blockchain, the device is deployed on the blockchain client corresponding to the first account of the first user, including:
第一获取单元51,配置为,获取所述第一用户的生物特征;a first obtaining unit 51, configured to obtain the biological characteristics of the first user;
第二获取单元52,配置为,获取信任用户列表,所述信任用户列表中包括至少一个第二用户各自的账户标识,所述至少一个第二用户为预设的所述第一用户的信任用户;以及The second obtaining unit 52 is configured to obtain a trusted user list, where the trusted user list includes respective account identifiers of at least one second user, and the at least one second user is a preset trusted user of the first user ;as well as
发送单元53,配置为,向区块链中任一全节点发送用于设置生物特征的第一交易,以使得区块链中的各个全节点分别在其本地的账户数据库中设置与所述第一账户对应的生物特征和信任用户列表,其中,所述第一交易的数据字段中包括所述生物特征和所述信任用户列表。The sending unit 53 is configured to send the first transaction for setting the biometric feature to any full node in the blockchain, so that each full node in the blockchain respectively sets the first transaction with the first transaction in its local account database. A biometric feature and a list of trusted users corresponding to an account, wherein the data field of the first transaction includes the biometric feature and the list of trusted users.
在一个实施例中,所述第一获取单元51还配置为,从生物特征采集装置接收所述第一用户的生物特征。In one embodiment, the first obtaining unit 51 is further configured to receive the biometric feature of the first user from a biometric feature collecting device.
图6示出根据本说明书实施例的一种向区块链中存入用户生物特征的装置600,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述装置部署在区块链中作为全节点的第一节点,包括:FIG. 6 shows an apparatus 600 for storing user biometric features into a blockchain according to an embodiment of the present specification, the blockchain is a consortium chain, and each full node in the blockchain is the blockchain The consensus node of the blockchain, the device is deployed in the blockchain as the first node of the full node, including:
接收单元61,配置为,从区块链中接收由第一账户发出的用于设置生物特征的第一交易,其中,所述第一交易的数据字段中至少包括与第一账户对应的生物特征和信任用户列表;The receiving unit 61 is configured to receive, from the blockchain, a first transaction sent by a first account for setting biometrics, wherein the data field of the first transaction includes at least the biometrics corresponding to the first account and a list of trusted users;
添加单元62,配置为,在对所述第一交易的数字签名的验证通过之后,在本地的账户数据库中添加与所述第一账户对应的生物特征和信任用户列表;以及The adding unit 62 is configured to, after the verification of the digital signature of the first transaction is passed, add a biometric feature and a trusted user list corresponding to the first account in the local account database; and
打包单元63,配置为,将所述第一交易打包到区块中并发送给区块链中的至少一个全节点。The packaging unit 63 is configured to package the first transaction into a block and send it to at least one full node in the blockchain.
在一个实施例中,所述添加单元62还配置为,在本地的账户数据库中添加与所述第一账户对应的生物特征密文和信任用户列表,其中,所述生物特征密文通过由所述第一节点以所述各个全节点共同协商的第二加密密钥对所述生物特征进行加密而获取。In one embodiment, the adding unit 62 is further configured to add a biometric ciphertext corresponding to the first account and a list of trusted users in the local account database, wherein the biometric ciphertext is passed by the The first node encrypts the biometric feature with the second encryption key negotiated by all the full nodes to obtain the biometric feature.
在一个实施例中,所述账户数据库为具有MPT树结构的状态树,其中,所述添加单元62还配置为,在本地的所述状态树中的与第一账户对应的叶子节点的值中添加所述生物特征和信任用户列表,并相应地更新所述状态树中与所述叶子节点相关的已有节点的值。In one embodiment, the account database is a state tree with an MPT tree structure, wherein the adding unit 62 is further configured to: in the value of the leaf node corresponding to the first account in the local state tree The biometric and trusted user lists are added, and the values of existing nodes in the state tree associated with the leaf nodes are updated accordingly.
图7示出根据本说明书实施例的一种重置区块链账户密钥的装置700,其中,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述各个全节点分别在其本地账户数据库中存储有与第一用户的第一账户对应的第一生物特征和信任用户列表,其中,所述信任用户列表中包括第二用户的第二账户的账户标识,所述装置部署在与第二账户对应的区块链客户端,包括:7 shows an apparatus 700 for resetting a blockchain account key according to an embodiment of the present specification, wherein the blockchain is a consortium chain, and each full node in the blockchain is the blockchain A consensus node of the blockchain, each full node stores a first biometric feature corresponding to the first account of the first user and a list of trusted users in its local account database, wherein the list of trusted users includes a second list of trusted users. The account identifier of the user's second account, where the device is deployed on the blockchain client corresponding to the second account, including:
第一获取单元71,配置为,获取所述第一用户的第二生物特征;a first obtaining unit 71, configured to obtain the second biometric feature of the first user;
第二获取单元72,配置为,获取所述第一账户的第二公钥,所述第二公钥将用于替换所述第一账户已有的第一公钥;以及The second obtaining unit 72 is configured to obtain a second public key of the first account, and the second public key will be used to replace the existing first public key of the first account; and
发送单元73,配置为,向区块链中任一全节点发送用于重置第一账户公钥的第二交易,其中,所述第二交易的数据字段中包括所述第二生物特征和所述第二公钥,以使得区块链中的各个全节点以所述第二公钥替换其本地存储的所述第一账户的第一公钥。The sending unit 73 is configured to send a second transaction for resetting the public key of the first account to any full node in the blockchain, wherein the data field of the second transaction includes the second biometric feature and the second public key, so that each full node in the blockchain replaces the locally stored first public key of the first account with the second public key.
图8示出根据本说明书实施例的一种重置区块链账户密钥的装置800,所述区块链为联盟链,并且所述区块链中的各个全节点为所述区块链的共识节点,所述各个全节点分别在其本地账户数据库中存储有与第一用户的第一账户对应的第一生物特征和信任用户列表,其中,所述信任用户列表中包括第二用户的第二账户的账户标识,所述装置部署在区块链中作为全节点的第二节点,包括:FIG. 8 shows an apparatus 800 for resetting a blockchain account key according to an embodiment of the present specification, the blockchain is a consortium chain, and each full node in the blockchain is the blockchain Each full node stores a first biometric feature corresponding to the first account of the first user and a list of trusted users in its local account database, wherein the list of trusted users includes the second user's The account identifier of the second account, the device is deployed in the blockchain as the second node of the full node, including:
接收单元81,配置为,从区块链中接收由所述第二账户发出的用于重置第一账户公钥的第二交易,其中,所述第二交易的数据字段中包括与第一账户对应的第二生物特征和第二公钥,所述第二公钥将用于替换所述第一账户已有的第一公钥;The receiving unit 81 is configured to receive, from the blockchain, a second transaction sent by the second account for resetting the public key of the first account, wherein the data field of the second transaction includes a The second biometric feature and the second public key corresponding to the account, the second public key will be used to replace the existing first public key of the first account;
确定单元82,配置为,在对所述第二交易的数字签名的验证通过之后,确定所述第二账户的账户标识是否在所述信任用户列表中,并确定所述第二生物特征与所述第一生物特征是否一致;The determining unit 82 is configured to, after the verification of the digital signature of the second transaction is passed, determine whether the account identifier of the second account is in the trusted user list, and determine whether the second biometric feature is related to the Whether the first biological feature is consistent;
替换单元83,配置为,在确定所述第二账户的账户标识在所述信任用户列表中、且所述第二生物特征与所述第一生物特征一致的情况中,以所述第二公钥替换本地存储的所述第一账户的第一公钥;以及The replacement unit 83 is configured to, in the case where it is determined that the account identifier of the second account is in the trusted user list, and the second biometric feature is consistent with the first biometric feature, use the second common the key replaces the locally stored first public key of the first account; and
打包单元84,配置为,将所述第二交易打包到区块中并发送给区块链中的至少一个全节点。The packaging unit 84 is configured to package the second transaction into a block and send it to at least one full node in the blockchain.
在一个实施例中,所述各个全节点分别在其本地的账户数据库中存储有与所述第一账户对应的第一生物特征密文,其中,所述第一生物特征密文以所述各个全节点共同协商的第二加密密钥加密,所述装置还包括,第一解密单元85,配置为,在确定所述第二生物特征与所述第一生物特征是否一致之前,使用所述各个全节点共同协商的第二解密密钥对所述第一生物特征密文解密,以获取所述第一生物特征。In one embodiment, each full node stores a first biometric ciphertext corresponding to the first account in its local account database, wherein the first biometric ciphertext is represented by the respective Encryption with a second encryption key negotiated by all nodes, the apparatus further includes a first decryption unit 85, configured to use the respective The second decryption key negotiated by all nodes decrypts the first biometric ciphertext to obtain the first biometric.
在一个实施例中,所述第二交易的数据字段中包括第二生物特征密文,所述第二生物特征密文以所述各个全节点共同协商的第三加密密钥加密,所述装置还包括,第二解密单元86,配置为,在确定所述第二生物特征与所述第一生物特征是否一致之前,使用所述各个全节点共同协商的第三解密密钥对所述第一生物特征密文解密,以获取所述第一生物特征。In one embodiment, the data field of the second transaction includes a second biometric ciphertext, and the second biometric ciphertext is encrypted with a third encryption key negotiated by the respective full nodes, and the device It also includes a second decryption unit 86, configured to, before determining whether the second biometric feature is consistent with the first biometric feature, use the third decryption key negotiated by all the full nodes to decrypt the first biometric feature. The biometric ciphertext is decrypted to obtain the first biometric feature.
在一个实施例中,所述账户数据库中还存储有所述第一账户的公钥哈希值,所述装置还包括,更新单元87,配置为,在以所述第二公钥替换本地存储的所述第一账户的第一公钥之后,更新本地的账户数据库中的所述第一账户的公钥哈希值。In one embodiment, the account database further stores the public key hash value of the first account, and the apparatus further includes an update unit 87 configured to replace the locally stored value with the second public key After the first public key of the first account is stored, update the public key hash value of the first account in the local account database.
本说明书另一方面提供一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行上述任一项方法。Another aspect of the present specification provides a computer-readable storage medium on which a computer program is stored, when the computer program is executed in a computer, the computer is made to execute any one of the above methods.
本说明书另一方面提供一种计算设备,包括存储器和处理器,其特征在于,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现上述任一项方法。Another aspect of the present specification provides a computing device including a memory and a processor, wherein executable code is stored in the memory, and when the processor executes the executable code, any one of the foregoing methods is implemented.
在根据本说明书实施例的方案中,通过结合用户生物特征及相应的账户数据库中对账户内容的配置,实现了区块链中的重置账户密钥的功能,相比于现有技术中使用两个私钥用于密钥重置的方案,节省了密钥的管理成本,方便了用户的操作。In the solution according to the embodiment of this specification, the function of resetting the account key in the blockchain is realized by combining the user's biometric characteristics and the configuration of the account content in the corresponding account database, which is compared with the use in the prior art. The scheme that two private keys are used for key reset saves the cost of key management and facilitates user operations.
需要理解,本文中的“第一”,“第二”等描述,仅仅为了描述的简单而对相似概念进行区分,并不具有其他限定作用。It should be understood that the descriptions of "first", "second" and so on herein are only for the simplicity of description to distinguish similar concepts, and have no other limiting effect.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to the partial descriptions of the method embodiments.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the embodiments and still achieve desirable results. Additionally, the processes depicted in the figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
本领域普通技术人员应该还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执轨道,取决于技术方案的特定应用和设计约束条件。本领域普通技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art should further realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two, in order to clearly illustrate the hardware and software interchangeability, the components and steps of each example have been generally described in terms of functions in the above description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Persons of ordinary skill in the art may use different methods of implementing the described functionality for each particular application, but such implementations should not be considered beyond the scope of this application.
结合本文中所公开的实施例描述的方法或算法的步骤可以用硬件、处理器执轨道的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of a method or algorithm described in connection with the embodiments disclosed herein may be implemented in hardware, a software module executed by a processor, or a combination of the two. A software module can be placed in random access memory (RAM), internal memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other in the technical field. in any other known form of storage medium.
以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific embodiments described above further describe the objectives, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention, and are not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included within the protection scope of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910250773.8ACN110009352B (en) | 2019-03-29 | 2019-03-29 | Method and apparatus for resetting blockchain account key based on biometrics |
| CN202110334943.8ACN113077254B (en) | 2019-03-29 | 2019-03-29 | Method and device for resetting blockchain account key based on biometrics |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910250773.8ACN110009352B (en) | 2019-03-29 | 2019-03-29 | Method and apparatus for resetting blockchain account key based on biometrics |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110334943.8ADivisionCN113077254B (en) | 2019-03-29 | 2019-03-29 | Method and device for resetting blockchain account key based on biometrics |
| Publication Number | Publication Date |
|---|---|
| CN110009352Atrue CN110009352A (en) | 2019-07-12 |
| CN110009352B CN110009352B (en) | 2021-02-05 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910250773.8AActiveCN110009352B (en) | 2019-03-29 | 2019-03-29 | Method and apparatus for resetting blockchain account key based on biometrics |
| CN202110334943.8AActiveCN113077254B (en) | 2019-03-29 | 2019-03-29 | Method and device for resetting blockchain account key based on biometrics |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110334943.8AActiveCN113077254B (en) | 2019-03-29 | 2019-03-29 | Method and device for resetting blockchain account key based on biometrics |
| Country | Link |
|---|---|
| CN (2) | CN110009352B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111311260A (en)* | 2020-02-19 | 2020-06-19 | 深圳前海微众银行股份有限公司 | Method and device for resetting account private key |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170316497A1 (en)* | 2016-04-28 | 2017-11-02 | Coinplug, Inc. | Method for creating, registering, revoking authentication information and server using the same |
| CN107528688A (en)* | 2017-09-30 | 2017-12-29 | 矩阵元技术(深圳)有限公司 | A kind of keeping of block chain key and restoration methods, device based on encryption commission technology |
| CN107623569A (en)* | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| CN108235805A (en)* | 2017-12-29 | 2018-06-29 | 深圳前海达闼云端智能科技有限公司 | Account unifying method and device and storage medium |
| CN108418680A (en)* | 2017-09-05 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | A blockchain key recovery method and medium based on multi-party secure computing technology |
| CN108512661A (en)* | 2018-04-02 | 2018-09-07 | 成都零光量子科技有限公司 | A kind of safety protecting method of block chain private key for user |
| CN108876332A (en)* | 2018-06-04 | 2018-11-23 | 清华大学 | A kind of block chain method for secure transactions and device based on biological characteristic label certification |
| CN109005186A (en)* | 2018-08-20 | 2018-12-14 | 杭州复杂美科技有限公司 | A kind of method, system, equipment and the storage medium of user-isolated identity information |
| CN109409893A (en)* | 2018-08-20 | 2019-03-01 | 杭州复杂美科技有限公司 | A kind of belief system and its construction method, equipment and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150324789A1 (en)* | 2014-05-06 | 2015-11-12 | Case Wallet, Inc. | Cryptocurrency Virtual Wallet System and Method |
| EP3345360B1 (en)* | 2015-09-04 | 2021-03-03 | Nec Corporation | Method for storing an object on a plurality of storage nodes |
| US20190238550A1 (en)* | 2016-12-26 | 2019-08-01 | Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Permission control method, apparatus and system for block chain, and node device |
| US10671733B2 (en)* | 2017-05-19 | 2020-06-02 | International Business Machines Corporation | Policy enforcement via peer devices using a blockchain |
| US10601814B2 (en)* | 2017-07-26 | 2020-03-24 | Secret Double Octopus Ltd. | System and method for temporary password management |
| CN107833052B (en)* | 2017-10-27 | 2021-02-02 | 南京物联传感技术有限公司 | Block chain-based aggregated payment system and working method |
| CN108288158A (en)* | 2018-01-29 | 2018-07-17 | 张天 | A kind of storage method based on block chain technology, computer readable storage medium |
| KR101904208B1 (en)* | 2018-04-24 | 2018-10-04 | (주)에스씨씨 | Block chain based cryptocurrency and electronic wallet management system |
| CN110400136B (en)* | 2018-04-27 | 2021-05-14 | 腾讯科技(深圳)有限公司 | Account management method, device, server and storage medium based on block chain |
| CN108875411A (en)* | 2018-07-11 | 2018-11-23 | 成都理工大学 | The storage of Intelligent bracelet data and sharing method based on block chain |
| CN109194708B (en)* | 2018-07-24 | 2021-07-13 | 哈尔滨工程大学 | A distributed storage system based on blockchain technology and its identity authentication method |
| CN109493024B (en)* | 2018-09-29 | 2021-02-09 | 杭州复杂美科技有限公司 | Digital asset hosting method, apparatus, and storage medium |
| CN109523267A (en)* | 2018-10-30 | 2019-03-26 | 苏宁易购集团股份有限公司 | A kind of verification method, the apparatus and system of the transaction data based on block chain |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170316497A1 (en)* | 2016-04-28 | 2017-11-02 | Coinplug, Inc. | Method for creating, registering, revoking authentication information and server using the same |
| CN108418680A (en)* | 2017-09-05 | 2018-08-17 | 矩阵元技术(深圳)有限公司 | A blockchain key recovery method and medium based on multi-party secure computing technology |
| CN107528688A (en)* | 2017-09-30 | 2017-12-29 | 矩阵元技术(深圳)有限公司 | A kind of keeping of block chain key and restoration methods, device based on encryption commission technology |
| CN107623569A (en)* | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| CN108235805A (en)* | 2017-12-29 | 2018-06-29 | 深圳前海达闼云端智能科技有限公司 | Account unifying method and device and storage medium |
| CN108512661A (en)* | 2018-04-02 | 2018-09-07 | 成都零光量子科技有限公司 | A kind of safety protecting method of block chain private key for user |
| CN108876332A (en)* | 2018-06-04 | 2018-11-23 | 清华大学 | A kind of block chain method for secure transactions and device based on biological characteristic label certification |
| CN109005186A (en)* | 2018-08-20 | 2018-12-14 | 杭州复杂美科技有限公司 | A kind of method, system, equipment and the storage medium of user-isolated identity information |
| CN109409893A (en)* | 2018-08-20 | 2019-03-01 | 杭州复杂美科技有限公司 | A kind of belief system and its construction method, equipment and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111311260A (en)* | 2020-02-19 | 2020-06-19 | 深圳前海微众银行股份有限公司 | Method and device for resetting account private key |
| CN111311260B (en)* | 2020-02-19 | 2025-08-15 | 深圳前海微众银行股份有限公司 | Method and device for resetting account private key |
| Publication number | Publication date |
|---|---|
| CN110009352B (en) | 2021-02-05 |
| CN113077254B (en) | 2025-05-13 |
| CN113077254A (en) | 2021-07-06 |
| Publication | Publication Date | Title |
|---|---|---|
| US11196573B2 (en) | Secure de-centralized domain name system | |
| US20200084027A1 (en) | Systems and methods for encryption of data on a blockchain | |
| KR102025409B1 (en) | Data access management system based on blockchain and method thereof | |
| KR101989450B1 (en) | Method for keeping security of data in public distributed database based on blockchain, and server for managing blockchain using the same | |
| US20190311148A1 (en) | System and method for secure storage of electronic material | |
| US11741241B2 (en) | Private data processing | |
| KR101985179B1 (en) | Blockchain based id as a service | |
| KR102284396B1 (en) | Method for generating pki keys based on bioinformation on blockchain network and device for using them | |
| US8369521B2 (en) | Smart card based encryption key and password generation and management | |
| US9698974B2 (en) | Method for creating asymmetrical cryptographic key pairs | |
| WO2019199288A1 (en) | System and method for secure storage of electronic material | |
| JP2018503199A (en) | Account recovery protocol | |
| CA2551113A1 (en) | Authentication system for networked computer applications | |
| CN110995446B (en) | Evidence verification method, device, server and storage medium | |
| CN115065679B (en) | Electronic health record sharing model, method, system and medium based on blockchain | |
| CN115883214A (en) | Electronic medical data sharing system and method based on alliance chain and CP-ABE | |
| AU2018100503A4 (en) | Split data/split storage | |
| US20230224293A1 (en) | Medical device communication certificate management | |
| CN110597836A (en) | Information query request response method and device based on block chain network | |
| WO2024197879A1 (en) | Blockchain data processing method, platform, system and apparatus, and electronic device | |
| CN110188545B (en) | A kind of data encryption method and device based on chain database | |
| CN110009352A (en) | Method and apparatus for resetting blockchain account key based on biometrics | |
| CN111081338A (en) | Safe human health parameter collection method | |
| CN109088720A (en) | A kind of encryption file De-weight method and device based on mixing cloud storage | |
| CN115442136A (en) | Application system access method and device |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | Effective date of registration:20200925 Address after:Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after:Innovative advanced technology Co.,Ltd. Address before:Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant before:Advanced innovation technology Co.,Ltd. Effective date of registration:20200925 Address after:Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after:Advanced innovation technology Co.,Ltd. Address before:A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Applicant before:Alibaba Group Holding Ltd. | |
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | Effective date of registration:20240929 Address after:Guohao Times City # 20-01, 128 Meizhi Road, Singapore Patentee after:Ant Chain Technology Co.,Ltd. Country or region after:Singapore Address before:27 Hospital Road, George Town, Grand Cayman ky1-9008 Patentee before:Innovative advanced technology Co.,Ltd. Country or region before:Britain | |
| TR01 | Transfer of patent right |