Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a method and a system for processing transaction without background audit under an asymmetric certificate system. The invention establishes a double-layer asymmetric certificate system of the background system and the mobile terminal, and combines a data model without background audit. In the transaction process without background auditing, the transaction initiator terminal signs the transaction unique identifier by using a private key, exchanges a public key certificate with the terminal of the transaction opponent, and verifies the authenticity of the transaction unique identifier by using the public key certificate of the initiator terminal. Thereby verifying the authenticity of the transaction information in the transaction process without background audit.
In a first aspect of an embodiment of the present invention, a method for processing a transaction without background audit under an asymmetric certificate system is provided, where the method includes:
The method comprises the steps of obtaining a personal certificate issued by a background system, wherein the background system signs a personal public key corresponding to a terminal according to a second system private key SS2 to obtain the personal certificate of the terminal;
The method comprises the steps of notifying a background system when a first terminal initiates a transaction application, wherein the background system generates a transaction unique identifier according to the initiated transaction application, and signs the transaction unique identifier by utilizing a first system private key SS1 to obtain SS1 signed transaction unique identifier;
Acquiring SS1 signature transaction unique identifiers, and generating root node information according to the SS1 signature transaction unique identifiers and variable elements;
When a first terminal initiates a transaction to a second terminal, the first terminal and the second terminal exchange personal certificates of both sides, the personal certificates of the second terminal are verified by utilizing a second system public key PS2, if the verification is passed, variable elements input by a user are collected, transaction information of the transaction is obtained according to the variable elements, and the transaction information of the transaction is added to the character string of root node information, wherein the second terminal verifies the personal certificates of the first terminal by utilizing a second system public key PS2, and if the verification is passed, the personal public key PM1 of the first terminal is analyzed;
Signing the unique identification of the SS1 signed transaction and the transaction information of the transaction by using a personal private key SM1 of the first terminal to obtain SM1 signed information, and generating first transaction data according to the variable element and the SM1 signed information;
The second terminal uses the personal public key PM1 of the first terminal to verify the SM1 signature in the first transaction data, if the verification is passed, the first system public key PS1 is further used to verify the SS1 signature in the first transaction data, if the verification is passed, the transaction is completed, the first transaction data is recorded, the variable element is updated according to the transaction state, the first branch node information is obtained, and the transaction completion information is replied to the first terminal;
When the first terminal receives the transaction completion information, the variable element in the root node information is updated.
Further, the method comprises the steps of:
When a second terminal initiates a transaction to a third terminal based on first branch node information, the second terminal exchanges personal certificates of the second terminal and the third terminal, the personal certificates of the third terminal are verified by using a second system public key PS2, if the verification is passed, variable elements input by a user are collected, transaction information of the transaction is obtained according to the variable elements, and the transaction information of the transaction is attached to the character string of the first branch node information;
Signing the first branch node information with the variable element removed and the transaction information of the transaction by using a personal private key SM2 of the second terminal to obtain SM2 signature information, and generating second transaction data according to the variable element and the SM2 signature information;
The third terminal uses the personal public key PM2 of the second terminal to verify the SM2 signature in the second transaction data, if the verification is passed, the personal public key PM1 of the first terminal is used for next verification of the SM1 signature in the second transaction data, if the verification is passed, the first system public key PS1 is used for further verification of the SS1 signature in the first transaction data, if the verification is passed, the transaction is completed and the second transaction data is recorded, the variable element is updated according to the transaction state, the second branch node information is obtained, and the transaction completion information is replied to the second terminal;
and when the second terminal receives the transaction completion information, updating the variable element in the first branch node information.
Further, the background system is configured with at least two pairs of keys, including a first system private key SS1, a first system public key PS1, a second system private key SS2, and a second system public key PS2;
each terminal is configured with at least one pair of keys, including a personal private key and a personal public key.
Further, the variable element includes at least:
transaction initiator information, transaction opponent information, transaction time and transaction amount;
after the transaction is completed, the updated variable element also includes the transaction status.
Further, the transaction information at least includes:
Transaction initiator information, transaction adversary information, transaction time, transaction amount.
In a second aspect of the embodiments of the present invention, a system for processing a transaction without background audit under an asymmetric certificate system is provided, the system at least comprising a first terminal and a second terminal, wherein,
The method comprises the steps that a first terminal and a second terminal are respectively provided with a certificate receiving module for acquiring a personal certificate issued by a background system, wherein the background system signs a personal public key corresponding to the terminal according to a second system private key SS2 to acquire the personal certificate of the terminal;
The system comprises a first terminal, a notification module of the first terminal, a background system and a storage module, wherein the first terminal is used for notifying the background system when the first terminal initiates a transaction application, the background system generates a transaction unique identifier according to the initiated transaction application, and the transaction unique identifier is signed by using a first system private key SS1 to obtain SS1 signed transaction unique identifier;
The root node generation module of the first terminal is used for acquiring SS1 signature transaction unique identifiers and generating root node information according to the SS1 signature transaction unique identifiers and variable elements;
when a first terminal initiates a transaction to a second terminal, a certificate exchange module of the first terminal exchanges personal certificates of both sides with a certificate exchange module of the second terminal;
The certificate verification module of the first terminal is used for verifying the personal certificate of the second terminal by using the public key PS2 of the second system, if the verification is passed, collecting variable elements input by a user, obtaining transaction information of the transaction according to the variable elements, and attaching the transaction information of the transaction to the back of the character string of the root node information;
The certificate verification module of the second terminal is used for verifying the personal certificate of the first terminal by using the second system public key PS2, and if the verification is passed, the personal public key PM1 of the first terminal is analyzed;
The signature module of the first terminal is used for signing the unique identification of the signature transaction of SS1 and the transaction information of the transaction by using the personal private key SM1 of the first terminal to obtain SM1 signature information, and generating first transaction data according to the variable element and the SM1 signature information;
the data transmission module of the first terminal is used for transmitting the first transaction data to the second terminal;
The transaction processing module of the second terminal is used for verifying the SM1 signature in the first transaction data by using the personal public key PM1 of the first terminal, if the verification is passed, further verifying the SS1 signature in the first transaction data by using the first system public key PS1, if the verification is passed, completing the transaction and recording the first transaction data, updating the variable element according to the transaction state to obtain first branch node information, and replying transaction completion information to the first terminal;
And the updating module of the first terminal is used for updating the variable elements in the root node information when the first terminal receives the transaction completion information.
Further, the system also comprises a third terminal, wherein,
When the second terminal initiates a transaction to the third terminal based on the first branch node information, the certificate exchange module of the second terminal exchanges personal certificates of both sides with the certificate exchange module of the third terminal;
the certificate verification module of the second terminal is used for verifying the personal certificate of the third terminal by using the second system public key PS2, if the verification is passed, collecting the variable elements input by the user, obtaining the transaction information of the transaction according to the variable elements, and attaching the transaction information of the transaction to the back of the character string of the first branch node information;
The third terminal's certificate verification module is used for verifying the second terminal's personal certificate by using the second system public key PS2, if the verification is passed, the second terminal's personal public key PM2 is resolved;
The signature module of the second terminal is used for signing the first branch node information with the variable element removed and the transaction information of the transaction by using the personal private key SM2 of the second terminal to obtain SM2 signature information, and generating second transaction data according to the variable element and the SM2 signature information;
The data sending module of the second terminal is used for sending the second transaction data and the personal public key PM1 of the first terminal to the third terminal;
the transaction processing module of the third terminal is used for verifying the SM2 signature in the second transaction data by using the personal public key PM2 of the second terminal, if the verification is passed, the personal public key PM1 of the first terminal is used for verifying the SM1 signature in the second transaction data, if the verification is passed, the first system public key PS1 is further used for verifying the SS1 signature in the first transaction data, if the verification is passed, the transaction is completed, the second transaction data is recorded, the variable element is updated according to the transaction state, the second branch node information is obtained, and the transaction completion information is replied to the second terminal;
And the updating module of the second terminal is used for updating the variable elements in the first branch node information when the second terminal receives the transaction completion information.
Further, the background system is configured with at least two pairs of keys, including a first system private key SS1, a first system public key PS1, a second system private key SS2, and a second system public key PS2;
each terminal is configured with at least one pair of keys, including a personal private key and a personal public key.
Further, the variable element includes at least:
transaction initiator information, transaction opponent information, transaction time and transaction amount;
after the transaction is completed, the updated variable element also includes the transaction status.
Further, the transaction information at least includes:
Transaction initiator information, transaction adversary information, transaction time, transaction amount.
In a third aspect of the embodiments of the present invention, a computer device is provided, including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing a background-free audit transaction processing method under an asymmetric certificate system when executing the computer program.
In a fourth aspect of the embodiments of the present invention, a computer readable storage medium is provided, the computer readable storage medium storing a computer program which, when executed by a processor, implements a background-free audit transaction processing method under an asymmetric certificate hierarchy.
In a fifth aspect of embodiments of the present invention, a computer program product is presented, the computer program product comprising a computer program which, when executed by a processor, implements a background-free audit transaction processing method under an asymmetric certificate hierarchy.
The method and the system for processing the transaction without background audit under the asymmetric certificate system respectively sign the unique transaction identifier and the public key of the terminal by utilizing two pairs of private keys of the background system, and issue the system public key and the terminal personal certificate to each terminal, so that the terminals can exchange personal certificates under the condition of no background audit, the other side personal certificates can be verified by utilizing the second system public key to obtain the other side personal public key, the unique transaction identifier of the transaction data is verified by utilizing the first system public key, the transaction initiator signs the transaction information by utilizing the personal private key, the transaction information is verified by the transaction opponent based on the personal public key of the transaction initiator, the authenticity of the transaction information in the transaction process under the condition of no background audit is ensured, multiple transactions can be realized, and the security of the transaction is improved.
Detailed Description
The principles and spirit of the present invention will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are presented merely to enable those skilled in the art to better understand and practice the invention and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Those skilled in the art will appreciate that embodiments of the invention may be implemented as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of entirely hardware, entirely software (including firmware, resident software, micro-code, etc.) or in a combination of hardware and software.
According to the embodiment of the invention, a background-free auditing transaction processing method and a background-free auditing transaction processing system under an asymmetric certificate system are provided, and relate to the technical field of information security.
In this embodiment, terms to be described are:
anchor identification, the invention takes Anchor as the unique identification of transaction, is generated by a background system, has uniqueness, is expandable and valuable, can be transmitted between devices, can identify authentication, and can trace transaction identification information.
Transaction without background auditing state, namely transaction data comprising Anchor is transferred between the two transaction parties through the equipment without depending on a background system, and the transaction can be completed without the background auditing state.
And after the transaction opponent receives the transaction data containing the Anchor in the state without background audit, the transaction opponent can continue to conduct the transaction by using the transaction data containing the Anchor received before without connecting a background system.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments thereof.
FIG. 1 is a flow chart of a method for processing a transaction without background audit under an asymmetric certificate system according to an embodiment of the present invention. As shown in fig. 1, the method includes:
S101, acquiring a personal certificate issued by a background system;
The background system signs a personal public key corresponding to the terminal according to a second system private key SS2 to obtain a personal certificate of the terminal;
s102, notifying a background system when a first terminal initiates a transaction application;
The background system generates a transaction unique identifier according to the initiated transaction application, and signs the transaction unique identifier by using a first system private key SS1 to obtain SS1 signed transaction unique identifier;
S103, acquiring a unique signature transaction identifier of SS1, and generating root node information according to the unique signature transaction identifier of SS1 and the variable element;
S104, when the first terminal initiates a transaction to the second terminal, the first terminal exchanges personal certificates of both sides with the second terminal, the personal certificates of the second terminal are verified by utilizing a second system public key PS2, if the verification is passed, variable elements input by a user are collected, transaction information of the transaction is obtained according to the variable elements, and the transaction information of the transaction is attached to the character string of the root node information;
the second terminal verifies the personal certificate of the first terminal by using the second system public key PS2, and if the verification is passed, the personal public key PM1 of the first terminal is analyzed;
S105, signing the unique identification of the signature transaction of SS1 and the transaction information of the transaction by using a personal private key SM1 of the first terminal to obtain SM1 signature information, and generating first transaction data according to the variable element and the SM1 signature information;
s106, the first transaction data is sent to the second terminal;
The second terminal uses the personal public key PM1 of the first terminal to verify the SM1 signature in the first transaction data, if the verification is passed, the first system public key PS1 is further used to verify the SS1 signature in the first transaction data, if the verification is passed, the transaction is completed, the first transaction data is recorded, the variable element is updated according to the transaction state, the first branch node information is obtained, and the transaction completion information is replied to the first terminal;
S107, when the first terminal receives the transaction completion information, the variable elements in the root node information are updated.
Further, in the no-background audit state, the second terminal may continue to perform transactions based on the first branch node, so as to implement multiple transactions in the no-background audit state, and the specific method is shown in fig. 2, where the method includes:
s201, when a second terminal initiates a transaction to a third terminal based on first branch node information, the second terminal exchanges personal certificates of both sides with the third terminal, the personal certificate of the third terminal is verified by utilizing a second system public key PS2, if the verification is passed, a variable element input by a user is collected, transaction information of the transaction is obtained according to the variable element, and the transaction information of the transaction is attached to the character string of the first branch node information;
The third terminal verifies the personal certificate of the second terminal by using the second system public key PS2, and if the verification is passed, the personal public key PM2 of the second terminal is analyzed;
In S101, each terminal obtains its own personal certificate, that is, the personal certificate of the third terminal is already obtained in S101.
S202, signing the first branch node information with the variable element removed and the transaction information of the transaction by using a personal private key SM2 of the second terminal to obtain SM2 signature information, and generating second transaction data according to the variable element and the SM2 signature information;
S203, the second transaction data and the personal public key PM1 of the first terminal are sent to the third terminal;
The third terminal uses the personal public key PM2 of the second terminal to verify the SM2 signature in the second transaction data, if the verification is passed, the personal public key PM1 of the first terminal is used for next verification of the SM1 signature in the second transaction data, if the verification is passed, the first system public key PS1 is further used for verification of the SS1 signature in the first transaction data, if the verification is passed, the transaction is completed, the second transaction data is recorded, the variable element is updated according to the transaction state, the second branch node information is obtained, and the transaction completion information is replied to the second terminal;
S204, when the second terminal receives the transaction completion information, the variable elements in the first branch node information are updated.
In this embodiment, the background system is configured with at least two pairs of keys, including a first system private key SS1, a first system public key PS1, a second system private key SS2, and a second system public key PS2;
each terminal is configured with at least one pair of keys, including a personal private key and a personal public key.
In this embodiment, the variable element includes at least transaction initiator information, transaction opponent information, transaction time, transaction amount;
after the transaction is completed, the updated variable element also includes the transaction status.
In a practical application scenario, the variable element may be modified.
Correspondingly, the transaction information at least comprises transaction initiator information, transaction opponent information, transaction time and transaction amount.
In the root node information, the unique transaction identifier cannot be modified;
In the first transaction data and the first branch node information, a transaction unique identifier and transaction information (current transaction) cannot be modified;
In the second transaction data and the second branch node information, the transaction unique identifier and the transaction information (historical transaction or current transaction) cannot be modified.
In order to more clearly explain the transaction data processing method in the background-free audit state, a specific embodiment is described below.
Taking the user A, B, C as an example, the corresponding terminals are terminals M1, M2, and M3.
The personal private key of the terminal M1 is SM1, and the personal public key is PM1;
The personal private key of the terminal M2 is SM2, and the personal public key is PM2;
the personal private key of the terminal M3 is SM3, and the personal public key is PM3;
The background system is provided with two pairs of keys, a first system private key SS1, a first system public key PS1, a second system private key SS2 and a second system public key PS2, wherein,
The first system private key SS1 is used for signing the unique identification of the transaction, and the first system public key PS1 is issued to each terminal;
The second system private key SS2 is used to sign the personal public key (PM1、PM2、PM3) of the terminal, generate a personal certificate (CM1、CM2、CM3), and issue the second system public key PS2 and the personal certificate to the respective terminals M1, M2, and M3.
When a user A initiates a transaction application at a terminal M1, notifying a background system;
The background system generates a transaction unique identifier, signs the transaction unique identifier by using a first system private key SS1 to obtain a Sign (SS1), and adds the Sign to the back of the character string to obtain an original Anchor, wherein the original Anchor is shown in a table 1 and has a structure of the original Anchor, the original Anchor is issued to a terminal M1, and after the terminal M1 receives the original Anchor, a variable element Factor is added to the original Anchor to form a root node Anchor-A0, and the original Anchor is shown in a table 2 and has a structure of the root node Anchor-A0.
TABLE 1 original Anchor structure
TABLE 2 root node Anchor-A0 structure
Under the condition of no background audit, a user A initiates a transaction request to a user B, terminals M1 and M2 of both transaction parties exchange certificates CM1、CM2, a second system public key PS2 is used for verifying the authenticity of the certificate of the other party, and the public key PM1、PM2 of the other party is analyzed;
The user A inputs a variable element Factor1 (such as transaction party information, transaction opponent information, transaction time, transaction amount and the like), a terminal M1 of a transaction initiator adds transaction information TranInfoA1 of the transaction at this time behind a character string of a root node Anchor-A0 according to the variable element, signs the original Anchor and the transaction information by using a personal private key SM1 of the terminal (SM1) to obtain transaction data Anchor-A1 with the signature Sign (SM1) (shown in a table 3) and sends the transaction data Anchor-A1 to a transaction opponent (terminal M2);
TABLE 3 transaction data Anchor-A1 structure
After receiving the transaction data Anchor-A1, the terminal M2 of the transaction opponent uses the personal public key PM1 of the transaction initiator (terminal M1) to verify the signature Sign of the initiator (SM1), and confirms that the transaction data Anchor-A1 is sent by the transaction initiator, and authenticates the authenticity of the transaction information;
After the verification is passed, the system signature Sign on the root node is verified by using the first system public key PS1 (SS1), and the original Anchor is confirmed to be sent by the background system, and the authenticity of the original Anchor is authenticated;
After two layers of authentication, the authenticity of the transaction data Anchor-A1 can be authenticated, the transaction is completed, the transaction data is recorded, the variable Factor2 is updated according to the transaction state, the branch node Anchor-B0 is obtained, and transaction completion information is replied to the terminal M1, wherein the structure of the Anchor-B0 is shown in the table 4.
TABLE 4 branch node Anchor-B0 Structure
When the transaction opponent terminal M2 continues to use the branch node Anchor-B0 to conduct the transaction in the background-free auditing state, the transaction opponent terminal M3 exchanges certificate authentication identities with the next transaction opponent terminal M3.
The terminal M2 may verify the personal certificate CM3 of the terminal M3 according to the second system public key PS2;
The terminal M3 may verify the personal certificate CM2 of the terminal M2 according to the second system public key PS2, and if the verification is passed, parse out the personal public key PM2 of the terminal M2.
The user B inputs a variable element Factor3 (such as transaction party information, transaction opponent information, transaction time, transaction amount and the like), a terminal M2 of a transaction initiator adds transaction information of the transaction at this time (TranInfoB 1) behind a character string of a branch node Anchor-B0 according to the variable element, signs by using a personal private key SM2 to obtain transaction data Anchor-B1 with a signature Sign (SM2) and transmits the transaction data Anchor-B1 to a transaction opponent (terminal M3), and meanwhile, a personal public key PM1 of the terminal M1 is required to be transmitted in order to ensure that the terminal M3 can verify the signature, wherein the structure of the Anchor-B1 is shown in a table 5.
TABLE 5 transaction data Anchor-B1 structure
The terminal M3 is used as a transaction opponent to carry out transaction verification, the personal public key PM2 of the terminal M2 is used for verifying the signature Sign (SM2) and confirming that transaction data Anchor-B1 is sent by a transaction initiator;
Then, the signature Sign is verified by using the personal public key PM1 of the terminal M1 (SM1), after verification, the signature Sign is verified by the first system public key PS1 (SS1), the original Anchor is confirmed to be sent by a background system, and the authenticity of the original Anchor is authenticated;
After multiple authentications, the authenticity of the transaction data Anchor-B1 can be authenticated, the transaction is completed, the transaction data is recorded, the variable Factor4 is updated according to the transaction state, the branch node Anchor-C0 is obtained, and transaction completion information is replied to the terminal M2, wherein the structure of the Anchor-C0 is shown in Table 6.
Table 6 branch node Anchor-C0 has the following structure:
Based on the asymmetric encryption mode and the transaction processing flow in the background-free auditing state, the dynamic data authentication problem in the transaction in the background-free auditing state can be solved, and the transaction processing safety is ensured.
It should be noted that although the operations of the method of the present invention are described in a particular order in the above embodiments and the accompanying drawings, this does not require or imply that the operations must be performed in the particular order or that all of the illustrated operations be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
Having described the method of an exemplary embodiment of the present invention, a description is next made with reference to fig. 3 through 4 of a background-free audit transaction processing system under an asymmetric certificate hierarchy of an exemplary embodiment of the present invention.
The implementation of the transaction processing system without background audit under the asymmetric certificate system can be referred to the implementation of the method, and the repetition is not repeated. The term "module" or "unit" as used below may be a combination of software and/or hardware that implements the intended function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Based on the same inventive concept, the invention also provides a transaction processing system without background audit under an asymmetric certificate system, as shown in fig. 3, which comprises a first terminal 100 and a second terminal 200, wherein,
The first terminal 100 and the second terminal 200 are respectively provided with a certificate receiving module 110 and a certificate receiving module 210, which are used for obtaining a personal certificate issued by a background system, wherein the background system signs a personal public key corresponding to the terminal according to a second system private key SS2 to obtain the personal certificate of the terminal;
The notification module 120 of the first terminal is configured to notify the background system when the first terminal initiates a transaction application, wherein the background system generates a transaction unique identifier according to the initiated transaction application, signs the transaction unique identifier by using the first system private key SS1, and obtains SS1 signed transaction unique identifier;
The root node generating module 130 of the first terminal is configured to obtain SS1 a signature transaction unique identifier, and generate root node information according to the SS1 signature transaction unique identifier and the variable element;
When the first terminal 100 initiates a transaction to the second terminal 200, the certificate exchange module 140 of the first terminal exchanges personal certificates of both parties with the certificate exchange module 240 of the second terminal;
the certificate verification module 150 of the first terminal is configured to verify the personal certificate of the second terminal by using the second system public key PS2, and if the verification is passed, collect a variable element input by a user, obtain transaction information of the present transaction according to the variable element, and attach the transaction information of the present transaction to the rear of the character string of the root node information;
the certificate verification module 250 of the second terminal is configured to verify the personal certificate of the first terminal by using the second system public key PS2, and if the verification is passed, analyze the personal public key PM1 of the first terminal;
The signature module 160 of the first terminal is configured to sign the unique identifier of the signature transaction of SS1 and the transaction information of the transaction by using the personal private key SM1 of the first terminal, obtain SM1 signature information, and generate first transaction data according to the variable element and the SM1 signature information;
A data transmitting module 170 of the first terminal, configured to transmit the first transaction data to the second terminal;
The transaction processing module 280 of the second terminal is configured to verify the SM1 signature in the first transaction data using the personal public key PM1 of the first terminal, further verify the SS1 signature in the first transaction data using the first system public key PS1 if the verification is passed, complete the present transaction and record the first transaction data if the verification is passed, update the variable element according to the transaction state, obtain the first branch node information, and reply the transaction completion information to the first terminal;
And the updating module 190 of the first terminal is configured to update the variable element in the root node information when the first terminal receives the transaction completion information.
The invention can realize that the terminal needs to mutually authenticate the identity through the certificate in the transaction process without background audit, and then uses the certificate of the opposite party to verify the authenticity of the transaction without background audit.
Based on the invention, multiple transactions without background audit can be realized, and in particular, referring to fig. 4, a schematic diagram of a transaction processing system without background audit under an asymmetric certificate system according to another embodiment of the invention is shown. As shown in fig. 4, the system further comprises a third terminal 300, wherein,
When the second terminal 200 initiates a transaction to the third terminal 300 based on the first branch node information, the certificate exchange module 240 of the second terminal exchanges personal certificates of both sides with the certificate exchange module 340 of the third terminal;
the certificate verification module 250 of the second terminal is configured to verify the personal certificate of the third terminal by using the second system public key PS2, and if the verification is passed, collect a variable element input by the user, obtain transaction information of the present transaction according to the variable element, and attach the transaction information of the present transaction to the back of the character string of the first branch node information;
The third terminal's certificate verification module 350 is configured to verify the second terminal's personal certificate by using the second system public key PS2, and if the verification is passed, parse out the second terminal's personal public key PM2;
it should be noted that, each terminal may include a certificate receiving module, that is, the certificate receiving module 310 of the third terminal is configured to obtain the personal certificate issued by the background system.
The signature module 260 of the second terminal is configured to sign the first branch node information excluding the variable element and the transaction information of the present transaction by using the personal private key SM2 of the second terminal, to obtain SM2 signature information, and generate second transaction data according to the variable element and the SM2 signature information;
A data sending module 270 of the second terminal, configured to send the second transaction data and the personal public key PM1 of the first terminal to the third terminal;
The transaction processing module 380 of the third terminal is configured to verify the signature SM2 in the second transaction data using the personal public key PM2 of the second terminal, if the verification is passed, verify the signature SM1 in the second transaction data using the personal public key PM1 of the first terminal, if the verification is passed, further verify the signature SS1 in the first transaction data using the first system public key PS1, if the verification is passed, complete the present transaction and record the second transaction data, update the variable element according to the transaction status, obtain the second branch node information, and reply the transaction completion information to the second terminal;
and the updating module 290 of the second terminal is configured to update the variable element in the first branch node information when the second terminal receives the transaction completion information.
In this embodiment, the background system is configured with at least two pairs of keys, including a first system private key SS1, a first system public key PS1, a second system private key SS2, and a second system public key PS2;
each terminal is configured with at least one pair of keys, including a personal private key and a personal public key.
In this embodiment, the variable element includes at least:
transaction initiator information, transaction opponent information, transaction time and transaction amount;
after the transaction is completed, the updated variable element also includes the transaction status.
Correspondingly, the transaction information at least comprises:
Transaction initiator information, transaction adversary information, transaction time, transaction amount.
In this embodiment, referring to fig. 3 and fig. 4 again, each terminal includes a certificate receiving module, a notification module, a root node generating module, a certificate verifying module, a signature module, a data transmitting module, a transaction processing module, and an updating module, where a dashed box indicates that the module does not work in the processing procedure of the above embodiment. In an actual application scene, each terminal can be used as an initiator of a first transaction application, inform a background system, acquire a unique transaction identifier with a first system private key SS1 signature, generate a root node so as to conduct transactions with other terminals, and the other terminals can also utilize branch nodes to conduct transactions again so as to realize multiple transactions without background audit.
It should be noted that while several modules of a background-free audit transaction processing system under an asymmetric certificate hierarchy are mentioned in the foregoing detailed description, such a division is merely exemplary and not mandatory. Indeed, the features and functions of two or more modules described above may be embodied in one module in accordance with embodiments of the present invention. Conversely, the features and functions of one module described above may be further divided into a plurality of modules to be embodied.
Based on the foregoing inventive concept, as shown in fig. 5, the present invention further proposes a computer device 500, including a memory 510, a processor 520, and a computer program 530 stored in the memory 510 and executable on the processor 520, where the processor 520 implements the aforementioned method for processing a transaction without background audit under an asymmetric certificate system when executing the computer program 530.
Based on the foregoing inventive concept, the present invention proposes a computer readable storage medium storing a computer program which, when executed by a processor, implements the aforementioned background-free audit transaction processing method under an asymmetric certificate system.
Based on the foregoing inventive concept, the present invention proposes a computer program product comprising a computer program which, when executed by a processor, implements a background-free audit transaction processing method under an asymmetric certificate system.
The method and the system for processing the transaction without background audit under the asymmetric certificate system respectively sign the unique transaction identifier and the public key of the terminal by utilizing two pairs of private keys of the background system, and issue the system public key and the terminal personal certificate to each terminal, so that the terminals can exchange personal certificates under the condition of no background audit, the other side personal certificates can be verified by utilizing the second system public key to obtain the other side personal public key, the unique transaction identifier of the transaction data is verified by utilizing the first system public key, the transaction initiator signs the transaction information by utilizing the personal private key, the transaction information is verified by the transaction opponent based on the personal public key of the transaction initiator, the authenticity of the transaction information in the transaction process under the condition of no background audit is ensured, multiple transactions can be realized, and the security of the transaction is improved.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that the foregoing embodiments are merely illustrative embodiments of the present invention, and not restrictive, and the scope of the invention is not limited to the embodiments, and although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that any modification, variation or substitution of some of the technical features of the embodiments described in the foregoing embodiments may be easily contemplated within the scope of the present invention, and the spirit and scope of the technical solutions of the embodiments do not depart from the spirit and scope of the embodiments of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.