CN111815321A - Transaction proposal processing method, device, system, storage medium and electronic device - Google Patents

Abstract

The present application relates to a method, device, system, storage medium and electronic device for processing a transaction proposal, wherein the method includes: acquiring target transaction information of a client; signing the target transaction information using the client private key of the client to obtain the first 1. Signature information; send the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, wherein the initial transaction proposal is used to instruct the blockchain node to obtain the target transaction information, the first signature information and The target transaction proposal of the second signature information. The second signature information is obtained by the blockchain node signing the target transaction information. The present application solves the technical problem of low security in the verification process of transaction proposals in the related art.

Description

Transaction proposal processing method, device, system, storage medium and electronic device

technical field

The present application relates to the field of computers, and in particular, to a method, device, system, storage medium and electronic device for processing a transaction proposal.

Background technique

With the continuous development of blockchain technology in the financial field, especially on the BaaS (Blockchain as a Service) platform, how to ensure the authenticity and traceability of transaction data has become a challenge faced by the BaaS platform. important question.

In related technologies, the BaaS-based blockchain transaction verification scheme is mainly: when a user initiates a transaction call request through the BaaS platform, the SDK uses the organization's private key to sign the transaction information once, and initiates a transaction proposal to the blockchain network. ), the transaction proposal sends the contract flag, parameter information and signature information of the transaction call to the Endorser node; after the Endorser node receives the transaction proposal, it verifies the signature and determines whether the submitter has the right to operate.

In the blockchain transaction verification based on the BaaS platform of the current alliance chain, it has gone through the process of blockchain node endorsement, transaction sorting, signature, and verification. At present, the organizational identity certificate, private key, etc. in the blockchain network The information is hosted in the node server. When BaaS users initiate transaction requests, there are the following problems: First, once the organization's identity certificate and private key are stolen or leaked, criminals can easily forge transactions or steal digital currency. In addition, there are situations where multiple transactions correspond to the same identity certificate, private key, etc., and it is difficult to accurately track the user information of the initiator of the transaction. Therefore, the blockchain transaction verification of existing BaaS has certain risks.

For the above problems, no effective solution has been proposed yet.

SUMMARY OF THE INVENTION

The present application provides a transaction proposal processing method, device, system, storage medium and electronic device, so as to at least solve the technical problem of low security in the verification process of the transaction proposal in the related art.

According to an aspect of the embodiments of the present application, a method for processing a transaction proposal is provided, including:

Get the target transaction information of the client;

Using the client private key of the client to sign the target transaction information to obtain first signature information;

Send the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, wherein the initial transaction proposal is used to instruct the blockchain node to obtain the target transaction information carrying the target transaction information. , the target transaction proposal of the first signature information and the second signature information, where the second signature information is obtained by signing the target transaction information by the blockchain node.

According to another aspect of the embodiments of the present application, another method for processing a transaction proposal is provided, including:

Obtain the target transaction proposal carrying the target transaction information, the first signature information and the second signature information, wherein the target transaction information is initiated by the client, and the first signature information is obtained using the client's client private The second signature information is obtained by signing the target transaction information by the blockchain node;

performing signature verification on the first signature information and the second signature information;

In the case that both the first signature information and the second signature information are verified and passed, the target transaction proposal is endorsed.

According to another aspect of the embodiments of the present application, there is also provided a transaction proposal processing system, including: a client, a blockchain node and an endorsement node, wherein,

The client is used for initiating target transaction information, and uses the client private key of the client to sign the target transaction information to obtain first signature information, which will carry the target transaction information and the first signature An initial transaction proposal for information is sent to the blockchain node;

The blockchain node is used to sign the target transaction information using the organization's private key to obtain the second signature information, and will carry the target transaction information, the first signature information and the second signature information. The target transaction proposal is sent to the endorsement node, wherein the organization private key is the private key of the target blockchain organization where the blockchain node is located;

The endorsement node is used to obtain the target transaction proposal, and perform signature verification on the first signature information and the second signature information. If both the first signature information and the second signature information are successfully verified, In this case, endorse the target transaction proposal.

According to another aspect of the embodiments of the present application, a device for processing a transaction proposal is also provided, including:

The first acquisition module is used to acquire the target transaction information of the client;

a first signature module, configured to use the client private key of the client to sign the target transaction information to obtain first signature information;

a first sending module, configured to send an initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, wherein the initial transaction proposal is used to instruct the blockchain node to obtain A target transaction proposal carrying the target transaction information, the first signature information and the second signature information, where the second signature information is obtained by the blockchain node signing the target transaction information.

According to another aspect of the embodiments of the present application, another apparatus for processing a transaction proposal is also provided, including:

The third obtaining module is configured to obtain the target transaction proposal carrying the target transaction information, the first signature information and the second signature information, wherein the target transaction information is initiated by the client, and the first signature information is obtained by using The client private key of the client is obtained by signing the target transaction information, and the second signature information is obtained by signing the target transaction information by the blockchain node;

a verification module, configured to perform signature verification on the first signature information and the second signature information;

A processing module, configured to perform endorsement processing on the target transaction proposal when both the first signature information and the second signature information are verified.

According to another aspect of the embodiments of the present application, a storage medium is also provided, where the storage medium includes a stored program, and the above method is executed when the program runs.

According to another aspect of the embodiments of the present application, an electronic device is also provided, including a memory, a processor, and a computer program stored in the memory and running on the processor, where the processor executes the above method through the computer program.

In the embodiment of the present application, the target transaction information of the client is obtained; the target transaction information is signed by the client private key of the client to obtain the first signature information; the initial transaction proposal carrying the target transaction information and the first signature information is used. Sent to the blockchain node, where the initial transaction proposal is used to instruct the blockchain node to obtain the target transaction proposal carrying the target transaction information, the first signature information and the second signature information, and the second signature information is paired by the blockchain node. In the method of signing the target transaction information, the client has its own public and private key pair, the verification certificate issued to the client can be managed by BaaS, and the client private key is kept by the client itself, and the client initiates When requesting a transaction, first sign and encrypt the transaction information with its own private key. When the transaction information is sent to the blockchain network, the blockchain node performs the second signature and encryption on the transaction information, then when subsequent transactions When the proposal is sent to the endorsement node, the endorsement node needs to verify the two signatures. After both signature verifications are passed, the transaction data can be uploaded to the chain, which solves forged transactions and theft of digital assets caused by the disclosure of identity certificates and private keys. Therefore, the technical effect of improving the security of the verification process of the transaction proposal is realized, and the technical problem of the low security of the verification process of the transaction proposal in the related art is solved.

Description of drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description serve to explain the principles of the invention.

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. In other words, on the premise of no creative labor, other drawings can also be obtained from these drawings.

FIG. 1 is a schematic diagram of a hardware environment of a transaction proposal processing system according to an embodiment of the present application;

FIG. 2 is a flowchart of an optional transaction proposal processing method according to an embodiment of the present application;

3 is a flowchart of another optional transaction proposal processing method according to an embodiment of the present application;

4 is a schematic diagram of a secondary verification method for a blockchain transaction according to an optional embodiment of the present application;

5 is a schematic diagram of an optional transaction proposal processing apparatus according to an embodiment of the present application;

6 is a schematic diagram of an optional transaction proposal processing apparatus according to an embodiment of the present application;

FIG. 7 is a structural block diagram of a terminal according to an embodiment of the present application.

Detailed ways

In order to make those skilled in the art better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only The embodiments are part of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the scope of protection of the present application.

It should be noted that the terms "first", "second", etc. in the description and claims of the present application and the above drawings are used to distinguish similar objects, and are not necessarily used to describe a specific sequence or sequence. It is to be understood that data so used may be interchanged under appropriate circumstances so that the embodiments of the application described herein can be practiced in sequences other than those illustrated or described herein. Furthermore, the terms "comprising" and "having" and any variations thereof, are intended to cover non-exclusive inclusion, for example, a process, method, system, product or device comprising a series of steps or units is not necessarily limited to those expressly listed Rather, those steps or units may include other steps or units not expressly listed or inherent to these processes, methods, products or devices.

With the update of information technology, blockchain, as an emerging storage technology, has gradually become a popular development. The blockchain system is a data network system that uses cryptography to ensure the security of data transmission and access, and generates a distributed ledger that cannot be tampered with and cannot be forged. . One of the most important features of blockchain is that it can ensure secure transactions. In the absence of centralized processing by a centralized organization, in order to achieve data consistency, it is necessary for the network center to participate in the management of all people, and to reach a consensus in some way. .

BaaS (Blockchain as a Service) is a service that combines blockchain technology to help users create, manage and maintain enterprise-level blockchain networks and applications. The main purpose of BaaS is to quickly establish the required blockchain application environment and provide a series of operational services such as search query, transaction, operation and maintenance, and data analysis based on the blockchain network.

In order to solve the problems of forged transactions and theft of digital assets caused by the disclosure of identity certificates and private keys in the current blockchain technology, the embodiments of this application provide a system embodiment for processing transaction proposals.

Optionally, in this embodiment, FIG. 1 is a schematic diagram of a hardware environment of a transaction proposal processing system according to an embodiment of the present application. As shown in FIG. 1 , the above transaction proposal processing system may be applied to a system including client 101, In the hardware environment of the blockchain node 103 and the endorsement node 105 . The client 101 is used to initiate target transaction information, and uses the client private key of the client 101 to sign the target transaction information to obtain first signature information, which will carry the target transaction information and The initial transaction proposal of the first signature information is sent to the blockchain node 103;

The blockchain node 103 is used to sign the target transaction information using the organization private key to obtain the second signature information, which will carry the target transaction information, the first signature information and the second signature information The target transaction proposal is sent to the endorsement node 105, wherein the organization private key is the private key of the target blockchain organization where the blockchain node 103 is located;

The endorsement node 105 is configured to obtain the target transaction proposal, perform signature verification on the first signature information and the second signature information, and verify that both the first signature information and the second signature information are successfully verified. In the case of , the target transaction proposal is endorsed.

Optionally, in this embodiment, the client 101 may include, but is not limited to, clients of any type of application developed on the blockchain platform, such as: e-government applications, game applications, financial applications, shopping applications, Insurance applications, multimedia applications, live broadcast applications, etc.

Optionally, in this embodiment, the blockchain node 103 is any service node in the target blockchain organization. Blockchain nodes are used to serve clients. The target blockchain organization may also include Orderers nodes, Committer nodes, and so on.

As an optional embodiment, the client is configured to: generate a public-private key pair of the client, wherein the public and private keys of the client include the client private key and the client public key having a corresponding relationship; Using the client public key to obtain a client verification certificate corresponding to the client, wherein the client verification certificate is used to perform signature verification on the signature information obtained by signing with the client private key;

The endorsement node is used for: using the client verification certificate to perform signature verification on the first signature information; in the case of passing the verification of the first signature information, using the organizational identity corresponding to the blockchain node The certificate performs signature verification on the second signature information.

As an optional embodiment, the client is further configured to: after sending the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, send query information , wherein the query information is used to query the verification process of the first signature information and the second signature information; receive the verification process returned in response to the query information; display the verification process on the client process.

As an optional embodiment, the endorsement node is configured to: determine that the target transaction proposal fails when the verification of the first signature information fails or the verification of the second signature information fails.

According to an aspect of the embodiments of the present application, a method embodiment for processing a transaction proposal is provided.

FIG. 2 is a flowchart of an optional transaction proposal processing method according to an embodiment of the present application. As shown in FIG. 2 , the method may include the following steps:

Step S202, acquiring target transaction information of the client;

Step S204, using the client private key of the client to sign the target transaction information to obtain first signature information;

Step S206, sending an initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, wherein the initial transaction proposal is used to instruct the blockchain node to obtain the Target transaction information, the target transaction proposal of the first signature information and the second signature information, where the second signature information is obtained by signing the target transaction information by the blockchain node.

Through the above steps S202 to S206, the client has a pair of its own public and private key pairs, the verification certificate issued to the client can be managed by BaaS, and the client private key is kept by the client itself, and the client initiates the transaction When requesting, the transaction information is first signed and encrypted with its own private key. When the transaction information is sent to the blockchain network, the blockchain node will perform the second signature and encryption on the transaction information, then when the subsequent transaction proposal When sending to the endorsement node, the endorsement node needs to verify the two signatures. Both signature verifications are passed, and the transaction data can be uploaded to the chain, which solves the problems of forged transactions and theft of digital assets caused by the disclosure of identity certificates and private keys. , so as to achieve the technical effect of improving the security of the verification process of the transaction proposal, thereby solving the technical problem of low security of the verification process of the transaction proposal in the related art.

Optionally, in this embodiment, the above-mentioned processing method of the transaction proposal may be applied to, but not limited to, the client side or the BaaS platform side.

In the technical solution provided in step S202, the target transaction information may be, but is not limited to, information of a transaction initiated by the client that needs to be uploaded to the chain.

In the technical solution provided in step S204, the form of the first signature information may include, but is not limited to, a digital signature.

Optionally, in this embodiment, a digital signature (also known as a public key digital signature, an electronic signature) is a common physical signature similar to that written on paper, but implemented using technologies in the field of public key encryption, A method for authenticating digital information. A set of digital signatures usually defines two complementary operations, one for signing and the other for verification. The information data of the sending node is encrypted by hash to generate a digest, and then the digest is digitally signed by the private key of the sending node. A digital string that can only be generated by the sender and cannot be forged by others. This digital string is also an effective proof of the authenticity of the information sent by the sender of the information.

Optionally, in this embodiment, the digital signature may include, but is not limited to, an RSA algorithm, a DSA algorithm, an ECDSA elliptic curve digital signature algorithm, and the like.

Among them, the RSA algorithm is the most classic algorithm in computer cryptography, and it is also the most widely used digital signature algorithm so far. Since the length (modulo length) of the public key and private key of the RSA algorithm can only be guaranteed to be 1024 bits or even 2048 bits, the selection of parameters P, Q and E, the generation of public and private keys, encryption and decryption of modular exponentiation operations There are certain calculation procedures, which need to be completed by relying on the high-speed operation of the computer. The full name of DSA algorithm is Digital Signature Algorithm. DSA is just an algorithm. The difference from RSA is that it cannot be used for encryption and decryption, nor can it be used for key exchange. It is only used for signature, so it is much faster than RSA and its security Sex is about the same as RSA.

An important feature of DSA is that the two prime numbers are public, so that when someone else's p and q are used, even if the private key is not known, it can be confirmed whether they are randomly generated or manipulated. The RSA algorithm can't do it.

The ECDSA elliptic curve digital signature algorithm is used for digital signature. It is a combination of ECC and DSA. The entire signature process is similar to DSA. The difference is that the algorithm used in the signature is ECC, and the final signed value is also divided into r, s. ECC (full name Elliptic Curves Cryptography) is an elliptic curve cryptography.

Optionally, in this embodiment, the client private key is generated and stored by the client.

In the technical solution provided in step S206, the client sends the first signature information signed for the first time and the target transaction information to its corresponding blockchain node, and the blockchain node signs the target transaction information for the second time Obtain the second signature information.

Optionally, in this embodiment, the blockchain node may, but is not limited to, send the target transaction information, the first signature information, and the second signature information as the target transaction proposal to the blockchain network for transaction on-chain.

As an optional embodiment, before using the client private key of the client to sign the initial transaction proposal to obtain the first signature information, the method further includes:

S11, generating a public and private key pair of the client for the client, wherein the public and private keys of the client include the client private key and the client public key having a corresponding relationship;

S12, using the client public key to obtain a client verification certificate corresponding to the client, where the client verification certificate is used to perform signature verification on signature information obtained by signing with the client private key .

Optionally, in this embodiment, in order to realize the above-mentioned two signature encryption processes, the BaaS platform can provide the client to sign the transaction information, and manage the client verification certificate (including uploading, downloading, and deleting the verification certificate. ) and other functions.

Optionally, in this embodiment, the client generates its own public and private key pair, that is, the client private key and the client public key. The client private key is kept by the client itself, and the client public key is used to obtain the client verification certificate from the BaaS platform.

Optionally, in this embodiment, the client verification certificate is used to perform signature verification on the signature information obtained by signing with the client's private key. The client verification certificate may include, but is not limited to, a digital certificate.

Optionally, in this embodiment, a digital certificate (Digital Certificate), also called a public key certificate, is a guarantee used by both parties in network communication for identity authentication and secure communication. A digital certificate is actually an electronic document that contains the owner's identity and public key information, as well as the certificate authority's signature on this document.

As an optional embodiment, using the client public key to obtain the client verification certificate corresponding to the client includes:

S21: Initiate a call request carrying the client public key to a certificate authority corresponding to the target blockchain organization, where the call request is used to request the certificate authority to assign the client public key to the certificate authority according to the client public key. The client issues the client verification certificate, and the target blockchain organization is the blockchain organization where the blockchain node is located.

Optionally, in this embodiment, the client (for example, a BaaS user) has a pair of public and private keys that belong to itself, and a certificate authority (CA) issues a verification certificate according to the user's public key, and the certificate can be uniformly managed by BaaS. , while the client private key is kept by the client itself.

Optionally, in this embodiment, a public key infrastructure (Public Key Infrastructure, PKI) uses a digital certificate (or a CA certificate) to perform public key management, and the CA (Certificate Authority) consortium chain issues a certificate containing user information and other information. The certificate of public key information is used for authentication and secure communication between the two communicating parties in the network.

Optionally, in this embodiment, the calling request may be initiated through the SDK, but is not limited to. The user initiates a call request to the SDK through the application client (BaaS), calls the certificate service (CA), and obtains his own verification certificate. After that, the verification certificate is managed by the BaaS.

As an optional embodiment, after sending the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, the method further includes:

S31, the blockchain node signs the target transaction information using an organization private key to obtain the second signature information, wherein the organization private key is the target blockchain organization where the blockchain node is located 's private key;

S32, the blockchain node sends the target transaction proposal carrying the target transaction information, the first signature information and the second signature information to the endorsement node, where the target transaction proposal is used for Request the endorsement node to endorse the target transaction proposal.

Optionally, in this embodiment, after receiving the initial transaction proposal from the client, the blockchain node uses the organization private key of the blockchain organization to re-sign the target transaction information, and the transaction proposal including the twice-signed information is re-signed. It is sent to the endorsement node, and the endorsement node verifies the two signatures one by one.

As an optional embodiment, after sending the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, the method further includes:

S41, sending query information, wherein the query information is used to query the verification process of the first signature information and the second signature information;

S42, receiving the verification process returned in response to the query information;

S43, displaying the verification process on the client.

Optionally, in this embodiment, a query function and a display function of the verification process can be provided, so as to realize the visualization of the verification process.

According to an aspect of the embodiments of the present application, a method embodiment for processing a transaction proposal is provided.

FIG. 3 is a flowchart of another optional transaction proposal processing method according to an embodiment of the present application. As shown in FIG. 3 , the method may include the following steps:

Step S302, obtaining a target transaction proposal carrying target transaction information, first signature information and second signature information, wherein the target transaction information is initiated by the client, and the first signature information is used by the client The client private key is obtained by signing the target transaction information, and the second signature information is obtained by signing the target transaction information by the blockchain node;

Step S304, performing signature verification on the first signature information and the second signature information;

Step S306, in the case that the first signature information and the second signature information are both verified and passed, perform an endorsement process on the target transaction proposal.

Through the above steps S302 to S306, the client has a pair of its own public and private key pairs, the verification certificate issued to the client can be managed by BaaS, and the client's private key is kept by the client itself, and the client initiates the transaction When requesting, the transaction information is first signed and encrypted with its own private key. When the transaction information is sent to the blockchain network, the blockchain node will perform the second signature and encryption on the transaction information, then when the subsequent transaction proposal When sending to the endorsement node, the endorsement node needs to verify the two signatures. Both signature verifications are passed, and the transaction data can be uploaded to the chain, which solves the problems of forged transactions and theft of digital assets caused by the disclosure of identity certificates and private keys. , so as to achieve the technical effect of improving the security of the verification process of the transaction proposal, thereby solving the technical problem of low security of the verification process of the transaction proposal in the related art.

Optionally, in this embodiment, the above-mentioned processing method of the transaction proposal may be applied to, but not limited to, an endorsement node in a blockchain organization.

In the technical solution provided in step S302, the first signature information is obtained by using the client private key of the client to sign the target transaction information, and the second signature information is obtained by signing the target transaction information by the blockchain node. The blockchain node may, but is not limited to, use the private key of the target blockchain organization where the blockchain node is located to sign the target transaction information to obtain the second signature information.

In the technical solution provided in step S304, the manner of performing signature verification on the first signature information and the second signature information may include, but is not limited to, blockchain signature verification. Blockchain signature verification uses the public key to verify the authenticity of the signature. The receiving node hashes and encrypts the received data information to obtain a hash value. Use the signer's public key to verify the hash value obtained by decrypting the digital signature sent by the sending node. If they are the same, the signature is valid.

Optionally, in this embodiment, a Hash (hash or hash) algorithm, also often referred to as a fingerprint (fingerprint) or digest (digest) algorithm, is a very basic and very important type of algorithm. A binary plaintext string of arbitrary length can be mapped to a shorter (usually fixed-length) binary string (Hash value), and it is difficult for different plaintexts to be mapped to the same Hash value.

Optionally, in this embodiment, the used Hash algorithm may include, but is not limited to, the international MessageDigest (MD) series and the Secure Hash Algorithm (SHA) series algorithms, and the domestic SM3 algorithm, and so on. The MD algorithm may include, but is not limited to, MD4 and MD5 algorithms, and so on. SHA algorithms may include, but are not limited to, SHA256 algorithms, SHA-3 related algorithms, and the like.

In the technical solution provided in step S306, the transaction proposal is determined to be valid only after both the first signature information and the second signature information are verified, and the target transaction proposal is endorsed.

As an optional embodiment, performing signature verification on the first signature information and the second signature information includes one of the following:

S51, using the client verification certificate corresponding to the client to perform signature verification on the first signature information; in the case of passing the verification of the first signature information, using the organization identity certificate corresponding to the blockchain node Perform signature verification on the second signature information, wherein the organization identity certificate is the verification certificate of the target blockchain organization where the blockchain node is located;

S52, perform signature verification on the second signature information by using the organization identity certificate corresponding to the blockchain node, wherein the organization identity certificate is the verification certificate of the target blockchain organization where the blockchain node is located ; in the case that the verification of the second signature information is passed, use the client verification certificate corresponding to the client terminal to perform signature verification on the first signature information.

Optionally, in this embodiment, the client verification certificate and the organization identity certificate may be, but not limited to, stored in the BaaS database. The endorsement node reads the client verification certificate and the organization identity certificate from the BaaS database to perform signature verification on the first signature information and the second signature information respectively.

Optionally, in this embodiment, the identity of the client may be verified first, but not limited to, that is, signature verification is performed on the first signature information. If the client's identity verification is passed, verify the identity of the blockchain organization, that is, perform signature verification on the second signature information.

Optionally, in this embodiment, it is also possible, but not limited to, to firstly verify the identity of the blockchain organization, that is, to perform signature verification on the second signature information. If the identity verification of the blockchain organization is passed, then verify the identity of the client, that is, perform signature verification on the first signature information.

As an optional embodiment, the endorsement process for the target transaction proposal includes:

S61, simulate the transaction process indicated by the target transaction information, and obtain an endorsement result;

S62: Send the endorsement result to the client, where the endorsement result is used to instruct the client to send the target transaction information to a sorting node for consensus sorting.

Optionally, in this embodiment, after the endorsement node verifies the signature successfully, it will simulate the execution of the transaction process, and send information such as the simulated execution read and write sets and endorsement results to the client, and the client collects a certain number of endorsement results. , and then send the transaction proposal to the ordering node (Orderers node) for consensus sorting.

Optionally, in this embodiment, the Orderers node performs consensus sorting on the received transactions, and then packages a batch of transactions together according to the block generation strategy to generate a new block and send it to the Committer node. After the committer node receives the block, it will verify each transaction in the block, check whether the input and output of the transaction depend on the state of the current blockchain, and append the block to the local block after completion. chain, and modify the world state.

As an optional embodiment, after performing signature verification on the first signature information and the second signature information, the method further includes:

S71. In the case where the verification of the first signature information fails, or the verification of the second signature information fails, determine that the target transaction proposal fails.

Optionally, in this embodiment, as long as one signature verification fails, it is determined that the transaction proposal fails.

This application also provides an optional embodiment, in order to solve the problems of forged transactions and theft of digital assets caused by the disclosure of identity certificates and private keys in the prior art solution, the optional embodiment proposes a BaaS-based area Secondary verification method for blockchain transactions. BaaS users (equivalent to the above-mentioned clients) have a pair of their own public and private key pairs, and the certificate service (CA) issues a verification certificate according to the user's public key (that is, the above-mentioned client public key), which can be managed by BaaS uniformly. The user's private key (that is, the above-mentioned client private key) is kept by the user himself.

When a BaaS user initiates a transaction request, it first signs and encrypts the transaction information with its own private key. When the transaction information is sent to the blockchain network through the SDK, the blockchain node uses the organization's private key to perform the transaction information. The second signature encryption generates a transaction proposal. After the transaction proposal is sent to the endorsement node, the endorsement node verifies the two signatures. Both signature verifications pass, and the transaction data can be uploaded to the chain.

In order to realize the above-mentioned two-signature encryption, the BaaS platform provides users with functions such as signing transaction information and managing user verification certificates (including uploading, downloading, and deleting verification certificates). Before the user initiates a transaction proposal, the user can call the certificate service (CA) to obtain the verification certificate. The user initiates a call request to the SDK through the application client (BaaS), calls the certificate service (CA), and obtains his own verification certificate. Verification certificates are managed by BaaS.

As the application of blockchain in various fields becomes more and more extensive, ensuring transaction security has become an urgent need. Therefore, this optional embodiment can well reduce the risk caused by the disclosure of identity certificates and private keys, and improve the security of transactions. positive meaning.

Fig. 4 is a schematic diagram of a secondary verification method for a blockchain transaction according to an optional embodiment of the present application. As shown in Fig. 4, when a client initiates a transaction invocation request, the following signature process is performed: when a user initiates a transaction proposal (Proposal), the user first uses his private key to sign and encrypt the transaction information for the first time through the signature method provided by BaaS, and then the SDK uses the organization private key of the blockchain organization to sign and encrypt the transaction information for the second time. After the secondary encryption is completed, the SDK will send the transaction proposal with the contract identifier, contract method and parameter information to be called in this transaction, as well as the signature and other information to the Endorser node.

When the endorsement node verifies the signature information, the following verification process is performed: After the endorser node receives the transaction proposal (Proposal), it first uses the user's verification certificate to verify the transaction information for the first time. If the first verification fails, the transaction fails; after the first transaction is passed, the organization identity certificate is used to verify the transaction information for the second time. If the verification is also passed, the transaction information will be uploaded to the chain. If the verification fails, the transaction fails.

After the endorsement node verifies the two signatures, it will simulate the execution of the transaction process, and send the simulated read-write set and endorsement results to the client. After the client collects a certain number of endorsement results, it will send the transaction proposal to Orderers node for consensus sorting. The Orderers node performs consensus sorting on the received transactions, and then packages a batch of transactions together according to the block generation strategy to generate a new block and send it to the Committer node. After the committer node receives the block, it will verify each transaction in the block, check whether the input and output of the transaction depend on the state of the current blockchain, and append the block to the local block after completion. chain, and modify the world state.

Compared with the prior art, in this optional embodiment, in the case of the disclosure of the identity certificate and private key of the blockchain organization, if there are phenomena such as forged transactions, theft of digital assets, etc., only one of the two verifications fails. , the transaction cannot proceed.

In a consortium chain taking Hyperledger Fabric as an example, the secondary verification method of this optional embodiment has extensive application value. For example, in the field of welfare lottery, in order to prevent illegal activities such as black box operations, this optional embodiment can verify the identity of the lottery buyer, and use the lottery's private key to authenticate the lottery's identity (which can be understood as the lottery's certificate) and purchase records. (that is, the transaction call request information) is verified one by one, so as to achieve comprehensive supervision and overcome the disadvantages of traditional lottery centralization and opacity; for example, in the field of supply chain finance, in order to prevent upstream and downstream enterprises from colluding and making false accounts In an optional embodiment, the identities of the upstream and downstream enterprises can be verified, and the private keys of the upstream and downstream enterprises can be used to verify the identities of both parties in the transaction process, thereby avoiding phenomena such as forgery of identities.

Therefore, with the wider application of blockchain in various fields, ensuring transaction security has become an urgent need. This optional embodiment can well reduce the risk of identity certificate and private key leakage, and improve transaction security. have a positive meaning.

It should be noted that, for the sake of simple description, the foregoing method embodiments are all expressed as a series of action combinations, but those skilled in the art should know that the present application is not limited by the described action sequence. Because in accordance with the present application, certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present application.

From the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation. Based on this understanding, the technical solution of the present application can be embodied in the form of a software product in essence or in a part that contributes to the prior art, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, CD-ROM), including several instructions to make a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) execute the methods described in the various embodiments of this application.

According to another aspect of the embodiments of the present application, there is also provided a transaction proposal processing apparatus for implementing the above transaction proposal processing method. FIG. 5 is a schematic diagram of an optional transaction proposal processing apparatus according to an embodiment of the present application. As shown in FIG. 5 , the apparatus may include:

The first obtaining module 52 is used to obtain the target transaction information of the client;

a first signature module 54, configured to use the client private key of the client to sign the target transaction information to obtain first signature information;

The first sending module 56 is configured to send an initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, wherein the initial transaction proposal is used to indicate the blockchain node Obtain a target transaction proposal carrying the target transaction information, the first signature information, and the second signature information, where the second signature information is obtained by signing the target transaction information by the blockchain node.

It should be noted that the first acquisition module 52 in this embodiment may be used to perform step S202 in this embodiment of the present application, and the first signature module 54 in this embodiment may be used to perform step S204 in this embodiment of the present application , the first sending module 56 in this embodiment may be configured to perform step S206 in this embodiment of the present application.

It should be noted here that the examples and application scenarios implemented by the foregoing modules and corresponding steps are the same, but are not limited to the contents disclosed in the foregoing embodiments. It should be noted that, as a part of the device, the above modules may run in the hardware environment as shown in FIG. 1 , and may be implemented by software or hardware.

Through the above modules, the client has a pair of its own public and private key pairs. The verification certificate issued to the client can be managed by BaaS in a unified manner, while the client private key is kept by the client itself. When the client initiates a transaction request, the first Use your own private key to sign and encrypt the transaction information for the first time. When the transaction information is sent to the blockchain network, the blockchain node signs and encrypts the transaction information for the second time. Then, when the subsequent transaction proposal is sent to the endorsement node At the same time, the endorsement node needs to verify the two signatures, and the two signature verifications are passed, and the transaction data can be uploaded to the chain, which solves the problems of forged transactions and theft of digital assets caused by the disclosure of identity certificates and private keys. The technical effect of improving the security of the verification process of the transaction proposal, thereby solving the technical problem of the low security of the verification process of the transaction proposal in the related art.

As an optional embodiment, the device further includes:

A generating module, configured to generate a public-private key pair of the client for the client before signing the initial transaction proposal by using the client's private key of the client to obtain the first signature information, wherein the client The public and private keys of the terminal include the client private key and the client public key having a corresponding relationship;

The second obtaining module is configured to use the client public key to obtain the client verification certificate corresponding to the client, wherein the client verification certificate is used to sign the certificate obtained by using the client private key. Signature information for signature verification.

As an optional embodiment, the second obtaining module is used for:

Initiating a call request carrying the client public key to the certificate authority corresponding to the target blockchain organization, wherein the call request is used to request the certificate authority to assign the client to the client according to the client public key The client verification certificate is issued, and the target blockchain organization is the blockchain organization where the blockchain node is located.

As an optional embodiment, the device further includes:

The second signature module is configured to, after sending the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, use the organization's private key to pair all transactions with the blockchain node through the blockchain node. signing the target transaction information to obtain the second signature information, wherein the organization private key is the private key of the target blockchain organization where the blockchain node is located;

The second sending module is configured to send the target transaction proposal carrying the target transaction information, the first signature information and the second signature information to the endorsement node through the blockchain node, wherein the The target transaction proposal is used to request the endorsement node to endorse the target transaction proposal.

As an optional embodiment, the device is also used for:

After sending the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, send query information, where the query information is used to query the first signature information and the verification process of the second signature information;

receiving the verification process returned in response to the query information;

The verification process is exposed on the client.

According to another aspect of the embodiments of the present application, another apparatus for processing a transaction proposal for implementing the above-mentioned method for processing a transaction proposal is also provided. FIG. 6 is a schematic diagram of another optional transaction proposal processing apparatus according to an embodiment of the present application. As shown in FIG. 6 , the apparatus may include:

The third obtaining module 62 is configured to obtain a target transaction proposal carrying target transaction information, first signature information and second signature information, wherein the target transaction information is initiated by the client, and the first signature information is Obtained by signing the target transaction information with the client private key of the client, and the second signature information is obtained by signing the target transaction information by a blockchain node;

a verification module 64, configured to perform signature verification on the first signature information and the second signature information;

The processing module 66 is configured to perform endorsement processing on the target transaction proposal under the condition that both the first signature information and the second signature information are verified.

It should be noted that, the third obtaining module 62 in this embodiment may be used to execute step S302 in this embodiment of the present application, and the verification module 64 in this embodiment may be used to execute step S304 in this embodiment of the present application, the The processing module 66 in the embodiment may be configured to execute step S306 in the embodiment of the present application.

It should be noted here that the examples and application scenarios implemented by the foregoing modules and corresponding steps are the same, but are not limited to the contents disclosed in the foregoing embodiments. It should be noted that, as a part of the device, the above modules may run in the hardware environment as shown in FIG. 1 , and may be implemented by software or hardware.

Through the above modules, the client has a pair of its own public and private key pairs. The verification certificate issued to the client can be managed by BaaS in a unified manner, while the client private key is kept by the client itself. When the client initiates a transaction request, the first Use your own private key to sign and encrypt the transaction information for the first time. When the transaction information is sent to the blockchain network, the blockchain node signs and encrypts the transaction information for the second time. Then, when the subsequent transaction proposal is sent to the endorsement node At the same time, the endorsement node needs to verify the two signatures, and the two signature verifications are passed, and the transaction data can be uploaded to the chain, which solves the problems of forged transactions and theft of digital assets caused by the disclosure of identity certificates and private keys. The technical effect of improving the security of the verification process of the transaction proposal, thereby solving the technical problem of the low security of the verification process of the transaction proposal in the related art.

As an optional embodiment, the verification module includes:

a first verification unit, configured to perform signature verification on the first signature information by using the client verification certificate corresponding to the client; in the case of passing the verification of the first signature information, use the blockchain node The corresponding organization identity certificate performs signature verification on the second signature information, wherein the organization identity certificate is the verification certificate of the target blockchain organization where the blockchain node is located;

A second verification unit, configured to perform signature verification on the second signature information by using the organizational identity certificate corresponding to the blockchain node, wherein the organizational identity certificate is the target blockchain where the blockchain node is located The verification certificate of the organization; in the case that the verification of the second signature information is passed, use the client verification certificate corresponding to the client to perform signature verification on the first signature information.

As an optional embodiment, the processing module includes:

a simulation unit for simulating the transaction process indicated by the target transaction information to obtain an endorsement result;

A sending unit, configured to send the endorsement result to the client, where the endorsement result is used to instruct the client to send the target transaction information to a sorting node for consensus sorting.

As an optional embodiment, the device further includes:

A determination module, configured to perform signature verification on the first signature information and the second signature information, in the case that the verification of the first signature information fails, or in the case that the verification of the second signature information fails , determine that the target transaction proposal fails.

It should be noted here that the examples and application scenarios implemented by the foregoing modules and corresponding steps are the same, but are not limited to the contents disclosed in the foregoing embodiments. It should be noted that, as a part of the device, the above modules may run in the hardware environment as shown in FIG. 1 , and may be implemented by software or hardware, wherein the hardware environment includes a network environment.

According to yet another aspect of the embodiments of the present invention, an electronic device for implementing the above-mentioned processing method for a transaction proposal is also provided. As shown in FIG. 7 , the electronic device includes a memory 702 and a processor 704, and the memory 702 stores a memory 702. There is a computer program, and the processor 704 is configured to perform the steps in any of the above method embodiments by the computer program.

Optionally, in this embodiment, the above-mentioned electronic apparatus may be located in at least one network device among multiple network devices of a computer network.

Optionally, in this embodiment, the above-mentioned processor may be configured to execute the following steps through a computer program:

S1, obtain the target transaction information of the client;

S2, using the client private key of the client to sign the target transaction information to obtain first signature information;

S3: Send the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, where the initial transaction proposal is used to instruct the blockchain node to obtain the target transaction The transaction information, the target transaction proposal of the first signature information and the second signature information, where the second signature information is obtained by signing the target transaction information by the blockchain node.

Optionally, in this embodiment, the above-mentioned processor may also be configured to perform the following steps through a computer program:

S1: Acquire a target transaction proposal carrying target transaction information, first signature information and second signature information, wherein the target transaction information is initiated by the client, and the first signature information is the client using the client The terminal private key is obtained by signing the target transaction information, and the second signature information is obtained by signing the target transaction information by the blockchain node;

S2, performing signature verification on the first signature information and the second signature information;

S3, in the case that both the first signature information and the second signature information are verified and passed, perform an endorsement process on the target transaction proposal.

Optionally, those of ordinary skill in the art can understand that the structure shown in FIG. 7 is only a schematic diagram, and the electronic device can also be a smart phone (such as an Android mobile phone, an iOS mobile phone, etc.), a tablet computer, a palmtop computer, and a mobile Internet device (Mobile Internet Devices). , MID), PAD and other terminal equipment. FIG. 7 does not limit the structure of the above electronic device. For example, the electronic device may also include more or less components than those shown in FIG. 7 (eg, network interfaces, etc.), or have a different configuration than that shown in FIG. 7 .

The memory 702 may be used to store software programs and modules, such as program instructions/modules corresponding to the transaction proposal processing method and device in the embodiment of the present invention. The processor 704 runs the software programs and modules stored in the memory 702 to thereby Execute various functional applications and data processing, that is, realize the processing method of the above-mentioned transaction proposal. Memory 702 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, memory 702 may further include memory located remotely from processor 704, and these remote memories may be connected to the terminal through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof. The memory 702 may specifically be, but not limited to, be used to store information such as characteristic information and probability results of the account to be processed. As an example, as shown in FIG. 7 , the above-mentioned memory 702 may include, but is not limited to, the first acquiring unit 7022 , the processing unit 7024 and the outputting unit 7026 in the above-mentioned transaction proposal processing apparatus. In addition, it may also include, but is not limited to, other module units in the above-mentioned transaction proposal processing apparatus, which will not be repeated in this example.

Optionally, the above-mentioned transmission device 706 is configured to receive or send data via a network. Specific examples of the above-mentioned networks may include wired networks and wireless networks. In one example, the transmission device 706 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices and routers through a network cable so as to communicate with the Internet or a local area network. In one example, the transmission device 706 is a radio frequency (Radio Frequency, RF) module, which is used for wirelessly communicating with the Internet.

In addition, the above-mentioned electronic device further includes: a display 708 for displaying the characteristic information and probability results of the above-mentioned account to be processed; and a connection bus 710 for connecting various module components in the above-mentioned electronic device.

According to yet another aspect of the embodiments of the present invention, a storage medium is also provided, where a computer program is stored in the storage medium, wherein the computer program is configured to execute the steps in any one of the above method embodiments when running.

Optionally, in this embodiment, the above-mentioned storage medium may be configured to store a computer program for executing the following steps:

S1, obtain the target transaction information of the client;

S2, using the client private key of the client to sign the target transaction information to obtain first signature information;

S3: Send the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, where the initial transaction proposal is used to instruct the blockchain node to obtain the target transaction The transaction information, the target transaction proposal of the first signature information and the second signature information, where the second signature information is obtained by signing the target transaction information by the blockchain node.

Optionally, in this embodiment, the above-mentioned storage medium may also be configured to store a computer program for executing the following steps:

S1: Acquire a target transaction proposal carrying target transaction information, first signature information and second signature information, wherein the target transaction information is initiated by the client, and the first signature information is the client using the client The terminal private key is obtained by signing the target transaction information, and the second signature information is obtained by signing the target transaction information by the blockchain node;

S2, performing signature verification on the first signature information and the second signature information;

S3, in the case that both the first signature information and the second signature information are verified and passed, perform an endorsement process on the target transaction proposal.

Optionally, in this embodiment, those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above-mentioned embodiments can be completed by instructing the hardware related to the terminal device through a program, and the program can be stored in a In the computer-readable storage medium, the storage medium may include: a flash disk, a read-only memory (Read-Only Memory, ROM), a random access device (Random Access Memory, RAM), a magnetic disk or an optical disk, and the like.

The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages or disadvantages of the embodiments.

If the integrated units in the above-mentioned embodiments are implemented in the form of software functional units and sold or used as independent products, they may be stored in the above-mentioned computer-readable storage medium. Based on this understanding, the technical solution of the present invention is essentially or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, Several instructions are included to cause one or more computer devices (which may be personal computers, servers, or network devices, etc.) to perform all or part of the steps of the methods described in the various embodiments of the present invention.

In the above-mentioned embodiments of the present invention, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

In the several embodiments provided in this application, it should be understood that the disclosed client may be implemented in other manners. The apparatus embodiments described above are only illustrative, for example, the division of the units is only a logical function division, and there may be other division methods in actual implementation, for example, multiple units or components may be combined or Integration into another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of units or modules, and may be in electrical or other forms.

The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.

The above are only the preferred embodiments of the present invention. It should be pointed out that for those skilled in the art, without departing from the principles of the present invention, several improvements and modifications can be made. It should be regarded as the protection scope of the present invention.

Claims (17)

1. A method for processing a transaction proposal, comprising: Get the target transaction information of the client; Using the client private key of the client to sign the target transaction information to obtain first signature information; Send the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, wherein the initial transaction proposal is used to instruct the blockchain node to obtain the target transaction information carrying the target transaction information. , the target transaction proposal of the first signature information and the second signature information, where the second signature information is obtained by signing the target transaction information by the blockchain node. 2. The method according to claim 1, characterized in that, before using the client private key of the client to sign the initial transaction proposal to obtain first signature information, the method further comprises: generating a public-private key pair of the client for the client, wherein the public-private key of the client includes the client private key and the client public key having a corresponding relationship; A client verification certificate corresponding to the client is obtained by using the client public key, wherein the client verification certificate is used to perform signature verification on the signature information obtained by signing with the client private key. 3. The method according to claim 2, wherein obtaining the client verification certificate corresponding to the client by using the client public key comprises: Initiating a call request carrying the client public key to the certificate authority corresponding to the target blockchain organization, wherein the call request is used to request the certificate authority to assign the client to the client according to the client public key The client verification certificate is issued, and the target blockchain organization is the blockchain organization where the blockchain node is located. 4. The method according to claim 1, wherein after sending the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, the method further comprises: : sending query information, wherein the query information is used to query the verification process of the first signature information and the second signature information; receiving the verification process returned in response to the query information; The verification process is exposed on the client. 5. The method according to claim 1, wherein after sending the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, the method further comprises: : The blockchain node signs the target transaction information using an organization private key to obtain the second signature information, wherein the organization private key is the private key of the target blockchain organization where the blockchain node is located. key; The blockchain node sends the target transaction proposal carrying the target transaction information, the first signature information and the second signature information to the endorsement node, wherein the target transaction proposal is used to request the The endorsement node endorses the target transaction proposal. 6. A method for processing a transaction proposal, comprising: Obtain the target transaction proposal carrying the target transaction information, the first signature information and the second signature information, wherein the target transaction information is initiated by the client, and the first signature information is obtained using the client's client private The second signature information is obtained by signing the target transaction information by the blockchain node; performing signature verification on the first signature information and the second signature information; In the case that both the first signature information and the second signature information are verified and passed, the target transaction proposal is endorsed. 7. The method according to claim 6, wherein performing signature verification on the first signature information and the second signature information comprises one of the following: Use the client verification certificate corresponding to the client to perform signature verification on the first signature information; in the case of passing the verification of the first signature information, use the organization identity certificate corresponding to the blockchain node to verify the signature of the first signature information. performing signature verification on the second signature information, wherein the organization identity certificate is the verification certificate of the target blockchain organization where the blockchain node is located; Use the organization identity certificate corresponding to the blockchain node to perform signature verification on the second signature information, wherein the organization identity certificate is the verification certificate of the target blockchain organization where the blockchain node is located; In the case that the verification of the second signature information is passed, the first signature information is subjected to signature verification by using the client verification certificate corresponding to the client terminal. 8. The method according to claim 6, wherein the endorsement processing for the target transaction proposal comprises: Simulate the transaction process indicated by the target transaction information to obtain the endorsement result; Send the endorsement result to the client, where the endorsement result is used to instruct the client to send the target transaction information to a sorting node for consensus sorting. 9. The method according to claim 6, wherein after performing signature verification on the first signature information and the second signature information, the method further comprises: If the verification of the first signature information fails, or the verification of the second signature information fails, it is determined that the target transaction proposal fails. 10. A transaction proposal processing system, comprising: a client, a blockchain node and an endorsement node, wherein, The client is used for initiating target transaction information, and uses the client private key of the client to sign the target transaction information to obtain first signature information, which will carry the target transaction information and the first signature An initial transaction proposal for information is sent to the blockchain node; The blockchain node is used to sign the target transaction information using the organization's private key to obtain the second signature information, and will carry the target transaction information, the first signature information and the second signature information. The target transaction proposal is sent to the endorsement node, wherein the organization private key is the private key of the target blockchain organization where the blockchain node is located; The endorsement node is used to obtain the target transaction proposal, and perform signature verification on the first signature information and the second signature information. If both the first signature information and the second signature information are successfully verified, In this case, endorse the target transaction proposal. 11. The system of claim 10, wherein The client is used to: generate a public-private key pair of the client, wherein the public and private keys of the client include the client private key and the client public key that have a corresponding relationship; use the client public key to obtain all The client verification certificate corresponding to the client, wherein the client verification certificate is used to perform signature verification on the signature information obtained by signing with the client private key; The endorsement node is used for: using the client verification certificate to perform signature verification on the first signature information; in the case of passing the verification of the first signature information, using the organizational identity corresponding to the blockchain node The certificate performs signature verification on the second signature information. 12. The system according to claim 10, wherein the client is further configured to: After sending the initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, send query information, where the query information is used to query the first signature information and the verification process of the second signature information; receiving the verification process returned in response to the query information; The authentication process is exposed on the client. 13. The system of claim 10, wherein the endorsement node is used to: If the verification of the first signature information fails, or the verification of the second signature information fails, it is determined that the target transaction proposal fails. 14. An apparatus for processing transaction proposals, comprising: The first acquisition module is used to acquire the target transaction information of the client; a first signature module, configured to use the client private key of the client to sign the target transaction information to obtain first signature information; a first sending module, configured to send an initial transaction proposal carrying the target transaction information and the first signature information to the blockchain node, wherein the initial transaction proposal is used to instruct the blockchain node to obtain A target transaction proposal carrying the target transaction information, the first signature information and the second signature information, where the second signature information is obtained by the blockchain node signing the target transaction information. 15. An apparatus for processing a transaction proposal, comprising: The third obtaining module is configured to obtain the target transaction proposal carrying the target transaction information, the first signature information and the second signature information, wherein the target transaction information is initiated by the client, and the first signature information is obtained by using The client private key of the client is obtained by signing the target transaction information, and the second signature information is obtained by signing the target transaction information by the blockchain node; a verification module, configured to perform signature verification on the first signature information and the second signature information; A processing module, configured to perform endorsement processing on the target transaction proposal when both the first signature information and the second signature information are verified. 16. A storage medium, characterized in that the storage medium comprises a stored program, wherein when the program is run, the method described in any one of the preceding claims 1 to 9 is executed. 17. An electronic device comprising a memory, a processor and a computer program stored on the memory and running on the processor, wherein the processor executes the above claim 1 through the computer program A method as described in any one of to 9.

Images