+

CN118427864A - Project contract management method based on blockchain - Google Patents

Project contract management method based on blockchain Download PDF

Info

Publication number
CN118427864A
CN118427864A CN202410881560.6A CN202410881560A CN118427864A CN 118427864 A CN118427864 A CN 118427864A CN 202410881560 A CN202410881560 A CN 202410881560A CN 118427864 A CN118427864 A CN 118427864A
Authority
CN
China
Prior art keywords
client
contract
public key
project
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410881560.6A
Other languages
Chinese (zh)
Other versions
CN118427864B (en
Inventor
陈雯珊
张祖生
林大勇
易鹏程
叶勇
陈旭
吴晓辉
郑焰华
周珺
陈霆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Nebula Big Data Application Service Co ltd
Original Assignee
Fujian Nebula Big Data Application Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Nebula Big Data Application Service Co ltd filed Critical Fujian Nebula Big Data Application Service Co ltd
Priority to CN202410881560.6A priority Critical patent/CN118427864B/en
Publication of CN118427864A publication Critical patent/CN118427864A/en
Application granted granted Critical
Publication of CN118427864B publication Critical patent/CN118427864B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a project contract management method based on a blockchain, which belongs to the technical field of project contract management and comprises the following steps: step S10, creating a root certificate, an A working certificate and a B working certificate; step S20, a first client is sent out by the root certificate, the A working certificate and the A1 private key, and a second client is sent out by the root certificate, the B working certificate and the B1 private key; step S30, the first client and the second client carry out identity authentication through a root certificate, an A working certificate, an A1 private key, a B working certificate and a B1 private key, and the first client draws up a project contract based on a contract template; step S40, the first client performs first electronic signature on the project contract to send out a second client; and S50, the second client feeds back the second electronic signature of the project contract to the server for encryption, storage and backup. The invention has the advantages that: the convenience and the safety of project contract management are greatly improved.

Description

Project contract management method based on blockchain
Technical Field
The invention relates to the technical field of project contract management, in particular to a project contract management method based on a blockchain.
Background
The project is to organize resources such as manpower, materials and finance by various methods through efforts, and to perform an independent one-time or long-term indefinite work task according to the related planning arrangement of business models so as to achieve the aim defined by quantity and quality indexes. The engineering project is a project taking engineering construction as a carrier, is a disposable engineering construction task taking a building or a structure as a target output, needs to pay a certain cost, is completed in a certain time according to a certain program, and meets the quality requirement.
In order to guarantee the safety of the transaction, a project contract needs to be drawn and signed in the transaction process, and the project contract needs to be managed after being signed.
For project contract management, a method of signing paper contracts in duplicate and keeping the paper contracts in duplicate is conventionally adopted, but the paper contracts are easy to lose and difficult to inquire, and the paper contracts are gradually replaced by electronic contracts along with technological progress. However, the traditional electronic contract only scans paper contracts into electronic files, then simply stores the files of the electronic contracts in a folder, and only clicks and views the files one by one locally, so that the electronic contract is inconvenient to manage, has the problems of contract counterfeiting, contract tampering, information leakage and the like, also has the risk of data loss, and cannot meet the requirements of project contract management.
Therefore, how to provide a project contract management method based on blockchain to improve convenience and safety of project contract management becomes a technical problem to be solved urgently.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a project contract management method based on a blockchain, which can improve convenience and safety of project contract management.
The invention is realized in the following way: a project contract management method based on block chain comprises the following steps:
Step S10, a server presets contract templates of a plurality of project contracts, a private key, a root certificate carrying a root public key, a pair of A1 private keys and A1 public keys, a pair of B1 private keys and B1 public keys are created, the A1 public key is signed by the root private key to obtain an A working certificate, and the B1 public key is signed by the root private key to obtain a B working certificate;
Step S20, the server issues the root certificate, the A working certificate and the A1 private key to a first client, and issues the root certificate, the B working certificate and the B1 private key to a second client;
Step S30, after the first client side and the second client side carry out identity authentication through the root certificate, the A working certificate, the A1 private key, the B working certificate and the B1 private key, the first client side acquires the corresponding contract template from the server, and draws up an item contract based on the contract template;
Step S40, after the first electronic signature is carried out on the project contract by the first client, the project contract is sent to the second client;
Step S50, after the second electronic signature is carried out on the project contract by the second client, the project contract is fed back to the server;
step S60, the server stores the project contract in an encrypted mode and backs up the project contract to the blockchain;
and step S70, the first client side or the second client side accesses a server to manage the inquiry of the project contract.
Further, in step S10, the server presets a contract template of a plurality of project contracts specifically as follows:
the server creates contract templates of a plurality of project contracts, sets the template name, the template classification and the template style of each contract template, and displays each contract template in a list form.
Further, in the step S10, the root private key is used to sign the A1 public key and the B1 public key; the root public key is used for verifying and signing the A working certificate and the B working certificate.
Further, in the step S20, the first client is a buyer client or a seller client; the second client is a seller client or a buyer client.
Further, the step S30 specifically includes:
step S31, a first client generates a first random number, and the first random number and an A working certificate are sent to a second client;
Step S32, the second client performs validity verification on the A working certificate and extracts an A1 public key to generate a second random number, a pair of B2 private keys and a B2 public key, encrypts the first random number and the B2 public key through the A1 public key to generate first ciphertext data, and sends the first ciphertext data, the second random number and the B2 working certificate to the first client;
Step S33, the first client performs validity verification on the B working certificate, extracts a B1 public key, decrypts first ciphertext data through the A1 private key, performs verification, and generates a pair of A2 private key and A2 public key; negotiating a first session key and a B2 public key through the A2 private key and calculating a first check value, encrypting a second random number, the A2 public key and the first check value through the B1 public key to generate second ciphertext data, and sending the second ciphertext data to a second client;
Step S34, the second client decrypts the second ciphertext data through the B1 private key to obtain a second random number, an A2 public key and a first check value, after checking the second random number, negotiating a second session key through the A2 public key and the B2 private key, calculating a second check value of the second session key, checking a first check value through the second check value, and then sending the second check value to the first client;
step S35, after the first client verifies the second verification value through the first verification value, the identity authentication between the first client and the second client is completed;
Step S36, the first client accesses the server, and obtains the corresponding contract template based on the template name, the template classification or the template style;
step S37, the first client terminal draws up project contracts carrying contract numbers, contract names, contract types and contract states based on the contract templates; the value of the contract state is to be signed or signed.
Further, the step S32 specifically includes:
The second client extracts a root public key from the root certificate, extracts an A1 public key from the A working certificate after signing the A working certificate through the root public key, generates a second random number, and generates a pair of B2 private key and B2 public key through an ElGamal algorithm;
The second client encrypts the first random number and the B2 public key through the A1 public key to generate first ciphertext data, and sends the first ciphertext data, the second random number and the B working certificate to the first client.
Further, the step S33 specifically includes:
The first client extracts a root public key from the root certificate, extracts a B1 public key from the B working certificate after signing the B working certificate through the root public key, decrypts first ciphertext data through the A1 private key to obtain a first random number and a B2 public key, judges whether the decrypted first random number is consistent with a local first random number, and if not, ends the flow; if yes, then:
Generating a pair of A2 private key and A2 public key through an ElGamal algorithm; and negotiating a first session key through the A2 private key and the B2 public key, calculating a first check value of the first session key, encrypting a second random number, the A2 public key and the first check value through the B1 public key, generating second ciphertext data, and transmitting the second ciphertext data to a second client.
Further, the step S40 specifically includes:
the first client acquires the input first signer and first signature coordinates, automatically matches corresponding first signature information based on the first signer, adds the first signature information to the project contract based on the first signature coordinates to complete the first electronic signature of the project contract, encrypts the project contract after the first electronic signature by using an RSA algorithm, and then sends the encrypted project contract to the second client.
Further, the step S50 specifically includes:
The second client decrypts the received project contract by using an RSA algorithm, acquires an input second signer and second signature coordinates, automatically matches corresponding second signature information based on the second signer, adds the second signature information to the project contract based on the second signature coordinates to complete second electronic signature of the project contract, encrypts the project contract after the second electronic signature by using a 3DES algorithm, and feeds the encrypted project contract back to the server.
Further, the step S60 specifically includes:
The server decrypts the received project contract by using a 3DES algorithm, reads plaintext data of the project contract, carries out MAC calculation on the plaintext data to obtain an MAC value, checks whether a blockchain stores the MAC value or not, and if so, ends the flow; if not, generating an encryption key based on the ElGamal algorithm, encrypting the project contract by using the encryption key, storing the encrypted project contract in a IPFS system, binding the MAC value and an index address returned by the IPFS system, and backing up the bound MAC value and index address to a blockchain.
The invention has the advantages that:
1. Presetting contract templates of a plurality of project contracts through a server, creating a private key, a root certificate carrying a root public key, a pair of A1 private keys and A1 public keys, a pair of B1 private keys and B1 public keys, signing the A1 public keys through the root private keys to obtain an A working certificate, signing the B1 public keys through the root private keys to obtain a B working certificate, then issuing the root certificate, the A working certificate and the A1 private keys to a first client, and issuing the root certificate, the B working certificate and the B1 private keys to a second client; after the first client side and the second client side carry out identity authentication through the root certificate, the A working certificate, the A1 private key, the B working certificate and the B1 private key, the first client side acquires a corresponding contract template from the server and formulates a project contract, the project contract is subjected to first electronic signature and then is sent to the second client side, then the second client side carries out second electronic signature on the project contract and then feeds back the project contract to the server, the server carries out encryption storage on the project contract and then backups the project contract to the blockchain, and the first client side or the second client side accesses the server to inquire and manage the project contract; the project contracts are stored in the server, the project contracts can be inquired on line by accessing the server, the project contracts can be searched and inquired based on contract numbers, contract names, contract types, contract contents and other data, and the search results are displayed in a list form, so that the project contracts can be inquired and positioned quickly; the data interacted among the first client, the second client and the server are encrypted through encryption algorithms, data are prevented from being stolen by plaintext, different encryption algorithms are adopted for encryption respectively, leakage of all data caused by leakage of one encryption algorithm is avoided, project contracts can be drawn only by the first client and the second client through identity authentication, electronic signature and decentralization storage backup of a block chain are combined, multiple security measures are adopted before and after, and convenience and security of project contract management are improved greatly finally.
2. Creating a root private key, a root certificate carrying a root public key, a pair of A1 private keys, a pair of B1 private keys and a B1 public key through a server, signing the A1 public key through the root private key to obtain an A working certificate, signing the B1 public key through the root private key to obtain a B working certificate, issuing the root certificate, the A working certificate and the A1 private key to a first client, and issuing the root certificate, the B working certificate and the B1 private key to a second client; then the first client generates a first random number, sends a first random number and an A working certificate to the second client, the second client performs validity check on the A working certificate and extracts an A1 public key, generates a second random number, a pair of B2 private keys and a B2 public key, encrypts the first random number and the B2 public key through the A1 public key to generate first ciphertext data, sends the first ciphertext data, the second random number and the B2 working certificate to the first client, the first client performs validity check on the B working certificate and extracts a B1 public key, decrypts the first ciphertext data through the A1 private key and performs check, generates a pair of A2 private keys and A2 public keys, negotiates a first session key with the B2 public key through the A2 private key and calculates a first check value, encrypts the second random number, the A2 public key and the first check value through the B1 public key to generate second ciphertext data, and sends the second client; the second client decrypts the second ciphertext data through the B1 private key to obtain a second random number, an A2 public key and a first check value, negotiates a second session key through the A2 public key and the B2 private key after checking the second random number, calculates a second check value, checks the first check value through the second check value, sends the second check value to the first client, and completes identity authentication between the first client and the second client after checking the second check value through the first check value; the method comprises the steps of performing two-way authentication on a first client and a second client based on a root certificate, an A working certificate, a B working certificate, an A2 private key, an A2 public key, a B2 private key, a B2 public key, a first random number and a second random number, adopting at least 6 security measures (A working certificate verification, second ciphertext data verification, second verification value comparison, B working certificate verification, first ciphertext data verification and first verification value comparison) in the authentication process, generating the first ciphertext data, the second ciphertext data, the first verification value and the second verification value based on a plurality of keys, increasing the cracking difficulty, finally greatly improving the reliability of identity authentication, guaranteeing the reliability of a project contract drafting main body, and further improving the security of project contract management.
3. The first random number is generated by the first client and the second random number is generated by the second client for safety authentication, so that replay attack can be effectively prevented, and the reliability of identity authentication is further ensured by combining validity period verification of the time stamp.
4. Encrypting the first random number and the B2 public key through the A1 public key to generate first ciphertext data and transmitting the first ciphertext data to the first client; the second random number, the A2 public key and the first check value are encrypted through the B1 public key, second ciphertext data are generated and sent to the second client, the fact that the second ciphertext data are stolen by plaintext in the related data transmission process is avoided, the safety of data transmission is greatly improved, and the reliability of identity authentication is further guaranteed.
5. By setting different encryption schemes for each link of identity authentication, contract template issuing, project contract transmission, project contract storage and project contract backup between the first client and the second client, the safety of project contract management is greatly improved.
6. The method comprises the steps of reading plaintext data of a project contract, performing MAC calculation on the plaintext data to obtain an MAC value, checking whether the block chain stores the MAC value, generating an encryption key based on an ElGamal algorithm, encrypting the project contract by using the encryption key, storing the encrypted project contract to a IPFS system, binding the MAC value and an index address returned by the IPFS system and backing up the encrypted project contract to the block chain, wherein the MAC calculation is a Hash function with a secret key, and compared with the common Hash calculation, the security is higher, at least triple security measures (the MAC calculation, the ElGamal algorithm and the block chain) are adopted before and after, so that the security of the project contract storage and backup is greatly improved.
Drawings
The invention will be further described with reference to examples of embodiments with reference to the accompanying drawings.
FIG. 1 is a flow chart of a blockchain-based project contract management method of the present invention.
Detailed Description
The technical scheme in the embodiment of the application has the following overall thought: the project contract is stored in the server, the project contract can be searched and retrieved on line by accessing the server, the data interacted among the first client, the second client and the server are encrypted through encryption algorithms, the data are prevented from being stolen by plaintext, different encryption algorithms are adopted for encryption respectively, the leakage of all data caused by the leakage of one encryption algorithm is avoided, the project contract can be drawn only by the first client and the second client through identity authentication, and multiple security measures are adopted before and after combining electronic signature and decentralization storage backup of a blockchain, so that the convenience and the security of project contract management are improved.
Referring to fig. 1, a preferred embodiment of a blockchain-based project contract management method of the present invention includes the following steps:
Step S10, a server presets contract templates of a plurality of project contracts, a private key, a root certificate carrying a root public key, a pair of A1 private keys and A1 public keys, a pair of B1 private keys and B1 public keys are created, the A1 public key is signed by the root private key to obtain an A working certificate, and the B1 public key is signed by the root private key to obtain a B working certificate;
the root certificate, the A working certificate and the B working certificate use an X.509 format to define a public key module field, and the root public key, the A1 public key and the B1 public key can be extracted from the public key module field subsequently;
Step S20, the server issues the root certificate, the A working certificate and the A1 private key to a first client, and issues the root certificate, the B working certificate and the B1 private key to a second client;
Step S30, after the first client side and the second client side carry out identity authentication through the root certificate, the A working certificate, the A1 private key, the B working certificate and the B1 private key, the first client side acquires the corresponding contract template from the server, and draws up an item contract based on the contract template;
Step S40, after the first electronic signature is carried out on the project contract by the first client, the project contract is sent to the second client;
Step S50, after the second electronic signature is carried out on the project contract by the second client, the project contract is fed back to the server;
step S60, the server stores the project contract in an encrypted mode and backs up the project contract to the blockchain;
and step S70, the first client side or the second client side accesses a server to manage the inquiry of the project contract. In specific implementation, the item contract can be searched and inquired based on the contract number, the contract name, the contract type, the contract content and other data, and the search result is displayed in a list form.
In the implementation, related data is sent through an instruction carrying a time stamp, and one party receiving the data needs to perform time-effect verification through the time stamp to prevent replay attack, and meanwhile, the attack difficulty is increased.
In the step S10, the server presets a plurality of contract templates of project contracts specifically as follows:
The server creates contract templates of a plurality of project contracts, sets template names, template classifications and template styles of the contract templates, and displays the contract templates in a list form so as to conveniently select the corresponding contract templates according to the needs.
In the step S10, the root private key is used to sign the A1 public key and the B1 public key; the root public key is used for verifying and signing the working certificate A and the working certificate B; the root private key and the root public key are paired keys.
In the step S20, the first client is a buyer client or a seller client; the second client is a seller client or a buyer client.
The step S30 specifically includes:
step S31, a first client generates a first random number, and the first random number and an A working certificate are sent to a second client;
Step S32, the second client performs validity verification on the A working certificate and extracts an A1 public key to generate a second random number, a pair of B2 private keys and a B2 public key, encrypts the first random number and the B2 public key through the A1 public key to generate first ciphertext data, and sends the first ciphertext data, the second random number and the B2 working certificate to the first client;
Step S33, the first client performs validity verification on the B working certificate, extracts a B1 public key, decrypts first ciphertext data through the A1 private key, performs verification, and generates a pair of A2 private key and A2 public key; negotiating a first session key and a B2 public key through the A2 private key and calculating a first check value, encrypting a second random number, the A2 public key and the first check value through the B1 public key to generate second ciphertext data, and sending the second ciphertext data to a second client;
Negotiating the first session key, when in implementation, firstly performing ECDH calculation by using the A2 private key and the B2 public key, then performing sha256 calculation, and then intercepting a preset length to generate the first session key; the negotiation process of the second session key is the same.
When the first check value of the first session key is calculated, in specific implementation, the first session key can be used for encrypting 0 of 8 bytes, the first 3 bytes are taken as the first check value, and the calculation process of the second check value is the same.
Step S34, the second client decrypts the second ciphertext data through the B1 private key to obtain a second random number, an A2 public key and a first check value, after checking the second random number, negotiating a second session key through the A2 public key and the B2 private key, calculating a second check value of the second session key, checking a first check value through the second check value, and then sending the second check value to the first client;
Because the first session key is generated by negotiating an A2 private key with a B2 public key, and the second session key is generated by negotiating an A2 public key with a B2 private key, the first session key and the second session key are the same pair of keys, and a first check value calculated based on the first session key is theoretically required to be equal to a second check value calculated based on the second session key; the first check value is checked through the second check value, namely whether the second check value is equal to the first check value or not is compared;
step S35, after the first client verifies the second verification value through the first verification value, the identity authentication between the first client and the second client is completed;
step S36, the first client accesses the server, and obtains the corresponding contract template based on the template name, the template classification or the template style; when the server issues the contract template to the first client, encryption is carried out through an IDEA algorithm so as to ensure the security of contract template transmission;
Step S37, the first client terminal draws up project contracts carrying contract numbers, contract names, contract types and contract states based on the contract templates; the value of the contract state is to be signed or signed. When the project is formulated, the contract state is to be signed, and after the first client and the second client are signed, the contract state is updated to be signed.
The step S32 specifically includes:
The second client extracts a root public key from the root certificate, extracts an A1 public key from the A working certificate after signing the A working certificate through the root public key, generates a second random number, and generates a pair of B2 private key and B2 public key through an ElGamal algorithm;
The second client encrypts the first random number and the B2 public key through the A1 public key to generate first ciphertext data, and sends the first ciphertext data, the second random number and the B working certificate to the first client.
The step S33 specifically includes:
The first client extracts a root public key from the root certificate, extracts a B1 public key from the B working certificate after signing the B working certificate through the root public key, decrypts first ciphertext data through the A1 private key to obtain a first random number and a B2 public key, judges whether the decrypted first random number is consistent with a local first random number, and if not, ends the flow; if yes, then:
Generating a pair of A2 private key and A2 public key through an ElGamal algorithm; and negotiating a first session key through the A2 private key and the B2 public key, calculating a first check value of the first session key, encrypting a second random number, the A2 public key and the first check value through the B1 public key, generating second ciphertext data, and transmitting the second ciphertext data to a second client.
The step S35 specifically includes:
the first client judges whether the first check value is consistent with the second check value, if not, the flow is ended; if yes, the identity authentication between the first client and the second client is completed.
The step S40 specifically includes:
the first client acquires the input first signer and first signature coordinates, automatically matches corresponding first signature information based on the first signer, adds the first signature information to the project contract based on the first signature coordinates to complete the first electronic signature of the project contract, encrypts the project contract after the first electronic signature by using an RSA algorithm, and then sends the encrypted project contract to the second client.
The step S50 specifically includes:
The second client decrypts the received project contract by using an RSA algorithm, acquires an input second signer and second signature coordinates, automatically matches corresponding second signature information based on the second signer, adds the second signature information to the project contract based on the second signature coordinates to complete second electronic signature of the project contract, encrypts the project contract after the second electronic signature by using a 3DES algorithm, and feeds the encrypted project contract back to the server.
In specific implementation, the first client and the second client can send real-name authentication requests carrying signers (names of people or companies), mobile phone numbers, identity card numbers and photos to the authentication server to carry out real-name authentication, and the real-name authentication is passed only when the signers, the mobile phone numbers, the identity card numbers and the photos are consistent, so that the reliability of the real-name authentication is effectively improved; and by carrying out real-name authentication on the first client and the second client, the reliability of the project contract establishment main body is ensured.
The step S60 specifically includes:
The server decrypts the received project contract by using a 3DES algorithm, reads plaintext data of the project contract, carries out MAC calculation on the plaintext data to obtain an MAC value, checks whether a blockchain stores the MAC value or not, and if so, ends the flow; if not, generating an encryption key based on the ElGamal algorithm, encrypting the project contract by using the encryption key, storing the encrypted project contract in a IPFS system, binding the MAC value and an index address returned by the IPFS system, and backing up the bound MAC value and index address to a blockchain.
Because the MAC calculation is irreversible, the subsequent MAC calculation is carried out on the project contract again, and whether the project contract is tampered can be rapidly judged by comparing whether the calculated MAC value is consistent with the MAC value stored by the blockchain; and the MAC value and the index address are notarized through a blockchain, so that the MAC value and the index address are prevented from being tampered, and the project contract is checked through the trusted MAC value, so that the safety is further ensured.
In summary, the invention has the advantages that:
1. Presetting contract templates of a plurality of project contracts through a server, creating a private key, a root certificate carrying a root public key, a pair of A1 private keys and A1 public keys, a pair of B1 private keys and B1 public keys, signing the A1 public keys through the root private keys to obtain an A working certificate, signing the B1 public keys through the root private keys to obtain a B working certificate, then issuing the root certificate, the A working certificate and the A1 private keys to a first client, and issuing the root certificate, the B working certificate and the B1 private keys to a second client; after the first client side and the second client side carry out identity authentication through the root certificate, the A working certificate, the A1 private key, the B working certificate and the B1 private key, the first client side acquires a corresponding contract template from the server and formulates a project contract, the project contract is subjected to first electronic signature and then is sent to the second client side, then the second client side carries out second electronic signature on the project contract and then feeds back the project contract to the server, the server carries out encryption storage on the project contract and then backups the project contract to the blockchain, and the first client side or the second client side accesses the server to inquire and manage the project contract; the project contracts are stored in the server, the project contracts can be inquired on line by accessing the server, the project contracts can be searched and inquired based on contract numbers, contract names, contract types, contract contents and other data, and the search results are displayed in a list form, so that the project contracts can be inquired and positioned quickly; the data interacted among the first client, the second client and the server are encrypted through encryption algorithms, data are prevented from being stolen by plaintext, different encryption algorithms are adopted for encryption respectively, leakage of all data caused by leakage of one encryption algorithm is avoided, project contracts can be drawn only by the first client and the second client through identity authentication, electronic signature and decentralization storage backup of a block chain are combined, multiple security measures are adopted before and after, and convenience and security of project contract management are improved greatly finally.
2. Creating a root private key, a root certificate carrying a root public key, a pair of A1 private keys, a pair of B1 private keys and a B1 public key through a server, signing the A1 public key through the root private key to obtain an A working certificate, signing the B1 public key through the root private key to obtain a B working certificate, issuing the root certificate, the A working certificate and the A1 private key to a first client, and issuing the root certificate, the B working certificate and the B1 private key to a second client; then the first client generates a first random number, sends a first random number and an A working certificate to the second client, the second client performs validity check on the A working certificate and extracts an A1 public key, generates a second random number, a pair of B2 private keys and a B2 public key, encrypts the first random number and the B2 public key through the A1 public key to generate first ciphertext data, sends the first ciphertext data, the second random number and the B2 working certificate to the first client, the first client performs validity check on the B working certificate and extracts a B1 public key, decrypts the first ciphertext data through the A1 private key and performs check, generates a pair of A2 private keys and A2 public keys, negotiates a first session key with the B2 public key through the A2 private key and calculates a first check value, encrypts the second random number, the A2 public key and the first check value through the B1 public key to generate second ciphertext data, and sends the second client; the second client decrypts the second ciphertext data through the B1 private key to obtain a second random number, an A2 public key and a first check value, negotiates a second session key through the A2 public key and the B2 private key after checking the second random number, calculates a second check value, checks the first check value through the second check value, sends the second check value to the first client, and completes identity authentication between the first client and the second client after checking the second check value through the first check value; the method comprises the steps of performing two-way authentication on a first client and a second client based on a root certificate, an A working certificate, a B working certificate, an A2 private key, an A2 public key, a B2 private key, a B2 public key, a first random number and a second random number, adopting at least 6 security measures (A working certificate verification, second ciphertext data verification, second verification value comparison, B working certificate verification, first ciphertext data verification and first verification value comparison) in the authentication process, generating the first ciphertext data, the second ciphertext data, the first verification value and the second verification value based on a plurality of keys, increasing the cracking difficulty, finally greatly improving the reliability of identity authentication, guaranteeing the reliability of a project contract drafting main body, and further improving the security of project contract management.
3. The first random number is generated by the first client and the second random number is generated by the second client for safety authentication, so that replay attack can be effectively prevented, and the reliability of identity authentication is further ensured by combining validity period verification of the time stamp.
4. Encrypting the first random number and the B2 public key through the A1 public key to generate first ciphertext data and transmitting the first ciphertext data to the first client; the second random number, the A2 public key and the first check value are encrypted through the B1 public key, second ciphertext data are generated and sent to the second client, the fact that the second ciphertext data are stolen by plaintext in the related data transmission process is avoided, the safety of data transmission is greatly improved, and the reliability of identity authentication is further guaranteed.
5. By setting different encryption schemes for each link of identity authentication, contract template issuing, project contract transmission, project contract storage and project contract backup between the first client and the second client, the safety of project contract management is greatly improved.
6. The method comprises the steps of reading plaintext data of a project contract, performing MAC calculation on the plaintext data to obtain an MAC value, checking whether the block chain stores the MAC value, generating an encryption key based on an ElGamal algorithm, encrypting the project contract by using the encryption key, storing the encrypted project contract to a IPFS system, binding the MAC value and an index address returned by the IPFS system and backing up the encrypted project contract to the block chain, wherein the MAC calculation is a Hash function with a secret key, and compared with the common Hash calculation, the security is higher, at least triple security measures (the MAC calculation, the ElGamal algorithm and the block chain) are adopted before and after, so that the security of the project contract storage and backup is greatly improved.
While specific embodiments of the invention have been described above, it will be appreciated by those skilled in the art that the specific embodiments described are illustrative only and not intended to limit the scope of the invention, and that equivalent modifications and variations of the invention in light of the spirit of the invention will be covered by the claims of the present invention.

Claims (8)

1. A project contract management method based on a blockchain is characterized by comprising the following steps of: the method comprises the following steps:
Step S10, a server presets contract templates of a plurality of project contracts, a private key, a root certificate carrying a root public key, a pair of A1 private keys and A1 public keys, a pair of B1 private keys and B1 public keys are created, the A1 public key is signed by the root private key to obtain an A working certificate, and the B1 public key is signed by the root private key to obtain a B working certificate;
Step S20, the server issues the root certificate, the A working certificate and the A1 private key to a first client, and issues the root certificate, the B working certificate and the B1 private key to a second client;
Step S30, after the first client side and the second client side carry out identity authentication through the root certificate, the A working certificate, the A1 private key, the B working certificate and the B1 private key, the first client side acquires the corresponding contract template from the server, and draws up an item contract based on the contract template;
Step S40, after the first electronic signature is carried out on the project contract by the first client, the project contract is sent to the second client;
Step S50, after the second electronic signature is carried out on the project contract by the second client, the project contract is fed back to the server;
step S60, the server stores the project contract in an encrypted mode and backs up the project contract to the blockchain;
Step S70, the first client side or the second client side accesses a server to manage the inquiry of the project contract;
The step S40 specifically includes:
the method comprises the steps that a first client obtains an input first signer and a first signature coordinate, corresponding first signature information is automatically matched based on the first signer, the first signature information is added to a project contract based on the first signature coordinate to complete a first electronic signature of the project contract, and the project contract after the first electronic signature is encrypted by an RSA algorithm and then sent to a second client;
the step S50 specifically includes:
The second client decrypts the received project contract by using an RSA algorithm, acquires an input second signer and second signature coordinates, automatically matches corresponding second signature information based on the second signer, adds the second signature information to the project contract based on the second signature coordinates to complete second electronic signature of the project contract, encrypts the project contract after the second electronic signature by using a 3DES algorithm, and feeds the encrypted project contract back to the server.
2. The blockchain-based project contract management method of claim 1, wherein: in the step S10, the server presets a plurality of contract templates of project contracts specifically as follows:
the server creates contract templates of a plurality of project contracts, sets the template name, the template classification and the template style of each contract template, and displays each contract template in a list form.
3. The blockchain-based project contract management method of claim 1, wherein: in the step S10, the root private key is used to sign the A1 public key and the B1 public key; the root public key is used for verifying and signing the A working certificate and the B working certificate.
4. The blockchain-based project contract management method of claim 1, wherein: in the step S20, the first client is a buyer client or a seller client; the second client is a seller client or a buyer client.
5. The blockchain-based project contract management method of claim 1, wherein: the step S30 specifically includes:
step S31, a first client generates a first random number, and the first random number and an A working certificate are sent to a second client;
Step S32, the second client performs validity verification on the A working certificate and extracts an A1 public key to generate a second random number, a pair of B2 private keys and a B2 public key, encrypts the first random number and the B2 public key through the A1 public key to generate first ciphertext data, and sends the first ciphertext data, the second random number and the B2 working certificate to the first client;
Step S33, the first client performs validity verification on the B working certificate, extracts a B1 public key, decrypts first ciphertext data through the A1 private key, performs verification, and generates a pair of A2 private key and A2 public key; negotiating a first session key and a B2 public key through the A2 private key and calculating a first check value, encrypting a second random number, the A2 public key and the first check value through the B1 public key to generate second ciphertext data, and sending the second ciphertext data to a second client;
Step S34, the second client decrypts the second ciphertext data through the B1 private key to obtain a second random number, an A2 public key and a first check value, after checking the second random number, negotiating a second session key through the A2 public key and the B2 private key, calculating a second check value of the second session key, checking a first check value through the second check value, and then sending the second check value to the first client;
step S35, after the first client verifies the second verification value through the first verification value, the identity authentication between the first client and the second client is completed;
Step S36, the first client accesses the server, and obtains the corresponding contract template based on the template name, the template classification or the template style;
step S37, the first client terminal draws up project contracts carrying contract numbers, contract names, contract types and contract states based on the contract templates; the value of the contract state is to be signed or signed.
6. The blockchain-based project contract management method of claim 5, wherein: the step S32 specifically includes:
The second client extracts a root public key from the root certificate, extracts an A1 public key from the A working certificate after signing the A working certificate through the root public key, generates a second random number, and generates a pair of B2 private key and B2 public key through an ElGamal algorithm;
The second client encrypts the first random number and the B2 public key through the A1 public key to generate first ciphertext data, and sends the first ciphertext data, the second random number and the B working certificate to the first client.
7. The blockchain-based project contract management method of claim 5, wherein: the step S33 specifically includes:
The first client extracts a root public key from the root certificate, extracts a B1 public key from the B working certificate after signing the B working certificate through the root public key, decrypts first ciphertext data through the A1 private key to obtain a first random number and a B2 public key, judges whether the decrypted first random number is consistent with a local first random number, and if not, ends the flow; if yes, then:
Generating a pair of A2 private key and A2 public key through an ElGamal algorithm; and negotiating a first session key through the A2 private key and the B2 public key, calculating a first check value of the first session key, encrypting a second random number, the A2 public key and the first check value through the B1 public key, generating second ciphertext data, and transmitting the second ciphertext data to a second client.
8. The blockchain-based project contract management method of claim 1, wherein: the step S60 specifically includes:
The server decrypts the received project contract by using a 3DES algorithm, reads plaintext data of the project contract, carries out MAC calculation on the plaintext data to obtain an MAC value, checks whether a blockchain stores the MAC value or not, and if so, ends the flow; if not, generating an encryption key based on the ElGamal algorithm, encrypting the project contract by using the encryption key, storing the encrypted project contract in a IPFS system, binding the MAC value and an index address returned by the IPFS system, and backing up the bound MAC value and index address to a blockchain.
CN202410881560.6A 2024-07-03 2024-07-03 Project contract management method based on blockchain Active CN118427864B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410881560.6A CN118427864B (en) 2024-07-03 2024-07-03 Project contract management method based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410881560.6A CN118427864B (en) 2024-07-03 2024-07-03 Project contract management method based on blockchain

Publications (2)

Publication Number Publication Date
CN118427864A true CN118427864A (en) 2024-08-02
CN118427864B CN118427864B (en) 2024-10-11

Family

ID=92337293

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410881560.6A Active CN118427864B (en) 2024-07-03 2024-07-03 Project contract management method based on blockchain

Country Status (1)

Country Link
CN (1) CN118427864B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220270A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN109756485A (en) * 2018-12-14 2019-05-14 平安科技(深圳)有限公司 Electronic contract signs method, apparatus, computer equipment and storage medium
CN113761596A (en) * 2021-09-17 2021-12-07 安徽高山科技有限公司 Electronic signature method based on block chain and CA certificate dual authentication
KR20220034674A (en) * 2020-09-11 2022-03-18 현대자동차주식회사 Certificate installation method and apparatus by encryption and decryption of contract certificate private key
CN116073989A (en) * 2021-10-29 2023-05-05 中国移动通信集团安徽有限公司 Authentication data processing method, device, system, equipment and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220270A (en) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key
CN109756485A (en) * 2018-12-14 2019-05-14 平安科技(深圳)有限公司 Electronic contract signs method, apparatus, computer equipment and storage medium
KR20220034674A (en) * 2020-09-11 2022-03-18 현대자동차주식회사 Certificate installation method and apparatus by encryption and decryption of contract certificate private key
CN113761596A (en) * 2021-09-17 2021-12-07 安徽高山科技有限公司 Electronic signature method based on block chain and CA certificate dual authentication
CN116073989A (en) * 2021-10-29 2023-05-05 中国移动通信集团安徽有限公司 Authentication data processing method, device, system, equipment and medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王佳贺: ""基于区块链的分布式身份认证技术研究"", 《中国优秀硕士论文全文数据库 信息科技辑》, no. 03, 15 March 2022 (2022-03-15) *
陈旭;冀程浩;: "基于区块链技术的实时审计研究", 中国注册会计师, no. 04, 15 April 2017 (2017-04-15) *

Also Published As

Publication number Publication date
CN118427864B (en) 2024-10-11

Similar Documents

Publication Publication Date Title
CN111737724B (en) Data processing method and device, intelligent equipment and storage medium
CN110601816B (en) Lightweight node control method and device in block chain system
CN111241533A (en) Block chain-based password management method and device and computer-readable storage medium
WO2019233204A1 (en) Method, apparatus and system for key management, storage medium, and computer device
CN111798209A (en) Engineering project management method based on block chain, electronic equipment and storage medium
CN111147432B (en) KYC data sharing system with confidentiality and method thereof
US20070136599A1 (en) Information processing apparatus and control method thereof
CN114499876B (en) Internet of Things data storage method based on blockchain and NB-IoT chip
CN109450843B (en) A blockchain-based SSL certificate management method and system
CN109981287B (en) Code signing method and storage medium thereof
CN110942382A (en) Electronic contract generating method and device, computer equipment and storage medium
CN113438088A (en) Social network credit monitoring method and device based on block chain distributed identity
CN111639952A (en) Returned goods checking method, returned goods checking system, returned goods checking server and returned goods checking terminal based on block chain
CN110955699B (en) Decentralized electronic academic certificate checking method and system
CN110851865B (en) Resource data processing method, device, system and storage medium
CN110569672A (en) efficient credible electronic signature system and method based on mobile equipment
CN1980121B (en) Electronic signing mobile terminal, system and method
CN114567444B (en) Digital signature verification method, device, computer equipment and storage medium
CN113129008A (en) Data processing method and device, computer readable medium and electronic equipment
CN110610416A (en) KYC data sharing system and method based on blockchain smart contract
CN118427864B (en) Project contract management method based on blockchain
CN118333577A (en) Electronic seal making method and electronic seal making system
CN118611920A (en) Electronic tender document processing method, device, electronic device and storage medium
CN115720137B (en) Information management system, method and device
CN113127930B (en) Charging data processing method, device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载