A data processing method and device, computer equipment and readable storage medium

Abstract

This application provides a data processing method, apparatus, computer device, and readable storage medium. The method includes: upon receiving a first verification string sent by a resource server, generating a blockchain account corresponding to an operation object in a resource client; signing the first verification string using a blockchain private key to obtain a first string signature information; encrypting the blockchain private key using an authentication public key associated with the operation object to obtain an encrypted blockchain private key; and sending the encrypted blockchain private key, the first string signature information, and the blockchain public key to the resource server. Using this application can improve the security of the blockchain private key.

Description

Technical Field

[0001] This application relates to the field of blockchain technology, and in particular to a data processing method, apparatus, computer equipment, and readable storage medium. Background Technology

[0002] Currently, users can send the blockchain private key generated in the resource client directly to the resource server (i.e., the platform) via their terminal devices. This allows the resource server to directly obtain the private key and store it in plaintext. However, if the resource server is compromised by a hacker, storing the private key in plaintext on the resource server will lead to its leakage, thus reducing its security. Summary of the Invention

[0003] This application provides a data processing method, apparatus, computer device, and readable storage medium, which can improve the security of blockchain private keys.

[0004] One embodiment of this application provides a data processing method, including:

[0005] Upon receiving the first verification string sent by the resource server, a blockchain account corresponding to the operation object is generated in the resource client; the blockchain account includes the blockchain private key and blockchain public key associated with the operation object;

[0006] The first verification string is signed using the blockchain private key to obtain the first string signature information;

[0007] The blockchain private key is encrypted using the authentication public key associated with the operation object to obtain the encrypted blockchain private key; the authentication public key and authentication private key associated with the operation object are generated in the resource client;

[0008] The encrypted blockchain private key, the first string of signature information, and the blockchain public key are sent to the resource server. The blockchain public key is used to instruct the resource server to verify the first string of signature information and obtain the first verification result. When the first verification result indicates successful verification, the resource server stores the encrypted blockchain private key. The resource server then sends the stored encrypted blockchain private key to the resource client. The resource client decrypts the encrypted blockchain private key using its authentication private key to obtain the blockchain private key. The blockchain private key is used to sign transaction data for the target object.

[0009] One embodiment of this application provides a data processing apparatus, including:

[0010] The account generation module is used to generate a blockchain account corresponding to the operation object in the resource client when the first verification string sent by the resource server is received; the blockchain account includes the blockchain private key and blockchain public key associated with the operation object;

[0011] The first signature module is used to sign the first verification string using the blockchain private key to obtain the first string signature information;

[0012] The encryption processing module is used to encrypt the blockchain private key using the authentication public key associated with the operation object, so as to obtain the encrypted blockchain private key; the authentication public key and authentication private key associated with the operation object are generated in the resource client;

[0013] The first sending module is used to send the encrypted blockchain private key, the first string signature information, and the blockchain public key to the resource server; the blockchain public key is used to instruct the resource server to verify the first string signature information and obtain the first verification result; the resource server is used to store the encrypted blockchain private key when the first verification result indicates successful verification; the resource server is used to send the stored encrypted blockchain private key to the resource client; the resource client is used to decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the operation object.

[0014] The device also includes:

[0015] The first receiving module is used to respond to the triggering operation of the account creation control in the resource client and send a managed request to the resource server; the managed request is used to instruct the resource server to generate a first verification string corresponding to the object identifier of the operation object;

[0016] The first receiving module is used to receive the first verification string returned by the resource server.

[0017] The device also includes:

[0018] The client input module is used to respond to input operations from the resource client and send the text data entered by the input operation to the resource server. If the text data does not exist in the account name set, the resource server uses the text data to determine the object identifier of the operation object and generates a second verification string corresponding to the object identifier. The resource server uses the object identifier to store in the account name set.

[0019] The second receiving module is used to receive the second verification string and registration identifier returned by the resource server, and generate an authentication public key and authentication private key associated with the operation object in the resource client based on the registration identifier; the authentication public key and authentication private key are generated by the resource client calling the authentication interface associated with the resource client;

[0020] The second signature module is used to sign the second verification string line using the authentication private key to obtain the second string signature information;

[0021] The second sending module is used to send the object identifier, the second string signature information, and the authentication public key to the resource server; the authentication public key is used to instruct the resource server to perform signature verification on the second string signature information to obtain the second signature verification result; the resource server is used to associate and store the object identifier and the authentication public key when the second signature verification result indicates that the signature verification is successful.

[0022] The device also includes:

[0023] The client login module is used to respond to login operations for the resource client when the login status of the operation object is invalid. It sends the object identifier entered in the login operation to the resource server. If the object identifier exists in the account name set, the resource server generates a third verification string corresponding to the object identifier. The invalid status refers to the login status when the current operation timestamp of the operation object for the resource client is later than the invalid timestamp of the operation object for the resource client.

[0024] The third receiving module is used to receive the third verification string returned by the resource server, and to sign the third verification string using the authentication private key to obtain the third string signature information.

[0025] The third sending module is used to send the object identifier and the third string signature information to the resource server; the resource server is used to obtain the authentication public key corresponding to the stored object identifier; the authentication public key is used to instruct the resource server to perform signature verification on the third string signature information to obtain the third signature verification result; when the third signature verification result indicates that the signature verification is successful, the resource server is used to send the list of blockchain account addresses corresponding to the operation object to the resource client.

[0026] The resource server is used to generate the blockchain account address corresponding to the blockchain public key when the first verification result indicates successful verification, and to associate and store the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object; the resource server is used to send the stored blockchain account address to the resource client.

[0027] The device also includes:

[0028] The list display module is used to receive transaction data sent by the decentralized application client through the resource client, and display a list of blockchain account addresses corresponding to the operation objects in the resource client; the list of blockchain account addresses includes blockchain account addresses;

[0029] The address selection module is used to respond to selection operations on the list of blockchain account addresses and to obtain the blockchain account address selected by the selection operation.

[0030] The decryption module is used to obtain the encrypted blockchain private key corresponding to the blockchain account address from the resource server, and decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key.

[0031] The transaction signature module is used to sign transaction data using a blockchain private key to obtain the signed transaction data.

[0032] The device also includes:

[0033] The on-chain processing module is used to send the signed transaction data to the blockchain nodes in the blockchain network so that the blockchain nodes can process the signed transaction data on the blockchain.

[0034] The result return module is used to receive the on-chain result returned by the blockchain node through the resource client, which represents the success of the on-chain, if the transaction data after signature processing is successfully uploaded to the blockchain network, and return the on-chain result to the decentralized application client.

[0035] The result return module is used to receive the on-chain result returned by the blockchain node through the resource client to indicate the failure of on-chaining if the transaction data after signature processing is not successfully uploaded to the blockchain network, and then return the on-chain result to the decentralized application client.

[0036] One embodiment of this application provides a data processing method, including:

[0037] Send a first verification string to the resource client; the first verification string is used to instruct the resource client to generate a blockchain account corresponding to the operation object; the blockchain account includes the blockchain private key and blockchain public key associated with the operation object;

[0038] The system receives the encrypted blockchain private key, the first string signature information, and the blockchain public key sent by the resource client. The first string signature information is obtained by the resource client signing the first verification string using the blockchain private key. The encrypted blockchain private key is obtained by the resource client encrypting the blockchain private key using the authentication public key associated with the operation object. The authentication public key and authentication private key associated with the operation object are generated in the resource client.

[0039] The first string of signature information is verified using the blockchain public key to obtain the first verification result. If the first verification result indicates that the verification is successful, the encrypted blockchain private key is stored.

[0040] The stored encrypted blockchain private key is sent to the resource client; the resource client is used to decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the target object.

[0041] One embodiment of this application provides a data processing apparatus, including:

[0042] The string sending module is used to send a first verification string to the resource client; the first verification string is used to instruct the resource client to generate a blockchain account corresponding to the operation object; the blockchain account includes a blockchain private key and a blockchain public key associated with the operation object;

[0043] The data receiving module is used to receive the encrypted blockchain private key, the first string signature information, and the blockchain public key sent by the resource client. The first string signature information is obtained by the resource client signing the first verification string using the blockchain private key. The encrypted blockchain private key is obtained by the resource client encrypting the blockchain private key using the authentication public key associated with the operation object. The authentication public key and authentication private key associated with the operation object are generated in the resource client.

[0044] The private key storage module is used to verify the first string of signature information using the blockchain public key to obtain the first verification result. If the first verification result indicates that the verification is successful, the encrypted blockchain private key is stored.

[0045] The private key sending module is used to send the stored encrypted blockchain private key to the resource client; the resource client is used to decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the target object.

[0046] The private key storage module is specifically used to generate the blockchain account address corresponding to the blockchain public key if the first verification result indicates that the verification is successful.

[0047] The private key storage module is specifically used to associate and store the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object.

[0048] The private key storage module is also specifically used to send the stored blockchain account address to the resource client.

[0049] The device also includes:

[0050] The timestamp acquisition module is used to obtain the timestamp generated by the string corresponding to the first verification string.

[0051] The timestamp acquisition module is used to generate a timestamp and the string's valid time period based on the string, and to determine the string expiration timestamp corresponding to the first verification string.

[0052] The timestamp determination module is used to perform a signature verification process on the first string signature information using the blockchain public key if the first string signature information is received from the resource client before the string expiration timestamp.

[0053] The timestamp determination module is used to return an error message to the resource client if the first string signature information is received after the string expiration timestamp.

[0054] The private key storage module is specifically used to decrypt the first string signature information using the blockchain private key to obtain the first digest information corresponding to the first verification string.

[0055] The private key storage module is specifically used to perform hash processing on the first verification string to obtain the second digest information corresponding to the first verification string;

[0056] The private key storage module is specifically used to generate a first verification result indicating successful signature verification if the first digest information and the second digest information are the same.

[0057] The private key storage module is specifically used to generate a first verification result indicating signature verification failure if the first digest information and the second digest information are different.

[0058] One embodiment of this application provides a computer device, including: a processor and a memory;

[0059] The processor is connected to a memory, which stores a computer program. When the computer program is executed by the processor, it causes the computer device to perform the method provided in the embodiments of this application.

[0060] One aspect of this application provides a computer-readable storage medium storing a computer program adapted to be loaded and executed by a processor, so that a computer device having the processor performs the method provided in this application.

[0061] One embodiment of this application provides a computer program product comprising a computer program stored in a computer-readable storage medium. A processor of a computer device reads the computer program from the computer-readable storage medium and executes the computer program, causing the computer device to perform the method provided in this application embodiment.

[0062] In this embodiment, when the terminal device receives the first verification string sent by the resource server, it can generate a blockchain private key and a blockchain public key associated with the operation object in the resource client. Further, the terminal device can sign the first verification string using the blockchain private key to obtain first string signature information; simultaneously, it can encrypt the blockchain private key using the authentication public key associated with the operation object to obtain an encrypted blockchain private key. Further, the terminal device can send the encrypted blockchain private key, the first string signature information, and the blockchain public key to the resource server. The blockchain public key can be used to instruct the resource server to verify the first string signature information to obtain a first verification result; the resource server stores the encrypted blockchain private key when the first verification result indicates successful verification; further, the resource server sends the stored encrypted blockchain private key to the resource client, and the resource client decrypts the encrypted blockchain private key using the authentication private key to obtain the blockchain private key, which is used to sign transaction data for the operation object. Therefore, this application embodiment can generate an authentication public key and an authentication private key associated with the operation object in the resource client. The authentication public key is used to encrypt the blockchain private key in the blockchain account corresponding to the operation object, resulting in an encrypted blockchain private key. This encrypted blockchain private key is then sent to the resource server for storage. Thus, if the resource server is compromised by a hacker, the encrypted blockchain private key stored on the resource server will be leaked. However, since the hacker cannot obtain the authentication private key, they cannot decrypt the leaked encrypted blockchain private key. Therefore, this application does not lead to the leakage of the blockchain private key, thereby improving the security of the blockchain private key. Attached Figure Description

[0063] To more clearly illustrate the technical solutions in the embodiments or related technologies of this application, the accompanying drawings used in the description of the embodiments or related technologies will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0064] Figure 1 This is a schematic diagram of a network architecture provided in an embodiment of this application;

[0065] Figure 2a This is a schematic diagram of a data interaction scenario provided in an embodiment of this application;

[0066] Figure 2b This is a schematic diagram of a data interaction scenario provided in an embodiment of this application;

[0067] Figure 3 This is a flowchart illustrating a data processing method provided in an embodiment of this application;

[0068] Figure 4 This is a flowchart illustrating a data processing method provided in an embodiment of this application;

[0069] Figure 5 This is a schematic diagram of a process for generating a blockchain account provided in an embodiment of this application;

[0070] Figure 6 This is a flowchart illustrating a data processing method provided in an embodiment of this application;

[0071] Figure 7 This is a schematic diagram illustrating a scenario for generating an authentication public key and an authentication private key, as provided in an embodiment of this application.

[0072] Figure 8 This is a schematic diagram of a process for registering a blockchain resource account provided in an embodiment of this application;

[0073] Figure 9 This is a flowchart illustrating a data processing method provided in an embodiment of this application;

[0074] Figure 10 This is a schematic diagram of a process for logging into a blockchain resource account, provided in an embodiment of this application;

[0075] Figure 11 This is a flowchart illustrating a data processing method provided in an embodiment of this application;

[0076] Figure 12 This is a schematic diagram of a transaction signing process provided in an embodiment of this application;

[0077] Figure 13 This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application;

[0078] Figure 14 This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application;

[0079] Figure 15This is a schematic diagram of the structure of a computer device provided in an embodiment of this application. Detailed Implementation

[0080] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of this application.

[0081] Blockchain: In a narrow sense, blockchain is a chain-like data structure with blocks as the basic unit. Each block uses a digital digest to verify previously acquired transaction history, making it suitable for the tamper-proof and scalable requirements of distributed ledger scenarios. In a broader sense, blockchain also refers to the distributed ledger technology implemented using the blockchain structure, including distributed consensus, privacy and security protection, peer-to-peer communication technology, network protocols, and smart contracts. The goal of blockchain is to implement a distributed data ledger that only allows additions, not deletions. The underlying basic structure of the ledger is a linear linked list. The linked list consists of a series of "blocks," with each subsequent block recording the hash value of the previous block. The validity of each block (and the transactions within it) can be quickly verified by calculating the hash value. If a node in the blockchain network proposes to add a new block, the block must be confirmed through a consensus mechanism.

[0082] Blockchain Nodes: Blockchain networks categorize nodes into consensus nodes (also known as core nodes) and synchronization nodes (which can include data nodes and light nodes). Consensus nodes are responsible for the consensus process across the entire blockchain network; synchronization nodes are responsible for synchronizing the ledger information of the consensus nodes, i.e., synchronizing the latest block data. Both consensus and synchronization nodes include network communication components in their internal structure, because a blockchain network is essentially a peer-to-peer (P2P) network, requiring communication with other nodes through P2P components. Resources and services in a blockchain network are distributed across various nodes; information transmission and service implementation occur directly between nodes, without the need for intermediaries or centralized servers (third parties).

[0083] Asymmetric signatures: A signature algorithm uses two keys: a public key and a private key. The public and private keys are a pair; if data is signed with the private key, only the corresponding public key can verify the signature. Because the signing and verification processes use two different keys, this algorithm is called an asymmetric signature. The basic process of using asymmetric signatures to exchange confidential information can be as follows: Party A generates a key pair and publishes the public key. When Party A needs to send a message to another party (e.g., Party B), it signs the confidential message using its private key before sending it to Party B; Party B then uses Party A's public key to verify the signed message.

[0084] Public and private keys: A public and private key pair is a key pair obtained through an algorithm. The public key is the publicly disclosed part of the key pair, while the private key is the private part. This algorithm ensures that the resulting key pair is unique. When using this key pair, if data is encrypted with one key, it must be decrypted with the other key. For example, data encrypted with the public key must be decrypted with the private key, and vice versa.

[0085] WebAuthn (Web Authentication): WebAuthn is a web authentication specification compliant with W3C (World Wide Web Consortium) standards. It achieves passwordless authentication through public-key cryptography, allowing users to complete the entire registration and login process using only a PIN (Personal Identification Number), public / private keys, or a USB key. Using WebAuthn greatly simplifies the entire authentication process for websites, and compared to traditional password authentication, WebAuthn offers higher security.

[0086] For details, please see Figure 1 , Figure 1 This is a schematic diagram of a network architecture provided in an embodiment of this application. Figure 1 The network architecture shown may include a blockchain network 100a, a terminal device cluster 100b, and a resource server 100c. Specifically, the blockchain network 100a may include one or more blockchain nodes; the number of blockchain nodes in the blockchain network 100a is not limited here. Figure 1As shown, multiple blockchain nodes may specifically include blockchain node 110a, blockchain node 110b, blockchain node 110c, ..., blockchain node 110n. To ensure information exchange within the blockchain network 100a, each blockchain node in the blockchain network 100a can be directly or indirectly connected to the network via wired or wireless communication (for example, there may be a network connection between blockchain node 110a and blockchain node 110b), so that the blockchain nodes can interact with each other via the network connection (for example, block transmission). A blockchain node can be a server connected to the blockchain network 100a or a terminal device connected to the blockchain network 100a. The specific form of the blockchain node is not limited here.

[0087] It is understood that each blockchain node in blockchain network 100a, during normal operation, can receive data to be uploaded to the blockchain from off-chain devices (e.g., resource server 100c and terminal devices in terminal device cluster 100b), generate blocks based on the received data, and then process the blocks for on-chain upload. It is also understood that the collection and processing of relevant data (e.g., transaction data, object identifiers, encrypted blockchain private keys, and blockchain account addresses) in this application should strictly comply with the requirements of relevant national laws and regulations, obtain informed consent or separate consent from the personal information subject, and conduct subsequent data use and processing within the scope of laws, regulations, and the authorization of the personal information subject.

[0088] It should be understood that each blockchain node in a blockchain network has a corresponding node identifier. Each blockchain node can store the node identifiers of other blockchain nodes that are connected to it, so as to conduct data interaction with other blockchain nodes based on the node identifiers of other blockchain nodes later. For ease of understanding, please refer to Table 1. Table 1 is a node identifier list provided in an embodiment of this application. This node identifier list can store the node identifiers and node names maintained by blockchain node 110a (assuming that the node identifier of blockchain node 110a is DDDDDD). As shown in Table 1:

[0089] Table 1

[0090] Node Name Node identifier Blockchain node 110b AAAAAA Blockchain node 110c BBBBBB … … Blockchain node 110n CCCCCC

[0091] The node identifier can be an IP (Internet Protocol) address or any other information that can be used to identify the node. For example, blockchain node 110a can send information (e.g., a block synchronization request) to blockchain node 110b using the node identifier AAAAAA, and blockchain node 110b can determine that the information was sent by blockchain node 110a using the node identifier DDDDDD; blockchain node 110b can return information (e.g., block synchronization data) to blockchain node 110a using the node identifier DDDDDD, and blockchain node 110a can determine that the information was returned by blockchain node 110b using the node identifier AAAAAA.

[0092] Specifically, the terminal device cluster 100b may include one or more terminal devices; the number of terminal devices in the cluster is not limited here. Figure 1 As shown, the multiple terminal devices may specifically include terminal device 120a, terminal device 120b, ..., terminal device 120m. Terminal devices 120a, 120b, ..., 120m can be directly or indirectly connected to resource server 100c via wired or wireless communication, enabling each terminal device to interact with resource server 100c through the network connection. Simultaneously, the terminal device cluster 100b and blockchain network 100a can be directly or indirectly connected via wired or wireless communication, enabling data interaction between terminal devices and blockchain nodes. For example, a network connection can exist between terminal device 120b in terminal device cluster 100b and blockchain node 110a in blockchain network 100a. Optionally, resource server 100c can be connected to blockchain network 100a to enable data interaction through the network connection with blockchain network 100a.

[0093] Each terminal device in the terminal device cluster 100b can include: smartphones, tablets, laptops, desktop computers, intelligent voice interaction devices, smart home appliances (e.g., smart TVs), wearable devices, vehicle terminals, aircraft, and other intelligent terminals with data processing capabilities. It should be understood that each terminal device in the terminal device cluster 100b can have an application client with data processing capabilities installed. When the application client runs on each terminal device, it can interact with the aforementioned… Figure 1The servers 2000 shown interact with each other. Specifically, the application clients may include: in-vehicle clients, smart home clients, entertainment clients (e.g., game clients), multimedia clients (e.g., video clients), payment clients (i.e., payment applications), information clients (e.g., news clients), resource clients, decentralized application (DAPP) clients, browsers, etc. An application client can be a sub-client integrated into a client (e.g., a browser), or it can be a standalone client (e.g., a resource client). This embodiment does not limit the type of application client.

[0094] Among them, the resource server 100c can be an independent physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server that provides basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN (Content Delivery Network), and big data and artificial intelligence platforms.

[0095] For ease of understanding, the embodiments of this application may be described in detail below. Figure 1 From the multiple terminal devices shown, one terminal device is selected as the target terminal device. For example, in the embodiments of this application, a terminal device can be selected as the target terminal device. Figure 1 The terminal device 120b shown is the target terminal device. Here, we will use the application client as an example, which includes both a resource client and a decentralized application client. The target terminal device can have a browser and a decentralized application client installed, and the browser can integrate a resource client. In this case, the resource client can act as the front-end, and the resource server 100c can act as the back-end corresponding to the front-end. The target terminal device can interact with the resource server 100c through the resource client (for example, the target terminal device can send an encrypted blockchain private key to the resource server 100c through the resource client, and the resource server 100c can return the blockchain account address to the resource client in the target terminal device). The target terminal device can also interact with the decentralized application client through the resource client. The resource server 100c can be used to store the encrypted blockchain private key and the blockchain account address.

[0096] In this context, the resource client can also be a decentralized application client. For ease of distinction, this application embodiment uses the example of a resource client being an application client that performs signature processing and a decentralized application client being an application client that requests signature processing. That is, a decentralized application client can request a resource client to perform a signature.

[0097] Resource clients can be used to store users' private keys on the blockchain (i.e., blockchain private keys). The blockchain uses these private keys to identify users, and users' digital assets are managed through them. The blockchain private key can be used to sign and confirm transactions (e.g., digital asset transfers). Signed transactions can be sent directly to blockchain nodes by the resource client or decentralized application client. Only valid transactions are executed by the blockchain; forged signatures are rejected and fail. Furthermore, all accounts are publicly searchable on the blockchain, so resource clients can also help users record changes in their account assets. Common resource client installation methods include browser extensions (browser applications that run on a browser, also understood as browser sub-clients) and apps (i.e., applications).

[0098] It should be understood that a resource client can be a hardware device or a software program. A resource client can be used to implement resource management business functions and, based on these functions, establish a communication connection with decentralized application clients (hereinafter referred to as decentralized applications, which can be blockchain applications) to enable user authorization login and other related operations. Specifically, a resource client is a tool used to manage and store user digital assets. For example, it can be used to transfer digital assets to other accounts or to receive digital assets transferred from other accounts. With the widespread deployment of various decentralized applications on the blockchain and the increase in user activity on the blockchain, users can generally use blockchain key management tools (i.e., resource clients) to log in when using decentralized applications.

[0099] like Figure 1 The blockchain nodes 110a, 110b, 110c, ..., 110n shown can each have a one-to-one correspondence with the corresponding roles (i.e., entity objects in the corresponding business scenarios) in the blockchain network 100a that need to be accessed. The business scenarios applicable to this embodiment may include, but are not limited to, qualification verification scenarios, medical scenarios, government affairs scenarios, payment scenarios, etc., and will not be listed one by one here. Specifically, the business under the corresponding business scenario may include academic qualification verification in the qualification verification scenario, insurance claims in the medical scenario, property registration in the government affairs scenario, and digital asset transfer in the payment scenario, etc., and will not be listed one by one here.

[0100] For ease of understanding, the user can be referred to as the operation object in this application embodiment. For example, in the qualification verification scenario of academic qualification verification, the operation object can be an employee applying for employment, the transaction data for the operation object can be the electronic academic qualification certificate submitted by the operation object, and the blockchain private key associated with the operation object can be used to sign the electronic academic qualification certificate submitted by the operation object. As another example, in the medical scenario of insurance claims, the operation object can be a patient needing to make an insurance claim, the transaction data for the operation object can be the electronic medical record submitted by the operation object, and the blockchain private key associated with the operation object can be used to sign the electronic medical record submitted by the operation object. As yet another example, in the government affairs scenario of property registration, the operation object can be a buyer registering property, the transaction data for the operation object can be the electronic property certificate submitted by the operation object, and the blockchain private key associated with the operation object can be used to sign the electronic property certificate submitted by the operation object. For example, in the context of digital asset transfer in payment scenarios, the target of the operation can be the transferor of the digital assets, the transaction data for the target can be the asset transfer value of the digital assets submitted by the target, and the blockchain private key associated with the target can be used to sign the asset transfer value of the digital assets submitted by the target.

[0101] For easier understanding, please refer to Figure 2a and Figure 2b , Figure 2a and Figure 2b This is a schematic diagram illustrating a data interaction scenario provided in an embodiment of this application. For example... Figure 2a and Figure 2b The resource server 20a shown can be the one described above. Figure 1 The resource server 100c in the corresponding embodiment, such as Figure 2a and Figure 2b The terminal device 20b shown can be the one described above. Figure 1 In the corresponding embodiment, the target terminal device 20b can be used by the user to operate on objects. The terminal device 20b may have a resource client and a decentralized application client installed. The terminal device 20b can generate an authentication public key and an authentication private key associated with the operated object in the resource client.

[0102] like Figure 2aAs shown, resource server 20a can send a first verification string to terminal device 20b. Terminal device 20b can then receive the first verification string from resource server 20a through a resource client, and subsequently generate a blockchain account corresponding to the operation object in the resource client. The blockchain account can include a blockchain private key and a blockchain public key associated with the operation object; in other words, terminal device 20b can generate a blockchain private key and a blockchain public key associated with the operation object in the resource client upon receiving the first verification string from resource server 20a.

[0103] like Figure 2a As shown, terminal device 20b can sign the first verification string using the blockchain private key to obtain the first string signature information; terminal device 20b can also encrypt the blockchain private key using the authentication public key to obtain the encrypted blockchain private key. Furthermore, terminal device 20b can send the encrypted blockchain private key, the first string signature information, and the blockchain public key to resource server 20a via a resource client. In this way, resource server 20a can receive the encrypted blockchain private key, the first string signature information, and the blockchain public key sent by terminal device 20a through the resource client.

[0104] like Figure 2a As shown, resource server 20a can verify the first string signature information using the blockchain public key to obtain a first verification result. This first verification result can indicate successful or failed verification. Further, if the first verification result indicates successful verification, resource server 20a can generate a blockchain account address corresponding to the blockchain public key, and then store the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object. Optionally, if the first verification result indicates failed verification, resource server 20a does not need to generate a blockchain account address corresponding to the blockchain public key, nor does it need to store the encrypted blockchain private key and the object identifier of the operation object. The object identifier can be used to uniquely identify the operation object (i.e., the object identifier is unique within the resource client). For example, the object identifier can be the account name of the operation object; or, for example, the object identifier can be the email address entered by the operation object.

[0105] It can be understood that resource server 20a can associate and store the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object in business database 21a. Business database 21a may include multiple databases, which may specifically include... Figure 2aThe databases 21b, ..., 21c shown can be used to store different types of data. For example, database 21b can be used to store encrypted blockchain private keys, and database 21c can be used to store blockchain account addresses. The business database 21a can be set up separately, integrated into resource server 20a, or integrated into other devices or the cloud; this is not limited here.

[0106] like Figure 2b As shown, after generating a blockchain account address, resource server 20a can send the generated blockchain account address (e.g., blockchain account address 22b) to terminal device 20b. Terminal device 20b can then display a list of blockchain account addresses in the resource client. This list of blockchain account addresses can include one or more blockchain account addresses associated with the operation object, specifically including blockchain account addresses 22a, ..., and blockchain account address 22b.

[0107] like Figure 2b As shown, when the target object needs to use the encrypted blockchain private key, it can apply for a signature on the blockchain from the resource client through the decentralized application client in terminal device 20b. At this time, the decentralized application client can send transaction data for the target object to the resource client. Furthermore, the target object can perform a selection operation on the blockchain account address list. In this way, terminal device 20b can respond to the selection operation performed by the target object on the blockchain account address list and obtain the blockchain account address selected by the target object in the blockchain account address list (for example, blockchain account address 22b).

[0108] like Figure 2b As shown, terminal device 20b can obtain the encrypted blockchain private key corresponding to blockchain account address 22b from resource server 20a through resource client, and decrypt the encrypted blockchain private key using authentication private key to obtain the blockchain private key. The encrypted blockchain private key sent by resource server 20a to the resource client in terminal device 20b is obtained by resource server 20a from business database 21a (e.g., database 21b within business database 21a). Furthermore, terminal device 20b can store the authentication private key in the resource client (i.e., obtain the authentication private key from the resource client), store the authentication private key in terminal device 20b (i.e., obtain the authentication private key from terminal device 20b), or store the authentication private key in the cloud (i.e., obtain the authentication private key from the cloud); this application does not limit the choice of which method is preferred.

[0109] like Figure 2bAs shown, terminal device 20b can sign transaction data through a resource client to obtain signed transaction data. Furthermore, terminal device 20b can perform on-chain processing on the signed transaction data, that is, write the signed transaction data into the blockchain network (e.g., the aforementioned...). Figure 1 The blockchain ledger of the blockchain network 100a) in the corresponding embodiment.

[0110] For example, taking a digital asset transfer transaction in a payment scenario as an example, the user can transfer digital assets on blockchain account address 22b using the decentralized application client of terminal device 20b. For instance, digital assets can be transferred to blockchain account address P. Therefore, terminal device 20b will generate transaction data including blockchain account address 22b as the asset transfer-out address, blockchain account address P as the asset transfer-in address, and the asset transfer value. To execute this transaction data, it needs to be signed using the blockchain private key corresponding to blockchain account address 22b. Therefore, the user can select blockchain account address 22b in the resource client to obtain the blockchain private key corresponding to blockchain account address 22b.

[0111] Therefore, the embodiments of this application can encrypt the blockchain private key corresponding to the operation object by generating the authentication public key in the resource client, and then send the encrypted blockchain private key to the resource server so that the resource server can store the encrypted blockchain private key. This eliminates the need to directly store the blockchain private key in the resource server, avoids leakage of the blockchain private key, and improves the security of the blockchain private key.

[0112] Further, please see Figure 3 , Figure 3 This is a flowchart illustrating a data processing method provided in an embodiment of this application. The method can be executed by a resource server, by a terminal device, or by both a resource server and a terminal device. The resource server can be one of the aforementioned... Figure 2a and Figure 2b The resource server 20a in the corresponding embodiment can be the terminal device described above. Figure 2a and Figure 2b The corresponding embodiment is terminal device 20b. For ease of understanding, this application embodiment uses the method executed by the terminal device as an example for description. The data processing method may include the following steps S301-S304:

[0113] Step S301: Upon receiving the first verification string sent by the resource server, generate a blockchain account corresponding to the operation object in the resource client;

[0114] The blockchain account includes a blockchain private key and a blockchain public key associated with the operation object. The blockchain private key and the blockchain public key are a key pair. This application embodiment does not limit the number of blockchain accounts corresponding to the operation object in the resource client.

[0115] It should be understood that the terminal device can respond to a triggered operation on the account creation control in the resource client by sending a managed request to the resource server. This managed request instructs the resource server to generate a first verification string (i.e., a random string Nonce (Number once), where Nonce can be any or non-repeating random value used only once) corresponding to the object identifier of the operation object. Furthermore, the terminal device can receive the first verification string returned by the resource server.

[0116] Step S302: Sign the first verification string using the blockchain private key to obtain the first string signature information;

[0117] Specifically, the terminal device can hash the first verification string to obtain the first digest information corresponding to the first verification string. Furthermore, the terminal device can encrypt the first digest information using the blockchain private key to obtain the first string signature information. Therefore, signature processing can include both hashing and encryption.

[0118] The terminal device can perform hash processing on the first verification string using a hash algorithm. This application embodiment does not limit the hash algorithm used for hash calculation. For example, the hash algorithm can be the MD5 message-digest algorithm.

[0119] Step S303: Encrypt the blockchain private key using the authentication public key associated with the operation object to obtain the encrypted blockchain private key;

[0120] The authentication public key and authentication private key associated with the operation object are generated in the resource client. The authentication public key and authentication private key are a key pair, and the terminal device has only one authentication public key and one authentication private key.

[0121] Step S304: Send the encrypted blockchain private key, the first string signature information, and the blockchain public key to the resource server.

[0122] Specifically, the blockchain public key is used to instruct the resource server to verify the first string of signature information and obtain the first verification result. When the first verification result indicates successful verification, the resource server stores the encrypted blockchain private key. The resource server then sends the stored encrypted blockchain private key to the resource client, which decrypts the encrypted blockchain private key using its authentication private key to obtain the blockchain private key. The blockchain private key is used to sign transaction data for the target object.

[0123] The resource server is used to generate the blockchain account address corresponding to the blockchain public key when the first verification result indicates successful verification, and then associates and stores the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object; at the same time, the resource server is used to send the stored blockchain account address to the resource client.

[0124] The blockchain account address is generated based on the blockchain public key. This application embodiment does not limit the specific process of generating the blockchain account address from the blockchain public key; for example, this application embodiment may determine the blockchain public key as the blockchain account address. The blockchain account address can be used for on-chain identity identification on the blockchain network.

[0125] The specific process by which the resource server verifies the first string of signature information using the blockchain public key can be found below. Figure 4 The description of step S403 in the corresponding embodiment.

[0126] Therefore, this application embodiment can generate an authentication public key and an authentication private key associated with the operation object in the resource client. The authentication public key is used to encrypt the blockchain private key in the blockchain account corresponding to the operation object, resulting in an encrypted blockchain private key. This encrypted blockchain private key is then sent to the resource server for storage. Thus, if the resource server is compromised by a hacker, the encrypted blockchain private key stored on the resource server will be leaked. However, since the hacker cannot obtain the authentication private key, they cannot decrypt the leaked encrypted blockchain private key. Therefore, this application does not lead to the leakage of the blockchain private key, thereby improving the security of the blockchain private key.

[0127] Further, please see Figure 4 , Figure 4 This is a flowchart illustrating a data processing method provided in an embodiment of this application. The method can be executed by a resource server, by a terminal device, or by both a resource server and a terminal device. The resource server can be one of the aforementioned... Figure 2a and Figure 2b The resource server 20a in the corresponding embodiment can be the terminal device described above. Figure 2a and Figure 2b The corresponding embodiment's terminal device 20b. For ease of understanding, this application embodiment uses the method executed by a resource server as an example for explanation. The data processing method may include the following steps S401-S404:

[0128] Step S401: Send the first verification string to the resource client;

[0129] Specifically, the resource server can receive a managed request sent by the terminal device through the resource client, and generate a first verification string corresponding to the object identifier of the operation object based on the managed request. The managed request is sent by the terminal device in response to a triggered operation on an account creation control in the resource client. Furthermore, the resource server can send the first verification string to the resource client.

[0130] The first verification string is used to instruct the resource client to generate a blockchain account corresponding to the operation object. The blockchain account includes a blockchain private key and a blockchain public key associated with the operation object, and the blockchain private key and blockchain public key are a key pair.

[0131] Step S402: Receive the encrypted blockchain private key, the first string signature information, and the blockchain public key sent by the resource client;

[0132] The first string signature information is obtained by the resource client signing the first verification string using the blockchain private key. For the specific process of signing the first verification string using the blockchain private key, please refer to the above. Figure 3 The description of step S302 in the corresponding embodiments will not be repeated here.

[0133] The encrypted blockchain private key is obtained by the resource client encrypting the blockchain private key using the authentication public key associated with the operation object. The authentication public key and authentication private key associated with the operation object are generated in the resource client, and they form a key pair.

[0134] It should be understood that the resource server can obtain the string generation timestamp corresponding to the first verification string, and determine the string expiration timestamp corresponding to the first verification string (e.g., time T1, which can be 16:05:00 on June 19, 2023) based on the string generation timestamp (e.g., time T1, which can be 16:06:00 on June 19, 2023) and the string validity period (e.g., 1 minute). However, this embodiment does not limit the specific duration of the string validity period.

[0135] Furthermore, if the resource server receives the first string signature information sent by the resource client before the string expiration timestamp, it can perform the verification process of the first string signature information using the blockchain public key in step S403 below. Optionally, if the resource server receives the first string signature information sent by the resource client after the string expiration timestamp, it can return an error message to the resource client. For example, the error message could be "operation timed out," and there is no limitation on the error message here. In other words, the first verification string has an expiration time; if the terminal device does not submit the first string signature information for a long time, the resource server can invalidate the first verification string.

[0136] Step S403: Verify the first string signature information using the blockchain public key to obtain the first verification result. If the first verification result indicates successful verification, store the encrypted blockchain private key.

[0137] Specifically, the resource server can decrypt the first string signature information using the blockchain private key to obtain the first digest information corresponding to the first verification string. Further, the resource server can hash the first verification string to obtain the second digest information corresponding to the first verification string. Further, if the first digest information and the second digest information are the same, the resource server can generate a first verification result indicating successful verification; optionally, if the first digest information and the second digest information are different, the resource server can generate a first verification result indicating verification failure. Further, if the first verification result indicates successful verification, the resource server can store the encrypted blockchain private key; optionally, if the first verification result indicates verification failure, it is not necessary to store the encrypted blockchain private key.

[0138] In this context, if the initial signature verification result indicates successful verification, the resource server can generate a blockchain account address corresponding to the blockchain public key, and associate and store the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object. This associated storage means that the blockchain account address and the encrypted blockchain private key can be obtained through the object identifier; the encrypted blockchain private key and the object identifier can be obtained through the blockchain account address; and the blockchain account address and the object identifier can be obtained through the encrypted blockchain private key. Furthermore, the resource server can send the stored blockchain account address to the resource client.

[0139] Step S404: Send the stored encrypted blockchain private key to the resource client.

[0140] The resource client is used to decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the target object.

[0141] The resource server, upon receiving a key retrieval request from a terminal device via a resource client, sends its stored encrypted blockchain private key to the resource client on the terminal device. The key retrieval request is sent by the terminal device in response to a selection operation on a list of blockchain account addresses (in other words, it's sent when the terminal device needs to sign transaction data). The encrypted blockchain private key sent by the resource server to the resource client can be the encrypted blockchain private key corresponding to the blockchain account address selected in the selection operation. Different blockchain account addresses can correspond to different encrypted blockchain private keys.

[0142] Therefore, this application embodiment can receive an encrypted blockchain private key, a first string signature information, and a blockchain public key sent by a terminal device. It then verifies the first string signature information using the blockchain public key. When the verification result indicates successful verification, it is determined that the verification operation object possesses the encrypted blockchain private key corresponding to the blockchain public key, and the encrypted blockchain private key is stored. Thus, if the resource server is compromised by a hacker, the encrypted blockchain private key stored on the resource server will be leaked. However, since the hacker cannot obtain the authentication private key, they cannot decrypt the leaked encrypted blockchain private key. Therefore, this application does not lead to the leakage of the blockchain private key, thereby improving the security of the blockchain private key.

[0143] For easier understanding, please refer to Figure 5 , Figure 5This is a schematic diagram illustrating a process for generating a blockchain account, as provided in an embodiment of this application. Figure 5 The steps S11-S18 shown are a schematic diagram of the process by which the terminal device and the resource server jointly generate a blockchain account.

[0144] like Figure 5 As shown, the terminal device can execute step S11 through the resource client, submitting a request for backend escrow of the blockchain encrypted private key, i.e., sending an escrow request to the resource server. This escrow request is used to request the resource server to escrow the encrypted private key (i.e., the encrypted blockchain private key). Then, the resource server can execute step S12, generating a first verification string and returning it to the front end, i.e., sending the first verification string to the resource client.

[0145] like Figure 5 As shown, the terminal device can execute step S13 through the resource client to generate blockchain public and private keys (i.e., blockchain public key and blockchain private key), and then execute steps S14 and S15 through the resource client. Step S14 can be used to sign the first verification string using the blockchain private key; step S15 can be used to encrypt the blockchain private key using the authentication public key.

[0146] like Figure 5 As shown, the terminal device can execute step S16 through the resource client, submitting the first verification string signature (i.e., the first string signature information), the blockchain public key, and the encrypted blockchain private key (i.e., the encrypted blockchain private key), that is, sending the encrypted blockchain private key, the first string signature information, and the blockchain public key to the resource server. Then, the resource server can execute step S17, which can be used to verify the first verification string signature using the blockchain public key, that is, to verify the first string signature information using the blockchain public key.

[0147] like Figure 5 As shown, the resource server can execute step S18, which stores the encrypted blockchain private key (i.e., the encrypted blockchain private key), address account (blockchain account address), and account name (i.e., object identifier), that is, it associates and stores the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object.

[0148] Further, please see Figure 6 , Figure 6This is a flowchart illustrating a data processing method provided in an embodiment of this application. The method can be executed by a resource server, by a terminal device, or by both a resource server and a terminal device. The resource server can be one of the aforementioned... Figure 2a and Figure 2b The resource server 20a in the corresponding embodiment can be the terminal device described above. Figure 2a and Figure 2b The corresponding embodiment is terminal device 20b. For ease of understanding, this application embodiment uses the execution of the method by the terminal device as an example for description. The data processing method may include the following steps S501-S504:

[0149] Step S501: In response to the input operation for the resource client, send the text data entered in the input operation to the resource server;

[0150] Understandably, if the set of account names does not contain text data, the resource server identifies the text data as the object identifier of the operation target and generates a second verification string (i.e., a random string Nonce) corresponding to the object identifier. Simultaneously, the resource server stores the object identifier in the set of account names and returns the second verification string and registration identifier to the resource client on the terminal device. Here, the registration identifier is generated by the resource server when it determines that the set of account names does not contain text data. Optionally, if the set of account names contains text data, the resource server returns a registration failure message to the resource client. For example, the registration failure message could be "Name is duplicated, please re-enter the name." There is no limitation on the registration failure message here.

[0151] Optionally, if the object being operated on remains inactive with the resource client for an extended period, the resource server can delete the object identifier from the set of account names, thus releasing the object identifier corresponding to the object being operated on. This allows other objects, or the object being operated on, to register with the resource client again using the object identifier.

[0152] Step S502: Receive the second verification string and registration identifier returned by the resource server, and generate an authentication public key and authentication private key associated with the operation object in the resource client based on the registration identifier;

[0153] The authentication public key and authentication private key are generated by the resource client calling the authentication interface (i.e., the WebAuthn interface) associated with the resource client. This authentication interface can be an interface integrated into a browser (i.e., a browser interface). In this embodiment, the resource client can be a sub-client integrated into a browser. Therefore, it is not necessary to install the resource client on the terminal device; the resource client can be accessed through the browser domain name.

[0154] The authentication public key and authentication private key can belong to a webauthn account. A webauthn account can create one or more blockchain accounts, and each of these blockchain accounts can correspond to a blockchain account address in the blockchain account address list. The private keys corresponding to each of these blockchain account addresses can be encrypted using the same authentication public key.

[0155] Optionally, if the resource server determines that there is no text data in the set of account names, it may not need to generate a registration identifier, and therefore need not return the registration identifier to the resource client in the terminal device. In this case, the terminal device may generate an authentication public key and an authentication private key associated with the operation object in the resource client when it receives the second verification string returned by the resource server.

[0156] For easier understanding, please refer to Figure 7 , Figure 7 This is a schematic diagram illustrating a scenario for generating authentication public and private keys, as provided in an embodiment of this application. Figure 7 As shown, after the terminal device generates the authentication public key (i.e., the WebAuthN public key) and authentication private key (i.e., the WebAuthN private key) associated with the operation object in the resource client, it can display a registration success message in the resource client. The registration success message can indicate that the operation object has successfully registered with the resource client, or it can indicate that the operation object has successfully registered a WebAuthN account. For example, the registration success message could be "Do you want to store the access key for 'KKKKKK'? The communication key can be used to log in on all your devices." Here, the registration success message is not limited.

[0157] Here, "KKKKKK" can be the object identifier of the operation target, and the access key can be the authentication public key and authentication private key associated with the operation target. For example... Figure 7 As shown, the terminal device can display a storage control (e.g., a "Continue" control), and the object being operated on can perform a trigger operation on the storage control. In this way, the terminal device can respond to the trigger operation performed by the object on the storage control and store the authentication public key and authentication private key. The authentication public key and authentication private key can be stored on the terminal device or in the cloud; this is not limited to either.

[0158] Step S503: Sign the second verification string line using the authentication private key to obtain the second string signature information;

[0159] Specifically, the terminal device can hash the second verification string to obtain the corresponding third digest information. Furthermore, the terminal device can encrypt the third digest information using the authentication private key to obtain the second string signature information. Therefore, signature processing can include both hashing and encryption.

[0160] The specific process by which the terminal device hashes the second verification string can be found in the above description. Figure 3 The description of hashing the first verification string in step S302 of the corresponding embodiment will not be repeated here.

[0161] Step S504: Send the object identifier, the second string signature information, and the authentication public key to the resource server.

[0162] The authentication public key is used to instruct the resource server to verify the second string signature information and obtain a second verification result. Further, the resource server associates and stores the object identifier and the authentication public key when the second verification result indicates successful verification; optionally, the resource server does not need to associate and store the object identifier and the authentication public key when the second verification result indicates failed verification.

[0163] Similarly, the second verification string has an expiration time. If the terminal device does not submit the second string signature information for an extended period, the resource server can invalidate the second verification string. The specific process by which the resource server determines the expiration timestamp of the string corresponding to the second verification string can be found above. Figure 4 The description of judging the expiration timestamp of the string corresponding to the first verification string in step S402 of the corresponding embodiment will not be repeated here.

[0164] The specific process by which the resource server verifies the signature information of the second string using the authentication public key can be found in the above. Figure 4 The description of verifying the first string signature information using the blockchain public key in the corresponding embodiment will not be repeated here.

[0165] Therefore, this application embodiment can generate an authentication public key and an authentication private key associated with the operation object in the resource client, and then send the object identifier of the operation object and the authentication public key to the resource server. The resource server then stores the authentication public key and the object identifier in association, thereby enabling registration of the resource client through the object identifier of the operation object. It is understood that the authentication public key stored on the resource server can be used to verify the login of the operation object, thereby improving the security of logging into the resource client through the object identifier. Furthermore, the registration method in the resource client through the authentication interface does not require the use of the operation object's object password, protects the object identifier of the operation object, and does not rely on a third-party account, thus protecting the privacy of the operation object.

[0166] For easier understanding, please refer to Figure 8 , Figure 8 This is a schematic diagram of a process for registering a blockchain resource account provided in an embodiment of this application. Figure 8 The steps S21-S28 shown can be a flowchart illustrating the process of a terminal device and a resource server jointly registering a blockchain resource account.

[0167] like Figure 8 As shown, the terminal device can execute step S21 through the resource client, registering an account name, i.e., registering the resource client through an object identifier. At this time, the operating object can input text data into the resource client, and the terminal device can respond to the input operation by sending the input text data to the resource server. Further, the resource server can execute step S22, querying whether the account name has been registered, i.e., determining whether text data exists in the account name set. If text data exists in the account name set, it means the account name has been registered; if text data does not exist in the account name set, it means the account name has not been registered.

[0168] like Figure 8 As shown, if no text data exists in the account name set, the resource server can generate a second verification string and then execute step S23. Step S23 returns an allowed registration identifier (i.e., a registration identifier) ​​and the second verification string to the resource client in the terminal device. The resource client in the terminal device can then execute step S24, which calls the authentication interface to generate authentication public and private keys (i.e., authentication public key and authentication private key). Further, the resource client in the terminal device can execute step S25, which can be used to sign the second verification string using the authentication private key, i.e., to sign the second verification string line using the authentication private key.

[0169] like Figure 8As shown, the terminal device can execute step S26 through the resource client, submitting the account name (i.e., object identifier), the second verification string signature (i.e., second string signature information), and the authentication public key, that is, sending the object identifier, the second string signature information, and the authentication public key to the resource server. The resource server can then execute step S27, which is used to verify the second verification string signature using the authentication public key, i.e., performing signature verification processing on the second string signature information using the authentication public key. Further, the resource server can execute step S28, which, after successful verification, associates the account name and the authentication public key, i.e., associating and storing the object identifier and the authentication public key. The authentication public key can be used to log in to the resource client using the object identifier in subsequent processes.

[0170] Further, please see Figure 9 , Figure 9 This is a flowchart illustrating a data processing method provided in an embodiment of this application. The method can be executed by a resource server, by a terminal device, or by both a resource server and a terminal device. The resource server can be one of the aforementioned... Figure 2a and Figure 2b The resource server 20a in the corresponding embodiment can be the terminal device described above. Figure 2a and Figure 2b The corresponding embodiment is terminal device 20b. For ease of understanding, this application embodiment is described using the method executed by the terminal device as an example. The data processing method may include the following steps S601-S603:

[0171] Step S601: When the login status of the object being operated on is invalid, respond to the login operation for the resource client and send the object identifier entered in the login operation to the resource server.

[0172] The operation object can perform a login operation on the resource client. This login operation can mean that the operation object enters an object identifier in the resource client, and then performs a trigger operation on the login control in the resource client. In this way, the terminal device can obtain the object identifier entered by the operation object in the resource client and determine the object identifier entered by the operation object in the resource client as the object identifier entered in the login operation.

[0173] If an object identifier exists in the set of account names, the resource server generates a third verification string (i.e., a random string, Nonce) corresponding to the object identifier. Optionally, if an object identifier exists in the set of account names, the resource server generates a login failure message for the target object and returns the login failure message to the resource client. For example, the login failure message could be "Incorrect name, please re-enter your name." There are no restrictions on the login failure message here.

[0174] It is understood that an invalidation state refers to a login state where the current operation timestamp of the operation object on the resource client is later than the invalidation timestamp of the operation object on the resource client. In other words, the resource client can retain the login state of the operation object for a period of time (i.e., the effective time period). If the operation object does not perform any operation on the resource client within the effective time period, the login state of the operation object on the resource client will become invalid. The invalidation timestamp (e.g., time T3, which can be 16:06:00 on June 19, 2023) is determined by the effective time period (e.g., 1 day) and the historical timestamp (e.g., time T4, which can be 16:06:00 on June 18, 2023). The historical timestamp can be the timestamp of the last operation performed by the operation object on the resource client. This application embodiment does not limit the specific duration of the effective time period.

[0175] Optionally, the invalidation state can also refer to the login state when the operation object is logged out of the resource client; in other words, if the operation object logs out of the resource client, the login state of the operation object is invalidation.

[0176] Step S602: Receive the third verification string returned by the resource server, and sign the third verification string using the authentication private key to obtain the third string signature information;

[0177] Specifically, the terminal device can receive the third verification string returned by the resource server, hash the third verification string to obtain the fourth digest information corresponding to the third verification string. Furthermore, the terminal device can encrypt the fourth digest information using the authentication private key to obtain the third string signature information. Therefore, signature processing can include hashing and encryption.

[0178] The specific process by which the terminal device hashes the third verification string can be found in the above. Figure 3 The description of hashing the first verification string in step S302 of the corresponding embodiment will not be repeated here.

[0179] Step S603: Send the object identifier and the third string signature information to the resource server.

[0180] The resource server retrieves the authentication public key corresponding to the stored object identifier. This public key instructs the resource server to verify the third string signature information, obtaining a third verification result. Further, when the third verification result indicates successful verification, the resource server sends a list of blockchain account addresses corresponding to the operation object to the resource client. Optionally, if the third verification result indicates failed verification, the resource server does not need to send the list of blockchain account addresses corresponding to the operation object to the resource client.

[0181] The blockchain account address list may include one or more blockchain account addresses, which may represent the blockchain account addresses corresponding to the blockchain accounts historically generated by the operation object in the resource client. For example, the blockchain account address list may include the aforementioned... Figure 3 The blockchain account address corresponding to the blockchain account generated in the corresponding embodiment.

[0182] Similarly, the third verification string has an expiration time. If the terminal device does not submit the third string signature information for an extended period, the resource server can invalidate the third verification string. The specific process by which the resource server determines the expiration timestamp of the string corresponding to the third verification string can be found above. Figure 4 The description of judging the expiration timestamp of the string corresponding to the first verification string in step S402 of the corresponding embodiment will not be repeated here.

[0183] The specific process by which the resource server verifies the signature information of the third string using the authentication public key can be found in the above. Figure 4 The description of verifying the first string signature information using the blockchain public key in the corresponding embodiment will not be repeated here.

[0184] Therefore, in this embodiment, the user can input an object identifier in the resource client. The terminal device can then send the object identifier input by the user to the resource server. The resource server can then verify the user's login using its stored authentication public key, thereby enabling login to the resource client via the user's object identifier. This improves the security of logging into the resource client via the object identifier. Furthermore, logging into the resource client through the authentication interface eliminates the need for the user's object password, protects the user's object identifier, and avoids reliance on third-party accounts, thus protecting the user's privacy.

[0185] For easier understanding, please refer to Figure 10 , Figure 10 This is a schematic diagram illustrating a process for logging into a blockchain resource account, as provided in an embodiment of this application. Figure 10 The steps S31-S37 shown can be a schematic diagram of the process of terminal devices and resource servers jointly logging into the blockchain resource account.

[0186] like Figure 10 As shown, the terminal device can execute step S31 through the resource client, by entering an account name to apply for login. That is, the operation object can perform a login operation on the resource client. Then, the resource server can execute step S32, by querying whether the name has been registered, i.e., determining whether an object identifier exists in the account name set. If an object identifier exists in the account name set, the name is determined to have been registered; if no object identifier exists in the account name set, the name is determined not to have been registered.

[0187] like Figure 10 As shown, if an object identifier exists in the set of account names, the resource server can generate a third verification string and then execute step S33, returning the third verification string to the resource client in the terminal device through step S33. Further, the terminal device can execute step S34 through the resource client, calling the authentication interface through step S34. The browser signs the third verification string using the authentication private key, that is, it performs signature processing on the third verification string using the authentication private key.

[0188] like Figure 10 As shown, the terminal device can execute step S35 through the resource client, submitting the account name (i.e., object identifier) ​​and the third verification string signature (i.e., third string signature information) for login, that is, sending the object identifier and the third string signature information to the resource server. The resource server can then execute step S36, which can be used to verify the third verification string signature using the authentication public key, i.e., verifying the third string signature information using the authentication public key. Further, the resource server can execute step S37, which, upon successful verification, returns the blockchain address (i.e., blockchain account address) and the encrypted blockchain private key (i.e., the encrypted blockchain private key).

[0189] Further, please see Figure 11 , Figure 11 This is a flowchart illustrating a data processing method provided in an embodiment of this application. The method can be executed by a resource server, by a terminal device, or by both a resource server and a terminal device. The resource server can be one of the aforementioned... Figure 2a and Figure 2bThe resource server 20a in the corresponding embodiment can be the terminal device described above. Figure 2a and Figure 2b The corresponding embodiment is terminal device 20b. For ease of understanding, this application embodiment describes the method as being executed by a terminal device. The data processing method may include the following steps S701-S705:

[0190] Step S701: Receive transaction data sent by the decentralized application client through the resource client, and display the list of blockchain account addresses corresponding to the operation object in the resource client;

[0191] The list of blockchain account addresses may include blockchain account addresses, which can be the ones mentioned above. Figure 3 The blockchain account address corresponding to the blockchain account generated in the corresponding embodiment.

[0192] In this embodiment, the number of blockchain account addresses in the blockchain account address list is not limited. Optionally, if the terminal device has not performed the above... Figure 3 In the corresponding embodiments, steps S301-S304 do not include the above-mentioned blockchain account address list. Figure 3 The blockchain account address corresponding to the blockchain account generated in the corresponding embodiment; for ease of understanding, this application embodiment is illustrated using the example of a non-empty blockchain account address list.

[0193] Step S702: Respond to the selection operation for the blockchain account address list and obtain the blockchain account address selected by the selection operation;

[0194] For example, the blockchain account address selected for the operation can be one of the above. Figure 3 The blockchain account address corresponding to the blockchain account generated in the corresponding embodiment.

[0195] Step S703: Obtain the encrypted blockchain private key corresponding to the blockchain account address from the resource server, and decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key.

[0196] Specifically, the terminal device can send a request to the resource server to obtain the encrypted private key based on the blockchain account address (i.e., the blockchain account address selected in the selection operation). Since the blockchain account address and the encrypted blockchain private key are stored together, the blockchain account address can be used to instruct the resource server to obtain the encrypted blockchain private key corresponding to the blockchain account address. Furthermore, the terminal device can receive the encrypted blockchain private key returned by the resource server through a resource client, and then decrypt the encrypted blockchain private key using an authentication private key to obtain the blockchain private key.

[0197] Step S704: Sign the transaction data using the blockchain private key to obtain the signed transaction data.

[0198] Specifically, the terminal device can hash the transaction data to obtain a transaction digest. Furthermore, the terminal device can encrypt the transaction digest using a blockchain private key to obtain the signed transaction data. Therefore, signature processing can include both hashing and encryption.

[0199] The specific process by which the terminal device performs hash processing on the transaction data can be found in the above. Figure 3 The description of hashing the first verification string in step S302 of the corresponding embodiment will not be repeated here.

[0200] Step S705: Send the signed transaction data to the blockchain node in the blockchain network so that the blockchain node can process the signed transaction data on the blockchain.

[0201] Among them, the blockchain network can be the above. Figure 1 In the corresponding embodiment, the blockchain network 100a can have the following blockchain nodes: Figure 1 The corresponding blockchain nodes in the blockchain network 100a in the embodiment (e.g., blockchain node 110a). At this time, the blockchain node can return a result to the resource client indicating successful on-chaining (i.e., the on-chain result indicates that the signed transaction data was successfully uploaded to the blockchain network) or a result indicating failed on-chaining (i.e., the signed transaction data was not successfully uploaded to the blockchain network). For example, if the on-chain data (i.e., the signed transaction data) is not standard or is too large, the on-chaining process will fail.

[0202] Therefore, if the signed transaction data is successfully uploaded to the blockchain network, the terminal device can receive the upload result from the blockchain node, indicating successful upload, through the resource client, and then return the upload result to the decentralized application client. Optionally, if the signed transaction data is not successfully uploaded to the blockchain network, the terminal device can receive the upload result from the blockchain node, indicating upload failure, through the resource client, and then return the upload result to the decentralized application client.

[0203] Optionally, the terminal device can return the signed transaction data to the decentralized application client via the resource client. The decentralized application client then sends the signed transaction data to the blockchain nodes in the blockchain network, enabling the blockchain nodes to process the signed transaction data for on-chain processing. Further, if the signed transaction data is successfully uploaded to the blockchain network, the terminal device can receive an on-chain result from the blockchain nodes, indicating successful on-chain processing, via the decentralized application client. Optionally, if the signed transaction data fails to be uploaded to the blockchain network, the terminal device can receive an on-chain result from the blockchain nodes, indicating failure, via the decentralized application client.

[0204] Therefore, this embodiment of the application can send transaction data targeting an operation object to a resource client via a decentralized application client. Then, through data interaction between the resource client and the resource server, the transaction data is signed, resulting in signed transaction data. The resource client can obtain the encrypted blockchain private key from the resource server, thereby enhancing the security of the blockchain private key. It is understood that the signed transaction data can be uploaded to the blockchain network, enabling storage of the signed transaction data through the blockchain network and further improving its security.

[0205] For easier understanding, please refer to Figure 12 , Figure 12 This is a schematic diagram illustrating a transaction signing process provided in an embodiment of this application. For example... Figure 12 Steps S41-S48 shown are schematic diagrams illustrating the process of transaction signing jointly performed by the terminal device and the resource server. The terminal device may include a decentralized application client and a resource client.

[0206] like Figure 12As shown, the terminal device can execute step S41 through the decentralized application client, which applies for signing on the blockchain. Step S41 involves the decentralized application client sending the transaction data (i.e., the message to be signed) to the resource client. Then, the terminal device can execute step S42 through the resource client, selecting a blockchain address (i.e., the operation object can choose a blockchain account address from the blockchain address list for signing), thus obtaining the blockchain account address selected for the operation.

[0207] like Figure 12 As shown, the terminal device can execute step S43 through the resource client, requesting the encrypted blockchain private key (i.e., the encrypted blockchain private key) corresponding to the blockchain address from the resource server, that is, sending an encrypted private key retrieval request to the resource server. Then, the resource server can execute step S44, returning the encrypted blockchain private key to the resource client, that is, returning the encrypted blockchain private key to the resource client. At this time, the object being operated on is logged in in the resource client, so the resource server can know that the object being operated on has a blockchain account address.

[0208] like Figure 12 As shown, the terminal device can execute step S45 through the resource client. Step S45 calls the authentication interface and uses the authentication private key to decrypt the encrypted blockchain private key; that is, it decrypts the encrypted blockchain private key using the authentication private key. Further, the terminal device can execute step S46 through the resource client. Step S46 can be used to sign the on-chain data using the blockchain private key; that is, it signs the transaction data using the blockchain private key.

[0209] like Figure 12 As shown, the terminal device can execute step S47 through the resource client to upload the transaction to the blockchain, that is, send the signed transaction data to the blockchain node in the blockchain network so that the blockchain node can process the signed transaction data to upload to the blockchain. At this time, the blockchain node can return the upload result to the resource client. Then, the terminal device can execute step S48 through the resource client to return the upload result to the decentralized application client.

[0210] Further, please see Figure 13 , Figure 13This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application. The data processing device 1 may include: an account generation module 101, a first signature module 102, an encryption processing module 103, and a first sending module 104; further, the data processing device 1 may also include: a first receiving module 105, a client input module 106, a second receiving module 107, a second signature module 108, a second sending module 109, a client login module 110, a third receiving module 111, a third sending module 112, a list display module 113, an address selection module 114, a decryption processing module 115, a transaction signature module 116, an on-chain processing module 117, and a result return module 118;

[0211] The account generation module 101 is used to generate a blockchain account corresponding to the operation object in the resource client when receiving the first verification string sent by the resource server; the blockchain account includes a blockchain private key and a blockchain public key associated with the operation object;

[0212] The first signature module 102 is used to sign the first verification string using the blockchain private key to obtain the first string signature information;

[0213] The encryption processing module 103 is used to encrypt the blockchain private key using the authentication public key associated with the operation object to obtain the encrypted blockchain private key; the authentication public key and authentication private key associated with the operation object are generated in the resource client;

[0214] The first sending module 104 is used to send the encrypted blockchain private key, the first string signature information, and the blockchain public key to the resource server; the blockchain public key is used to instruct the resource server to perform signature verification processing on the first string signature information to obtain a first signature verification result; the resource server is used to store the encrypted blockchain private key when the first signature verification result indicates successful verification; the resource server is used to send the stored encrypted blockchain private key to the resource client; the resource client is used to decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the operation object.

[0215] Optionally, the first receiving module 105 is used to send a hosting request to the resource server in response to a trigger operation on the account creation control in the resource client; the hosting request is used to instruct the resource server to generate a first verification string corresponding to the object identifier of the operation object;

[0216] The first receiving module 105 is used to receive the first verification string returned by the resource server.

[0217] Optionally, the client input module 106 is used to respond to input operations for the resource client and send the text data entered in the input operation to the resource server; if there is no text data in the account name set, the resource server is used to determine the text data as the object identifier of the operation object and generate a second verification string corresponding to the object identifier; the resource server is used to store the object identifier in the account name set.

[0218] The second receiving module 107 is used to receive the second verification string and registration identifier returned by the resource server, and generate an authentication public key and an authentication private key associated with the operation object in the resource client based on the registration identifier; the authentication public key and authentication private key are generated by the resource client calling the authentication interface associated with the resource client;

[0219] The second signature module 108 is used to sign the second verification string line using the authentication private key to obtain the second string signature information.

[0220] The second sending module 109 is used to send the object identifier, the second string signature information, and the authentication public key to the resource server; the authentication public key is used to instruct the resource server to perform signature verification processing on the second string signature information to obtain the second signature verification result; the resource server is used to associate and store the object identifier and the authentication public key when the second signature verification result indicates that the signature verification is successful.

[0221] Optionally, the client login module 110 is used to respond to the login operation for the resource client when the login status of the operation object is invalid, and send the object identifier entered in the login operation to the resource server; if the object identifier exists in the account name set, the resource server is used to generate a third verification string corresponding to the object identifier; invalid status refers to the login status when the current operation timestamp of the operation object for the resource client is later than the invalid timestamp of the operation object for the resource client.

[0222] The third receiving module 111 is used to receive the third verification string returned by the resource server, and to sign the third verification string using the authentication private key to obtain the third string signature information.

[0223] The third sending module 112 is used to send the object identifier and the third string signature information to the resource server; the resource server is used to obtain the authentication public key corresponding to the stored object identifier; the authentication public key is used to instruct the resource server to perform signature verification processing on the third string signature information to obtain the third signature verification result; when the third signature verification result indicates that the signature verification is successful, the resource server is used to send the list of blockchain account addresses corresponding to the operation object to the resource client.

[0224] The resource server is used to generate the blockchain account address corresponding to the blockchain public key when the first verification result indicates successful verification, and to associate and store the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object; the resource server is used to send the stored blockchain account address to the resource client.

[0225] Optionally, the list display module 113 is used to receive transaction data sent by the decentralized application client through the resource client, and display a list of blockchain account addresses corresponding to the operation object in the resource client; the list of blockchain account addresses includes blockchain account addresses;

[0226] Address selection module 114 is used to respond to a selection operation on the blockchain account address list and obtain the blockchain account address selected by the selection operation.

[0227] The decryption processing module 115 is used to obtain the encrypted blockchain private key corresponding to the blockchain account address from the resource server, and decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key.

[0228] The transaction signature module 116 is used to sign transaction data using a blockchain private key to obtain the signed transaction data.

[0229] Optionally, the on-chain processing module 117 is used to send the signed transaction data to the blockchain node in the blockchain network so that the blockchain node can perform on-chain processing on the signed transaction data.

[0230] The result return module 118 is used to receive the on-chain result returned by the blockchain node through the resource client to represent the success of the on-chain process if the transaction data after signature processing is successfully uploaded to the blockchain network, and then return the on-chain result to the decentralized application client.

[0231] The result return module 118 is used to receive the on-chain result returned by the blockchain node through the resource client to indicate the failure of on-chaining if the transaction data after signature processing is not successfully uploaded to the blockchain network, and then return the on-chain result to the decentralized application client.

[0232] The specific implementation methods of the account generation module 101, the first signature module 102, the encryption processing module 103, the first sending module 104, the first receiving module 105, the client input module 106, the second receiving module 107, the second signature module 108, the second sending module 109, the client login module 110, the third receiving module 111, the third sending module 112, the list display module 113, the address selection module 114, the decryption processing module 115, the transaction signature module 116, the on-chain processing module 117, and the result return module 118 can be found above. Figure 3 In the corresponding embodiment, steps S301-S304, Figure 6 In the corresponding embodiment, steps S501-S504, Figure 9 In the corresponding embodiment, steps S601-S603 and Figure 11 The descriptions of steps S701-S705 in the corresponding embodiments will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated.

[0233] Further, please see Figure 14 , Figure 14 This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application. The data processing device 2 may include: a string sending module 201, a data receiving module 202, a private key storage module 203, and a private key sending module 204; further, the data processing device 2 may also include: a timestamp acquisition module 205 and a timestamp judgment module 206;

[0234] The string sending module 201 is used to send a first verification string to the resource client; the first verification string is used to instruct the resource client to generate a blockchain account corresponding to the operation object; the blockchain account includes a blockchain private key and a blockchain public key associated with the operation object;

[0235] The data receiving module 202 is used to receive the encrypted blockchain private key, the first string signature information, and the blockchain public key sent by the resource client; the first string signature information is obtained by the resource client signing the first verification string using the blockchain private key; the encrypted blockchain private key is obtained by the resource client encrypting the blockchain private key using the authentication public key associated with the operation object; the authentication public key and authentication private key associated with the operation object are generated in the resource client;

[0236] The private key storage module 203 is used to verify the first string signature information using the blockchain public key to obtain the first verification result. If the first verification result indicates that the verification is successful, the encrypted blockchain private key is stored.

[0237] The private key storage module 203 is specifically used to generate the blockchain account address corresponding to the blockchain public key if the first verification result indicates that the verification is successful.

[0238] The private key storage module 203 is specifically used to associate and store the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object;

[0239] The private key storage module 203 is also specifically used to send the stored blockchain account address to the resource client.

[0240] Among them, the private key storage module 203 is specifically used to decrypt the first string signature information using the blockchain private key to obtain the first digest information corresponding to the first verification string;

[0241] The private key storage module 203 is specifically used to perform hash processing on the first verification string to obtain the second digest information corresponding to the first verification string;

[0242] The private key storage module 203 is specifically used to generate a first verification result indicating successful signature verification if the first digest information and the second digest information are the same.

[0243] The private key storage module 203 is specifically used to generate a first verification result indicating signature failure if the first digest information and the second digest information are different.

[0244] The private key sending module 204 is used to send the stored encrypted blockchain private key to the resource client; the resource client is used to decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the operation object.

[0245] Optionally, the timestamp acquisition module 205 is used to acquire the string generation timestamp corresponding to the first verification string;

[0246] The timestamp acquisition module 205 is used to determine the string expiration timestamp corresponding to the first verification string based on the timestamp generated by the string and the string's valid time period.

[0247] The timestamp judgment module 206 is used to perform the step of verifying the first string signature information with the blockchain public key if the first string signature information is received from the resource client before the string expiration timestamp.

[0248] The timestamp judgment module 206 is used to return an error message to the resource client if the first string signature information sent by the resource client is received after the string expiration timestamp.

[0249] The specific implementation methods of the string sending module 201, data receiving module 202, private key storage module 203, private key sending module 204, timestamp acquisition module 205, and timestamp judgment module 206 can be found above. Figure 4 The descriptions of steps S401-S404 in the corresponding embodiments will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated.

[0250] Further, please see Figure 15 , Figure 15 This is a schematic diagram of the structure of a computer device provided in an embodiment of this application. The computer device can be a terminal device or a resource server. Figure 15 As shown, the computer device 1000 may include a processor 1001, a network interface 1004, and a memory 1005. Furthermore, the computer device 1000 may also include a user interface 1003 and at least one communication bus 1002. The communication bus 1002 is used to enable communication between these components. In some embodiments, the user interface 1003 may include a display screen and a keyboard; optionally, the user interface 1003 may also include a standard wired interface or a wireless interface. Optionally, the network interface 1004 may include a standard wired interface or a wireless interface (such as a Wi-Fi interface). The memory 1005 may be high-speed RAM or non-volatile memory, such as at least one disk storage device. Optionally, the memory 1005 may also be at least one storage device located remotely from the processor 1001. Figure 15 As shown, the memory 1005, which is a computer-readable storage medium, may include an operating system, a network communication module, a user interface module, and a device control application.

[0251] In such Figure 15 In the computer device 1000 shown, the network interface 1004 provides network communication functions; the user interface 1003 is mainly used to provide an input interface for users; and the processor 1001 can be used to call the device control application stored in the memory 1005.

[0252] It should be understood that the computer device 1000 described in the embodiments of this application can execute the foregoing text. Figure 3 , Figure 4 , Figure 6 , Figure 9 and Figure 11 The description of the data processing method in the corresponding embodiments can also be performed as described above. Figure 13 In the corresponding embodiments, data processing device 1 and Figure 14The description of the data processing device 2 in the corresponding embodiments will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated.

[0253] Furthermore, it should be noted that this application embodiment also provides a computer-readable storage medium, which stores a computer program executed by the aforementioned data processing apparatus 1 and data processing apparatus 2. When the processor executes the computer program, it can execute the aforementioned... Figure 3 , Figure 4 , Figure 6 , Figure 9 and Figure 11 The description of the data processing method in the corresponding embodiments is already provided and will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated. For technical details not disclosed in the computer-readable storage medium embodiments related to this application, please refer to the description of the method embodiments of this application.

[0254] Furthermore, it should be noted that this application also provides a computer program product, which may include a computer program that can be stored in a computer-readable storage medium. The processor of a computer device reads the computer program from the computer-readable storage medium, and the processor can execute the computer program, causing the computer device to perform the aforementioned... Figure 3 , Figure 4 , Figure 6 , Figure 9 and Figure 11 The description of the data processing method in the corresponding embodiments is already provided and will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated. For technical details not disclosed in the computer program product embodiments related to this application, please refer to the description of the method embodiments of this application.

[0255] Those skilled in the art will understand that all or part of the processes in the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. The storage medium can be a magnetic disk, optical disk, read-only memory (ROM), or random access memory (RAM), etc.

[0256] The above-disclosed embodiments are merely preferred embodiments of this application and should not be construed as limiting the scope of this application. Therefore, any equivalent variations made in accordance with the claims of this application shall still fall within the scope of this application.

Claims

1. A data processing method, characterized in that, include: Upon receiving the first verification string sent by the resource server, a blockchain account corresponding to the operation object is generated in the resource client; The blockchain account includes a blockchain private key and a blockchain public key associated with the operation object; The first verification string is signed using the blockchain private key to obtain the first string signature information; The blockchain private key is encrypted using the authentication public key associated with the operation object to obtain the encrypted blockchain private key. The authentication public key and authentication private key associated with the operation object are generated in the resource client; The encrypted blockchain private key, the first string signature information, and the blockchain public key are sent to the resource server; the blockchain public key is used to instruct the resource server to verify the first string signature information to obtain a first verification result; the resource server stores the encrypted blockchain private key when the first verification result indicates successful verification; the resource server sends the stored encrypted blockchain private key to the resource client; the resource client decrypts the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the operation object.

2. The method of claim 1, wherein, The method further includes: In response to a triggered operation on the account creation control in the resource client, a hosting request is sent to the resource server; the hosting request is used to instruct the resource server to generate a first verification string corresponding to the object identifier of the operation object; Receive the first verification string returned by the resource server.

3. The method of claim 1, wherein, The method further includes: In response to an input operation from the resource client, the resource server sends the text data entered in the input operation to the resource server; if the text data does not exist in the account name set, the resource server determines the text data as the object identifier of the operation object and generates a second verification string corresponding to the object identifier; the resource server stores the object identifier in the account name set. The system receives the second verification string and registration identifier returned by the resource server, and generates the authentication public key and authentication private key associated with the operation object in the resource client based on the registration identifier; the authentication public key and authentication private key are generated by the resource client calling the authentication interface associated with the resource client. The second verification string line is signed using the authentication private key to obtain the second string signature information; The object identifier, the second string signature information, and the authentication public key are sent to the resource server; the authentication public key is used to instruct the resource server to perform signature verification processing on the second string signature information to obtain a second signature verification result; the resource server is used to associate and store the object identifier and the authentication public key when the second signature verification result indicates that the signature verification is successful.

4. The method of claim 3, wherein, The method further includes: When the login status of the operation object is invalid, in response to the login operation for the resource client, the object identifier entered in the login operation is sent to the resource server; if the object identifier exists in the account name set, the resource server generates a third verification string corresponding to the object identifier; the invalid status refers to the login status when the current operation timestamp of the operation object for the resource client is later than the invalid timestamp of the operation object for the resource client; Receive the third verification string returned by the resource server, and sign the third verification string using the authentication private key to obtain the third string signature information; The object identifier and the third string signature information are sent to the resource server; the resource server is used to obtain the authentication public key corresponding to the stored object identifier; the authentication public key is used to instruct the resource server to perform signature verification processing on the third string signature information to obtain a third signature verification result; when the third signature verification result indicates successful signature verification, the resource server is used to send the list of blockchain account addresses corresponding to the operation object to the resource client.

5. The method according to claim 1, characterized in that, The resource server is used to generate the blockchain account address corresponding to the blockchain public key when the first verification result indicates successful verification, and to associate and store the blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object; the resource server is used to send the stored blockchain account address to the resource client.

6. The method of claim 5, wherein, The method further includes: The resource client receives the transaction data sent by the decentralized application client, and displays a list of blockchain account addresses corresponding to the operation object in the resource client; the list of blockchain account addresses includes the blockchain account addresses. In response to a selection operation on the list of blockchain account addresses, obtain the blockchain account address selected by the selection operation; Obtain the encrypted blockchain private key corresponding to the blockchain account address from the resource server, and decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; The transaction data is signed using the blockchain private key to obtain the signed transaction data.

7. The method of claim 6, wherein, The method further includes: The signed transaction data is sent to a blockchain node in the blockchain network so that the blockchain node can process the signed transaction data on the blockchain. If the signed transaction data is successfully uploaded to the blockchain network, the resource client receives the on-chain result returned by the blockchain node, which indicates the success of the on-chain upload, and returns the on-chain result to the decentralized application client. If the transaction data after signature processing is not successfully uploaded to the blockchain network, the resource client receives the on-chain result returned by the blockchain node, which indicates the failure to upload the data, and returns the on-chain result to the decentralized application client.

8. A data processing method, characterized by, include: Send a first verification string to the resource client; the first verification string is used to instruct the resource client to generate a blockchain account corresponding to the operation object; The blockchain account includes a blockchain private key and a blockchain public key associated with the operation object; Receive the encrypted blockchain private key, the first string signature information, and the blockchain public key sent by the resource client; The first string signature information is obtained by the resource client signing the first verification string using the blockchain private key; the encrypted blockchain private key is obtained by the resource client encrypting the blockchain private key using the authentication public key associated with the operation object. The authentication public key and authentication private key associated with the operation object are generated in the resource client; The first string signature information is verified using the blockchain public key to obtain a first verification result. If the first verification result indicates successful verification, the encrypted blockchain private key is stored. The stored encrypted blockchain private key is sent to the resource client; the resource client is used to decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the operation object.

9. The method of claim 8, wherein, If the first verification result indicates successful verification, then storing the encrypted blockchain private key includes: If the first verification result indicates that the verification was successful, then the blockchain account address corresponding to the blockchain public key is generated; The blockchain account address, the encrypted blockchain private key, and the object identifier of the operation object are associated and stored together. The method further includes: The stored blockchain account address is sent to the resource client.

10. The method of claim 8, wherein, The method further includes: Obtain the string generation timestamp corresponding to the first verification string; Based on the string generation timestamp and the string validity period, determine the string expiration timestamp corresponding to the first verification string; If the first string signature information sent by the resource client is received before the string expiration timestamp, then the step of verifying the first string signature information using the blockchain public key is executed. If the first string signature information is received from the resource client after the string expiration timestamp, an error message is returned to the resource client.

11. The method of claim 8, wherein, The step of verifying the first string signature information using the blockchain public key to obtain a first verification result includes: The first string signature information is decrypted using the blockchain public key to obtain the first digest information corresponding to the first verification string; The first verification string is hashed to obtain the second digest information corresponding to the first verification string; If the first digest information and the second digest information are the same, a first verification result is generated to indicate that the signature verification was successful; If the first digest information and the second digest information are different, a first verification result is generated to indicate that the signature verification failed.

12. A data processing apparatus, characterized by include: The account generation module is used to generate a blockchain account corresponding to the operation object in the resource client when the first verification string is received from the resource server. The blockchain account includes a blockchain private key and a blockchain public key associated with the operation object; The first signature module is used to sign the first verification string using the blockchain private key to obtain the first string signature information; An encryption processing module is used to encrypt the blockchain private key using the authentication public key associated with the operation object, so as to obtain the encrypted blockchain private key. The authentication public key and authentication private key associated with the operation object are generated in the resource client; A first sending module is configured to send the encrypted blockchain private key, the first string signature information, and the blockchain public key to the resource server; the blockchain public key is used to instruct the resource server to perform signature verification on the first string signature information to obtain a first signature verification result; the resource server is configured to store the encrypted blockchain private key when the first signature verification result indicates successful verification; the resource server is configured to send the stored encrypted blockchain private key to the resource client; the resource client is configured to decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the operation object.

13. A data processing apparatus, characterized by: include: The string sending module is used to send the first verification string to the resource client; The first verification string is used to instruct the resource client to generate a blockchain account corresponding to the operation object; The blockchain account includes a blockchain private key and a blockchain public key associated with the operation object; The data receiving module is used to receive the encrypted blockchain private key, the first string signature information, and the blockchain public key sent by the resource client; The first string signature information is obtained by the resource client signing the first verification string using the blockchain private key; the encrypted blockchain private key is obtained by the resource client encrypting the blockchain private key using the authentication public key associated with the operation object. The authentication public key and authentication private key associated with the operation object are generated in the resource client; The private key storage module is used to verify the first string signature information using the blockchain public key to obtain a first verification result. If the first verification result indicates successful verification, the encrypted blockchain private key is stored. The private key sending module is used to send the stored encrypted blockchain private key to the resource client; the resource client is used to decrypt the encrypted blockchain private key using the authentication private key to obtain the blockchain private key; the blockchain private key is used to sign transaction data for the operation object.

14. A computer device, comprising: include: Processor and memory; The processor is connected to the memory, wherein the memory is used to store a computer program, and the processor is used to invoke the computer program to cause the computer device to perform the method according to any one of claims 1-11.

15. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program adapted to be loaded and executed by a processor to cause a computer device having the processor to perform the method according to any one of claims 1-11.

16. A computer program product, characterised in that, The computer program product includes a computer program stored in a computer-readable storage medium and adapted to be read and executed by a processor to cause a computer device having the processor to perform the method of any one of claims 1-11.

Images