A blockchain-based business process approval and evidence storage system and method

Abstract

This invention discloses a blockchain-based business process approval and evidence storage system and method. The system includes three modules: approval system initialization, off-chain process approval and signing, and on-chain data storage and auditing. It ensures the sequentiality of process approvals, the confidentiality of approval documents, and the verifiability of approval signature results, while providing trusted evidence storage for the processes involved. The designed off-chain sequential signature and verification algorithm based on SM2 signatures, combined with the SM2 signature algorithm and signature stack data structure, guarantees the sequentiality, validity, and verifiability of multi-party signatures, achieving efficient sequential verification and secure, orderly transmission of approval results. The designed on-chain data storage algorithm based on Deposit / Claim transactions utilizes smart contracts to automatically verify off-chain approval results before storing them on the blockchain, thereby ensuring the accuracy, authenticity, and integrity of the on-chain data and implementing automated penalties for violators, providing trusted assurance for process auditing and accountability.

Description

Technical Field

[0001] This invention relates to data signature and blockchain technology, specifically to a blockchain-based business process approval and evidence storage system and method. Background Technology

[0002] In typical cross-institutional business processes such as government approvals, supply chain finance, and insurance claims, approval activities usually require multiple organizations to proceed strictly in sequence. Although online process approvals have effectively improved the efficiency of cross-institutional collaboration, traditional centralized systems generally face the following challenges when handling such processes: First, the system's identity management, process control, and data storage are highly dependent on the centralized platform; a failure of the centralized platform will directly lead to the interruption of the entire workflow. Furthermore, system administrators or internal personnel often enjoy excessive privileges, posing a potential risk of unauthorized data tampering, signature forgery, or leakage of confidential information.

[0003] Against this backdrop, blockchain, as a secure and reliable distributed ledger technology, offers a solution to the security and trust issues in cross-agency business approval processes. Currently, the mainstream technical approaches for building cross-agency business process approval systems using blockchain fall into the following two categories:

[0004] I. Fully On-Chain Execution Mode. This mode encodes business process logic into smart contracts, driving the process forward using an on-chain state machine. Each approval operation requires an on-chain transaction to update the state. However, its execution efficiency has significant bottlenecks: each step requires waiting for on-chain transaction confirmation, resulting in high overall process latency; at the same time, frequent on-chain interactions also generate high transaction costs. Furthermore, if the document changes during the approval process, an event rollback is required, rendering the previously stored intermediate signature data on-chain invalid, while still consuming on-chain storage resources, thus wasting storage resources.

[0005] II. Hybrid Architecture Combining Off-Chain Signature and On-Chain Storage. The core of this architecture lies in executing ordered signing and verification operations off-chain, submitting only the final signature result to on-chain storage. This significantly reduces the time and cost of on-chain interactions, improving overall approval efficiency. However, while improving system efficiency, the off-chain signature mechanism also introduces new security challenges: on the one hand, cyber attackers may illegally steal sensitive business data submitted by users and forge signatures of honest participants; on the other hand, malicious participants may tamper with the signature data during transmission or collude with others to disrupt the established signature order, thereby undermining the legality and compliance of business processes.

[0006] While a fully on-chain execution model can ensure process trustworthiness, it's difficult to balance efficiency. Conversely, using an "off-chain signature, on-chain storage" approach lacks a trusted off-chain execution environment, compromising the integrity and verifiability of the stored data. Therefore, there is currently a lack of a blockchain-based process approval and data storage auditing system that combines both efficiency and reliability. Summary of the Invention

[0007] Purpose of the invention: The purpose of this invention is to address the shortcomings of existing technologies and provide a blockchain-based business process approval and evidence storage system and method.

[0008] Technical solution:

[0009] Firstly, this invention provides a blockchain-based business process approval and evidence storage system, including a trusted authority (CA), a service provider (SP), and users. Approval and signing parties The system comprises an off-chain secure storage OSS and a process chain network PCN; the trusted authority CA is a digital certificate issuing authority responsible for digital identity authentication and digital certificate distribution management for all parties; the service provider SP is responsible for receiving and processing user business applications, formulating standardized business approval process specifications, dynamically specifying approval signatories and their approval signature order, and generating timestamped credentials for digital signatures; the user... The responsible party is responsible for initiating business applications, submitting and uploading relevant application documents, triggering automated approval processes, monitoring approval progress in real time, and receiving final approval results; the approval signatory... It consists of personnel with corresponding approval authority, namely a multi-party entity set participating in the process review according to the preset process. Each signatory has an independent digital identity certificate, conducts compliance review according to preset approval rules, and confirms the approval opinion through digital signature. The off-chain secure storage OSS is an encrypted storage system responsible for storing the encrypted data of business-related approval documents. It is managed by the SP by setting storage policies and access rules. The process chain network PCN is a blockchain composed of consensus nodes of each participating party. It is specifically used to record business status changes, approval trajectory, and signature verification result data to ensure that the data is tamper-proof and traceable, forming an immutable process evidence storage chain.

[0010] Secondly, this invention provides a blockchain-based method for business process approval and evidence storage, comprising the following steps:

[0011] Step S1: System Initialization and Certificate Issuance

[0012] Service provider SP executes the SM2 initialization algorithm to generate system parameters, and each participant... Execute the SM2 key generation algorithm to generate a key pair (private key) for signing. and public key ); Participants Submit a certificate signing request to a Certificate Authority (CA) and provide the public key. And their own identity information; verification by the Certificate Authority (CA). Identity, and use your own private key to public key Sign with identity information to generate a digital certificate Then return it to the participating parties. .

[0013] Step S2: Off-chain process approval and signing

[0014] user Initiate a business application and upload relevant business documents. This triggers the system's automated approval process; the service provider (SP) stores the file in OSS and generates an approval process sequence list. Initialize the signature stack and notify all participating parties to conduct a review; participating parties and Perform SM2 key negotiation to generate a symmetric session key. Used for encrypting file transfers Each approving and signing party according to The process involves sequential review, generating a signature using the SM2 signature algorithm, requesting an authoritative timestamp for the signature from the SP, updating the signature stack, and then sending the signature stack and encrypted file to the next signatory. After all the approving signatories have completed their sequential signing, the final signer... Send the complete signature stack to all participants. Final signatory The validity of the signature is verified, and it is confirmed that the signature itself and its position in the stack table have not been modified. Submitted document identifier and the complete signature stack The smart contract initiates an on-chain request, entering the on-chain phase.

[0015] Step S3: On-chain data storage and auditing

[0016] All participating parties The Deposit transaction of the smart contract is invoked independently to lock the guarantee credit points; after all Deposit transactions have been verified, the on-chain notarization process begins; the smart contract verifies the validity of the signature (including the signature order), and writes it to the blockchain after verification; after the notarization process is completed, regardless of whether the notarization is successful or not, a Claim transaction is automatically triggered to settle the guarantee points: if the notarization is successful, the guarantee points are returned to the original source, and all parties are authorized to query the notarization data; if the notarization fails, according to the smart contract rules, the guarantee points of the responsible party for the violation are locked and a penalty is executed, while the guarantee points of other participants are returned to the original source.

[0017] Furthermore, the specific steps for system initialization and certificate issuance in step S1 are as follows:

[0018] S1.1 System Initialization:

[0019] 1) The service provider (SP) executes the SM2 initialization algorithm. Generate system parameters: Input security parameters Output system parameters ,in For the safety of large prime numbers, Based on finite field, for The equation of the elliptic curve on the curve is... yes The upper level is The basis, hash function ; Afterwards, the SP distributes the system parameters to each participant.

[0020] 2) Each participating party Execute the SM2 key generation algorithm Generate a key pair for signing. : Input system parameters Choose a random number As a private key Calculate the public key .

[0021] S1.2 Digital Certificate Issuance: The Certificate Authority (CA) possesses the key pair for issuing SM2 certificates. Participants Submit a certificate issuance request to the CA and provide the public key. and identity information; CA verification After the identity is verified, use the private key. right public key Digitally sign the identity information to generate a digital certificate conforming to the X.509 standard. Then return it to the participating parties. .

[0022] Furthermore, the specific steps for off-chain process approval and signing in step S2 are as follows:

[0023] S2.1 Approval process initialization:

[0024] user Initiate a business application and upload relevant business documents. Service provider (SP) performs the following approval process initialization operations: First Uploaded to Store the data and generate a unique file identifier. Then, generate a list of approval process sequences. and initialize the signature stack. ,in, , Participants Digital certificates; preset length and The triples are of equal length and are used to store the signatures of each participant. The service provider will store the triples. Distribute to all participants and notify each approving signatory to follow the list. The documents are reviewed and signed in the following order.

[0025] S2.2 Sequential Approval and Signature:

[0026] S2.2.1, Participating Parties and Generate a symmetric session key using the SM2 key negotiation protocol. key As the key for the SM4 symmetric encryption algorithm, it is used for and Encrypted file transfer between .

[0027] S2.2.2, User Execute the SM2 signature algorithm Generate file hash The signature is as follows:

[0028] 1) Input parameters Private key and signature content Choose a random number Calculate points on the elliptic curve .

[0029] 2) Calculation ,like or If the result is negative, return 1) and regenerate a random number. random numbers Selection requires guarantee. and .

[0030] 3) Calculation .like If the result is negative, return 1) and regenerate a random number. random numbers Selection requires guarantee. .

[0031] 4) Output signature .

[0032] S2.2.3, User After signing is completed, send the signature to the SP. Request the current timestamp A commitment to obtain a signed timestamp ,in, For hash functions, For signature The generated timestamp, It is a random value.

[0033] S2.2.4, User Signature and commitment Add to the signature stack to generate the signature stack. Next, the user generate ciphertext .user Send ciphertext and signature stack For the next signer

[0034] S2.2.5, Signatory receive ciphertext sent and signature stack Afterwards, verification The signature.

[0035] 1) First, Running the SM4 decryption algorithm ,Will Decrypt to obtain plaintext .calculate ,examine If the condition is not met, the verification fails; if it is met, proceed to the next verification step.

[0036] 2) Next, read the data from the top of the stack. Then, the SM2 signature verification algorithm is used. Verify signature Validity: Input parameters user public key and signature ,examine and If the condition is not met, the verification fails; otherwise, the calculation is performed. , ,like If the result is positive, the verification is successful; otherwise, the verification fails.

[0037] 3) If Signature verification failed or If the contents of the document are not agreed upon, the situation will be broadcast to all participating parties, along with their identity certificates. and the current signature stack The SP then pauses the current process, analyzes the cause of the process anomaly, cleans up relevant temporary states, ensures all participants have synchronized to the initial state, and notifies the user to re-initiate the signature process. If signature verification is successful, the signer... For the previous signature and commitment in the signature stack Perform the signing process, detailed in step S2.2.2, and generate the signature. .

[0038] S2.2.6、 After signing is completed, send the signature to the SP. Request the current timestamp A commitment to obtain a signed timestamp ,in, For signature The generated timestamp, It is a random value.

[0039] S2.2.7、 After obtaining a timestamp commitment to the signature, the signature will be... Add to the signature stack to generate the signature stack. . SM4 symmetric encryption algorithm generate ciphertext , and signature stack Give it to the next signer.

[0040] S2.2.8, Signatory The signature verification process will continue to repeat steps S2.2.5. First, upon receiving... ciphertext sent and signature stack Then, run the SM4 decryption algorithm. Decryption get ,examine Is it valid? Signature data in , and Then, the SM2 signature verification algorithm is used. Verify the previous signature The effectiveness, among which, User The public key. If signature verification fails or If the content of the document is not agreed upon, the situation will be broadcast to all participating parties, along with the identity certificate of the current signatory. and signature stack The SP then pauses the current process to analyze the cause of the anomaly. If the failure is due to signature verification, it reverts to the previous step, and the process is handled by the previous signer. Re-initiate the approval and signing process; if the user disagrees with the document content, the SP will clear the relevant temporary state, ensure all participants have synchronized to the initial state, and notify the user to re-initiate the signing process. If the signature is valid, the signer... For the previous signature and commitment Perform the signature and execute the SM2 signature algorithm. Generate signature .

[0041] S2.2.9, Signatory After signing is complete, the process in S2.2.6 will be repeated to obtain the timestamp commitment for the signature. It then sends the signature to the SP. Request the current timestamp Receive commitment ,in, For signature The generated timestamp, It is a random value.

[0042] S2.2.10, Signatory After obtaining the timestamp commitment to the signature, the operation in S2.2.7 will be repeated to update the signature stack and then handed over to the next signer. First, the signature... Add to the signature stack to generate the signature stack. Afterwards, the signatories SM4 symmetric encryption algorithm Will Encrypt and generate ciphertext. and signature stack Give it to the next signer.

[0043] S2.2.11, When the last signatory After signing is completed, check the signature stack information. A broadcast is conducted, and each participant verifies the signature content and order of the signature stack. Specifically, each participant... View your signature Whether it has been tampered with, and whether its position in the signature stack has been altered. Simultaneously, it is verified using the SM2 signature verification algorithm. Verify signature The validity of the verification is then determined. If all participants pass the verification, the process proceeds to the on-chain phase, whereby... Initiate a request to upload to the blockchain and submit the file identifier. Otherwise, the agreement will be terminated, and the SP will handle the exception.

[0044] Furthermore, the detailed process of step S3 is as follows:

[0045] S3.1 Deposit Transaction Generation: After initiating the on-chain request, the service provider (SP) calls the smart contract interface to publish the raw timestamp data of each participant. Next, the various approving and signing parties... Independently calling the smart contract's Deposit transaction request locks a certain amount of reputation points (the point value is preset by the system) as a guarantee of its honest participation in the process. Details are as follows:

[0046] S3.1.1 Submitting a transaction application: To invoke the smart contract, input the following parameter: the credit score for the guarantee. Identity Certificate Document Identifier Signature data and committed data .

[0047] S3.1.2 Verify signature file consistency: Smart contract check Are the submitted file identifiers consistent? If the agreement remains consistent, proceed to the next stage; otherwise, the process ends and the transaction application is terminated.

[0048] S3.1.3 Verify signature stack consistency: The smart contract checks the signer. Submitted signature data and commitment Is it related to the signature stack? To maintain consistency, in order to prevent The signature stack being submitted is being tampered with, or another signer is altering the signature stack during transmission. Specifically, the smart contract first traverses the signature stack. Verification in the index Does the corresponding data match? The submitted signature data and commitment data must be equal. If they are equal, proceed to the next stage; otherwise, the process ends and the transaction application is terminated.

[0049] S3.1.4 Verify the correctness of the timestamp: Based on the original timestamp data submitted by the SP, the smart contract calculates... ,examine Is it equal to If all signed promises If the transaction is successful, the process proceeds to the next stage; otherwise, the process ends and the transaction application is terminated.

[0050] S3.1.5 Verify Points Balance: Smart Contract Verification Points balance Does it meet the requirements? If the points balance is [not specified] Credit score greater than or equal to the guarantee ,Right now Then, an points voucher will be generated. Otherwise, the process ends and the transaction application is terminated.

[0051] S3.1.6, Deposit transactions on-chain: Smart contracts will... parameters The transaction data is packaged and submitted to the Process Chain Network (PCN), awaiting node verification and recording in a block. After the transaction is on-chain, the signer... The guarantee points have been officially locked, and their signature behavior is related to... Binding.

[0052] S3.1.7 Smart Contract Status Update: After all participants have completed the Deposit transaction, the smart contract status is updated to "Depositable".

[0053] S3.2 Signature Stack Verification and Evidence Storage

[0054] The notarization transaction is initiated to enter the notarization phase. The smart contract verifies the signatures in the signature stack. If the verification is successful, the smart contract writes the final signature stack and file identifier into the PCN and releases the points of all signers; otherwise, the violator is traced and their points are forfeited.

[0055] S3.2.1 Signature Stack Verification: Smart Contract Verification Submitted signature stack Is it correct?

[0056] The smart contract calls the stack pop algorithm to obtain the signature data in the stack. And perform batch verification on the signatures, among which , .

[0057] 1) Inspection and If the condition is not met, the verification fails; if it is met, the check continues.

[0058] 2) Calculation ,in

[0059]

[0060]

[0061] 3) Calculation ,calculate ,calculate

[0062] 4) Calculation ,calculate ,like If the result is positive, the verification is successful; otherwise, the verification fails.

[0063] If verification fails, proceed to steps S3.2.2-S3.2.3 to audit and hold accountable those responsible for the invalid signature; if verification succeeds, proceed to step S3.2.4 to preserve the signature result.

[0064] S3.2.2 Sequential Backtracking Verification and Responsibility Determination: The smart contract sequentially calls the SM2 signature verification algorithm. verify The effectiveness. For Running the algorithm Perform verification. If any Make a signature If verification fails, the signer will be identified. Violation of regulations.

[0065] S3.2.3, Violation Handling: When signature verification fails, the smart contract updates its status to "Terminated", triggers a Claim transaction, forfeits the guarantee points of the violator, and releases the guarantee points of other signers.

[0066] S3.2.4, On-chain storage of signature results: If all signatures in the signature stack are successfully verified, the smart contract executes the storage transaction, storing the signature stack... and file identifier Submit to the PCN network. Once the transaction is confirmed and written to a block, the smart contract state is updated to "completed," triggering a Claim transaction that releases the collateral credits of all signers.

[0067] S3.3, Viewing the signature result chain: When the signature stack... After successful on-chain notarization, the user Other participants can enter the transaction hash value to view the approval results and evidence storage information on the blockchain.

[0068] Beneficial effects: Compared with the prior art, the present invention has the following advantages:

[0069] (1) This invention innovates a chain-style signature stack technology to achieve an efficient process approval and signing mechanism. Each approval node completes the signature confirmation of the approval opinion based on the SM2 signature algorithm, and the signature stack is used to achieve secure storage and orderly transmission of signatures. At the same time, by introducing a timestamp commitment, an immutable time sequence anchor is generated for each signature, thereby effectively resisting tampering attacks targeting time data. This method effectively eliminates the risk of unauthorized operation through a mandatory signature order verification mechanism, ensuring the authenticity of the business logic order.

[0070] (2) This invention utilizes smart contract-driven Deposit / Claim transaction technology to achieve a secure on-chain data storage and auditing mechanism. The smart contract automatically verifies the consistency, timestamps, and signature order of the signed data in the signature stack, ensuring the authenticity and integrity of the on-chain data. Signature batch verification technology improves on-chain verification efficiency. The Deposit / Claim transaction guarantee points form an effective game constraint, enabling automatic identification of violations and point confiscation, reducing the possibility of malicious participants disrupting the approval process.

[0071] (3) The blockchain composed of consensus nodes of each participant in this invention records business status changes, approval trajectories and signature verification results data, ensuring that the data is tamper-proof and traceable, forming an immutable process evidence chain, providing credible evidence for later auditing and accountability. Attached Figure Description

[0072] Figure 1 This is a diagram of the overall system framework of the present invention.

[0073] Figure 2 This is a schematic diagram illustrating the interaction between the off-chain process approval and signing stages in an embodiment.

[0074] Figure 3 This is a schematic diagram illustrating the interaction between the on-chain data storage and auditing stages in an embodiment. Detailed Implementation

[0075] The technical solution of the present invention will be described in detail below, but the scope of protection of the present invention is not limited to the embodiments described.

[0076] like Figure 1 As shown, this invention provides a blockchain-based business process approval and evidence storage system, including a trusted authority (CA), a service provider (SP), and users. Approval and signing parties The system comprises an off-chain secure storage OSS and a process chain network PCN; the trusted authority CA is a digital certificate issuing authority responsible for digital identity authentication and digital certificate distribution management for all parties; the service provider SP is responsible for receiving and processing user business applications, formulating standardized business approval process specifications, dynamically specifying approval signatories and their approval signature order, and generating timestamped credentials for digital signatures; the user... The responsible party is responsible for initiating business applications, submitting and uploading relevant application documents, triggering automated approval processes, monitoring approval progress in real time, and receiving final approval results; the approval signatory... It consists of personnel with corresponding approval authority, namely a multi-party entity set participating in the process review according to the preset process. Each signatory has an independent digital identity certificate, conducts compliance review according to preset approval rules, and confirms the approval opinion through digital signature. The off-chain secure storage OSS is an encrypted storage system responsible for storing the encrypted data of business-related approval documents. It is managed by the SP by setting storage policies and access rules. The process chain network PCN is a blockchain composed of consensus nodes of each participating party. It is specifically used to record business status changes, approval trajectory, and signature verification result data to ensure that the data is tamper-proof and traceable, forming an immutable process evidence storage chain.

[0077] The blockchain-based business process approval and evidence storage method in this embodiment specifically includes the following steps:

[0078] Step 1 (System Initialization and Certificate Issuance):

[0079] 1.1 System Initialization:

[0080] 1) The service provider (SP) executes the SM2 initialization algorithm. Generate system parameters: Input security parameters Output system parameters ,in For the safety of large prime numbers, Based on finite field, for The equation of the elliptic curve on the curve is... yes The upper level is The basis, hash function ; Afterwards, the SP distributes the system parameters to each participant.

[0081] 2) Each participating party Execute the SM2 key generation algorithm Generate a key pair for signing. : Input system parameters Choose a random number As a private key Calculate the public key .

[0082] 1.2 Digital Certificate Issuance: The Certificate Authority (CA) possesses the key pairs for issuing SM2 certificates. Participants Submit a certificate issuance request to the CA and provide the public key. and identity information; CA verification After the identity is verified, use the private key. right public key Digitally sign the identity information to generate a digital certificate conforming to the X.509 standard. Then return it to the participating parties. .

[0083] Step 2 (Off-chain process approval and signing)

[0084] 2.1 Approval process initialization:

[0085] user Initiate a business application and upload relevant business documents. Service provider (SP) performs the following approval process initialization operations: First Uploaded to Store the data and generate a unique file identifier. Then, generate a list of approval process sequences. and initialize the signature stack. ,in, , Participants Digital certificates; preset length and The triples are of equal length and are used to store the signatures of each participant. The service provider will store the triples. Distribute to all participants and notify each approving signatory to follow the list. The documents are reviewed and signed in the following order.

[0086] 2.2 Sequential Approval and Signature:

[0087] 2.2.1 Participating Parties and Generate a symmetric session key using the SM2 key negotiation protocol. key As the key for the SM4 symmetric encryption algorithm, it is used for and Encrypted file transfer between .

[0088] 2.2.2, User Execute the SM2 signature algorithm Generate file hash The signature is as follows:

[0089] 1) Input parameters Private key and signature content Choose a random number Calculate points on the elliptic curve .

[0090] 2) Calculation ,like or If the result is negative, return 1) and regenerate a random number. random numbers Selection requires guarantee. and .

[0091] 3) Calculation .like If the result is negative, return 1) and regenerate a random number. random numbers Selection requires guarantee. .

[0092] 4) Output signature .

[0093] 2.2.3, User After signing is completed, send the signature to the SP. Request the current timestamp A commitment to obtain a signed timestamp ,in, For hash functions, For signature The generated timestamp, It is a random value.

[0094] 2.2.4, User Signature and commitment Add to the signature stack to generate the signature stack. Next, the user generate ciphertext .user Send ciphertext and signature stack For the next signer

[0095] 2.2.5 Signatory receive ciphertext sent and signature stack Afterwards, verification The signature.

[0096] 1) First, Running the SM4 decryption algorithm ,Will Decrypt to obtain plaintext .calculate ,examine If the condition is not met, the verification fails; if it is met, proceed to the next verification step.

[0097] 2) Next, read the data from the top of the stack. Then, the SM2 signature verification algorithm is used. Verify signature Validity: Input parameters user public key and signature ,examine and If the condition is not met, the verification fails; otherwise, the calculation is performed. , ,like If the result is positive, the verification is successful; otherwise, the verification fails.

[0098] 3) If Signature verification failed or If the contents of the document are not agreed upon, the situation will be broadcast to all participating parties, along with their identity certificates. and the current signature stack The SP then pauses the current process, analyzes the cause of the process anomaly, cleans up relevant temporary states, ensures all participants have synchronized to the initial state, and notifies the user to re-initiate the signature process. If signature verification is successful, the signer... For the previous signature and commitment in the signature stack Perform the signing process, detailed in step 2.2.2, and generate the signature. .

[0099] 2.2.6 After signing is completed, send the signature to the SP. Request the current timestamp A commitment to obtain a signed timestamp ,in, For signature The generated timestamp, It is a random value.

[0100] 2.2.7 After obtaining a timestamp commitment to the signature, the signature will be... Add to the signature stack to generate the signature stack. . SM4 symmetric encryption algorithm generate ciphertext , and signature stack Give it to the next signer.

[0101] 2.2.8 Signatory The signature verification process will continue to be repeated as described in section 2.2.5. First, upon receiving... ciphertext sent and signature stack Then, run the SM4 decryption algorithm. Decryption get ,examine Is it valid? Signature data in , and Then, the SM2 signature verification algorithm is used. Verify the previous signature The effectiveness, among which, User The public key. If signature verification fails or If the content of the document is not agreed upon, the situation will be broadcast to all participating parties, along with the identity certificate of the current signatory. and signature stack The SP then pauses the current process to analyze the cause of the anomaly. If the failure is due to signature verification, it reverts to the previous step, and the process is handled by the previous signer. Re-initiate the approval and signing process; if the user disagrees with the document content, the SP will clear the relevant temporary state, ensure all participants have synchronized to the initial state, and notify the user to re-initiate the signing process. If the signature is valid, the signer... For the previous signature and commitment Perform the signature and execute the SM2 signature algorithm. Generate signature .

[0102] 2.2.9 Signatory After signing is complete, the process in 2.2.6 will be repeated to obtain the timestamp commitment for the signature. It then sends the signature to the SP. Request the current timestamp Receive commitment ,in, For signature The generated timestamp, It is a random value.

[0103] 2.2.10 Signatory After obtaining the timestamp commitment to the signature, the process in 2.2.7 will be repeated to update the signature stack and then passed on to the next signer. First, the signature... Add to the signature stack to generate the signature stack. Afterwards, the signatories SM4 symmetric encryption algorithm Will Encrypt and generate ciphertext. and signature stack Give it to the next signer.

[0104] 2.2.11 When the last signatory After signing is completed, check the signature stack information. A broadcast is conducted, and each participant verifies the signature content and order of the signature stack. Specifically, each participant... View your signature Whether it has been tampered with, and whether its position in the signature stack has been altered. Simultaneously, it is verified using the SM2 signature verification algorithm. Verify signature The validity of the verification is then determined. If all participants pass the verification, the process proceeds to the on-chain phase, whereby... Initiate a request to upload to the blockchain and submit the file identifier. Otherwise, the agreement will be terminated, and the SP will handle the exception.

[0105] Figure 2 As shown.

[0106] Step 3 (On-chain data storage and auditing)

[0107] 3.1 Deposit Transaction Generation: After initiating the on-chain request, the service provider (SP) calls the smart contract interface to publish the raw timestamp data of each participant. Next, the various approving and signing parties... Independently calling the smart contract's Deposit transaction request locks a certain amount of reputation points (the point value is preset by the system) as a guarantee of its honest participation in the process. Details are as follows:

[0108] 3.1.1 Submitting a transaction application: To invoke the smart contract, input the following parameter: the credit score for the guarantee. Identity Certificate Document Identifier Signature data and committed data .

[0109] 3.1.2 Verify signature file consistency: Smart contract check Are the submitted file identifiers consistent? If the agreement remains consistent, proceed to the next stage; otherwise, the process ends and the transaction application is terminated.

[0110] 3.1.3 Verify signature stack consistency: The smart contract checks the signer. Submitted signature data and commitment Is it related to the signature stack? To maintain consistency, in order to prevent The signature stack being submitted is being tampered with, or another signer is altering the signature stack during transmission. Specifically, the smart contract first traverses the signature stack. Verification in the index Does the corresponding data match? The submitted signature data and commitment data must be equal. If they are equal, proceed to the next stage; otherwise, the process ends and the transaction application is terminated.

[0111] 3.1.4 Verify the correctness of the timestamp: Based on the original timestamp data submitted by the SP, the smart contract calculates... ,examine Is it equal to If all signed promises If the transaction is successful, the process proceeds to the next stage; otherwise, the process ends and the transaction application is terminated.

[0112] 3.1.5 Verify Points Balance: Smart Contract Verification Points balance Does it meet the requirements? If the points balance is [not specified] Credit score greater than or equal to the guarantee ,Right now Then, an points voucher will be generated. Otherwise, the process ends and the transaction application is terminated.

[0113] 3.1.6 Deposit Transactions On-Chain: Smart Contracts Will parameters The transaction data is packaged and submitted to the Process Chain Network (PCN), awaiting node verification and recording in a block. After the transaction is on-chain, the signer... The guarantee points have been officially locked, and their signature behavior is related to... Binding.

[0114] 3.1.7 Smart Contract Status Update: After all participants have completed the Deposit transaction, the smart contract status is updated to "depositable".

[0115] 3.2 Signature Stack Verification and Evidence Storage

[0116] The notarization transaction is initiated to enter the notarization phase. The smart contract verifies the signatures in the signature stack. If the verification is successful, the smart contract writes the final signature stack and file identifier into the PCN and releases the points of all signers; otherwise, the violator is traced and their points are forfeited.

[0117] 3.2.1 Signature Stack Verification: Smart Contract Verification Submitted signature stack Is the signature correct?

[0118] 3.3.1 Batch Signature Verification: The smart contract calls the pop algorithm to obtain the signature data from the signature stack. And perform batch verification on the signatures, among which , .

[0119] 1) Inspection and If the condition is not met, the verification fails; if it is met, the check continues.

[0120] 2) Calculation ,in

[0121]

[0122]

[0123] 3) Calculation ,calculate ,calculate

[0124] 1) Calculation ,calculate ,like If the result is positive, the verification is successful; otherwise, the verification fails.

[0125] If verification fails, proceed to steps 3.2.2-3.2.3 to audit and hold accountable those responsible for the invalid signatures; if verification succeeds, proceed to step 3.2.4 to preserve the signature result.

[0126] 3.2.2 Sequential Backtracking Verification and Responsibility Determination: The smart contract sequentially calls the SM2 signature verification algorithm. verify The effectiveness. For Running the algorithm Perform verification. If any Make a signature If verification fails, the signer will be identified. Violation of regulations.

[0127] 3.2.3 Handling of Violations: When signature verification fails, the smart contract updates its status to "Terminated", triggers a Claim transaction, forfeits the guarantee points of the violator, and releases the guarantee points of other signers.

[0128] 3.2.4. On-chain storage of signature results: If all signatures in the signature stack are successfully verified, the smart contract executes the storage transaction, storing the signature stack... and file identifier Submit to the PCN network. Once the transaction is confirmed and written to a block, the smart contract state is updated to "completed," triggering a Claim transaction that releases the collateral credits of all signers.

[0129] 3.3 Viewing the signature result chain: When the signature stack... After successful on-chain notarization, the user Other participants can enter the transaction hash value to view the approval results and evidence storage information on the blockchain.

[0130] like Figure 3 As shown.

[0131] As can be seen from the above embodiments, this invention achieves secure storage and orderly transmission of multi-party signatures by employing off-chain chained signature stack technology, and effectively eliminates the risk of unauthorized operations through a mandatory signature order verification mechanism. Simultaneously, by introducing a timestamp commitment, an immutable time-series anchor is generated for each signature, effectively resisting attacks targeting time data tampering. Furthermore, the use of smart contract-driven Deposit / Claim transaction technology enables secure storage and auditing of on-chain data. The smart contract automatically verifies the validity of the signature stack, ensuring the authenticity and integrity of the on-chain data. Signature batch verification technology improves on-chain verification efficiency. The Deposit / Claim transaction guarantee points form effective game-theoretic constraints, enabling automatic identification and point confiscation of violations, reducing the possibility of malicious participants disrupting the approval process. The blockchain composed of consensus nodes of all participating parties in this invention records business status changes, approval trajectories, and signature verification results, ensuring data immutability and traceability, forming an immutable process evidence chain, providing credible evidence for later auditing and accountability.

Claims

1. A blockchain-based business process approval and evidence storage system, characterized in that: Including trusted authoritative institutions (CAs), service providers (SPs), and users. Approval and signing parties The system comprises an off-chain secure storage OSS and a process chain network PCN for evidence storage; the trusted authority CA is a digital certificate issuing authority responsible for digital identity authentication and digital certificate distribution management for all parties; the service provider SP is responsible for receiving and processing user business applications, formulating standardized business approval process specifications, dynamically specifying approval signatories and their approval signature order, and generating timestamped credentials for digital signatures; the user... The responsible party is responsible for initiating business applications, submitting and uploading relevant application documents, triggering automated approval processes, monitoring approval progress in real time, and receiving final approval results; the approval signatory... It consists of personnel with corresponding approval authority, that is, a collection of multiple entities participating in the process review according to the preset process. Each signatory has an independent digital identity certificate, conducts compliance review according to the preset approval rules, and confirms the approval opinion through digital signature. The off-chain secure storage OSS is an encrypted storage system responsible for storing encrypted data of business-related approval documents. It is managed by the SP by setting storage policies and access rules. The process chain network PCN is a blockchain composed of consensus nodes of various participants. It is specifically used to record business status changes, approval trajectories, and signature verification results to ensure that the data is tamper-proof and traceable, forming an immutable process evidence storage chain.

2. A blockchain-based method for business process approval and evidence storage, characterized in that, Includes the following steps: Step S1: System Initialization and Certificate Issuance Service provider SP executes the SM2 initialization algorithm to generate system parameters, and each participant... The SM2 key generation algorithm is executed to generate a key pair for signing, including the private key. and public key Participants Submit a certificate signing request to a Certificate Authority (CA) and provide the public key. and their own identity information; Digital Certificate Authority (CA) verification Identity, and use your own private key to public key Sign with identity information to generate a digital certificate Then return it to the participating parties. ; Step S2: Off-chain process approval and signing user Initiate a business application and upload relevant business documents. This triggers the system's automated approval process; the service provider (SP) stores the file in OSS and generates an approval process sequence list. Initialize the signature stack and notify all participating parties to conduct a review; participating parties and Perform SM2 key negotiation to generate a symmetric session key. Used for encrypting file transfers ; All approving and signing parties according to The process is carried out sequentially, a signature is generated using the SM2 signature algorithm, and an authoritative timestamp for the signature is obtained from the SP. Then the signature stack is updated, and the signature stack and the encrypted file are sent to the next signer. After each approving signatory has completed their sequential signatures, the final signatory... The complete signature stack is sent to all participants, and each party verifies the final signatory. The signature is verified to be valid, and the signatory confirms that its own signature and its position in the stack have not been modified. After all verifications are successful, the final signatory... Submitted document identifier and the complete signature stack The smart contract initiates an on-chain request, entering the on-chain phase. Step S3: On-chain data storage and auditing All participating parties The Deposit transaction, which is independently invoked by the smart contract, locks the guarantee credit points. After all Deposit transactions have been verified, the on-chain notarization process begins. The smart contract verifies the validity of the signatures, including the signature order, and writes them to the blockchain after successful verification. After the notarization process is completed, regardless of whether the notarization is successful or not, a Claim transaction is automatically triggered to settle the guarantee points: if the notarization is successful, the guarantee points are returned to the original payment method, and all parties are authorized to query the notarization data; if the notarization fails, the guarantee points of the responsible party for the violation are locked and a penalty is imposed according to the smart contract rules, while the guarantee points of other participating parties are returned to the original payment method.

3. The blockchain-based business process approval and evidence storage method according to claim 2, characterized in that: The specific steps of system initialization and certificate issuance in step S1 are as follows: S1.1 System Initialization: 1) The service provider (SP) executes the SM2 initialization algorithm. Generate system parameters: Input security parameters Output system parameters ,in For the safety of large prime numbers, For based on finite field, for The equation of the elliptic curve on the curve is... yes The upper level is The basis, hash function ; Afterwards, the SP distributes the system parameters to each participant. 2) Each participating party Execute the SM2 key generation algorithm Generate a key pair for signing. : Input system parameters Choose a random number As a private key Calculate the public key ; S1.2 Digital Certificate Issuance: The Certificate Authority (CA) possesses the key pair for issuing SM2 certificates. Participants Submit a certificate issuance request to the CA and provide the public key. and identity information; CA verification After the identity is verified, use the private key. right public key Digitally sign the identity information to generate a digital certificate conforming to the X.509 standard. Then return it to the participating parties. .

4. The blockchain-based business process approval and evidence storage method according to claim 2, characterized in that: The specific steps for off-chain process approval and signing in step S2 are as follows: S2.1 Approval process initialization: user Initiate a business application and upload relevant business documents. This triggers the system's automated approval process; the service provider (SP) performs the following approval process initialization operations: first, upload the file to... Store the data and generate a unique file identifier. Then, generate a list of approval process sequences. and initialize the signature stack. ,in, , Participants Digital certificates; preset length and The triplets are of equal length and are used to store the signatures of each participant; the service provider will store the triplets. Distribute to all participants and notify each approving signatory to follow the list. The documents are reviewed and signed in the following order; S2.2 Sequential Approval and Signature: S2.2.1, Participating Parties and Generate a symmetric session key using the SM2 key negotiation protocol. key As the key for the SM4 symmetric encryption algorithm, it is used for and Encrypted file transfer between ; S2.2.2, User Execute the SM2 signature algorithm Generate file hash The signature is as follows: 1) Input parameters Private key and signature content Choose a random number Calculate points on the elliptic curve ;in For the safety of large prime numbers, For based on finite field, for The equation of the elliptic curve on the curve is... yes The upper level is The basis, hash function ; 2) Calculation ,like or If the result is negative, return 1) and regenerate a random number. random numbers Selection requires guarantee. and ; 3) Calculation ,like If the result is negative, return 1) and regenerate a random number. random numbers Selection requires guarantee. ; 4) Output signature ; S2.2.3, User After signing is completed, send the signature to the SP. Request the current timestamp A commitment to obtain a signed timestamp ,in, For hash functions, For signature The generated timestamp, It is a random value; S2.2.4, User Signature and commitment Add to the signature stack to generate the signature stack. Next, the user executes the SM4 symmetric encryption algorithm. generate ciphertext ;user Send ciphertext and signature stack For the next signer ; S2.2.5, Signatory receive ciphertext sent and signature stack Afterwards, verification The signature; 1) First, Running the SM4 decryption algorithm ,Will Decrypt to obtain plaintext ;calculate ,examine If the condition is not met, the verification fails; if it is met, proceed to the next verification step. ; 2) Next, read the data from the top of the stack. Then, the SM2 signature verification algorithm is used. Verify signature Validity: Input parameters ,user public key and signature ,examine and If the condition is not met, the verification fails; otherwise, the calculation is performed. , ,like If the result is positive, the verification is successful; otherwise, the verification fails. 3) If Signature verification failed or If the contents of the document are not agreed upon, the situation will be broadcast to all participating parties, along with their identity certificates. and the current signature stack The Service Provider (SP) then pauses the current process, analyzes the cause of the anomaly, cleans up relevant temporary states, ensures all participants have synchronized to the initial state, and notifies the user to re-initiate the signature process. If signature verification is successful, the signer... For the previous signature and commitment in the signature stack Perform the signing process, detailed in step S2.2.2, and generate the signature. ; S2.2.6、 After signing is completed, send the signature to the SP. Request the current timestamp A commitment to obtain a signed timestamp ,in, For signature The generated timestamp, It is a random value; S2.2.7、 After obtaining a timestamp commitment to the signature, the signature will be... Add to the signature stack to generate the signature stack. ; Running the SM4 symmetric encryption algorithm generate ciphertext and send encrypted text and signature stack Give it to the next signer; S2.2.8, Signatory The signature verification process will continue to repeat steps S2.2.5; first, upon receiving... ciphertext sent and signature stack Then, run the SM4 decryption algorithm. Decryption get ,examine Whether it is true or not; secondly, read the signature data from the stack. , and Then, the SM2 signature verification algorithm is used. Verify the previous signature The effectiveness, among which, User The public key. If signature verification fails or If the content of the document is not agreed upon, the situation will be broadcast to all participating parties, along with the identity certificate of the current signatory. and signature stack The SP then pauses the current process to analyze the cause of the anomaly. If the failure is due to signature verification, it reverts to the previous step, and the process is restarted by the previous signer. Re-initiate the approval and signing process; if the user disagrees with the document content, the SP will clear the relevant temporary state, ensure all participants have synchronized to the initial state, and notify the user to re-initiate the signing process. If the signature is valid, the signer... For the previous signature and commitment Perform the signature and execute the SM2 signature algorithm. Generate signature ; S2.2.9, Signatory After signing is complete, the process in S2.2.6 will be repeated to obtain the timestamp commitment for the signature; it then sends the signature to the SP. Request the current timestamp Receive commitment ,in, For signature The generated timestamp, It is a random value; S2.2.10, Signatory After obtaining the timestamp commitment to the signature, the operation in S2.2.7 will be repeated to update the signature stack and pass it on to the next signer; first, the signature... Add to the signature stack to generate the signature stack. Afterwards, the signatories Running the SM4 symmetric encryption algorithm Will Encrypt and generate ciphertext. and send encrypted text and signature stack Give it to the next signer; S2.2.11, When the last signatory After signing is completed, check the signature stack information. A broadcast is conducted, and each participant verifies the signature content and order of the signature stack; specifically, each participant... View your signature Whether it has been tampered with, and whether its position in the signature stack has been altered; at the same time, verifying the signature using the SM2 signature algorithm. Verify signature The validity of the verification is checked; if all participants pass the verification, the process proceeds to the on-chain phase, whereby... Initiate a request to upload to the blockchain and submit the file identifier. and signature stack Otherwise, the agreement will be terminated, and the SP will handle the exception.

5. The blockchain-based business process approval and evidence storage method according to claim 2, characterized in that: The specific steps of on-chain data notarization and auditing in step S3 are as follows: S3.1 Deposit Transaction Generation: After initiating the on-chain request, the service provider (SP) calls the smart contract interface to publish the raw timestamp data of each participant. Next, the various approving and signing parties Independently calling the smart contract's Deposit transaction request locks a certain amount of reputation points as a guarantee of its honest participation in the process; specifically as follows: S3.1.1 Submitting a transaction application: To invoke the smart contract, input the following parameter: the credit score for the guarantee. Identity Certificate Document Identifier Signature data and committed data ; S3.1.2 Verify signature file consistency: Smart contract check If the submitted document identifiers are consistent, proceed to the next stage; otherwise, the process ends and the transaction application is terminated. S3.1.3 Verify signature stack consistency: The smart contract checks the signer. Submitted signature data and commitment Is it related to the signature stack? To maintain consistency, in order to prevent The signature stack may be tampered with during submission or by other signers; specifically, the smart contract first traverses the signature stack. Verification in the index Does the corresponding data match? If the submitted signature data and commitment data are equal, proceed to the next stage; otherwise, the process ends and the transaction application is terminated. S3.1.4 Verify the correctness of the timestamp: Based on the original timestamp data submitted by the SP, the smart contract calculates... ,examine Is it equal to If all signed promises If yes, proceed to the next stage; otherwise, the process ends and the transaction application is terminated. S3.1.5 Verify Points Balance: Smart Contract Verification Points balance Does it meet the requirements? If the points balance is [not specified] Credit score greater than or equal to the guarantee ,Right now Then, an points voucher will be generated. Otherwise, the process ends and the transaction application is terminated. S3.1.6, Deposit transactions on-chain: Smart contracts will... parameters The data is packaged into transaction data and submitted to the Process Chain Network (PCN), awaiting node verification and recording in the block; after the transaction is on-chain, the signer... The guarantee points have been officially locked, and their signature behavior is related to... Binding; S3.1.7 Smart Contract Status Update: After all participants have completed the Deposit transaction, the smart contract status is updated to "Depositable" status; S3.2 Signature Stack Verification and Evidence Storage The notarization transaction is initiated to enter the notarization stage; the smart contract verifies the signatures in the signature stack. If the verification is successful, the smart contract writes the final signature stack and file identifier into the PCN and releases the points of all signers; otherwise, the violator is traced and their points are confiscated. S3.2.1 Signature Stack Verification: Smart Contract Verification Submitted signature stack Is it correct? The smart contract calls the stack pop algorithm to obtain the signature data in the stack. And perform batch verification on the signatures, among which , ; 1) Inspection and Check if it is true or false; if it is false, the verification fails; if it is true, continue the check. 2) Calculation ,in 3) Calculation ,calculate ,calculate 4) Calculation ,calculate ,like If the result is positive, the verification is successful; otherwise, the verification fails. If verification fails, proceed to steps S3.2.2-S3.2.3 to audit and hold accountable those responsible for the invalid signature; if verification succeeds, proceed to step S3.2.4 to preserve the signature result. S3.2.2 Sequential Backtracking Verification and Responsibility Determination: The smart contract sequentially calls the SM2 signature verification algorithm. verify The effectiveness; for Running the algorithm Perform verification; if any Make a signature If verification fails, the signer will be identified. Violation; S3.2.3, Violation Handling: When signature verification fails, the smart contract updates its status to "Terminated", triggers a Claim transaction, forfeits the guarantee points of the violator, and releases the guarantee points of other signers. S3.2.4, On-chain storage of signature results: If all signatures in the signature stack are successfully verified, the smart contract executes the storage transaction, storing the signature stack... and file identifier Submitted to the PCN network; once the transaction is confirmed and written to a block, the smart contract status is updated to "completed" and a Claim transaction is triggered, releasing the collateral points of all signers; S3.3, Viewing the signature result chain: When the signature stack... After successful on-chain evidence storage, the user Other participants can enter the transaction hash value to view the approval results and evidence storage information on the blockchain.

Images