CN110069908A - A kind of authority control method and device of block chain - Google Patents
A kind of authority control method and device of block chain Download PDFInfo
- Publication number
- CN110069908A CN110069908A CN201910287244.5A CN201910287244A CN110069908A CN 110069908 A CN110069908 A CN 110069908A CN 201910287244 A CN201910287244 A CN 201910287244A CN 110069908 A CN110069908 A CN 110069908A
- Authority
- CN
- China
- Prior art keywords
- authorization
- resource
- authorized
- token
- authorization token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The embodiment of the invention provides the authority control methods and device of a kind of block chain, are related to techno-financial technical field, this method comprises: certifying organization receives the checking request that resource side is sent, the checking request includes authorization Token;The certifying organization is searched by block chain and is made a summary with the matched authorization of the authorization Token;The authorization abstract for the authorization Token that each authorized party generates is stored in the block chain;The certifying organization is finding with after the matched authorization abstract of the authorization Token, and the resource side Xiang Suoshu sends and is verified message.
Description
Technical field
The present embodiments relate to techno-financial technical field more particularly to a kind of authority control methods and dress of block chain
It sets.
Background technique
With the development of computer technology, more and more technical applications are in financial field, and traditional financial industry is gradually
Change to financial technology (Finteh), Single Sign-On Technology Used is no exception, but since the safety of financial industry, real-time are wanted
It asks, the higher requirement that also technology is proposed.
Single-sign-on, (Single Sign-On, SSO) are the processes of a user authentication, and user is allowed disposably to carry out
After certification, so that it may different application in access system;It is each in application, re-entering user and password without to access.
SSO logs in the user in all domains of enterprises and user account management is brought together, it is possible to reduce
User logs in the time of consuming in not homologous ray, reduces a possibility that user logs in error, avoids while realizing safe
Processing and the authentication information for saving more set system users reduce system manager and increase, delete user and modification user right
Time, increase safety: system manager has better method management user, including can be by directly forbidding and deleting
Cancel the user except user to the access authority of all system resources.
Currently, in the case where number of users, portfolio rapid growth, being easy to appear rule when carrying out permission control to SSO
Then the problem of storm;In addition, authorized party is during user carries out rights management, there is the possibility done evil in the prior art
Property, it not can guarantee the safety of authorization.
Summary of the invention
Since account limited authority is in the default access of role in the authority control method currently based on role, in user
Number, in the case where portfolio rapid growth, it may appear that the problem of regular storm, the embodiment of the invention provides a kind of block chains
Authority control method and device.
The embodiment of the present invention provides a kind of authority control method of block chain, which comprises
Certifying organization receives the checking request that resource side is sent, and the checking request includes the logical card Token of authorization;
The certifying organization is searched by block chain and is made a summary with the matched authorization of the authorization Token;In the block chain
It is stored with the authorization abstract for the authorization Token that each authorized party generates;
The certifying organization is finding with after the matched authorization abstract of the authorization Token, and the resource side Xiang Suoshu is sent
It is verified message.
The authorization Token that certifying organization is authorized by verifying authorized party, rather than verifying authorization rule in the prior art, keep away
Exempted from block chain be arranged the rules of competence it is excessive, it is caused rule storm the problem of, and ensure that authorization Token privacy
Property.In addition, making a summary since authorization Token stores corresponding authorization by block chain, so that the safety of authorization Token obtains
To guarantee, avoiding authorized party is during user carries out rights management, there is a possibility that doing evil.
A kind of possible implementation, the method also includes:
The certifying organization receives the upload request that authorized party sends, and includes authorization Token in the upload request;
The certifying organization verify it is described authorization Token in authorized party it is legal and it is described authorization Token in authorization in
Holding includes the resource authorized, then the authorization abstract of the authorization Token is uploaded to the block chain.
Authorization Token stores corresponding authorization by block chain and makes a summary, and verifying authorization Token's is legal on chain
Property, so that the safety of authorization Token is guaranteed, avoiding authorized party is during user carries out rights management, to exist
A possibility that doing evil.
A kind of possible implementation is also stored with account information in the block chain, and the account information includes account
With the corresponding relationship of the corresponding relationship of attribute, attribute and access authorization for resource;
The authorized party that the certifying organization verifies in the authorization Token is legal, comprising:
According to the corresponding relationship of the account and attribute, the attribute of the authorized party is determined;
Whether according to the corresponding relationship of the attribute and access authorization for resource, determining has described award in the attribute of the authorized party
Weigh the access authority of the authorized content in Token;
If so, then determining that the authorized party of the authorization Token is legal.
By the corresponding relationship of account and attribute, the access authority of authorized party is verified according to the attribute of authorized party, is reduced
The complexity of verification process, and due to reducing the corresponding rules of competence of account for needing to store, further avoid regular wind
Sudden and violent problem.
A kind of possible implementation, the authorization Token are that authorized organization generates.
Authorization Token is generated by authorized organization, authorized party is further avoided and generates authorization Token privately, raising is awarded
Weigh the safety of Token.
On the one hand, the embodiment of the present invention provides a kind of authority control method of block chain, which comprises
Resource side obtains the access request for first resource that resources requesting party sends;The access request includes authorization
Token;The authorization Token includes authorized party and authorized content;
When the resource side determines that the access request meets the first access conditions for accessing the first resource, Xiang Suoshu
Resources requesting party sends the first source of the money;First access conditions is to be found and the authorization Token by block chain
Matched authorization is made a summary, the authorized party in the authorization Token is legal and the authorized content authorized in Token includes described
First resource;The authorization abstract for the authorization Token that each authorized party generates is stored in the block chain.
Resources requesting party is by carrying authorization Token, so that resource side verifies authorization Token, is awarded by verifying
The legitimacy of Token, and the authorized content of authorization Token, various verifyings such as permission of authorized party are weighed, ensure that verifying knot
The validity of fruit, the authorization Token that resource side is authorized by verifying authorized party, rather than verifying authorization rule in the prior art,
Avoid on block chain be arranged the rules of competence it is excessive, it is caused rule storm the problem of, and ensure that authorization Token privacy
Property.Also, it makes a summary since authorization Token stores corresponding authorization by block chain, the conjunction of verifying authorization Token on chain
Method, so that the safety of authorization Token is guaranteed, avoiding authorized party is during user carries out rights management, to deposit
A possibility that doing evil.
A kind of possible implementation, the access request further include authorized party's signature;
Before the resource side determines that the access request meets the access conditions for accessing the first resource, further includes:
The resource side is signed by the authorized party determines that the authorization Token is authorized party publication;It is described
Authorized party's signature is what the authorized party signed to the authorization Token of generation.
By way of digital signature, the safety of authorization Token is further increased.
A kind of possible implementation, the resource side determine that the access request meets the first visit for accessing the resource
Before asking condition, further includes:
The resource side determines that the access request is unsatisfactory for accessing the second access conditions of the resource;Described second visits
Ask condition be the resources requesting party account be recorded in the account information for the first resource have access right
The account of limit.
By the permission for verifying the corresponding account of resources requesting party in advance, it is ensured that verifying it is comprehensive, that improves verifying has
Effect property.
A kind of possible implementation, the authorized content include the attribute of authorization;In authorization in the authorization Token
Holding including the first resource is to be determined according to following manner:
According to the attribute of the authorization, in the attribute and the corresponding relationship of access authorization for resource, the category of the authorization is searched
Whether the corresponding resource of property includes the first resource;
If it is determined that including the first resource, it is determined that the authorized content in the authorization Token includes first money
Source.
By the attribute of setting authorization, so that the authorization and verifying of authorization Token are more flexible, and authorization is had compressed
The field of Token shortens the transmission time of verifying, can pass through the corresponding resource of attribute of the attribute or authorization of verifying authorization
Verifying authorization Token, provides more optional verification modes, improves verification efficiency.
A kind of possible implementation, the authorized content include the resource of authorization;In authorization in the authorization Token
Holding including the first resource is to be determined according to following manner:
If it is determined that the resource of the authorization in the authorized content includes the first resource, it is determined that the authorization Token
In authorized content include the first resource.
By the resource of setting authorization, the verification time is shortened, verification efficiency is improved.
On the one hand, the embodiment of the present invention provides a kind of permission control device of block chain, and described device includes:
Transmit-Receive Unit, for receiving the checking request of resource side's transmission, the checking request includes authorization Token;
Processing unit is made a summary for being searched by block chain with the matched authorization of the authorization Token;In the block chain
It is stored with the authorization abstract for the authorization Token that each authorized party generates;
The Transmit-Receive Unit, for find with after the authorization Token matched authorization abstract, the resource side Xiang Suoshu
Transmission is verified message.
On the one hand, the embodiment of the present invention provides a kind of permission control device of block chain, and described device includes:
Transmit-Receive Unit, for obtaining the access request for first resource of resources requesting party's transmission;The access request
Including authorized certificate Token;The authorization Token includes authorized party and authorized content;
Processing unit, when for determining that the access request meets the first access conditions for accessing the first resource, to
The resources requesting party sends the first source of the money;First access conditions is to be found and the authorization by block chain
The matched authorization of Token is made a summary, the authorized party in the authorization Token is legal and the authorized content packet authorized in Token
Include the first resource;The authorization abstract for the authorization Token that each authorized party generates is stored in the block chain.
On the one hand, the embodiment of the invention provides a kind of computer equipments, including at least one processing unit and at least
One storage unit, wherein the storage unit is stored with computer program, when described program is executed by the processing unit
When, so that the step of processing unit executes the authority control method of block chain.
On the one hand, the embodiment of the invention provides a kind of computer-readable medium, being stored with can be executed by terminal device
Computer program, when described program is run on the terminal device so that the terminal device execute block chain permission control
The step of method processed.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill in field, without any creative labor, it can also be obtained according to these attached drawings
His attached drawing.
Fig. 1 is a kind of application scenarios schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of the authority control method of block chain provided in an embodiment of the present invention;
Fig. 3 is a kind of flow diagram of the authority control method of block chain provided in an embodiment of the present invention;
Fig. 4 is a kind of flow diagram of the authority control method of block chain provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of the permission control device of block chain provided in an embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of the permission control device of block chain provided in an embodiment of the present invention;
Fig. 7 is a kind of structural schematic diagram of terminal device provided in an embodiment of the present invention.
Specific embodiment
In order to which the purpose of the present invention, technical solution and beneficial effect is more clearly understood, below in conjunction with attached drawing and implementation
Example, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein is only used to explain this hair
It is bright, it is not intended to limit the present invention.
In order to facilitate understanding, noun involved in the embodiment of the present invention is explained below.
Block chain: block chain is to verify to know together with storing data, using distributed node using block linked data structure
Algorithm is guaranteed the safety of data transmission and access with more new data, in the way of cryptography to generate, utilizes automatized script
The intelligent contract of code composition programs one kind completely new distributed basis framework and meter one or more with operation data etc.
Calculation mode.
In the embodiment of the present invention, a kind of authority control method of block chain is provided, can be applied to block chain network scene
In, to improve the safety of single-sign-on, the possibility for avoiding authorized party from doing evil.
It illustratively, include multiple network nodes 101, network in block chain network in block chain network as shown in Figure 1
It include the permission control device of block chain in node 101, network node 101 can be a server or several server groups
At server cluster, pass through wireless network connection between 101 node of network node.In the mechanism for safeguarding block chain, Mei Geji
Structure corresponds to one or more network nodes 101, the table real-time synchronization in block chain in each network node 101.For each network
Node, mechanism initiate transaction request by trading account in network node 101, and network node 101 is receiving transaction request
Afterwards, content to be operated is determined according to Transaction Information.Wherein, transaction request can be the access request of access resource, can also be with
For checking request etc..Corresponding, content to be operated can be access resource, or verifying authorization etc..Wherein, of the invention
In the resource mentioned can be resource URI.For example, data web page uniform resource locator (Uniform Resource
Location, URL), executable state shift application programming interfaces (Resource Representational State
TransferApplication Programming Interface, RESTful API), such as GET/POST/DELETE etc..
Then the corresponding trading account of content to be operated is determined from preset authority list, determine trading account and it is to be operated in
When holding the matching of corresponding rights account, the resource that user needs to access is returned to.It is generated in be operated after network node 101
The operation note is simultaneously sent to other network nodes 101 in block chain network by the operation note of appearance, and operation note includes
The authority content and trading account of content identification, content to be operated to be operated.
User on block chain possesses different roles, while having different access authority, user to different resources
There is the demands of permission grant.Due in conventional security field, authorizing general logical in right management method in the prior art
SSO Token is crossed to indicate, but SSO Token is grafted directly to the problem of will appear regular storm on block catenary system.Each
Permission all cochains without distinction, authorization type is single, needs to be arranged a large amount of rules of competence, and each permission is when in use
It needs to check on chain, in the case where number of users, portfolio rapid growth, i.e., when portfolio is larger, it may appear that regular storm
Problem, i.e., excessive rule make traditional database all be difficult to receive.
Based on the above issues, the embodiment of the invention provides a kind of process of the authority control method of block chain, this method
Process can be executed by the permission control device of block chain, as shown in Figure 2, comprising the following steps:
Step 201: certifying organization receives the checking request that resource side is sent, and the checking request includes authorization Token;
Wherein, authorization Token is used to describe the unit of authorization message, can be expressed as a json character string.Authorization
The field of Token may include: authorize Token Universally Unique Identifier (Universally Unique Identifier,
UUID), for indicating the unique identification of authorization Token;Authorize original subscriber's block chain address;Authorize purpose user blocks chain address
(can be with wildcard);Authorized content;Authorize time of origin;Authorization terminates the time;Authorized user's digital signature etc..Resource side is resource
Holder.
Step 202: certifying organization is searched by block chain and is made a summary with the matched authorization of the authorization Token;The block
The authorization abstract for the authorization Token that each authorized party generates is stored in chain;
Step 203: certifying organization find with after the authorization Token matched authorization abstract, the resource side Xiang Suoshu
Transmission is verified message.
Due to generating authorization Token according to authorized party, the authorized content of Token is authorized not need to be stored in authority list completely
In, therefore when the account of resources requesting party initiation access request, it can be realized by way of verifying authorized party and authorization Token
Permission control to access resource.Since authorized party is when generating authorization Token, it is not necessarily intended in write-in authority list, authorized party
The concrete power limit of account can be freely set according to the permission of itself, and based on actual needs to the authorized content of authorization Token
Additions and deletions are carried out, to realize to the free additions and deletions of the permission of authorization, strictly all rules all cochains is avoided, leads to asking for regular storm
Topic, and improve the secret protection of authorization Token.
In step 201, authorized party can create authorization Token for resources requesting party.Wherein, resources requesting party can be
Any user in single-node login system, or any account registered on block chain.
Wherein, specific generating process may include:
Authorized party is according to authorization target account (can be resources requesting party in conjunction with above-mentioned scene), authorized party's account, authorization
Content, authorization beginning and ending time, generate the authorization Token of specified format.Authorized party can be carried out outside chain as resources requesting party's wound
Authorization Token is built, for example, authorized organization can be the equipment outside chain.Authorized organization is after verifying, so that it may will authorize
Token is sent to resources requesting party.
It is then management by the corresponding account of management node for example, management node can be elected from block chain network
Member's account, only administrator's account can become authorized party, and non-administrator's account is without authorization function.
In the embodiment of the present invention, the authorized content of Token is authorized, may include the authorization of attribute, resource both types
Content.Wherein, attribute authority: refer to that authorized party can use some attribute authority of oneself to resource side.It should be noted that
Attribute can be any feature of account, such as the role of account, the geographical location of account, the features such as access time, herein not
It limits.Resource authorization: refer to that oneself can be licensed to resources requesting party to the access authority of some resource and used by authorized party.
Specifically, authority information can store in authority list, and the control that defines the competence uses rule.One account is being set
When to the permission of some table, the account corresponding authority records are added in authority list.Optionally, authority list is located at block chain
In block, in renewal authority table, updated authority list comes into force in next block of current block, for example, in authority list
When the new authority records of middle addition, new block is generated after current block, and new authority records are stored in the block master of new block
In body.For example, generating new block after current block when modification authority records A in authority list, modified permission being remembered
Record A is stored in the block main body of new block.
In specific implementation, authority list can be operated using preset permission contract-defined interface.Permission contract-defined interface can
To include write-in interface, removal interface, query interface etc..Interface is written, authority records is arranged by table name and account address,
Return to the record number of setting.The record of setting will be stored in authority list, and refusal repeats that identical authority records are arranged, i.e., directly returns
Return 0.The authority records that interface removes setting by table name and account address are removed, the record number of removal is returned.Query interface
By the authority records of table name inquiry setting, record is returned in the form of json character string, which remembers for search access right
Record.
A kind of possible implementation, authority list may include attribute credit and property rights table.Wherein, attribute account
Attribute and the corresponding account of each attribute in the account of table storage registration.Record in attribute credit can be registration
Side's write-in, or authorized party's write-in.The visit of the corresponding resource of each attribute in the account of property rights table storage registration
Ask permission.
A kind of possible implementation, the authorized content include the attribute of authorization;
The attribute of the resource of authorized party's authorization according to needed for authorization target account and the authorization target account, determination are awarded
Weigh the authorized content of Token.
Wherein, it is that authorization target account is arranged that the attribute of the authorization target account, which can be authorized party, or
Authorize target account in registration, the authorization target account setting is in the side of registration, it is not limited here.
By the corresponding relationship of account and attribute, the access authority of authorized party is verified according to the attribute of authorized party, is reduced
The complexity of verification process, and due to reducing the corresponding rules of competence of account for needing to store, further avoid regular wind
Sudden and violent problem.
For authorization target account in registration, as the scene of the authorization target account setting, registration can for the side of registration
When authorizing target account registration, block chain is written in the attribute of the authorization target account.For example, by the authorization target
In the attribute of account and the account write-in account attributes table of authorization target account.Authorized party can according to the account attributes table,
Determine the corresponding attribute of account of the authorization target account.
Due to the account attributes table on block chain be it is disclosed, for improve authorization Token safety, and reduce rule
Setting avoids regular storm that from can authorizing target using new setting when authorized party is authorization target account setting authorization Token
The mode of the attribute of account authorizes the authorization attribute in Token to be not written into the account of authorization target account.
Corresponding, the authorized content in the authorization Token includes that the first resource can be determined according to following manner
:
Certifying organization is according to the attribute of the authorization, in the attribute and the corresponding relationship of access authorization for resource, described in lookup
Whether the corresponding resource of the attribute of authorization includes the first resource;
Certifying organization is if it is determined that include the first resource, it is determined that the authorized content in the authorization Token includes institute
State first resource.
By the attribute of setting authorization, so that the authorization and verifying of authorization Token are more flexible, and authorization is had compressed
The field of Token shortens the transmission time of verifying, can pass through the corresponding resource of attribute of the attribute or authorization of verifying authorization
Verifying authorization Token, provides more optional verification modes, improves verification efficiency.
A kind of possible implementation to improve the safety of authorization Token, and reduces the setting of rule, avoids rule
Storm can be using the access authorization for resource of new setting authorization target account when authorized party is authorization target account setting authorization Token
Mode, i.e., authorization Token in authorization resources be not written into authority list.
Specifically, the authorized content includes the resource of authorization;
The resource of authorized party's authorization according to needed for authorization target account, determines the authorized content of authorization Token.
Authorizing the authorized content in Token is authorization resources.
Corresponding, the authorized content in the authorization Token includes that the first resource can be determined according to following manner
:
If it is determined that the resource of the authorization in the authorized content includes the first resource, it is determined that the authorization Token
In authorized content include the first resource.
By the resource of setting authorization, the verification time is shortened, verification efficiency is improved.
For the safety for improving authorization Token, the private key that authorized party can be used signs to authorization Token.
Wherein, the private key of authorized party is the public key number that authorized party generated and stored each account when registering on block chain
According to.Specifically, it is created an account for user, generates the public private key pair of account, public key is stored in public key data contract;Certainly, may be used
Think that user uploads the public key for meeting algorithmic format requirement, verifies and store.
A kind of possible implementation, the authorization Token are that authorized organization generates.The authorized organization is block chain
Outer mechanism, or the mechanism on block chain;The certifying organization can be the mechanism on block chain, or block
Mechanism outside chain.
Authorization Token is generated by authorized organization, authorized party is further avoided and generates authorization Token privately, raising is awarded
Weigh the safety of Token.
A kind of possible implementation authorizes Token whole cochain.At this point, cochain logic by specific user turn at
For intelligent contract, rule and the equal the whole network of execution are as it can be seen that be not necessary to additional moral hazard.Secondly, authority record can reduce one
Field reduces storage overhead and following index time overhead.
A kind of possible implementation, the whole not cochains of authorization Token.At this point, the safety of authorization Token can pass through
The digital signature of authorized user guarantees.Sign test algorithm time overhead can be allowed to substantially reduce by executing outside chain.
A kind of possible implementation authorizes the cochain mode of Token can be by Lian Wai mechanism cochain, and Lian Wai mechanism can
Think the authoritative maintenance side of at least one determined, authoritative maintenance side is for safeguarding authorization data record sheet.
When each authorized party needs to authorize Token cochain, upload request is sent at least one authoritative guardian.
The outer tool of the chain of authoritative guardian's cochain can be realized according to the process of the scheme in the embodiment of the present invention, and be received
Audit and supervision.The outer tool of chain can be SDK/RESTful Client.
The field for increasing cochain person signature in authority record in authorization data record sheet, according to cochain person signs
The private key of authoritative guardian generates.
To reduce the storage content of block chain, and the safety of authorization Token is improved, authorized party can be to oneself creation
Authorize Token cochain.In the specific implementation process, the method also includes:
Certifying organization receives the upload request that authorized party sends, and includes authorization Token in the upload request;
Certifying organization verify it is described authorization Token in authorized party it is legal and it is described authorization Token in authorized content packet
The resource of authorization is included, then the authorization abstract of the authorization Token is uploaded to the block chain.
Upload request can be handled by the node on chain.It specifically includes:
Step 1, certifying organization can check whether authorization Token content is legal.
In the specific implementation process, can certifying organization can correctly be solved by checking the digital signature of authorization token
The public key value of authorized party out.If it is then executing step 2;Otherwise, step 4 is executed.
Step 2: certifying organization calls attribute management module checks whether the authorization is effective.
The verifying logic of authorization can be outside chain, can also be on chain.Certifying organization is received any including authorization Token
Request be both needed to verifying authorization Token validity, signature.
Specifically, whether detection authorized party has the access authority of corresponding authorization resources.If nothing thens follow the steps four;It is no
Then, step 3 is executed;
Step 3: certifying organization will authorize Token to generate on Hash deposit chain.
Specifically, the authorization data table that can be stored on block chain, and return to table item index on the chain of authorized party.
A kind of possible implementation, authorizing the authorization abstract of Token can be the cryptographic Hash of authorization Token.It is stored in chain
The authority record of upper authorization data record sheet may include following field: UUID;Hash value: with summarization generation algorithm, such as sha3,
The digest value of generation.
Authorization Token stores corresponding authorization by block chain and makes a summary, and verifying authorization Token's is legal on chain
Property, so that the safety of authorization Token is guaranteed, avoiding authorized party is during user carries out rights management, to exist
A possibility that doing evil.
For the safety for improving verifying Token, authorization data record sheet only allows certifying organization unidirectionally to access;Every record
Once it is newly-increased, it can not modify.
In the specific implementation process, as shown in figure 3, the data in the verifying logic of certifying organization and authorization data table are divided
From corresponding verifying contract is served only for certifying organization and carries out verifying authorization Token, and certifying organization supports upgrading and Data Migration.
In authorization data table, there is validity period in every record, be stored with two class authorities record:
I. attribute authority records: the data of every attribute authority record indicate plucking there are the authorization Token of attribute type
It wants, that is, the account of existing same alike result can authorize other people to be multiplexed same attribute.
Ii. resource authorization records: the data of every resource authorization record indicate plucking there are the authorization Token of resource type
It wants, that is, the account of existing same operation permission can authorize other people to access certain resource.
The content of two above table can disclose inquiry, the authorization of every authority record for all nodes on block chain
Side can modify for authority record.
Step 4: certifying organization returns to upload request failure news to authorized party.
Embodiment in order to preferably explain the present invention describes the embodiment of the present invention below with reference to specific implement scene and provides
A kind of block chain authority control method, this method can execute by network node, can also be to be executed outside chain, this method include
Following steps:
Step 1: authorization direction authorized organization sends the generation request of authorization Token;
Wherein, authorizing in the generation request of Token includes the parameter for authorizing Token, i.e. authorization target account is (in conjunction with above-mentioned
Scene can be resources requesting party), authorized party's account, authorized content, authorization beginning and ending time, digital signature etc..
Step 2: authorized organization carries out validity checking to the parameter of authorization Token, passes through if checked, execute step
Rapid three;Otherwise, step 5 is executed;
Step 3: authorized organization generates authorization Token, and the private key being passed to using authorized party signs authorization Token
Name;
Step 4: the authorization Token of generation is sent to authorized party by authorized organization;
Step 5: authorized organization returns to the message of failed regeneration to authorized party.
Embodiment in order to preferably explain the present invention describes the embodiment of the present invention below with reference to specific implement scene and provides
A kind of block chain authority control method, this method can execute by network node, can also be to be executed outside chain, this method include
Following steps:
Step 1: authorization direction certifying organization sends the authorization Token to have signed;
Step 2: certifying organization checks the parameter legitimacy of authorization Token;Validity period, label including verifying authorization Token
Name.If inspection passes through, three are thened follow the steps;Otherwise, step 5 is executed;
Step 3: certifying organization's access authority table, checks whether the authorized content of authorization Token is authentic and valid.For example, really
Determining the access authorization for resource whether authorized party is stated can be used for authorizing.If inspection passes through, four are thened follow the steps;Otherwise, it holds
Row step 5;
Step 4: certifying organization determines the hash value of authorization Token, and it is stored in authorization data table on chain;Return to authorization
The record of the successful information of Fang Shangchuan and/or authorization data table.
Embodiment in order to preferably explain the present invention describes the embodiment of the present invention below with reference to specific implement scene and provides
A kind of block chain authority control method, this method can execute by network node, can also be to be executed outside chain, this method include
Following steps:
Step 1: resource side uploads the authorization Token for needing to verify;
A kind of possible implementation, resource side is also corresponding to the authorization Token on optional incoming resources requesting party's chain
Information is recorded on chain, for example, the index of the authorization abstract of authorization Token, to be authorized described in certifying organization's fast verification
Token。
Step 2: certifying organization carries out parameter validity checking to authorization Token;If so, executing step 3;Otherwise,
Execute step 5;
Specifically, certifying organization's access attribute management module, checks whether the authorized content of authorization Token is authentic and valid,
The resource for the authorized party of Token being authorized whether to be stated can be used to authorize;
Step 3: being determined if record information is not empty, on certifying organization's access chain authority record table on incoming chain
The hash value for the authorization Token for needing to verify is compared, and whether consistent with hash value comparison in authority record table.If so, holding
Row step 4;Otherwise, step 5 is executed;
The authorization Token verified is needed to be proved to be successful Step 4: determining that the resource side uploads;
Step 5: determining that the resource side uploads the authorization Token authentication failed for needing to verify.
It should be noted that step 3 can exchange verifying sequence with step 4, it is not limited here.
As shown in figure 4, the embodiment of the present invention provides a kind of authority control method of block chain, method includes:
Step 401: resource side obtains the access request for first resource that resources requesting party sends;
Wherein, the access request includes authorized certificate Token;The authorization Token includes authorized party and authorized content;
Step 402: when resource side determines that the access request meets the first access conditions for accessing the first resource, to
The resources requesting party sends the first resource;
Wherein, first access conditions be found by block chain make a summary with the matched authorization of the authorization Token,
It is described authorization Token in authorized party it is legal and it is described authorization Token in authorized content include the first resource;The area
The authorization abstract for the authorization Token that each authorized party generates is stored in block chain.
Resources requesting party is by carrying authorization Token, so that resource side verifies authorization Token, is awarded by verifying
The legitimacy of Token, and the authorized content of authorization Token, various verifyings such as permission of authorized party are weighed, ensure that verifying knot
The validity of fruit, the authorization Token that resource side is authorized by verifying authorized party, since authorized party is when generating authorization Token, no
It has in write-in authority list, the concrete power limit of account can be freely arranged in authorized party according to the permission of itself, and based on practical
The authorized content to authorization Token is needed to carry out additions and deletions, the free additions and deletions with realization to the permission of authorization, rather than the prior art
Middle verifying authorization rule the problem of avoiding strictly all rules all cochains, lead to regular storm, and improves the hidden of authorization Token
Private protection.Also, it makes a summary since authorization Token stores corresponding authorization by block chain, the verifying authorization Token on chain
Legitimacy so that authorization Token safety be guaranteed, avoid authorized party be user carry out rights management process
In, there is a possibility that doing evil.
A kind of possible implementation, the access request further include authorized party's signature;
Before the resource side determines that the access request meets the access conditions for accessing the first resource, further includes:
The resource side is signed by the authorized party determines that the authorization Token is authorized party publication;It is described
Authorized party's signature is what the authorized party signed to the authorization Token of generation.
By way of digital signature, the safety of authorization Token is further increased.
A kind of possible implementation, the resource side determine that the access request meets the first visit for accessing the resource
Before asking condition, further includes:
The resource side determines that the access request is unsatisfactory for accessing the second access conditions of the resource;Described second visits
Ask condition be the resources requesting party account be recorded in the account information for the first resource have access right
The account of limit.
By the permission for verifying the corresponding account of resources requesting party in advance, it is ensured that verifying it is comprehensive, that improves verifying has
Effect property.
Scheme proposed by the present invention is intended to obtain balance in flexibility and scalability.The multidimensional of authorized content, more granularities,
Authorization Token's can not distort.Authorized party can divide authorization type, and authorized party can award in attribute, resource two
It weighs in type, the ability of oneself is licensed into authorization target account, while allowing revocation.Authorize the authorization abstract of Token
It can store on block chain, due to only storing the authorization abstract of authorization Token, guarantee that its minimum is disclosed and can not be distorted.Therefore
And the influence of regular storm is greatly reduced, it is with good expansibility.
Embodiment in order to preferably explain the present invention describes the embodiment of the present invention below with reference to specific implement scene and provides
A kind of block chain authority control method, this method executes by network node, as shown in figure 4, method includes the following steps:
Step 1: resource request direction resource side sends resource request, the resource request includes authorization Token and chain
Upper authority record address;
Step 2: resource side checks that can resources requesting party directly meet access without using authorization Token
Second access resources supplIes of resource;If so, executing step 5, otherwise, step 3 is executed;
Step 3: resource side passes through certifying organization, verifying authorization Token.If being proved to be successful, five are thened follow the steps;Otherwise,
Execute step 6;
The method that detailed process is shown in the verifying authorization Token in above-described embodiment, details are not described herein.
Step 4: resource root checks whether authorization Token meets the first access according to the authorized content in authorization Token
Resources supplIes;If so, executing step 5;
Step 5: resource direction resources requesting party returns to the content of requested resource;
Step 6: resource direction resources requesting party returns to request failure news.
Based on the same technical idea, the embodiment of the invention provides a kind of priority assignation devices of block chain, such as Fig. 5 institute
Show, comprising:
Transmit-Receive Unit 501, for receiving the checking request of resource side's transmission, the checking request includes authorization Token;
Processing unit 502 is made a summary for being searched by block chain with the matched authorization of the authorization Token;The block
The authorization abstract for the authorization Token that each authorized party generates is stored in chain;
Transmit-Receive Unit 501, for find with after the authorization Token matched authorization abstract, the resource side Xiang Suoshu
Transmission is verified message.
A kind of possible implementation, Transmit-Receive Unit 501 receives the upload request that authorized party sends, in the upload request
Including authorizing Token;
Processing unit 502, for verify it is described authorization Token in authorized party it is legal and it is described authorization Token in awarding
Power content includes the resource of authorization, then the authorization abstract of the authorization Token is uploaded to the block chain.
A kind of possible implementation is also stored with account information in the block chain, and the account information includes account
With the corresponding relationship of the corresponding relationship of attribute, attribute and access authorization for resource;
Processing unit 502 determines the attribute of the authorized party for the corresponding relationship according to the account and attribute;Root
Whether according to the corresponding relationship of the attribute and access authorization for resource, determining in the attribute of the authorized party has in the authorization Token
Authorized content access authority;If so, then determining that the authorized party of the authorization Token is legal.
A kind of possible implementation, the authorized content include the attribute of authorization;Processing unit 502, for according to institute
The attribute for stating authorization, in the attribute and the corresponding relationship of access authorization for resource, the corresponding resource of attribute for searching the authorization is
No includes the first resource;If it is determined that include the first resource, it is determined that it is described authorization Token in authorized content include
The first resource.
A kind of possible implementation, the authorized content include the resource of authorization;Processing unit 502, be used for if it is determined that
The resource of authorization in the authorized content includes the first resource, it is determined that the authorized content packet in the authorization Token
Include the first resource.
A kind of possible implementation, the authorization Token are that authorized organization generates.
A kind of possible implementation, the authorized organization are the mechanism outside block chain, and the certifying organization is block chain
On mechanism;Or, the authorized organization and the certifying organization are the mechanism outside block chain.
Based on the same technical idea, the embodiment of the invention provides a kind of priority assignation devices of block chain, such as Fig. 6 institute
Show, comprising:
Transmit-Receive Unit 610, for obtaining the access request for first resource of resources requesting party's transmission;The access is asked
It asks including authorized certificate Token;The authorization Token includes authorized party and authorized content;
Processing unit 620, when for determining that the access request meets the first access conditions for accessing the first resource,
The first source of the money is sent to the resources requesting party;First access conditions is to be found and the authorization by block chain
The matched authorization of Token is made a summary, the authorized party in the authorization Token is legal and the authorized content packet authorized in Token
Include the first resource;The authorization abstract for the authorization Token that each authorized party generates is stored in the block chain.
A kind of possible implementation, the access request further include authorized party's signature;
Processing unit 620 determines the authorization Token for authorized party publication for signing by the authorized party
's;Authorized party's signature is what the authorized party signed to the authorization Token of generation.
A kind of possible implementation, processing unit 620, for determining that the access request is unsatisfactory for accessing the resource
The second access conditions;Second access conditions is that the account of the resources requesting party is the needle recorded in the account information
There is the account of access authority to the first resource.
Based on the same technical idea, the embodiment of the invention provides a kind of terminal devices, as shown in fig. 7, comprises at least
One processor 601, and the memory 602 connecting at least one processor do not limit processor in the embodiment of the present invention
Specific connection medium between 601 and memory 602 is connected as in Fig. 7 by bus between processor 601 and memory 602
Example.Bus can be divided into address bus, data/address bus, control bus etc..
In embodiments of the present invention, memory 602 is stored with the instruction that can be executed by least one processor 601, at least
One processor 601, which passes through, executes the instruction that memory 602 stores, in the authority control method that can execute block chain above-mentioned
Included step.
Wherein, processor 601 is the control centre of terminal device, can use various interfaces and connection terminal device
Various pieces, by running or executing the instruction being stored in memory 602 and calling is stored in number in memory 602
According to thus control authority.Optionally, processor 601 may include one or more processing units, and processor 601 can integrate application
Processor and modem processor, wherein the main processing operation system of application processor, user interface and application program etc.,
Modem processor mainly handles wireless communication.It is understood that above-mentioned modem processor can not also be integrated into
In processor 601.In some embodiments, processor 601 and memory 602 can be realized on the same chip, in some realities
It applies in example, they can also be realized respectively on independent chip.
Processor 601 can be general processor, such as central processing unit (CPU), digital signal processor, dedicated integrated
Circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array or other can
Perhaps transistor logic, discrete hardware components may be implemented or execute present invention implementation for programmed logic device, discrete gate
Each method, step and logic diagram disclosed in example.General processor can be microprocessor or any conventional processor
Deng.The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware processor and execute completion, Huo Zheyong
Hardware and software module combination in processor execute completion.
Memory 602 is used as a kind of non-volatile computer readable storage medium storing program for executing, can be used for storing non-volatile software journey
Sequence, non-volatile computer executable program and module.Memory 602 may include the storage medium of at least one type,
It such as may include flash memory, hard disk, multimedia card, card-type memory, random access storage device (Random Access
Memory, RAM), static random-access memory (Static Random Access Memory, SRAM), may be programmed read-only deposit
Reservoir (Programmable Read Only Memory, PROM), read-only memory (Read Only Memory, ROM), band
Electrically erasable programmable read-only memory (Electrically Erasable Programmable Read-Only Memory,
EEPROM), magnetic storage, disk, CD etc..Memory 602 can be used for carrying or storing have instruction or data
The desired program code of structure type and can by any other medium of computer access, but not limited to this.The present invention is real
Applying the memory 602 in example can also be circuit or other devices that arbitrarily can be realized store function, for storing program
Instruction and/or data.
Based on the same inventive concept, the embodiment of the invention provides a kind of computer-readable medium, being stored with can be by end
The computer program that end equipment executes, when described program is run on the terminal device, so that the terminal device executes block
The step of authority control method of chain.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method or computer program product.
Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the present invention
Form.It is deposited moreover, the present invention can be used to can be used in the computer that one or more wherein includes computer usable program code
The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (13)
1. a kind of authority control method of block chain, which is characterized in that the described method includes:
Certifying organization receives the checking request that resource side is sent, and the checking request includes the logical card Token of authorization;
The certifying organization is searched by block chain and is made a summary with the matched authorization of the authorization Token;It is stored in the block chain
The authorization abstract for the authorization Token for thering is each authorized party to generate;
The certifying organization is finding with after the matched authorization abstract of the authorization Token, and the resource side Xiang Suoshu sends verifying
Pass through message.
2. the method as described in claim 1, which is characterized in that the method also includes:
The certifying organization receives the upload request that authorized party sends, and includes authorization Token in the upload request;
The certifying organization verify it is described authorization Token in authorized party it is legal and it is described authorization Token in authorized content packet
The resource of authorization is included, then the authorization abstract of the authorization Token is uploaded to the block chain.
3. method according to claim 2, which is characterized in that be also stored with account information, the account in the block chain
Information includes the corresponding relationship of the corresponding relationship of account and attribute, attribute and access authorization for resource;
The authorized party that the certifying organization verifies in the authorization Token is legal, comprising:
According to the corresponding relationship of the account and attribute, the attribute of the authorized party is determined;
According to the corresponding relationship of the attribute and access authorization for resource, determine in the attribute of the authorized party whether there is the authorization
The access authority of authorized content in Token;
If so, then determining that the authorized party of the authorization Token is legal.
4. the method as described in claim 1, which is characterized in that the authorization Token is that authorized organization generates.
5. a kind of authority control method of block chain, which is characterized in that the described method includes:
Resource side obtains the access request for first resource that resources requesting party sends;The access request includes authorized certificate
Token;The authorization Token includes authorized party and authorized content;
When the resource side determines that the access request meets the first access conditions for accessing the first resource, Xiang Suoshu resource
Requesting party sends the first source of the money;First access conditions is to find to match with the authorization Token by block chain
Authorization abstract, it is described authorization Token in authorized party it is legal and it is described authorization Token in authorized content include described first
Resource;The authorization abstract for the authorization Token that each authorized party generates is stored in the block chain.
6. method as claimed in claim 5, which is characterized in that the access request further includes authorized party's signature;
Before the resource side determines that the access request meets the access conditions for accessing the first resource, further includes:
The resource side is signed by the authorized party determines that the authorization Token is authorized party publication;The authorization
Side's signature is what the authorized party signed to the authorization Token of generation.
7. method as claimed in claim 6, which is characterized in that the resource side determines that the access request meets described in access
Before first access conditions of resource, further includes:
The resource side determines that the access request is unsatisfactory for accessing the second access conditions of the resource;The second access item
Part is that the account of the resources requesting party is that the first resource that is directed to recorded in the account information has access authority
Account.
8. method as claimed in claim 5, which is characterized in that the authorized content includes the attribute of authorization;The authorization
Authorized content in Token includes that the first resource is to be determined according to following manner:
According to the attribute of the authorization, in the attribute and the corresponding relationship of access authorization for resource, the attribute pair of the authorization is searched
Whether the resource answered includes the first resource;
If it is determined that including the first resource, it is determined that the authorized content in the authorization Token includes the first resource.
9. method as claimed in claim 5, which is characterized in that the authorized content includes the resource of authorization;The authorization
Authorized content in Token includes that the first resource is to be determined according to following manner:
If it is determined that the resource of the authorization in the authorized content includes the first resource, it is determined that in the authorization Token
Authorized content includes the first resource.
10. a kind of permission control device of block chain, which is characterized in that described device includes:
Transmit-Receive Unit, for receiving the checking request of resource side's transmission, the checking request includes authorization Token;
Processing unit is made a summary for being searched by block chain with the matched authorization of the authorization Token;It is stored in the block chain
The authorization abstract for the authorization Token for thering is each authorized party to generate;
The Transmit-Receive Unit, for finding with after the matched authorization abstract of the authorization Token, the resource side Xiang Suoshu is sent
It is verified message.
11. a kind of permission control device of block chain, which is characterized in that described device includes:
Transmit-Receive Unit, for obtaining the access request for first resource of resources requesting party's transmission;The access request includes
Authorized certificate Token;The authorization Token includes authorized party and authorized content;
Processing unit, when for determining that the access request meets the first access conditions for accessing the first resource, Xiang Suoshu
Resources requesting party sends the first source of the money;First access conditions is to be found and the authorization Token by block chain
Matched authorization is made a summary, the authorized party in the authorization Token is legal and the authorized content authorized in Token includes described
First resource;The authorization abstract for the authorization Token that each authorized party generates is stored in the block chain.
12. a kind of computer equipment, which is characterized in that including at least one processing unit and at least one storage unit,
In, the storage unit is stored with computer program, when described program is executed by the processing unit, so that the processing is single
First perform claim requires the step of 1~4 or claim 5~9 any claim the method.
13. a kind of computer-readable medium, which is characterized in that it is stored with the computer program that can be executed by terminal device, when
When described program is run on the terminal device, so that terminal device perform claim requirement 1~4 or claim 5~9 are any
The step of the method.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910287244.5A CN110069908A (en) | 2019-04-11 | 2019-04-11 | A kind of authority control method and device of block chain |
PCT/CN2020/080519 WO2020207233A1 (en) | 2019-04-11 | 2020-03-20 | Permission control method and apparatus for blockchain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910287244.5A CN110069908A (en) | 2019-04-11 | 2019-04-11 | A kind of authority control method and device of block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110069908A true CN110069908A (en) | 2019-07-30 |
Family
ID=67367576
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910287244.5A Pending CN110069908A (en) | 2019-04-11 | 2019-04-11 | A kind of authority control method and device of block chain |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110069908A (en) |
WO (1) | WO2020207233A1 (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110619222A (en) * | 2019-08-21 | 2019-12-27 | 上海唯链信息科技有限公司 | Authorization processing method, device, system and medium based on block chain |
CN111191212A (en) * | 2019-12-31 | 2020-05-22 | 卓尔智联(武汉)研究院有限公司 | Block chain-based digital certificate processing method, device, equipment and storage medium |
CN111209113A (en) * | 2019-12-31 | 2020-05-29 | 卓尔智联(武汉)研究院有限公司 | Resource allocation method, device, equipment and storage medium based on intelligent contract |
CN111401902A (en) * | 2020-05-29 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Service processing method, device and equipment based on block chain |
CN111680274A (en) * | 2020-03-03 | 2020-09-18 | 支付宝(杭州)信息技术有限公司 | Resource access method, device and equipment |
WO2020207233A1 (en) * | 2019-04-11 | 2020-10-15 | 深圳前海微众银行股份有限公司 | Permission control method and apparatus for blockchain |
CN111865580A (en) * | 2020-07-13 | 2020-10-30 | 深圳前海益链网络科技有限公司 | token generation and verification method and device, computer equipment and storage medium |
CN112100610A (en) * | 2020-11-20 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | Processing method, device and equipment for login and user login related services |
TWI766430B (en) * | 2020-11-10 | 2022-06-01 | 林庠序 | De-centralized data authorization control system capable of dynamically adjusting data authorization policy |
CN114915454A (en) * | 2021-09-16 | 2022-08-16 | 中关村科学城城市大脑股份有限公司 | Data acquisition method and system |
TWI829217B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of flexibly adjusting data authorization policy |
TWI829219B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device |
TWI829222B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing third-party service subsystem to provide accessible data list to data requester device |
TWI829218B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem |
TWI829216B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of forwarding token request through third-party service subsystem |
TWI829221B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of allowing data requestetr device to inspect correctness of data authorization policy stored in block chain subsystem |
TWI829215B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token |
TWI829220B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing smart contract to generate and transfer authorization token |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209749B (en) * | 2015-05-08 | 2020-09-25 | 阿里巴巴集团控股有限公司 | Single sign-on method and device, and related equipment and application processing method and device |
CN108599936A (en) * | 2018-04-20 | 2018-09-28 | 西安电子科技大学 | A kind of OpenStack increases income the safety certifying method of cloud user |
CN108833363A (en) * | 2018-05-23 | 2018-11-16 | 文丹 | A kind of block chain right management method and system |
CN109242636A (en) * | 2018-09-26 | 2019-01-18 | 盈盈(杭州)网络技术有限公司 | A kind of data transacting system and its implementation based on block chain |
CN110069908A (en) * | 2019-04-11 | 2019-07-30 | 深圳前海微众银行股份有限公司 | A kind of authority control method and device of block chain |
-
2019
- 2019-04-11 CN CN201910287244.5A patent/CN110069908A/en active Pending
-
2020
- 2020-03-20 WO PCT/CN2020/080519 patent/WO2020207233A1/en active Application Filing
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020207233A1 (en) * | 2019-04-11 | 2020-10-15 | 深圳前海微众银行股份有限公司 | Permission control method and apparatus for blockchain |
CN110619222A (en) * | 2019-08-21 | 2019-12-27 | 上海唯链信息科技有限公司 | Authorization processing method, device, system and medium based on block chain |
CN111191212A (en) * | 2019-12-31 | 2020-05-22 | 卓尔智联(武汉)研究院有限公司 | Block chain-based digital certificate processing method, device, equipment and storage medium |
CN111209113A (en) * | 2019-12-31 | 2020-05-29 | 卓尔智联(武汉)研究院有限公司 | Resource allocation method, device, equipment and storage medium based on intelligent contract |
CN111191212B (en) * | 2019-12-31 | 2020-12-15 | 卓尔智联(武汉)研究院有限公司 | Block chain-based digital certificate processing method, device, equipment and storage medium |
CN111209113B (en) * | 2019-12-31 | 2022-12-13 | 卓尔智联(武汉)研究院有限公司 | Resource allocation method, device, equipment and storage medium based on intelligent contract |
CN111680274B (en) * | 2020-03-03 | 2022-11-22 | 支付宝(杭州)信息技术有限公司 | Resource access method, device and equipment |
CN111680274A (en) * | 2020-03-03 | 2020-09-18 | 支付宝(杭州)信息技术有限公司 | Resource access method, device and equipment |
CN111401902A (en) * | 2020-05-29 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Service processing method, device and equipment based on block chain |
CN111865580A (en) * | 2020-07-13 | 2020-10-30 | 深圳前海益链网络科技有限公司 | token generation and verification method and device, computer equipment and storage medium |
TWI829222B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing third-party service subsystem to provide accessible data list to data requester device |
TWI766430B (en) * | 2020-11-10 | 2022-06-01 | 林庠序 | De-centralized data authorization control system capable of dynamically adjusting data authorization policy |
TWI829217B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of flexibly adjusting data authorization policy |
TWI829219B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device |
TWI829218B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem |
TWI829216B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of forwarding token request through third-party service subsystem |
TWI829221B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of allowing data requestetr device to inspect correctness of data authorization policy stored in block chain subsystem |
TWI829215B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token |
TWI829220B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing smart contract to generate and transfer authorization token |
CN112100610A (en) * | 2020-11-20 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | Processing method, device and equipment for login and user login related services |
CN114915454A (en) * | 2021-09-16 | 2022-08-16 | 中关村科学城城市大脑股份有限公司 | Data acquisition method and system |
Also Published As
Publication number | Publication date |
---|---|
WO2020207233A1 (en) | 2020-10-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110069908A (en) | A kind of authority control method and device of block chain | |
US10554421B2 (en) | Method for superseding log-in of user through PKI-based authentication by using smart contact and blockchain database, and server employing same | |
US10659236B2 (en) | Method for superseding log-in of user through PKI-based authentication by using blockchain database of UTXO-based protocol, and server employing same | |
US10783260B2 (en) | Method for providing simplified account registration service and user authentication service, and authentication server using same | |
CN110933108B (en) | Data processing method and device based on block chain network, electronic equipment and storage medium | |
CN106209749B (en) | Single sign-on method and device, and related equipment and application processing method and device | |
US9172541B2 (en) | System and method for pool-based identity generation and use for service access | |
CN108259438A (en) | A kind of method and apparatus of the certification based on block chain technology | |
US20200014676A1 (en) | System and method for pool-based identity authentication for service access without use of stored credentials | |
CN110177124A (en) | Identity identifying method and relevant device based on block chain | |
US7930763B2 (en) | Method of authorising a computing entity | |
CN110417790A (en) | Block chain system of real name queuing system and method | |
WO2022246997A1 (en) | Service processing method and apparatus, server, and storage medium | |
CN114666168A (en) | Decentralized identity certificate verification method and device, and electronic equipment | |
CN110910110A (en) | Data processing method and device and computer storage medium | |
US20220318356A1 (en) | User registration method, user login method and corresponding device | |
CN112417403B (en) | Automatic system authentication and authorization processing method based on GitLab API | |
CN112994882B (en) | Authentication method, device, medium and equipment based on block chain | |
CN117118640A (en) | Data processing method, device, computer equipment and readable storage medium | |
Dong et al. | A unified trust service scheme for heterogeneous identity alliance | |
CN115632794A (en) | Distributed digital identity verification system, method and related device | |
CN116980136A (en) | Interface processing method, device, equipment, storage medium and product of intelligent contract | |
CN117421774A (en) | Block chain-based data storage and verification method, device, equipment, medium and product | |
CN116886352A (en) | Authentication and authorization method and system for digital intelligent products | |
CN115150831A (en) | Processing method, device, server and medium for network access request |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |