CN111291421A - Block chain data authorization method, electronic device and computer readable storage medium - Google Patents

Block chain data authorization method, electronic device and computer readable storage medium Download PDF

Info

Publication number
CN111291421A
CN111291421A CN202010096097.6A CN202010096097A CN111291421A CN 111291421 A CN111291421 A CN 111291421A CN 202010096097 A CN202010096097 A CN 202010096097A CN 111291421 A CN111291421 A CN 111291421A
Authority
CN
China
Prior art keywords
authorization
data
enterprise
block chain
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010096097.6A
Other languages
Chinese (zh)
Inventor
刘浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN202010096097.6A priority Critical patent/CN111291421A/en
Publication of CN111291421A publication Critical patent/CN111291421A/en
Priority to PCT/CN2020/106045 priority patent/WO2021164204A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to a block chain technology, and discloses a block chain data authorization method, which comprises the following steps: configuring each business module of enterprise data needing data authorization on a block chain; setting corresponding data authorization rules aiming at the data of each business module, wherein the data authorization rules comprise a static authorization mode and a dynamic authorization mode; synchronizing the set data authorization rule to the block chain network; acquiring a first data authorization rule related to a current node from the blockchain network; and acquiring corresponding authorization data from the block chain network according to the first data authorization rule. The invention also provides an electronic device and a computer readable storage medium. The block chain data authorization method, the electronic device and the computer readable storage medium provided by the invention can avoid a large number of repeated operations, reduce the error rate and ensure the timeliness of authorization.

Description

Block chain data authorization method, electronic device and computer readable storage medium
Technical Field
The present invention relates to the field of blockchain technologies, and in particular, to a method for authorizing blockchain data, an electronic device, and a computer-readable storage medium.
Background
With the development and popularization of the block chain technology, the difficult problems in a plurality of scenes can be solved by utilizing the characteristics of traceability, non-falsification and the like of the block chain. Meanwhile, as the data is stored on the blockchain, higher requirements are put on the privacy and the security of the enterprise data. On one hand, the security of data on respective chains of enterprises needs to be ensured through a data encryption and decryption algorithm; on the other hand, for data access between enterprises, a data authorization scheme needs to be provided.
The traditional data authorization scheme only authorizes the fixed data of the fixed service module to be checked by a fixed enterprise, secondary development is needed for the newly added service module, and data authorization is needed for the newly added data and the newly added enterprise every time for the continuously increased service data and the continuously added enterprise data linked on the chain. On one hand, the frequent operation of the authorization mode is easy to make mistakes, and on the other hand, the operation needs to be performed repeatedly in a large quantity. In addition, the timeliness of authorization cannot be guaranteed.
Disclosure of Invention
In view of the above, the present invention provides a block chain data authorization method, an electronic device and a computer readable storage medium to solve at least one of the above technical problems.
First, to achieve the above object, the present invention provides a block chain data authorization method, which includes the steps of:
configuring each business module of enterprise data needing data authorization on a block chain;
setting a data authorization rule corresponding to the data of each business module, wherein the data authorization rule comprises a static authorization mode and a dynamic authorization mode;
synchronizing the set data authorization rule to the block chain network;
acquiring a first data authorization rule related to a current node from the block chain network at regular time or when a notice is received; and
and acquiring corresponding authorization data from the block chain network according to the first data authorization rule.
Optionally, the method further comprises the step of:
when new data related to the current node is added into the block chain network, directly acquiring a second data authorization rule corresponding to the new data from the block chain network;
judging whether the new data meets the authorization condition in the second data authorization rule;
and when the new data meets the authorization condition, the current node acquires corresponding authorization data in the new data.
Optionally, the method further comprises the step of:
when the authorization is expired or cancelled, generating a corresponding failure authorization rule;
synchronizing the failure authorization rule to a blockchain network;
and regularly acquiring and executing the invalid authorization rule related to the current node, deleting the index of the pre-library, and updating the authorization history record on the chain.
Optionally, the static authorization includes fixed data authorization, range data authorization; the dynamic authorization comprises dynamic data authorization, dynamic enterprise authorization, dynamic data and enterprise authorization and dynamic multi-service associated data authorization.
Optionally, the data authorization rule includes an authorization mechanism, an authorized mechanism, an authorization service field, whether to associate authorization, an authorization validity period, an authorization condition, and whether to dynamically authorize, wherein when dynamic authorization is selected, one or more items in the data authorization rule are set to non-fixed values.
Optionally, the step of acquiring corresponding authorization data from the blockchain network according to the first data authorization rule includes:
and generating corresponding SQL aiming at the authorization data in the first data authorization rule, traversing the block chain chainID corresponding to the authorization data in a preposed database data index table, and acquiring the authorization data from the block chain network according to the chainID.
Optionally, the method further comprises the step of:
and if the current node is an enterprise node newly added into the blockchain network, directly acquiring a third data authorization rule related to the current node from the blockchain network, and then acquiring corresponding authorization data from the blockchain network according to the third data authorization rule.
Optionally, the method further comprises the step of:
and storing the data authorization rule, the authorization execution history record and the authorization failure or cancellation record in a preposed library corresponding to each node.
In addition, to achieve the above object, the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores thereon a blockchain data authorization system that is executable on the processor, and when the blockchain data authorization system is executed by the processor, the method implements the steps of the blockchain data authorization method as described above.
Further, to achieve the above object, the present invention also provides a computer readable storage medium storing a blockchain data authorization system, which is executable by at least one processor to cause the at least one processor to execute the steps of the blockchain data authorization method as described above.
Compared with the prior art, the block chain data authorization method, the electronic device and the computer readable storage medium provided by the invention can configure the service module and the data authorization rule for the data on the block chain, and synchronize the service module and the data authorization rule to each node of the block chain network, thereby supporting a fixed authorization mode and a dynamic data and/or enterprise authorization mode. Each node on the block chain can acquire the configured data authorization rule from the block chain and execute the data authorization rule, so that corresponding authorization data can be acquired.
Drawings
FIG. 1 is a diagram of an alternative hardware architecture of the electronic device of the present invention;
FIG. 2 is a block chain data authorization system according to a first embodiment of the present invention;
FIG. 3 is a block chain data authorization system according to a second embodiment of the present invention;
FIG. 4 is a block chain data authorization system according to a third embodiment of the present invention;
FIG. 5 is a flowchart illustrating a block chain data authorization method according to a first embodiment of the present invention;
FIG. 6 is a flowchart illustrating a block chain data authorization method according to a second embodiment of the present invention;
FIG. 7 is a flowchart illustrating a third embodiment of a block chain data authorization method according to the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the description relating to "first", "second", etc. in the present invention is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
Fig. 1 is a schematic diagram of an alternative hardware architecture of the electronic device 2 according to the present invention.
In this embodiment, the electronic device 2 may include, but is not limited to, a memory 11, a processor 12, and a network interface 13, which may be communicatively connected to each other through a system bus. It is noted that fig. 1 only shows the electronic device 2 with components 11-13, but it is to be understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead.
The electronic device 2 may be a server, a PC (Personal Computer), a smart phone, a tablet Computer, a palm Computer, a portable Computer, or other terminal equipment. The server may be a rack server, a blade server, a tower server, a cabinet server, or other computing devices, may be an independent server, or may be a server cluster composed of a plurality of servers.
The electronic device 2 may be a node constituting a blockchain network.
The memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 11 may be an internal storage unit of the electronic device 2, such as a hard disk or a memory of the electronic device 2. In other embodiments, the memory 11 may also be an external storage device of the electronic apparatus 2, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the electronic apparatus 2. Of course, the memory 11 may also comprise both an internal memory unit of the electronic apparatus 2 and an external memory device thereof. In this embodiment, the memory 11 is generally used for storing an operating system installed in the electronic device 2 and various types of application software, such as program codes of the blockchain data authorization system 200. Furthermore, the memory 11 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 12 is typically used to control the overall operation of the electronic device 2. In this embodiment, the processor 12 is configured to run the program codes stored in the memory 11 or process data, such as running the blockchain data authorization system 200.
The network interface 13 may comprise a wireless network interface or a wired network interface, and the network interface 13 is generally used for establishing a communication connection between the electronic apparatus 2 and other electronic devices.
The hardware structure and functions of the related devices of the present invention have been described in detail so far. Various embodiments of the present invention will be presented based on the above description.
First, the present invention provides a block chain data authorization system 200.
Referring to fig. 2, a block diagram of a first embodiment of a block chain data authorization system 200 according to the invention is shown.
In this embodiment, the blockchain data authorization system 200 includes a series of computer program instructions stored on the memory 11, which when executed by the processor 12, can implement the blockchain data authorization operations of the embodiments of the present invention. In some embodiments, the blockchain data authorization system 200 may be divided into one or more modules based on the particular operations implemented by the portions of the computer program instructions. For example, in fig. 2, the blockchain data authorization system 200 may be divided into a configuration module 201, a setting module 202, a synchronization module 203, and an acquisition module 204. Wherein:
the configuration module 201 is configured to configure each service module that needs to perform data authorization on the blockchain.
Specifically, enterprise data of a block chain alliance can be divided into various business modules, and a system page is provided for business module configuration. For example, data of commodities, orders, logistics and the like of the blockchain enterprise alliance are abstracted into a plurality of business modules to be configured. In this embodiment, the service module configuration table, the service module association configuration table, the service module detailed configuration table, and the like may be filled, stored in the pre-library, and then issued to each node of the block chain network. The name of the service module, the unique Identifier (ID), the field of the service module, the field attribute, and the like can be configured. The field attributes include whether a unique value, whether a time field, whether a dynamic field, whether authorization is necessary, etc.
The setting module 202 is configured to set a data authorization rule.
Specifically, for the data of each business module, the data needs to be authorized to be viewed by the corresponding enterprise node. Therefore, corresponding data authorization rules are set for these data. In the present embodiment, two ways of static authorization and dynamic authorization are provided. The static authorization comprises fixed data authorization, range data authorization and other authorization scenes; the dynamic authorization comprises authorization scenes such as dynamic data authorization, dynamic enterprise authorization, dynamic data + enterprise authorization, dynamic multi-service associated data authorization and the like. For example, authorizing enterprise a's order data # 001 to enterprise B (fixed data for fixed enterprise view), and authorizing enterprise C's order data from 2018 for 10-12 months (supporting filtering of data ranges), is a static authorization. In addition, various complex query conditions or field authorization and multi-service associated data authorization can be set, for example, order data with a certain field value of XX (for example, the order amount is more than 100 ten thousand) of enterprise a is authorized to enterprise B, and certain field data of business B associated with business a of enterprise a is authorized to enterprises B and C.
And on the basis of the authorization condition, whether dynamic authorization can be selected, wherein the dynamic authorization can directly execute the data authorization related to the new data authorization rule without resetting the data authorization when new data or new enterprise nodes are added into the block chain.
That is, in the present embodiment, the data authorization rule includes an authorization mechanism, an authorized mechanism, an authorization service field, whether to associate with an authorization, an authorization validity period, an authorization condition, whether to dynamically authorize, and the like. The data authorization rules can be stored in the pre-database by filling out a data authorization table, an associated data authorization table, a data authorization condition table and the like.
Notably, when dynamic authorization is selected, one or more items in the data authorization rules (e.g., authorized agencies, authorization conditions, etc.) need to be set to non-fixed values. For example, when dynamic authorization is performed on mobile phone order data of a certain enterprise, order data with an order amount larger than 100 ten thousand (instead of a fixed piece or pieces of fixed data) is authorized to be viewed by all mobile phone suppliers (instead of a certain enterprise and the like). Therefore, when new data or new enterprise nodes are added, the related data authorization can be executed by directly adapting the authorization rule.
The synchronization module 203 is configured to synchronize the set data authorization rule to the blockchain network.
Specifically, after each enterprise node completes the setting of the authorization data rule, it needs to synchronize to the blockchain network, and other enterprise nodes in the blockchain synchronize their own related data authorization rules in real time in a timing or notification manner.
The obtaining module 204 is configured to obtain a data authorization rule related to the current node.
Specifically, the enterprise node periodically (or upon notification) obtains data authorization rules associated with the enterprise node from the blockchain network. In this embodiment, each enterprise node may periodically obtain the data authorization rule related to itself from the blockchain network according to a preset time interval, for example, once every hour. In other embodiments, each enterprise node may also obtain the data authorization rule from the blockchain network when receiving the notification, for example, when a certain enterprise node completes setting of the authorization data rule (or a certain enterprise node has a new data entry, etc.), other enterprise nodes on the blockchain are notified, and then the other enterprise nodes obtain their own related data authorization rule from the blockchain network after receiving the notification.
The obtaining module 204 is further configured to obtain corresponding authorization data from the blockchain network according to the obtained data authorization rule.
Specifically, when the data authorization rule takes effect for the first time, the upper layer service of the enterprise node generates corresponding SQL for the authorization data in the data authorization rule, and traverses the blockchain chainID corresponding to the authorization data in the database index table of the pre-database, so as to obtain the authorization data from the blockchain network according to the chainID. The obtained authorization data information is stored in a one-to-one index table of the enterprise node pre-library. And the authorization execution history of the data authorization rule is recorded in the data authorization record table of the prepositive library.
In this embodiment, the obtained authorization data does not pull all field data of the whole piece of data, but dynamically pulls the authorization field (for example, only obtains data of the order amount field) through field setting in the data authorization rule, so as to realize different field value authorization of different data of different services.
It is worth noting that the data authorization rule setting, the authorization execution history record, and the subsequent authorization failure or cancellation record in the whole process are all stored in the pre-library of each enterprise node.
In the blockchain network, the uplink data of the core includes the service data of each service module and the authorization result data, and in addition, each configuration table stored in the pre-library by each enterprise node is also synchronized into the blockchain network.
The block chain data authorization system provided by this embodiment can configure the service module and the data authorization rule for data on the block chain, and synchronize the data to each node of the block chain network, so as to support both a fixed authorization manner and a dynamic data and/or enterprise authorization manner, and also support filtering of complex query conditions and data ranges, or authorize according to fields, thereby avoiding a large number of repeated operations, reducing error rate, and ensuring timeliness of authorization. In addition, the authorization execution record is also stored in the block chain, so that traceability and non-tampering are guaranteed.
Referring to fig. 3, a block diagram of a second embodiment of a block chain data authorization system 200 according to the invention is shown. In this embodiment, the system 200 for authorizing blockchain data further includes a determining module 205 in addition to the configuring module 201, the setting module 202, the synchronizing module 203, and the obtaining module 204 in the first embodiment. Wherein:
the obtaining module 204 is further configured to obtain a data authorization rule corresponding to new data when the new data related to the current node is added to the blockchain network.
Specifically, when new data is recorded in a certain node, relevant information is stored in a service table (a service module configuration table, a service module association configuration table, a service module detailed configuration table), and then the new data is linked. If the current enterprise node is related to the new data (needs to be authorized to the enterprise node), the enterprise node acquires the data authorization rule corresponding to the new data from the previously set data authorization rules.
For example, some data authorization rule that has been set before is to dynamically authorize enterprise B order data for which the order amount of enterprise a is greater than 100 ten thousand. When enterprise A has a new chain of order data, enterprise B obtains the data authorization rule.
The determining module 205 is configured to determine whether the new data meets an authorization condition in the data authorization rule.
Specifically, although the new data is associated with the enterprise node, it is further determined whether the new data meets the authorization criteria. If not, the enterprise node cannot acquire the new data, the task is ended, and the next new data uplink is waited. If the new data meets the authorization condition, the enterprise node is authorized to view the new data and needs to acquire the new data from the blockchain.
For example, the new data is order data with an order amount of 300 ten thousand, and the new data meets the authorization condition in the data authorization rule that the order data with the order amount of more than 100 ten thousand of enterprise a is dynamically authorized to enterprise B, and enterprise B needs to acquire the new data.
The obtaining module 204 is further configured to obtain corresponding authorization data in the new data when the authorization condition is met.
Specifically, when the new data meets the authorization condition, it indicates that the enterprise node has the right to view the new data (whole data or some field data). At this time, the enterprise node first matches authorization data in the new data according to the data authorization rule (for example, a certain field data in the new data is authorization data corresponding to the enterprise node), then determines a blockchain chainID of the authorization data, and then acquires the authorization data from a blockchain network according to the chainID.
In addition, when the node is an enterprise node newly added to the blockchain network, the data authorization rule related to the enterprise node can also be directly acquired from the blockchain network, and then the corresponding authorization data is acquired from the blockchain network according to the acquired data authorization rule. For example, a certain data authorization rule which is set before is that order data of which the order sum of enterprise a is more than 100 ten thousand is dynamically authorized to all mobile phone suppliers to be viewed. Only two mobile phone providers of enterprise B and enterprise C are in the block chain before, and another mobile phone provider, enterprise D, is added now, and after the enterprise D is added to the block chain, it can directly obtain the data authorization rule related to itself from the block chain network, for example, obtain a rule that order data of enterprise a with an order amount greater than 100 ten thousand are dynamically authorized to all mobile phone providers. Enterprise D can then obtain authorization data directly according to the rules without enterprise a having to re-authorize enterprise D.
Of course, when a new enterprise node joins the block chain network, a new data authorization rule may be set for data that the new enterprise node needs to authorize to other enterprises and issued to the block chain network for other enterprise nodes to obtain.
The detailed technical content in the specific process is similarly described in the above steps, and is not described again here.
The block chain data authorization system provided by this embodiment may configure a service module and a data authorization rule for data in a block chain, and synchronize the data to each node in a block chain network, and support a dynamic data and/or enterprise authorization manner.
Referring to fig. 4, a block chain data authorization system 200 according to a third embodiment of the present invention is shown in a block diagram. In this embodiment, the system 200 for authorizing blockchain data further includes a generating module 206 and an executing module 207 in addition to the configuring module 201, the setting module 202, the synchronizing module 203, the obtaining module 204 and the determining module 205 in the second embodiment. Wherein:
the generating module 206 is configured to generate a corresponding revocation authorization rule when the authorization expires or is cancelled.
Specifically, for a certain data authorization rule, when authorization expires (the expiration time in the data authorization rule is reached) or is cancelled (a request for actively cancelling authorization by an authorization party is received), a corresponding invalid authorization rule is generated, and the flag is invalid. The revocation authority rules are also stored in a pre-repository of the node.
The synchronization module 203 is further configured to synchronize the revocation authority rule to a blockchain network.
Specifically, after the revocation authorization rule is generated and stored, the revocation authorization rule is synchronized to the blockchain network, so that the enterprise node related to the revocation authorization rule can execute the revocation authorization rule.
The execution module 207 is configured to periodically execute the revocation authorization rule related to the current node, delete the pre-library index, and update the authorization history on the chain.
Specifically, each enterprise node on the blockchain also acquires and executes the failure authorization rule related to the node periodically (for example, every second), deletes the authorization data corresponding to the failure authorization rule acquired before from the one-to-one index table of the pre-library, and updates the authorization history (the authorization failure record is also synchronized to the blockchain network).
The block chain data authorization system provided by this embodiment can configure the service module and the data authorization rule for data on a block chain, and synchronize the data to each node of a block chain network, so as to support both a fixed authorization manner and a dynamic data and/or enterprise authorization manner, and also support filtering of complex query conditions and data ranges, or authorize according to fields, and perform authorization invalidation and cancellation operations, thereby avoiding a large number of repeated operations, reducing error rate, and ensuring the timeliness of authorization. In addition, the authorization execution record is also stored in the block chain, so that traceability and non-tampering are guaranteed.
In addition, the invention also provides a block chain data authorization method.
Fig. 5 is a flowchart illustrating a block chain data authorization method according to a first embodiment of the present invention. In this embodiment, the execution order of the steps in the flowchart shown in fig. 5 may be changed and some steps may be omitted according to different requirements. The method comprises the following steps:
step S500, configuring each service module that needs to perform data authorization on the blockchain.
Specifically, enterprise data of a block chain alliance can be divided into various business modules, and a system page is provided for business module configuration. For example, data of commodities, orders, logistics and the like of the blockchain enterprise alliance are abstracted into a plurality of business modules to be configured. In this embodiment, the service module configuration table, the service module association configuration table, the service module detailed configuration table, and the like may be filled, stored in the pre-library, and then issued to each node of the block chain network. The name of the service module, the unique Identifier (ID), the field of the service module, the field attribute, and the like can be configured. The field attributes include whether a unique value, whether a time field, whether a dynamic field, whether authorization is necessary, etc.
Step S502, setting data authorization rules.
Specifically, for the data of each business module, the data needs to be authorized to be viewed by the corresponding enterprise node. Therefore, corresponding data authorization rules are set for these data. In the present embodiment, two ways of static authorization and dynamic authorization are provided. The static authorization comprises fixed data authorization, range data authorization and other authorization scenes; the dynamic authorization comprises authorization scenes such as dynamic data authorization, dynamic enterprise authorization, dynamic data + enterprise authorization, dynamic multi-service associated data authorization and the like. For example, authorizing enterprise a's order data # 001 to enterprise B (fixed data for fixed enterprise view), and authorizing enterprise C's order data from 2018 for 10-12 months (supporting filtering of data ranges), is a static authorization. In addition, various complex query conditions or field authorization and multi-service associated data authorization can be set, for example, order data with a certain field value of XX (for example, the order amount is more than 100 ten thousand) of enterprise a is authorized to enterprise B, and certain field data of business B associated with business a of enterprise a is authorized to enterprises B and C.
And on the basis of the authorization condition, whether dynamic authorization can be selected, wherein the dynamic authorization can directly execute the data authorization related to the new data authorization rule without resetting the data authorization when new data or new enterprise nodes are added into the block chain.
That is, in the present embodiment, the data authorization rule includes an authorization mechanism, an authorized mechanism, an authorization service field, whether to associate with an authorization, an authorization validity period, an authorization condition, whether to dynamically authorize, and the like. The data authorization rules can be stored in the pre-database by filling out a data authorization table, an associated data authorization table, a data authorization condition table and the like.
Notably, when dynamic authorization is selected, one or more items in the data authorization rules (e.g., authorized agencies, authorization conditions, etc.) need to be set to non-fixed values. For example, when dynamic authorization is performed on mobile phone order data of a certain enterprise, order data with an order amount larger than 100 ten thousand (instead of a fixed piece or pieces of fixed data) is authorized to be viewed by all mobile phone suppliers (instead of a certain enterprise and the like). Therefore, when new data or new enterprise nodes are added, the related data authorization can be executed by directly adapting the authorization rule.
Step S504, synchronize the set data authorization rule to the blockchain network.
Specifically, after each enterprise node completes the setting of the authorization data rule, it needs to synchronize to the blockchain network, and other enterprise nodes in the blockchain synchronize their own related data authorization rules in real time in a timing or notification manner.
Step S506, a data authorization rule related to the current node is obtained.
Specifically, the enterprise node periodically (or upon notification) obtains data authorization rules associated with the enterprise node from the blockchain network. In this embodiment, each enterprise node may periodically obtain the data authorization rule related to itself from the blockchain network according to a preset time interval, for example, once every hour. In other embodiments, each enterprise node may also obtain the data authorization rule from the blockchain network when receiving the notification, for example, when a certain enterprise node completes setting of the authorization data rule (or a certain enterprise node has a new data entry, etc.), other enterprise nodes on the blockchain are notified, and then the other enterprise nodes obtain their own related data authorization rule from the blockchain network after receiving the notification.
Step S508, obtaining corresponding authorization data from the blockchain network according to the obtained data authorization rule.
Specifically, when the data authorization rule takes effect for the first time, the upper layer service of the enterprise node generates corresponding SQL for the authorization data in the data authorization rule, and traverses the blockchain chainID corresponding to the authorization data in the database index table of the pre-database, so as to obtain the authorization data from the blockchain network according to the chainID. The obtained authorization data information is stored in a one-to-one index table of the enterprise node pre-library. And the authorization execution history of the data authorization rule is recorded in the data authorization record table of the prepositive library.
In this embodiment, the obtained authorization data does not pull all field data of the whole piece of data, but dynamically pulls the authorization field (for example, only obtains data of the order amount field) through field setting in the data authorization rule, so as to realize different field value authorization of different data of different services.
It is worth noting that the data authorization rule setting, the authorization execution history record, and the subsequent authorization failure or cancellation record in the whole process are all stored in the pre-library of each enterprise node.
In the blockchain network, the uplink data of the core includes the service data of each service module and the authorization result data, and in addition, each configuration table stored in the pre-library by each enterprise node is also synchronized into the blockchain network.
The block chain data authorization method provided by this embodiment may configure the service module and the data authorization rule for data on the block chain, and synchronize the data to each node of the block chain network, so as to support both a fixed authorization manner and a dynamic data and/or enterprise authorization manner, and also support filtering of complex query conditions and data ranges, or authorize according to fields, thereby avoiding a large number of repeated operations, reducing error rate, and ensuring timeliness of authorization. In addition, the authorization execution record is also stored in the block chain, so that traceability and non-tampering are guaranteed.
Fig. 6 is a flowchart illustrating a block chain data authorization method according to a second embodiment of the present invention. In this embodiment, steps S600 to S608 of the block chain data authorization method are similar to steps S500 to S508 of the first embodiment, except that the method further includes steps S610 to S614.
The method comprises the following steps:
step S600, configuring each service module that needs to perform data authorization on the blockchain.
Specifically, enterprise data of a block chain alliance can be divided into various business modules, and a system page is provided for business module configuration. For example, data of commodities, orders, logistics and the like of the blockchain enterprise alliance are abstracted into a plurality of business modules to be configured. In this embodiment, the service module configuration table, the service module association configuration table, the service module detailed configuration table, and the like may be filled, stored in the pre-library, and then issued to each node of the block chain network. The name of the service module, the unique Identifier (ID), the field of the service module, the field attribute, and the like can be configured. The field attributes include whether a unique value, whether a time field, whether a dynamic field, whether authorization is necessary, etc.
Step S602, a data authorization rule is set.
Specifically, for the data of each business module, the data needs to be authorized to be viewed by the corresponding enterprise node. Therefore, corresponding data authorization rules are set for these data. In the present embodiment, two ways of static authorization and dynamic authorization are provided. The static authorization comprises fixed data authorization, range data authorization and other authorization scenes; the dynamic authorization comprises authorization scenes such as dynamic data authorization, dynamic enterprise authorization, dynamic data + enterprise authorization, dynamic multi-service associated data authorization and the like. For example, authorizing enterprise a's order data # 001 to enterprise B (fixed data for fixed enterprise view), and authorizing enterprise C's order data from 2018 for 10-12 months (supporting filtering of data ranges), is a static authorization. In addition, various complex query conditions or field authorization and multi-service associated data authorization can be set, for example, order data with a certain field value of XX (for example, the order amount is more than 100 ten thousand) of enterprise a is authorized to enterprise B, and certain field data of business B associated with business a of enterprise a is authorized to enterprises B and C.
And on the basis of the authorization condition, whether dynamic authorization can be selected, wherein the dynamic authorization can directly execute the data authorization related to the new data authorization rule without resetting the data authorization when new data or new enterprise nodes are added into the block chain.
That is, in the present embodiment, the data authorization rule includes an authorization mechanism, an authorized mechanism, an authorization service field, whether to associate with an authorization, an authorization validity period, an authorization condition, whether to dynamically authorize, and the like. The data authorization rules can be stored in the pre-database by filling out a data authorization table, an associated data authorization table, a data authorization condition table and the like.
Notably, when dynamic authorization is selected, one or more items in the data authorization rules (e.g., authorized agencies, authorization conditions, etc.) need to be set to non-fixed values. For example, when dynamic authorization is performed on mobile phone order data of a certain enterprise, order data with an order amount larger than 100 ten thousand (instead of a fixed piece or pieces of fixed data) is authorized to be viewed by all mobile phone suppliers (instead of a certain enterprise and the like). Therefore, when new data or new enterprise nodes are added, the related data authorization can be executed by directly adapting the authorization rule.
Step S604, synchronizing the set data authorization rule to the blockchain network.
Specifically, after each enterprise node completes the setting of the authorization data rule, it needs to synchronize to the blockchain network, and other enterprise nodes in the blockchain synchronize their own related data authorization rules in real time in a timing or notification manner.
Step S606, obtain the data authorization rule related to the current node.
Specifically, the enterprise node periodically (or upon notification) obtains data authorization rules associated with the enterprise node from the blockchain network. In this embodiment, each enterprise node may periodically obtain the data authorization rule related to itself from the blockchain network according to a preset time interval, for example, once every hour. In other embodiments, each enterprise node may also obtain the data authorization rule from the blockchain network when receiving the notification, for example, when a certain enterprise node completes setting of the authorization data rule (or a certain enterprise node has a new data entry, etc.), other enterprise nodes on the blockchain are notified, and then the other enterprise nodes obtain their own related data authorization rule from the blockchain network after receiving the notification.
Step S608, obtaining corresponding authorization data from the blockchain network according to the obtained data authorization rule.
Specifically, when the data authorization rule takes effect for the first time, the upper layer service of the enterprise node generates corresponding SQL for the authorization data in the data authorization rule, and traverses the blockchain chainID corresponding to the authorization data in the database index table of the pre-database, so as to obtain the authorization data from the blockchain network according to the chainID. The obtained authorization data information is stored in a one-to-one index table of the enterprise node pre-library. And the authorization execution history of the data authorization rule is recorded in the data authorization record table of the prepositive library.
In this embodiment, the obtained authorization data does not pull all field data of the whole piece of data, but dynamically pulls the authorization field (for example, only obtains data of the order amount field) through field setting in the data authorization rule, so as to realize different field value authorization of different data of different services.
It is worth noting that the data authorization rule setting, the authorization execution history record, and the subsequent authorization failure or cancellation record in the whole process are all stored in the pre-library of each enterprise node.
In the blockchain network, the uplink data of the core includes the service data of each service module and the authorization result data, and in addition, each configuration table stored in the pre-library by each enterprise node is also synchronized into the blockchain network.
Step S610, when new data related to the current node is added to the blockchain network, a data authorization rule corresponding to the new data is obtained.
Specifically, when new data is recorded in a certain node, relevant information is stored in a service table (a service module configuration table, a service module association configuration table, a service module detailed configuration table), and then the new data is linked. If the current enterprise node is related to the new data (needs to be authorized to the enterprise node), the enterprise node acquires the data authorization rule corresponding to the new data from the previously set data authorization rules.
For example, some data authorization rule that has been set before is to dynamically authorize enterprise B order data for which the order amount of enterprise a is greater than 100 ten thousand. When enterprise A has a new chain of order data, enterprise B obtains the data authorization rule.
Step S612, determining whether the new data meets the authorization condition in the data authorization rule.
Specifically, although the new data is associated with the enterprise node, it is further determined whether the new data meets the authorization criteria. If not, the enterprise node cannot acquire the new data, the task is ended, and the next new data uplink is waited. If the new data meets the authorization condition, the enterprise node is authorized to view the new data and needs to acquire the new data from the blockchain.
For example, the new data is order data with an order amount of 300 ten thousand, and the new data meets the authorization condition in the data authorization rule that the order data with the order amount of more than 100 ten thousand of enterprise a is dynamically authorized to enterprise B, and enterprise B needs to acquire the new data.
And step S614, when the authorization condition is met, acquiring corresponding authorization data in the new data.
Specifically, when the new data meets the authorization condition, it indicates that the enterprise node has the right to view the new data (whole data or some field data). At this time, the enterprise node first matches authorization data in the new data according to the data authorization rule (for example, a certain field data in the new data is authorization data corresponding to the enterprise node), then determines a blockchain chainID of the authorization data, and then acquires the authorization data from a blockchain network according to the chainID.
In addition, when the node is an enterprise node newly added to the blockchain network, the data authorization rule related to the enterprise node can also be directly acquired from the blockchain network, and then the corresponding authorization data is acquired from the blockchain network according to the acquired data authorization rule. For example, a certain data authorization rule which is set before is that order data of which the order sum of enterprise a is more than 100 ten thousand is dynamically authorized to all mobile phone suppliers to be viewed. Only two mobile phone providers of enterprise B and enterprise C are in the block chain before, and another mobile phone provider, enterprise D, is added now, and after the enterprise D is added to the block chain, it can directly obtain the data authorization rule related to itself from the block chain network, for example, obtain a rule that order data of enterprise a with an order amount greater than 100 ten thousand are dynamically authorized to all mobile phone providers. Enterprise D can then obtain authorization data directly according to the rules without enterprise a having to re-authorize enterprise D.
Of course, when a new enterprise node joins the block chain network, a new data authorization rule may be set for data that the new enterprise node needs to authorize to other enterprises and issued to the block chain network for other enterprise nodes to obtain.
The detailed technical content in the specific process is similarly described in the above steps, and is not described again here.
The block chain data authorization method provided by this embodiment may configure a service module and a data authorization rule for data in a block chain, synchronize the data to each node in a block chain network, and support a dynamic data and/or enterprise authorization manner.
Fig. 7 is a flowchart illustrating a block chain data authorization method according to a third embodiment of the present invention. In this embodiment, steps S700 to S714 of the block chain data authorization method are similar to steps S600 to S614 of the first embodiment, except that the method further includes steps S716 to S720.
The method comprises the following steps:
step S700, configuring each service module that needs to perform data authorization on the blockchain.
Specifically, enterprise data of a block chain alliance can be divided into various business modules, and a system page is provided for business module configuration. For example, data of commodities, orders, logistics and the like of the blockchain enterprise alliance are abstracted into a plurality of business modules to be configured. In this embodiment, the service module configuration table, the service module association configuration table, the service module detailed configuration table, and the like may be filled, stored in the pre-library, and then issued to each node of the block chain network. The name of the service module, the unique Identifier (ID), the field of the service module, the field attribute, and the like can be configured. The field attributes include whether a unique value, whether a time field, whether a dynamic field, whether authorization is necessary, etc.
Step S702, setting a data authorization rule.
Specifically, for the data of each business module, the data needs to be authorized to be viewed by the corresponding enterprise node. Therefore, corresponding data authorization rules are set for these data. In the present embodiment, two ways of static authorization and dynamic authorization are provided. The static authorization comprises fixed data authorization, range data authorization and other authorization scenes; the dynamic authorization comprises authorization scenes such as dynamic data authorization, dynamic enterprise authorization, dynamic data + enterprise authorization, dynamic multi-service associated data authorization and the like. For example, authorizing enterprise a's order data # 001 to enterprise B (fixed data for fixed enterprise view), and authorizing enterprise C's order data from 2018 for 10-12 months (supporting filtering of data ranges), is a static authorization. In addition, various complex query conditions or field authorization and multi-service associated data authorization can be set, for example, order data with a certain field value of XX (for example, the order amount is more than 100 ten thousand) of enterprise a is authorized to enterprise B, and certain field data of business B associated with business a of enterprise a is authorized to enterprises B and C.
And on the basis of the authorization condition, whether dynamic authorization can be selected, wherein the dynamic authorization can directly execute the data authorization related to the new data authorization rule without resetting the data authorization when new data or new enterprise nodes are added into the block chain.
That is, in the present embodiment, the data authorization rule includes an authorization mechanism, an authorized mechanism, an authorization service field, whether to associate with an authorization, an authorization validity period, an authorization condition, whether to dynamically authorize, and the like. The data authorization rules can be stored in the pre-database by filling out a data authorization table, an associated data authorization table, a data authorization condition table and the like.
Notably, when dynamic authorization is selected, one or more items in the data authorization rules (e.g., authorized agencies, authorization conditions, etc.) need to be set to non-fixed values. For example, when dynamic authorization is performed on mobile phone order data of a certain enterprise, order data with an order amount larger than 100 ten thousand (instead of a fixed piece or pieces of fixed data) is authorized to be viewed by all mobile phone suppliers (instead of a certain enterprise and the like). Therefore, when new data or new enterprise nodes are added, the related data authorization can be executed by directly adapting the authorization rule.
Step S704, synchronize the set data authorization rule to the blockchain network.
Specifically, after each enterprise node completes the setting of the authorization data rule, it needs to synchronize to the blockchain network, and other enterprise nodes in the blockchain synchronize their own related data authorization rules in real time in a timing or notification manner.
Step S706, obtain the data authorization rule related to the current node.
Specifically, the enterprise node periodically (or upon notification) obtains data authorization rules associated with the enterprise node from the blockchain network. In this embodiment, each enterprise node may periodically obtain the data authorization rule related to itself from the blockchain network according to a preset time interval, for example, once every hour. In other embodiments, each enterprise node may also obtain the data authorization rule from the blockchain network when receiving the notification, for example, when a certain enterprise node completes setting of the authorization data rule (or a certain enterprise node has a new data entry, etc.), other enterprise nodes on the blockchain are notified, and then the other enterprise nodes obtain their own related data authorization rule from the blockchain network after receiving the notification.
Step S708, obtaining corresponding authorization data from the blockchain network according to the obtained data authorization rule.
Specifically, when the data authorization rule takes effect for the first time, the upper layer service of the enterprise node generates corresponding SQL for the authorization data in the data authorization rule, and traverses the blockchain chainID corresponding to the authorization data in the database index table of the pre-database, so as to obtain the authorization data from the blockchain network according to the chainID. The obtained authorization data information is stored in a one-to-one index table of the enterprise node pre-library. And the authorization execution history of the data authorization rule is recorded in the data authorization record table of the prepositive library.
In this embodiment, the obtained authorization data does not pull all field data of the whole piece of data, but dynamically pulls the authorization field (for example, only obtains data of the order amount field) through field setting in the data authorization rule, so as to realize different field value authorization of different data of different services.
It is worth noting that the data authorization rule setting, the authorization execution history record, and the subsequent authorization failure or cancellation record in the whole process are all stored in the pre-library of each enterprise node.
In the blockchain network, the uplink data of the core includes the service data of each service module and the authorization result data, and in addition, each configuration table stored in the pre-library by each enterprise node is also synchronized into the blockchain network.
Step S710, when new data related to the current node is added to the blockchain network, obtaining a data authorization rule corresponding to the new data.
Specifically, when new data is recorded in a certain node, relevant information is stored in a service table (a service module configuration table, a service module association configuration table, a service module detailed configuration table), and then the new data is linked. If the current enterprise node is related to the new data (needs to be authorized to the enterprise node), the enterprise node acquires the data authorization rule corresponding to the new data from the previously set data authorization rules.
For example, some data authorization rule that has been set before is to dynamically authorize enterprise B order data for which the order amount of enterprise a is greater than 100 ten thousand. When enterprise A has a new chain of order data, enterprise B obtains the data authorization rule.
Step S712, determining whether the new data meets the authorization condition in the data authorization rule.
Specifically, although the new data is associated with the enterprise node, it is further determined whether the new data meets the authorization criteria. If not, the enterprise node cannot acquire the new data, the task is ended, and the next new data uplink is waited. If the new data meets the authorization condition, the enterprise node is authorized to view the new data and needs to acquire the new data from the blockchain.
For example, the new data is order data with an order amount of 300 ten thousand, and the new data meets the authorization condition in the data authorization rule that the order data with the order amount of more than 100 ten thousand of enterprise a is dynamically authorized to enterprise B, and enterprise B needs to acquire the new data.
Step S714, when the authorization condition is met, acquiring corresponding authorization data in the new data.
Specifically, when the new data meets the authorization condition, it indicates that the enterprise node has the right to view the new data (whole data or some field data). At this time, the enterprise node first matches authorization data in the new data according to the data authorization rule (for example, a certain field data in the new data is authorization data corresponding to the enterprise node), then determines a blockchain chainID of the authorization data, and then acquires the authorization data from a blockchain network according to the chainID.
In addition, when the node is an enterprise node newly added to the blockchain network, the data authorization rule related to the enterprise node can also be directly acquired from the blockchain network, and then the corresponding authorization data is acquired from the blockchain network according to the acquired data authorization rule. For example, a certain data authorization rule which is set before is that order data of which the order sum of enterprise a is more than 100 ten thousand is dynamically authorized to all mobile phone suppliers to be viewed. Only two mobile phone providers of enterprise B and enterprise C are in the block chain before, and another mobile phone provider, enterprise D, is added now, and after the enterprise D is added to the block chain, it can directly obtain the data authorization rule related to itself from the block chain network, for example, obtain a rule that order data of enterprise a with an order amount greater than 100 ten thousand are dynamically authorized to all mobile phone providers. Enterprise D can then obtain authorization data directly according to the rules without enterprise a having to re-authorize enterprise D.
Of course, when a new enterprise node joins the block chain network, a new data authorization rule may be set for data that the new enterprise node needs to authorize to other enterprises and issued to the block chain network for other enterprise nodes to obtain.
The detailed technical content in the specific process is similarly described in the above steps, and is not described again here.
Step S716, when the authorization expires or is cancelled, a corresponding invalidation authorization rule is generated.
Specifically, for a certain data authorization rule, when authorization expires (the expiration time in the data authorization rule is reached) or is cancelled (a request for actively cancelling authorization by an authorization party is received), a corresponding invalid authorization rule is generated, and the flag is invalid. The revocation authority rules are also stored in a pre-repository of the node.
Step S718, synchronize the revocation authorization rule to the blockchain network.
Specifically, after the revocation authorization rule is generated and stored, the revocation authorization rule is synchronized to the blockchain network, so that the enterprise node related to the revocation authorization rule can execute the revocation authorization rule.
Step S720, the invalidation authorization rule related to the current node is executed regularly, the index of the preposed library is deleted, and the authorization history record on the chain is updated.
Specifically, each enterprise node on the blockchain also acquires and executes the failure authorization rule related to the node periodically (for example, every second), deletes the authorization data corresponding to the failure authorization rule acquired before from the one-to-one index table of the pre-library, and updates the authorization history (the authorization failure record is also synchronized to the blockchain network).
The block chain data authorization method provided by this embodiment may configure a service module and a data authorization rule for data on a block chain, and synchronize the data to each node of a block chain network, so as to support both a fixed authorization manner and a dynamic data and/or enterprise authorization manner, and also support filtering of complex query conditions and data ranges, or authorize according to fields, and perform authorization invalidation and cancellation operations, thereby avoiding a large number of repeated operations, reducing an error rate, and ensuring timeliness of authorization. In addition, the authorization execution record is also stored in the block chain, so that traceability and non-tampering are guaranteed.
The present invention also provides another embodiment, which is to provide a computer readable storage medium storing a blockchain data authorization program, which is executable by at least one processor to cause the at least one processor to perform the steps of the blockchain data authorization method as described above.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A method for block chain data authorization, the method comprising the steps of:
configuring each business module of enterprise data needing data authorization on a block chain;
setting a data authorization rule corresponding to the data of each business module, wherein the data authorization rule comprises a static authorization mode and a dynamic authorization mode;
synchronizing the set data authorization rule to the block chain network;
acquiring a first data authorization rule related to a current node from the block chain network at regular time or when a notice is received; and
and acquiring corresponding authorization data from the block chain network according to the first data authorization rule.
2. The method for authorizing block chain data of claim 1, the method further comprising the steps of:
when new data related to the current node is added into the block chain network, directly acquiring a second data authorization rule corresponding to the new data from the block chain network;
judging whether the new data meets the authorization condition in the second data authorization rule;
and when the new data meets the authorization condition, the current node acquires corresponding authorization data in the new data.
3. The method for authorizing block chain data of claim 2, the method further comprising the steps of:
when the authorization is expired or cancelled, generating a corresponding failure authorization rule;
synchronizing the failure authorization rule to a blockchain network;
and regularly acquiring and executing the invalid authorization rule related to the current node, deleting the index of the pre-library, and updating the authorization history record on the chain.
4. The blockchain data authorization method according to any one of claims 1 to 3, wherein the static authorization includes a fixed data authorization, a range data authorization; the dynamic authorization comprises dynamic data authorization, dynamic enterprise authorization, dynamic data and enterprise authorization and dynamic multi-service associated data authorization.
5. The blockchain data authorization method according to any one of claims 1 to 3, wherein the data authorization rules include an authorization mechanism, an authorized mechanism, an authorization service field, whether to associate an authorization, an authorization validity period, an authorization condition, whether to dynamically authorize, wherein when dynamic authorization is selected, one or more items in the data authorization rules are set to a non-fixed value.
6. A method as claimed in any one of claims 1 to 3, wherein said step of obtaining corresponding authorisation data from said blockchain network in accordance with said first data authorisation rules comprises:
and generating corresponding SQL aiming at the authorization data in the first data authorization rule, traversing the block chain chainID corresponding to the authorization data in a preposed database data index table, and acquiring the authorization data from the block chain network according to the chainID.
7. The method of any of claims 1-3, wherein the method further comprises the steps of:
and if the current node is an enterprise node newly added into the blockchain network, directly acquiring a third data authorization rule related to the current node from the blockchain network, and then acquiring corresponding authorization data from the blockchain network according to the third data authorization rule.
8. The method for authorizing block chain data of claim 3, the method further comprising the steps of:
and storing the data authorization rule, the authorization execution history record and the authorization failure or cancellation record in a preposed library corresponding to each node.
9. An electronic device comprising a memory, a processor, the memory having stored thereon a blockchain data authorization system executable on the processor, the blockchain data authorization system when executed by the processor implementing the steps of the blockchain data authorization method according to any one of claims 1 to 8.
10. A computer-readable storage medium having stored thereon a blockchain data authorization system executable by at least one processor to cause the at least one processor to perform the steps of the blockchain data authorization method according to any one of claims 1 to 8.
CN202010096097.6A 2020-02-17 2020-02-17 Block chain data authorization method, electronic device and computer readable storage medium Pending CN111291421A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010096097.6A CN111291421A (en) 2020-02-17 2020-02-17 Block chain data authorization method, electronic device and computer readable storage medium
PCT/CN2020/106045 WO2021164204A1 (en) 2020-02-17 2020-07-31 Block chain data authorization method, apparatus and device, and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010096097.6A CN111291421A (en) 2020-02-17 2020-02-17 Block chain data authorization method, electronic device and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN111291421A true CN111291421A (en) 2020-06-16

Family

ID=71017661

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010096097.6A Pending CN111291421A (en) 2020-02-17 2020-02-17 Block chain data authorization method, electronic device and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN111291421A (en)
WO (1) WO2021164204A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111932263A (en) * 2020-10-10 2020-11-13 支付宝(杭州)信息技术有限公司 Data management method, device and equipment
WO2021164204A1 (en) * 2020-02-17 2021-08-26 深圳壹账通智能科技有限公司 Block chain data authorization method, apparatus and device, and computer readable storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10505741B1 (en) * 2016-09-29 2019-12-10 Amazon Technologies, Inc. Cryptographically provable data certification and provenance
CN107657059A (en) * 2017-10-20 2018-02-02 中国银行股份有限公司 Method of data synchronization, middleware and system based on block chain application system
CN108683626B (en) * 2018-03-15 2023-01-31 众安信息技术服务有限公司 Data access control method and device
CN109995791B (en) * 2019-04-11 2020-11-03 清华大学 Data authorization method and system
CN111291421A (en) * 2020-02-17 2020-06-16 深圳壹账通智能科技有限公司 Block chain data authorization method, electronic device and computer readable storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021164204A1 (en) * 2020-02-17 2021-08-26 深圳壹账通智能科技有限公司 Block chain data authorization method, apparatus and device, and computer readable storage medium
CN111932263A (en) * 2020-10-10 2020-11-13 支付宝(杭州)信息技术有限公司 Data management method, device and equipment

Also Published As

Publication number Publication date
WO2021164204A1 (en) 2021-08-26

Similar Documents

Publication Publication Date Title
CN107465692B (en) Unified user identity authentication method, system and storage medium
CN108228814B (en) Data synchronization method and device
CN110944046B (en) Control method of consensus mechanism and related equipment
CN111447069B (en) Low-frequency access data processing method based on block chain
CN111291421A (en) Block chain data authorization method, electronic device and computer readable storage medium
CN109040300B (en) Method, device and storage medium for pushing messages
CN113271311A (en) Digital identity management method and system in cross-link network
CN112860953A (en) Data importing method, device, equipment and storage medium of graph database
CN110838971B (en) Message sending method and device, electronic equipment and storage medium
CN112671881A (en) Node organization management method and device, electronic equipment and readable storage medium
US9824227B2 (en) Simulated control of a third-party database
CN113407916A (en) Information processing method, device, terminal and storage medium
CN113778950B (en) Method for acquiring trusted file, index server, query server and medium
CN107770234B (en) Message pushing method and device
CN115455485A (en) Database access method, device, client and storage medium
WO2019071892A1 (en) Method for transmitting masking rules for sensitive information, application server, and computer readable storage medium
CN112417259B (en) Media resource processing method, device, equipment and storage medium
CN112055849B (en) Exclusive control system and exclusive control method
CN113220762A (en) Method, device, processor and storage medium for realizing general record processing of key service field change in big data application
CN110324373B (en) File sharing method and device and file synchronization system
CN112256689A (en) Service data cleaning method and device and electronic equipment
CN111292144B (en) Bill processing method and device based on block chain network and storage medium
US20180121184A1 (en) System and method for service matching of instant message software
CN113609130B (en) Method, device, electronic equipment and storage medium for acquiring gateway access data
JP6694050B1 (en) Information processing device and information processing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination