CN111767551A - Browsing permission control method and system based on block chain - Google Patents

Browsing permission control method and system based on block chain Download PDF

Info

Publication number
CN111767551A
CN111767551A CN202010402287.6A CN202010402287A CN111767551A CN 111767551 A CN111767551 A CN 111767551A CN 202010402287 A CN202010402287 A CN 202010402287A CN 111767551 A CN111767551 A CN 111767551A
Authority
CN
China
Prior art keywords
data resource
client
data
server
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010402287.6A
Other languages
Chinese (zh)
Inventor
蒋文保
祁亚楠
章峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Information Science and Technology University
Original Assignee
Beijing Information Science and Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Information Science and Technology University filed Critical Beijing Information Science and Technology University
Priority to CN202010402287.6A priority Critical patent/CN111767551A/en
Publication of CN111767551A publication Critical patent/CN111767551A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • G06F16/275Synchronous replication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Automation & Control Theory (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a browsing permission control method and a browsing permission control system based on a block chain, which solve the technical problem that the data security and the traceability can not meet the service requirement in the existing service interaction process. The method comprises the following steps: forming block data synchronized on a block chain by using client registration information, a server identifier and data resource attributes of a server; and receiving a client data resource request, and issuing a data resource certificate to the client according to the matching degree of the client registration information on the block chain and the data resource access authority in the data resource attribute. The browsing authority authentication process realizes flexible granularity of source data authority control in a complex cooperative working process formed between clients, and whole-process tracing and responsibility confirmation of an interaction process, thereby ensuring the exchange safety of source data contents synchronized on a block chain and the authenticity of both exchange parties. The block chain technology application scene is expanded, and the method can be suitable for union chains and public chains.

Description

Browsing permission control method and system based on block chain
Technical Field
The invention relates to the technical field of data interaction security, in particular to a browsing permission control method and a browsing permission control system based on a block chain.
Background
With the maturity of internet technology, various single service systems form a distributed structure, and an industrial chain is also split into synchronous or asynchronous service flows among a large number of clients of multiple types. The formation of the business data of each process is often accompanied by non-directional data sharing and data transmission, and the directional security and privacy security of the business data and the basic data between clients are greatly challenged. Especially, when data resources related to security attributes need to share data with related upstream and downstream clients, data islands or data transfer barriers are often formed due to inconvenient access control caused by authority problems and the like.
In the prior art, a block chain realizes the security and reliability of data distributed storage in different places by using technical means such as a block data structure based on asymmetric encryption and decryption, intelligent contract data synchronization and the like, and the feasibility of the block chain technology provides possibility for effective access control of complex time-efficient confidential data.
Disclosure of Invention
In view of the above problems, embodiments of the present invention provide a browsing permission control method and a browsing permission control system based on a block chain, which solve the technical problem that data security and traceability cannot meet service needs in the existing service interaction process.
The browsing permission control method based on the block chain comprises the following steps:
forming block data synchronized on a block chain by using client registration information, a server identifier and data resource attributes of a server;
and receiving a client data resource request, and issuing a data resource certificate to the client according to the matching degree of the client registration information on the block chain and the data resource access authority in the data resource attribute, so that the client acquires the target data resource of the server through the data resource certificate.
In an embodiment of the present invention, the forming, by the client registration information, the server identifier, and the data resource attribute of the server, block data synchronized on a block chain includes:
receiving client identity information of the client;
allocating a unique user identifier for the client;
acquiring an initial permission level of the client;
and setting an index space of the data resources uploaded by the client.
In an embodiment of the present invention, the forming, by the client registration information, the server identifier, and the data resource attribute of the server, block data synchronized on a block chain includes:
receiving service identity information of a server;
allocating a unique service identifier for a server;
setting a classification list of corresponding data resources of the associated service identification;
storing data resource attributes in the sorted list.
In an embodiment of the present invention, the forming, by the client registration information, the server identifier, and the data resource attribute of the server, block data synchronized on a block chain includes:
receiving the file attribute of the data resource;
accepting creator information of the data resource;
accepting the access permission level of the data resource;
receiving an access white list of the data resource;
and receiving the data abstract of the data resource to form a data resource index value.
In an embodiment of the present invention, the forming, by the client registration information, the server identifier, and the data resource attribute of the server, block data synchronized on a block chain includes:
setting an incentive counter of the client;
when the client successfully uploads the data resource to the server, an incentive counter of the client is accumulated;
when the client is the creator of the data resource at the same time, the incentive counter of the creator is accumulated when the data resource is downloaded;
when the data resource is reported successfully to have a defect, the excitation counter of the client side uploading the data resource is decremented;
and when the data resource is reported successfully to have a violation, the client permission for uploading the data resource is degraded.
In an embodiment of the present invention, the receiving a client data resource request, and issuing a data resource credential to the client according to a matching degree between client registration information on the block chain and a data resource access right in the data resource attribute includes:
determining a client permission level and a target data resource access permission level according to the client request;
when the operation type of the client to the target data resource is matched with the result of the permission level matching, the request timestamp, the client identity information, the operation type, the target data resource index value and the access duration are signed by using the service identity information to form a data resource certificate;
and feeding back the data resource certificate to the client.
In an embodiment of the present invention, the receiving a client data resource request, and issuing a data resource credential to the client according to a matching degree between client registration information on the block chain and a data resource access right in the data resource attribute includes:
determining a client permission level and a target data resource access permission level according to the client request;
when the operation type of the client to the target data resource is not matched with the result of the permission level matching, whether the client belongs to an access white list of the target data resource is checked;
when the client is checked to belong to the access white list of the target data resource, a data resource certificate is formed by signing a request timestamp, client identity information, an operation type, a target data resource index value and access duration by using service identity information;
when the client is checked not to belong to the access white list of the target data resource, waiting for the client to apply for authorization from a target data resource creator;
when the client provides the obtained signature authorization information provided by the target data resource creator, verifying the signature authorization information;
updating an access white list of the target data resource according to the encryption authorization information, and signing a request timestamp, client identity information, an operation type, a target data resource index value and access duration by utilizing service identity information to form a data resource certificate;
and feeding back the data resource certificate to the client.
The browsing authority control system based on the block chain in the embodiment of the invention comprises:
the memory is used for storing the program codes corresponding to the processing procedures of the browsing authority control method based on the block chain;
a processor for executing the program code.
The browsing authority control system based on the block chain in the embodiment of the invention comprises:
the authority control block chain node is used for forming synchronous block data of client registration information, a server identifier and data resource attributes of the server on a block chain;
the client is used for requesting data resources from the server and acquiring target data resources of the server according to the acquired data resource voucher of the server;
and the server is used for issuing a data resource certificate to the client according to the matching degree of the client registration information in the block data and the data resource access authority in the data resource attribute.
The browsing authority control system based on the block chain in the embodiment of the invention comprises:
the data block synchronization device is used for forming block data synchronized on a block chain by the client registration information, the server identification and the data resource attribute of the server;
and the authority interaction control device is used for receiving a client data resource request, issuing a data resource certificate to the client according to the matching degree of the client registration information on the block chain and the data resource access authority in the data resource attribute, and enabling the client to acquire the target data resource of the server through the data resource certificate.
The browsing right control method and the browsing right control system based on the block chain effectively separate a data browsing right authentication process and a data acquisition process in a data resource granting process into an interactive independent process. The data authentication process forms integrity data and authority data independent of the source data by synchronously obtaining the critical description of each granularity of the source data from the server. The integrity data and the authority data are synchronized in the block chain through a block chain technology, so that the wide client access capability based on a trusted distributed data architecture is formed, and the concurrent advantage of the data browsing authority authentication process is realized. The browsing authority authentication process realizes flexible granularity of source data authority control in a complex cooperative working process formed between clients, and whole-process tracing and responsibility confirmation of an interaction process, thereby ensuring the exchange safety of source data contents synchronized on a block chain and the authenticity of both exchange parties. The sharing of relevant confidential resources such as government affair websites, military networks and the like and high-level security guarantee are realized. The method expands the wide application scene of the block chain technology, and can be also suitable for alliance chains and public chains.
Drawings
Fig. 1 is a schematic structural diagram illustrating a browsing right control method based on a block chain according to an embodiment of the present invention.
Fig. 2 is a schematic diagram illustrating a registration process of a client in a browsing right control method based on a block chain according to an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating a registration process of a server in a browsing right control method based on a block chain according to an embodiment of the present invention.
Fig. 4 is a schematic diagram illustrating a process of forming a data resource index in a browsing right control method based on a block chain according to an embodiment of the present invention.
Fig. 5 is a schematic diagram illustrating a process of forming data resource excitation in data resource attribute synchronization in a browsing right control method based on a block chain according to an embodiment of the present invention.
Fig. 6 is a schematic diagram illustrating a process of forming a data resource credential in response to a client data resource request in the browsing permission control method based on a block chain according to an embodiment of the present invention.
Fig. 7 is a schematic diagram illustrating a process of forming a data resource credential through client negotiation in a browsing permission control method based on a block chain according to an embodiment of the present invention.
Fig. 8 is a schematic flow chart illustrating a data resource viewing request formed by using a browsing permission control method based on a block chain according to an embodiment of the present invention.
Fig. 9 is a schematic flow chart illustrating a data resource addition request formed by using a browsing right control method based on a block chain according to an embodiment of the present invention.
Fig. 10 is a flowchart illustrating a data resource deletion request formed by a browsing right control method based on a block chain according to an embodiment of the present invention.
Fig. 11 is a schematic structural diagram of a browsing right control system based on a block chain according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer and more obvious, the present invention is further described below with reference to the accompanying drawings and the detailed description. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 shows a block chain-based browsing right control method according to an embodiment of the present invention. In fig. 1, the present embodiment includes:
step 100: and forming block data synchronized on the block chain by using the client registration information, the server identification and the data resource attribute of the server.
As will be understood by those skilled in the art, the blockchain technology is to store data formed according to services in a blockdata structure, form non-falsifiable blockdata by using an encryption mechanism during the storage process, and form a data blockchain from the blockdata. The server includes, but is not limited to, a business website, a portal website or an application website, and may also include a server or a server cluster. The identification of the server can adopt, but is not limited to, an IP address, a domain name, a hardware address, and the like with unique identification.
The client registration information includes necessary data for authenticating the client access, including but not limited to associated data such as client identification, client service level, client authorization level, etc. The client identification data may comprise one key of a key pair in an asymmetric encryption algorithm used for authentication. The client registration information may include registration information of a login server, or may be separate registration information.
The data resource attribute comprises a data resource index and a data resource access right. The data resource access authority includes, but is not limited to, the secret-related level, the secret-related duration, the encryption strength and other associated data of the data resource, and the data resource access authority corresponds to the minimum granularity of the data resource. The data resources include, but are not limited to, data files, text paragraph data, picture data, media data, configuration data and other file data or stream data, the data resource index is a corresponding digital fingerprint composition of the independently applicable data resources, indicates uniqueness of the data resources, and can be embodied as a data summary formed by a hash algorithm.
Those skilled in the art will understand that the data resource attribute of the server can be obtained through the authentication module or the authentication gateway arranged at the server in a software or hardware manner through a dedicated data link.
Those skilled in the art will understand that the identification of the server, the client registration information, the data resource index and the change of the data resource access right will form new block data synchronously. The data change of the server can be pushed by the server authentication module or the authentication gateway, or actively acquired by the authentication module or the authentication gateway.
Those skilled in the art will appreciate that the data resource index and the data resource access rights are provided by the server. The data resource is created by a creator, owned and provided by a server, and the identity of the client is identified through client registration information. The identification of each client is unique.
Step 200: and receiving a client data resource request, issuing a data resource certificate to the client according to the matching degree of the client registration information on the block chain and the data resource access authority in the data resource attribute, and enabling the client to acquire the target data resource of the server through the data resource certificate.
The technical scheme of the invention includes that an execution main body directly receives a client data resource request and does not forward the request to a server.
Those skilled in the art will appreciate that the latest authority status of the client, server and data resource can be obtained through the tile data on the tile chain. The matching degree of the resource requester for obtaining the data service can be formed through the quantitative comparison of the authority between the resource requester (client) and the resource provider (server), and the satisfaction of the matching degree means that the service response of the server can be obtained. The matching degree of the resource requester for acquiring the data resource can be formed through quantitative comparison of the authority between the resource requester and the data resource access authority, and the satisfaction of the matching degree means that the data resource response of the server can be obtained.
Those skilled in the art can understand that the data resource credential is a right verification result obtained by the client from the server to determine the data resource, and is a basis for the server to perform data resource response so that the client obtains the target data resource. The information of the data resource certificate includes, but is not limited to, client identity information, authority level, application timestamp, access validity duration, operation type, target data resource information, and the like.
The browsing right control method based on the block chain effectively separates the data browsing right authentication process and the data acquisition process in the data resource granting process into an interactive independent process. The data authentication process forms integrity data and authority data independent of the source data by synchronously obtaining the critical description of each granularity of the source data from the server. The integrity data and the authority data are synchronized in the block chain through a block chain technology, so that the wide client access capability based on a trusted distributed data architecture is formed, and the concurrent advantage of the data browsing authority authentication process is realized. The browsing authority authentication process realizes flexible granularity of source data authority control in a complex cooperative working process formed between clients, and whole-process tracing and responsibility confirmation of an interaction process, thereby ensuring the exchange safety of source data contents synchronized on a block chain and the authenticity of both exchange parties. The sharing of relevant confidential resources such as government affair websites, military networks and the like and high-level security guarantee are realized. The method expands the wide application scene of the block chain technology, and can be also suitable for alliance chains and public chains.
In an embodiment of the present invention, a membership relationship exists between registered clients or servers, and a unique identifier of a hierarchical structure may be formed according to the membership relationship. The body of the client includes, but is not limited to, a user role, a data resource creator role, a user terminal identity, or a remote access terminal identity, etc. The unique identification of the hierarchy formed by the client may be formed by a business logic or functional hierarchy expression of the client. For example, "determine personal identity, determine business identity, determine territory, determine business team". The main body of the server includes, but is not limited to, a server cluster address, a service address or an independent host, etc. The unique service identifier of the hierarchical structure formed by the service end can be formed by the business logic or function hierarchical expression of the service end. For example, "territory, administrative division, organization, determination server".
Fig. 2 shows client registration information formed in the browsing right control method based on a block chain according to an embodiment of the present invention. In fig. 2, the client registration in step 100 includes:
step 110: and receiving the client identity information of the client. May be the public key that the client uses for signing.
Step 113: and allocating a unique user identification for the client.
Step 116: and acquiring the initial permission level of the client.
Step 119: and setting an index space of the data resources uploaded by the client.
As will be understood by those skilled in the art, the public signature key in the client identity information of the client is formed by pairing with a signature key held by the client, and is a secret means for transferring client registration information formed by using an existing encryption algorithm and is also an identification means of the client. The user identifier of the client is used as a basic element for forming a social topological structure or a business topological structure of the client and can be the same as or corresponding to the user or the client of the server. The initial permission level is influenced by a user of a server or a permission level of a client, permission types are expanded, and the initial permission level can form a two-dimensional permission matrix according to a social topological structure or a service topological structure where the client is located. And the index space of the uploaded data resources establishes abstract indexes of the uploaded data resources for the client.
The browsing authority control method based on the block chain reasonably separates the authentication access of the client and the server from the data resource interactive access of the client and the server, forms a parallel framework of the authentication access and the interactive access, and can effectively improve the access efficiency.
Fig. 3 shows a server identifier formed in the browsing right control method based on a block chain according to an embodiment of the present invention. In fig. 3, the registration of the server in step 100 includes:
step 130: and receiving the service identity information of the service end. May be the public key used by the server for signing.
Step 133: and allocating a unique service identifier for the service end.
Step 136: and setting a classification list of corresponding data resources of the associated service identification.
Step 139: the data asset attributes are stored in a sorted list.
Those skilled in the art can understand that the public signature key in the service identity information of the server is formed by pairing with the signature key held by the server, and is a secret means formed by using the existing encryption algorithm for information transmission with the server and is also an identification means of the server. The service identification of the server serves as a basic element forming a social topological structure or a business topological structure of the server and can respond to a user or a client of the server. The classification list carries out proper conversion on the data resources of the server side to form a data resource mapping structure suitable for block synchronization. And forming the synchronous mapping attribute of the data resource by using the data resource index and the attribute of the authority on the data resource mapping structure.
The browsing authority control method based on the block chain converts the data resource request of the server into the matching of the data resource attribute, reduces the complexity of hybrid authentication and interaction of the server, effectively improves the safety of data interaction between the client and the server, and ensures the effective isolation of the data resource of the server from illegal requests.
Fig. 4 shows data resource attributes formed in the browsing right control method based on a block chain according to an embodiment of the present invention. In fig. 4, the establishing of the data resource attribute in step 100 includes:
step 150: file attributes of the data assets are accepted.
Step 153: creator information of the data resource is accepted.
Step 156: the access permission level of the data resource is accepted.
Step 159: an access white list of data resources is accepted.
Step 162: and receiving the data abstract of the data resource to form a data resource index value.
The browsing permission control method based on the block chain in the embodiment of the invention adopts the block data to form the synchronization of the data resource attributes of the server, so that the updating process of the data resource has the technical characteristics of traceability and non-modifiable. The structure of the data resource attribute ensures that the content abstract and the access authority of the corresponding data resource are faithfully reflected, so that the request aiming at the data resource is mapped into the request of the attribute of the synchronous data resource, and the data processing logic complexity of directly accessing the data resource is simplified.
Fig. 5 shows a data resource excitation formed in the browsing right control method based on the block chain according to an embodiment of the present invention. In fig. 5, the data resource incentives include:
step 170: setting an incentive counter of the client.
Those skilled in the art will appreciate that the incentive counter may be a count field added to the client's registration information. And acquiring resource information, client information and server information when the data resource attributes of the server are synchronous, wherein the counting is correspondingly increased or decreased when a sequential excitation result is formed, the increase or decrease range is set according to the excitation type, the counting field is set with an upper threshold and a lower threshold, and the permission level of the client is triggered to be increased or decreased when the threshold is reached.
Step 173: when the client successfully uploads the data resource to the server, the incentive counter of the client is accumulated.
The above excitation process is of the single-trigger excitation type.
Step 176: when the client is simultaneously the creator of the data resource, the incentive counter of the creator is incremented when the data resource is downloaded.
The above-described actuation process is of the type that delivers a trigger.
Step 179: and when the data resource is reported successfully and has defects, the excitation counter of the client side for uploading the data resource is checked and decreased.
The defect types include but are not limited to missing content of the data resource, confusion of access rights of the data resource, and the like. Defects are evaluated by the server or other clients.
Step 182: and when the data resources are reported successfully and the violation exists, the authority of the client for uploading the data resources is degraded.
Types of violations include, but are not limited to, repeated uploads of the same data resource, violations of laws by the content of the data resource, inclusion of viruses by the data resource, etc. The violation is evaluated by the server or other clients.
The browsing authority control method based on the block chain quantizes the real-time data interaction process formed by the server side into the new data resource measuring index, and associates the measuring index with the client side identity to form the client side quality measuring index, thereby ensuring the effective measurement of the data interaction process between the client side and the server side and providing additional system measuring index. Therefore, the normal operation of each node of the whole block chain on the data resource authority control is better maintained.
Fig. 6 shows a data resource credential formed in the browsing right control method based on a block chain according to an embodiment of the present invention. In fig. 6, forming the data resource credential includes:
step 210: and determining the client permission level and the target data resource access permission level according to the client request.
Step 213: and when the operation type of the client to the target data resource is matched with the result of the permission level matching, the request timestamp, the client identity information, the operation type, the target data resource index value and the access duration are signed by utilizing the service identity information to form a data resource certificate.
Step 220: and feeding back the data resource certificate to the client.
The browsing authority control method based on the block chain converts a complex authentication interaction process in data access into an attribute matching process, and reduces the authority control overhead. And a more efficient comparison algorithm and a retrieval algorithm can be utilized, so that a more robust data resource authority control level is formed.
Fig. 7 shows an embodiment of a block chain-based browsing permission control method in which a client negotiates to form a data resource credential. In fig. 7, forming the data resource credential includes:
step 210: and determining the client permission level and the target data resource access permission level according to the client request.
Step 233: and when the operation type of the client to the target data resource is not suitable for the result of matching the permission level, checking whether the client belongs to an access white list of the target data resource.
Step 236: and when the auditing client belongs to the access white list of the target data resource, signing the request timestamp, the client identity information, the operation type, the index value of the target data resource and the access duration by utilizing the service identity information to form a data resource certificate.
Step 239: and when the auditing client does not belong to the access white list of the target data resource, waiting for the client to apply for authorization from the creator of the target data resource.
Step 242: and when the client provides the obtained encrypted authorization information provided by the target data resource creator, verifying the encrypted authorization information.
Step 245: and updating an access white list of the target data resource according to the encryption authorization information, and signing the request timestamp, the client identity information, the operation type, the index value of the target data resource and the access duration by using the service identity information to form a data resource certificate.
Step 220: and feeding back the data resource certificate to the client.
The browsing authority control method based on the block chain provides an authority control process for reliable unauthorized authorization between clients, so that the authority control of data resources forms controlled bypass control, the control of an authority conduction path can be adjusted in real time to form according to business or identity change, and the flexibility of authority control is effectively improved.
Fig. 8 shows an application for data resource viewing by using the browsing right control method based on the block chain according to an embodiment of the present invention. The process of applying for viewing a document in fig. 8 includes:
a client initiates a data file viewing request;
obtaining the latest attribute of the data file through the block data on the block chain, and judging according to the matching degree of the client and the authority level in the attribute of the data file: and if the data file is matched with the data file, returning the data file certificate to the client. If not, returning a specific file certificate to the client, and requesting higher authority from a creator (Owner) of the data file by the client;
the creator (Owner) verifies that the client provides a signature authorized by the authority if passed, and the client uses the signature to obtain the data file credential.
The client sends the data file certificate to the server;
and after the data file certificate passes the verification of the server, feeding the target data file back to the client.
Fig. 9 shows an application for data resource addition by using the browsing right control method based on the block chain according to an embodiment of the present invention. The process of applying for adding a file in fig. 9 includes:
the client uploads a file, acquires client authority through block data on the block chain, and writes the uploaded file into the block chain to form block data when the client authority passes verification;
and synchronizing the uploaded files in the block chain to the corresponding server.
Fig. 10 shows a method for applying for data resource deletion by using a browsing right control method based on a block chain according to an embodiment of the present invention. The process of applying for deletion of a file in fig. 10 includes:
the client requests to delete the file, acquires the client authority through the block data on the block chain, and writes the block data formed by file deletion operation into the block chain when the client authority passes verification;
and synchronizing the file deleting operation in the block chain to the corresponding server.
The browsing right control system based on the block chain in an embodiment of the invention comprises:
the memory is used for storing program codes corresponding to the processing procedures of the browsing authority control method based on the block chain in the embodiment;
and the processor is used for executing the program code corresponding to the processing procedure of the browsing authority control method based on the block chain in the embodiment.
The processor may be a dsp (digital Signal processing) digital Signal processor, an FPGA (Field-Programmable Gate Array), an mcu (microcontrollerunit) system board, an soc (system on a chip) system board, or a plc (Programmable Logic controller) minimum system including I/O.
The browsing right control system based on the block chain in an embodiment of the invention comprises:
the authority control block chain node is used for forming synchronous block data of client registration information, a server identifier and data resource attributes of the server on a block chain;
the client is used for requesting data resources from the server and acquiring target data resources of the server according to the acquired data resource voucher of the server;
and the server is used for issuing a data resource certificate to the client according to the matching degree of the client registration information in the block data and the data resource access authority in the data resource attribute.
The browsing authority control system based on the block chain forms a block chain data storage network with common identification technical characteristics by using the authority control block chain link points, and the service interaction process between the client and the server forms wide client access capability based on a trusted distributed data architecture, so that the concurrent advantages of the data browsing authority authentication process are realized. The browsing authority authentication process realizes flexible granularity of source data authority control in a complex cooperative working process formed between clients, and whole-process tracing and responsibility confirmation of an interaction process, thereby ensuring the exchange safety of source data contents synchronized on a block chain and the authenticity of both exchange parties. A browsing right control system based on a block chain according to an embodiment of the present invention is shown in fig. 11. In fig. 11, the present embodiment includes:
a data block synchronization device 1100, configured to form block data synchronized on a block chain from client registration information, a server identifier, and a data resource attribute of a server;
and the permission interaction control device 1200 is configured to accept a client data resource request, issue a data resource credential to the client according to matching degrees of client registration information in the block chain and data resource access permissions in the data resource attributes, and enable the client to obtain a target data resource of the server through the data resource credential.
As shown in fig. 11, in an embodiment of the present invention, the data block synchronization apparatus 1100 includes:
a client-side first information obtaining module 1110, configured to receive client identity information of a client;
the client second information acquisition module 1113 is configured to allocate a unique user identifier to the client;
a client third information obtaining module 1116, configured to obtain an initial permission level of the client;
the client-side fourth information obtaining module 1119 is configured to set an index space of the data resource uploaded by the client-side.
As shown in fig. 11, in an embodiment of the present invention, the data block synchronization apparatus 1100 further includes:
the server-side first information obtaining module 1130 is configured to receive service identity information of a server;
the server-side second information acquisition module 1133 is configured to allocate a unique service identifier to the server side;
the server-side third information obtaining module 1136 is configured to set a classification list of the corresponding data resource associated with the service identifier;
the server-side fourth information obtaining module 1139 is configured to store the data resource attribute in the classification list.
As shown in fig. 11, in an embodiment of the present invention, the data block synchronization apparatus 1100 further includes:
a resource attribute first obtaining module 1150, configured to accept file attributes of data resources;
a resource attribute second obtaining module 1153, configured to receive creator information of the data resource;
a resource attribute third obtaining module 1156, configured to accept an access permission level of a data resource;
a resource attribute fourth obtaining module 1159, configured to receive an access white list of data resources;
a resource attribute fifth obtaining module 1162, configured to receive the data digest of the data resource to form a data resource index value.
As shown in fig. 11, in an embodiment of the present invention, the data block synchronization apparatus 1100 further includes:
an incentive initialization module 1170 for setting an incentive counter of the client;
a first incentive behavior module 1173, configured to accumulate an incentive counter of the client when the client successfully uploads the data resource to the server;
a second incentive behavior module 1176 for accumulating the incentive counter of the creator when the data resource is downloaded when the client is the creator of the data resource at the same time;
a third incentive behavior module 1179, configured to, when the data resource is successfully reported to have a defect, decrement an incentive counter of the client that uploads the data resource;
and a fourth incentive behavior module 1182, configured to downgrade the permission of the client that uploads the data resource when the data resource is successfully reported that the data resource is illegal.
As shown in fig. 11, in an embodiment of the present invention, an authority interaction control apparatus 1200 includes:
a client request accepting module 1210 for determining a client permission level and a target data resource access permission level according to a client request;
a first credential generating module 1213, configured to, when the operation type of the target data resource by the client matches the permission level, sign the request timestamp, the client identity information, the operation type, the target data resource index value, and the access duration with the service identity information to form a data resource credential;
the credential transmission module 1220 is configured to feed back the data resource credential to the client.
As shown in fig. 11, in an embodiment of the present invention, the permission interaction control apparatus 1200 further includes:
the white list auditing module 1233 is used for auditing whether the client belongs to the access white list of the target data resource when the operation type of the client on the target data resource is not suitable for the result of matching the permission level;
a second credential generating module 1236, configured to, when the audit client belongs to the access white list of the target data resource, sign the request timestamp, the client identity information, the operation type, the target data resource index value, and the access duration with the service identity information to form a data resource credential;
an additional authority waiting module 1239, configured to wait for the client to apply for authorization from the target data resource creator when the verification client does not belong to the access white list of the target data resource;
an additional authority verification module 1242, configured to verify the encrypted authorization information when the client provides the obtained encrypted authorization information provided by the target data resource creator;
and a third credential generating module 1245, configured to update the access white list of the target data resource according to the encryption authorization information, and form a data resource credential by signing the request timestamp, the client identity information, the operation type, the target data resource index value, and the access duration with the service identity information.
When the browsing permission control system based on the block chain is applied to a supply chain network, a client data structure field formed by block data on the block chain comprises:
the client ID is distributed in a hierarchical naming mode to ensure that each user has a unique identification ID;
level, user authority level, wherein the initial level after user registration is level 0;
PK, signed public key;
rank, accumulating the number of reward points, increasing level by one level after reaching 100, and clearing the rank value;
and index, hashing the resources uploaded by the user to obtain a corresponding index.
The order data structure field as a data resource includes:
OrderName: ordering name;
type: the type of the order;
owner: a creator;
level: resource permission level, only at client level, i.e. order level, the client (i.e. user) has permission to query the resource;
status: the user specifies the scope of the visitor (white list).
Clients in the supply chain network include producer, processor, distributor, retailer, etc. type roles.
Each role in the supply chain network is registered in the block chain browsing system to acquire the unique digital identity corresponding to the role.
The retailer initiates an order to the distributor, which attributes are linked up. The distributor applies for checking orders, and initiates batch orders to the processing company after integrating all orders in the time period, and the batch orders are linked up in attributes. In order to keep the confidentiality, the authority security level of the batch order can be improved, and a corresponding distributor and a corresponding processor can be added into a status field of the order.
The manufacturer requests to obtain batch orders, integrates the batch orders within a time period, initiates a list of orders, and links the list attributes. The manufacturer takes the order form for shipment and chains the invoice attribute. The security level of the order may be increased for privacy. The corresponding merchant may also be added to the status fields of the order and invoice.
After the processor confirms that the invoice matches the order, the distributors of the batch orders on the block chain will deliver the goods, and the respective distribution invoice attributes are linked up. The corresponding distribution merchant may also be added to the status field of the invoice.
After the distributor confirms that the distribution invoice matches the batch order, it will ship to the retailer's order in the chain and link the respective retail invoice attributes. The corresponding retailer may also be added to the status field of the retail invoice.
The retailer confirms the chain order and the distributor's retail invoice, and then confirms the receipt.
All nodes in the entire supply chain network will not deny the respective uplink related documents. Avoiding the tracing of possible quality problems in the follow-up process and providing a non-repudiation proof. All documents are stored uniformly, and each role completes the operation request according to the authority. The management layer can directly apply for the authority with the determined role and directly obtain the order information.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A browsing permission control method based on a block chain is characterized by comprising the following steps:
forming block data synchronized on a block chain by using client registration information, a server identifier and data resource attributes of a server;
and receiving a client data resource request, and issuing a data resource certificate to the client according to the matching degree of the client registration information on the block chain and the data resource access authority in the data resource attribute, so that the client acquires the target data resource of the server through the data resource certificate.
2. The method for controlling browsing permission based on blockchain according to claim 1, wherein the step of forming the client registration information, the server identifier, and the data resource attribute of the server into blockdata synchronized on the blockchain comprises:
receiving client identity information of the client;
allocating a unique user identifier for the client;
acquiring an initial permission level of the client;
and setting an index space of the data resources uploaded by the client.
3. The method for controlling browsing permission based on blockchain according to claim 1, wherein the step of forming the client registration information, the server identifier, and the data resource attribute of the server into blockdata synchronized on the blockchain comprises:
receiving service identity information of a server;
allocating a unique service identifier for a server;
setting a classification list of corresponding data resources of the associated service identification;
storing data resource attributes in the sorted list.
4. The method for controlling browsing permission based on blockchain according to claim 1, wherein the step of forming the client registration information, the server identifier, and the data resource attribute of the server into blockdata synchronized on the blockchain comprises:
receiving the file attribute of the data resource;
accepting creator information of the data resource;
accepting the access permission level of the data resource;
receiving an access white list of the data resource;
and receiving the data abstract of the data resource to form a data resource index value.
5. The method for controlling browsing permission based on blockchain according to claim 1, wherein the step of forming the client registration information, the server identifier, and the data resource attribute of the server into blockdata synchronized on the blockchain comprises:
setting an incentive counter of the client;
when the client successfully uploads the data resource to the server, an incentive counter of the client is accumulated;
when the client is the creator of the data resource at the same time, the incentive counter of the creator is accumulated when the data resource is downloaded;
when the data resource is reported successfully to have a defect, the excitation counter of the client side uploading the data resource is decremented;
and when the data resource is reported successfully to have a violation, the client permission for uploading the data resource is degraded.
6. The method as claimed in claim 1, wherein the receiving a client data resource request and issuing a data resource credential to the client according to the matching degree between the client registration information on the blockchain and the data resource access right in the data resource attribute comprises:
determining a client permission level and a target data resource access permission level according to the client request;
when the operation type of the client to the target data resource is matched with the result of the permission level matching, the request timestamp, the client identity information, the operation type, the target data resource index value and the access duration are signed by using the service identity information to form a data resource certificate;
and feeding back the data resource certificate to the client.
7. The method as claimed in claim 1, wherein the receiving a client data resource request and issuing a data resource credential to the client according to the matching degree between the client registration information on the blockchain and the data resource access right in the data resource attribute comprises:
determining a client permission level and a target data resource access permission level according to the client request;
when the operation type of the client to the target data resource is not matched with the result of the permission level matching, whether the client belongs to an access white list of the target data resource is checked;
when the client is checked to belong to the access white list of the target data resource, a data resource certificate is formed by signing a request timestamp, client identity information, an operation type, a target data resource index value and access duration by using service identity information;
when the client is checked not to belong to the access white list of the target data resource, waiting for the client to apply for authorization from a target data resource creator;
when the client provides the obtained signature authorization information provided by the target data resource creator, verifying the signature authorization information;
updating an access white list of the target data resource according to the encryption authorization information, and signing a request timestamp, client identity information, an operation type, a target data resource index value and access duration by utilizing service identity information to form a data resource certificate;
and feeding back the data resource certificate to the client.
8. A browsing permission control system based on a block chain is characterized by comprising:
a memory for storing program codes corresponding to the processing procedures of the browsing authority control method based on the block chain as claimed in any one of claims 1 to 7;
a processor for executing the program code.
9. A browsing permission control system based on a block chain is characterized by comprising:
the authority control block chain node is used for forming synchronous block data of client registration information, a server identifier and data resource attributes of the server on a block chain;
the client is used for requesting data resources from the server and acquiring target data resources of the server according to the acquired data resource voucher of the server;
and the server is used for issuing a data resource certificate to the client according to the matching degree of the client registration information in the block data and the data resource access authority in the data resource attribute.
10. A browsing permission control system based on a block chain is characterized by comprising:
the data block synchronization device is used for forming block data synchronized on a block chain by the client registration information, the server identification and the data resource attribute of the server;
and the authority interaction control device is used for receiving a client data resource request, issuing a data resource certificate to the client according to the matching degree of the client registration information on the block chain and the data resource access authority in the data resource attribute, and enabling the client to acquire the target data resource of the server through the data resource certificate.
CN202010402287.6A 2020-05-13 2020-05-13 Browsing permission control method and system based on block chain Pending CN111767551A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010402287.6A CN111767551A (en) 2020-05-13 2020-05-13 Browsing permission control method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010402287.6A CN111767551A (en) 2020-05-13 2020-05-13 Browsing permission control method and system based on block chain

Publications (1)

Publication Number Publication Date
CN111767551A true CN111767551A (en) 2020-10-13

Family

ID=72719089

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010402287.6A Pending CN111767551A (en) 2020-05-13 2020-05-13 Browsing permission control method and system based on block chain

Country Status (1)

Country Link
CN (1) CN111767551A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113010600A (en) * 2021-02-02 2021-06-22 腾讯科技(深圳)有限公司 Data management system, method, related device and medium based on block chain
CN113378240A (en) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
CN113643006A (en) * 2021-10-13 2021-11-12 江苏荣泽信息科技股份有限公司 Online electronic license obtaining system and method based on block chain

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107480555A (en) * 2017-08-01 2017-12-15 中国联合网络通信集团有限公司 Database-access rights control method and equipment based on block chain
CN108965299A (en) * 2018-07-19 2018-12-07 清华大学 A kind of data access method, access verifying equipment and data-storage system
CN109241753A (en) * 2018-08-09 2019-01-18 南京简诺特智能科技有限公司 A kind of data sharing method and system based on block chain
CN109347941A (en) * 2018-10-10 2019-02-15 南京简诺特智能科技有限公司 A kind of data sharing platform and its implementation based on block chain
CN109729168A (en) * 2018-12-31 2019-05-07 浙江成功软件开发有限公司 A kind of data share exchange system and method based on block chain
CN109787815A (en) * 2018-12-27 2019-05-21 云南财经大学 Government information resources shared system based on block chain
CN110109930A (en) * 2019-05-15 2019-08-09 山东省计算中心(国家超级计算济南中心) Government data storage, querying method and system based on block chain duplex structure
CN110636043A (en) * 2019-08-16 2019-12-31 中国人民银行数字货币研究所 File authorization access method, device and system based on block chain
CN110650139A (en) * 2019-09-25 2020-01-03 四川师范大学 Resource access control method and system of cloud platform
CN110888938A (en) * 2019-09-02 2020-03-17 腾讯科技(深圳)有限公司 Student identity information processing method and device based on block chain network

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107480555A (en) * 2017-08-01 2017-12-15 中国联合网络通信集团有限公司 Database-access rights control method and equipment based on block chain
CN108965299A (en) * 2018-07-19 2018-12-07 清华大学 A kind of data access method, access verifying equipment and data-storage system
CN109241753A (en) * 2018-08-09 2019-01-18 南京简诺特智能科技有限公司 A kind of data sharing method and system based on block chain
CN109347941A (en) * 2018-10-10 2019-02-15 南京简诺特智能科技有限公司 A kind of data sharing platform and its implementation based on block chain
CN109787815A (en) * 2018-12-27 2019-05-21 云南财经大学 Government information resources shared system based on block chain
CN109729168A (en) * 2018-12-31 2019-05-07 浙江成功软件开发有限公司 A kind of data share exchange system and method based on block chain
CN110109930A (en) * 2019-05-15 2019-08-09 山东省计算中心(国家超级计算济南中心) Government data storage, querying method and system based on block chain duplex structure
CN110636043A (en) * 2019-08-16 2019-12-31 中国人民银行数字货币研究所 File authorization access method, device and system based on block chain
CN110888938A (en) * 2019-09-02 2020-03-17 腾讯科技(深圳)有限公司 Student identity information processing method and device based on block chain network
CN110650139A (en) * 2019-09-25 2020-01-03 四川师范大学 Resource access control method and system of cloud platform

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
章峰;史博轩;蒋文保;: "区块链关键技术及应用研究综述", 网络与信息安全学报 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113010600A (en) * 2021-02-02 2021-06-22 腾讯科技(深圳)有限公司 Data management system, method, related device and medium based on block chain
CN113010600B (en) * 2021-02-02 2023-01-31 腾讯科技(深圳)有限公司 Data management system, method, related device and medium based on block chain
CN113378240A (en) * 2021-06-23 2021-09-10 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
CN113378240B (en) * 2021-06-23 2023-03-28 浪潮云信息技术股份公司 Synchronous calling user identity authentication method based on block chain
CN113643006A (en) * 2021-10-13 2021-11-12 江苏荣泽信息科技股份有限公司 Online electronic license obtaining system and method based on block chain

Similar Documents

Publication Publication Date Title
US10708070B2 (en) System and method for utilizing connected devices to enable secure and anonymous electronic interaction in a decentralized manner
Chen et al. Trust architecture and reputation evaluation for internet of things
CN111767527B (en) Block chain-based data authority control method and device and computer equipment
CN107967416B (en) Copyright right-maintaining detection method, device and system
CN113742782B (en) Block chain access authority control method based on privacy protection and block chain system
CN109327481B (en) Block chain-based unified online authentication method and system for whole network
CN105516110B (en) Mobile device security data transmission method
US11979392B2 (en) Systems and methods for managing device association
CN111767551A (en) Browsing permission control method and system based on block chain
US20220035950A1 (en) Privacy-preserving mobility as a service supported by blockchain
US11729175B2 (en) Blockchain folding
CN105450750A (en) Secure interaction method for intelligent terminal
CN111611554B (en) Drawing file circulation and tracing system and method based on alliance block chain
CN113360458B (en) Distributed file storage sharing system based on alliance chain
CN114547636A (en) Distributed account book system
Jeong et al. An efficient authentication scheme to protect user privacy in seamless big data services
CN113645039A (en) Communication information transmission system and method based on different authorities
EP3817320B1 (en) Blockchain-based system for issuing and validating certificates
Guo et al. Using blockchain to control access to cloud data
CN112311830B (en) Cloud storage-based Hadoop cluster multi-tenant authentication system and method
Yoon et al. Blockchain-based object name service with tokenized authority
Xiong et al. BDIM: A Blockchain-Based Decentralized Identity Management Scheme for Large Scale Internet of Things
CN117118640A (en) Data processing method, device, computer equipment and readable storage medium
CN115563212A (en) Supply chain data management method, device, equipment and storage medium under cloud chain cooperation
Rech et al. A decentralized service-platform towards cross-domain entitlement handling

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination