CN115309433B - Intelligent contract upgrading method and system based on block chain for role authority management - Google Patents

Intelligent contract upgrading method and system based on block chain for role authority management Download PDF

Info

Publication number
CN115309433B
CN115309433B CN202211244143.8A CN202211244143A CN115309433B CN 115309433 B CN115309433 B CN 115309433B CN 202211244143 A CN202211244143 A CN 202211244143A CN 115309433 B CN115309433 B CN 115309433B
Authority
CN
China
Prior art keywords
account
contract
authority
role
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211244143.8A
Other languages
Chinese (zh)
Other versions
CN115309433A (en
Inventor
高瑞芳
罗昌焕
周晓阳
吕明
刘旭
包岩
俞璐璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Mobile Information System Integration Co ltd
Original Assignee
Jiangsu Mobile Information System Integration Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Mobile Information System Integration Co ltd filed Critical Jiangsu Mobile Information System Integration Co ltd
Priority to CN202211244143.8A priority Critical patent/CN115309433B/en
Publication of CN115309433A publication Critical patent/CN115309433A/en
Application granted granted Critical
Publication of CN115309433B publication Critical patent/CN115309433B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/542Event management; Broadcasting; Multicasting; Notifications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a role authority management intelligent contract upgrading method and system based on a block chain, and belongs to the technical field of block chains. At least comprises the following steps: creating a role management logic intelligent contract, creating a data logic intelligent contract, creating a service logic intelligent contract, deploying to a block chain according to nodes and creating a third party service intelligent contract; at least four role accounts are introduced, corresponding responsibility and authority are given to each role, authorization and management operations of each role are programmed into an intelligent contract in a code mode and an interface is provided for external calling of a third-party intelligent contract, and therefore data storage and query on a block chain are guaranteed to be safe, controllable and credible in sharing. The data risk on the block chain is solved, and the alliance chain mechanism is protected from being attacked.

Description

Block chain-based role authority management intelligent contract upgrading method and system
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a method and a system for upgrading a role authority management intelligent contract based on a block chain.
Background
An intelligent contract is a set of performable commitments written in a computer programming language, including agreements on which the contracts participants can execute the commitments, contracts that are automatically executed by programs running in blockchains in the computer language in place of the terms of the contract language records. Due to the characteristics of decentralized, non-falsifiable, transparent and traceable block chain and the like, the block chain realizes the conversion and automatic execution of a user from a trusted third party organization to a trusted contract per se and from a trusted participant to a trusted code. The operation process of the blockchain intelligent contract is intelligent contract writing-compiling-deploying to blockchain-executing.
The block chain realizes circulation, sharing and verification of data among distributed data sources by means of an intelligent contract, so that the safety boundary of original centralized data management is broken inevitably, and the safety risk of the data in the sharing process is increased. Unauthorized sharing of data can affect the data security of the users on the chain and can cause serious security threat to the organizations in the alliance chain. The safe and controllable data resource circulation and sharing are realized through the intelligent contract, and if an intelligent contract mechanism with controllable role authority and operation is lacked, the data is easily stolen and tampered by illegal accounts or institution accounts on the chain.
In addition, once the intelligent contract is deployed, the intelligent contract runs in a plurality of nodes in the blockchain network, the source code of the intelligent contract cannot be directly changed, and developers cannot flexibly update the program frequently like a centralized application program, repair bugs or introduce new functions.
Disclosure of Invention
The invention provides a role authority management intelligent contract upgrading method and system based on a block chain to solve the technical problems in the background technology.
The invention is realized by adopting the following technical scheme: the intelligent contract upgrading method based on block chain role authority management at least comprises the following steps:
creating a role management logic intelligent contract: establishing a minimum set of role accounts based on business requirements, and establishing authority relationships among elements in the minimum set of role accounts;
the role management logic intelligent contract is designed in a layered mode and is divided into a business logic layer contract and a data processing layer contract; the business logic layer is a processing interface which is about the business requirement of the third-party intelligent contract, a contract calling function is generated based on the business requirement, and a corresponding authority and an account address are given to the specified role account; compiling a contract calling function to a processing interface in a compiling code mode to obtain a corresponding contract address on a chain; the data processing layer contract defines a data structure based on a contract calling function, and the data structure is used for storing and inquiring the contract calling function;
when the service requirement is changed, the processing interface updates the contract calling function based on the changed service requirement, and the contract calling function is compiled again to the corresponding processing interface in a compiling code mode based on the updated contract calling function, so that an updated on-chain contract address is obtained; and the third party intelligent contract transmits the updated on-chain contract address.
In a further embodiment, generating the contract call function further comprises: creating a permission checking function; the authority check function judges whether the account address has the operation authority for executing the corresponding operation item or not based on the account address and the required operation item constant; if the contract calling function has the authority, allowing the contract calling function to be continuously executed, if the contract calling function does not have the authority, forbidding the contract calling function to be executed, and generating illegal calling event broadcasting of the contract calling function;
wherein the account address is an original user address, denoted as tx.
In a further embodiment, the minimum set of role accounts includes at least: a super administrator account, an institutional committee account, an accreditation account, and a general account;
the rights relationships are as follows:
the super administrator account has the highest authority, is set to specify a subject institution and a corresponding authority based on business requirements, and is defined as an institution committee account and an authority account; assigning operation authority to the institution committee account and the authorized institution account, and modifying the contract address on the chain;
the authority of the institutional committee account is: giving operation authority and starting/forbidding to the main body mechanism under the name and the authorized mechanism account corresponding to the main body mechanism;
the authority account permissions are: and giving operation authority and starting/stopping to the authority under the name of the authority.
In a further embodiment, the contract call function is generated by a hypervisor account, the contract call function including at least: and endowing a role operation function to the roles in the minimum set of the role accounts, endowing an adding/deleting role function to the roles in the minimum set of the non-role accounts, and configuring a corresponding role permission function.
In a further embodiment, the role operation functions include at least: an operating function on an institutional commission account, an operating function on an accredited institution account;
the operating functions of the institutional committee account include at least: determining whether the function is an institutional committee account function, a delete institutional committee account function, an add institutional committee account function, and a get institutional committee account data array length function and a get institutional committee account address index function.
In a further embodiment, the operating function of the authority account includes at least: and judging whether the function is an authority account function, adding an authority account function, deleting the authority account function, acquiring an authority account data length function and returning the authority data array length.
In a further embodiment, if the account required by the service does not belong to the current role account set, the super administrator account generates a role adding function, so that the account required by the service is added to the role account set in a role form; inputting a corresponding account address and giving a role authority constant;
if the current role account set has accounts except the accounts required by the service, the super administrator account generates a role deleting function, so that the accounts except the accounts required by the service, the corresponding account addresses and the role authority constants are deleted from the current role account set.
In a further embodiment, the common account is a common external account on the blockchain, and is composed of a public key and a private key pair.
The intelligent contract upgrading system based on the role authority management of the block chain is used for realizing the intelligent contract upgrading method, and comprises the following steps:
a first module configured to create a role management logic intelligence contract: establishing a minimum set of role accounts based on business requirements, and establishing authority relationships among elements in the minimum set of role accounts;
the second module is set to divide the role management logic intelligent contract into a business logic layer contract and a data processing layer contract by adopting a layered design; the business logic layer is provided with a processing interface about the business requirement of the third-party intelligent contract, a contract calling function is generated based on the business requirement, and a corresponding authority and an account address are given to the designated role account; compiling a contract calling function to a processing interface in a compiling code mode to obtain a corresponding contract address on a chain; the data processing layer contract defines a data structure based on a contract calling function, and the data structure is used for storing and inquiring the contract calling function;
the third module is set to update the contract calling function based on the changed service demand and compile the contract calling function to the corresponding processing interface again in the form of compiling codes based on the updated contract calling function when the service demand is changed, and obtain the updated on-chain contract address; and the third-party intelligent contract transmits the updated on-chain contract address.
The invention has the beneficial effects that: according to the method, the role operation binary group of the super administrator account, the institution committee account, the authorization institution account and the common account is added, corresponding responsibility and authority are endowed to each role, the authorization and management operation of each role is programmed into the intelligent contract in a code mode and an interface is provided for the external calling of a third-party intelligent contract, and therefore data storage and query safety and controllability as well as credible sharing on a block chain are guaranteed. The data risk on the block chain is solved, and the alliance chain mechanism is protected from being attacked.
The role authority management intelligent contract is divided into a service logic intelligent contract and a data logic intelligent contract according to the idea of layering, when a service is changed, only a calling address needs to be replaced by a redeployed service logic intelligent contract link address, and the data logic intelligent contract does not need to be updated, so that the atomicity of data operation is ensured, and the cost and the difficulty of online updating and iterative deployment of the intelligent contract are greatly reduced. The problem of difficult contract upgrading is solved, and the method has strong universality and upgradability.
Drawings
FIG. 1 is a diagram of the various dependencies between role rights management intelligence contracts.
FIG. 2 is a diagram of deployment and invocation logical relationships of role rights intelligence contracts.
FIG. 3 is a role management logic intelligent contract layering logic.
Detailed Description
The well-known property Wallet event, in which a hacker steals 150000 ETH, exploits a vulnerability of a smart contract in a property multiple Wallet to steal funds in the Wallet. If during a hacking process, smart contracts to fix vulnerabilities can be deployed quickly, the loss will be greatly reduced. Therefore, a flexible intelligent contract upgrading strategy is designed, and the safety and the expansibility of the block chain are improved.
Management intelligent contract implementation for operating and maintaining authority is already available in the industry at present, such as Role intelligent contract libraries of DSAuth and OpenZepplin, but authority management logics of the intelligent contract implementation are poor in expandability and do not support contract hierarchical updating, flexible Role authority control cannot be perfectly solved, and meanwhile, a lowest-cost scalable intelligent contract strategy is considered.
Example 1
The embodiment discloses an intelligent contract code library based on role and authority management, and by using a logic and data layering design mode, the method helps to solve the problems of controllable authority during block chain data sharing and world state change, data security query and block chain account book management writing, and can quickly realize quick update of an iterative version of an intelligent contract on a block chain with minimum cost for business change.
The intelligent contract upgrading method based on block chain role authority management, as shown in fig. 1 and fig. 2, at least includes the following steps:
step one, establishing a role management logic intelligent contract;
step two, as shown in fig. 3, the role management logic intelligent contract is designed in a layered manner and is divided into a business logic layer contract and a data processing layer contract; the business logic layer is a processing interface which is about the business requirement of the third-party intelligent contract, a contract calling function is generated based on the business requirement, and a corresponding authority and an account address are given to the specified role account; compiling a contract calling function to a processing interface in a compiling code mode to obtain a corresponding contract address on a chain; the data processing layer contract defines a data structure based on a contract calling function, and the data structure is used for storing and inquiring the contract calling function;
step three, when the business requirement is changed, the processing interface updates a contract calling function based on the changed business requirement, the contract calling function is compiled again to a corresponding processing interface in a compiling code mode based on the updating contract, and an updated chain contract address is obtained; and the third-party intelligent contract transmits the updated on-chain contract address.
The first step specifically comprises the following steps: creating a minimal set of role accounts comprising the following four: a super administrator account, an institutional committee account, an accredited account, and a general account. The above role account minimum set is the minimum set required by this embodiment, and the roles may be extended according to actual requirements, for example, the role of the read-only user may be added according to requirements, so as to implement allocation and control of contract-related permissions. For example, mobile points, unicom points, telecommunication points and supermarket points are exchanged for coupons, and the method is realized through the traditional database technology, and similar mobile points, unicom points, telecommunication points and supermarket points are gathered on a platform and communicated with merchants such as KFC and Meudonia. Internal contract data between sponsoring agencies such as mobile, unicom, telecom, supermarket, etc. and authorising agencies such as KFC, mcdonald's, etc. are associated and distributed in different nodes in the blockchain network, the data security is not controllable and the flexibility is low when changes are required.
Therefore, by using the method in the embodiment, the current third party intelligently combines to put forward service requirements: the credit of the telecom operator can be exchanged for the catering type use ticket. And establishing a role management logic intelligent contract based on the service requirement, wherein the role management logic intelligent contract comprises the following roles: a super administrator account, an institutional committee account, an accredited account, and a general account. The super administrator account has the highest authority, and the manufacturer (mobile, unicom, telecom, supermarket, etc.) needing to join in credit clearing is designated as the host institution and is defined as the institution committee account. Correspondingly, to match the business needs, the super administrator account or defined institutional committee account may also designate merchants (e.g., KFC, mcdonald's) that need to redeem points as authorized institution accounts.
Furthermore, the contract calling function in the step two is generated based on each role account, that is, the number, type and authority corresponding to the role account are defined through the contract calling function so as to meet the service requirement.
Based on the above description, the definition of the authority and authority relationship of the contract call function to the super administrator account, the institutional commission account, the authority account, and the general account is as follows:
the super administrator account has the highest authority, is set to specify a subject institution and a corresponding authority based on business requirements, and is defined as an institution committee account and an authority account; assigning operational authority to the institution committee account and the authority account, and modifying the contract address on the chain;
the authority of the institutional committee account is: giving operation authority and starting/forbidding to the main body mechanism under the name and the authorized mechanism account corresponding to the main body mechanism; in further embodiments, institutional commission accounts are added by the super administrator account via role management logic intelligence contracts, and mobile, unicom, telecommunications, supermarket, etc. are defined as institutional commission accounts by the definition of institutional commission accounts/super administrator accounts.
The authority account permissions are: and giving operation authority and starting/stopping to the authority under the name of the authority. The authorized institution accounts are added by the super administrator account through business logic layer contracts, the KFC and the Meudonia are defined by the institution committee accounts, designated authorities are granted, namely the authorized institution committee accounts (KFC and the Meudonia) can realize exchange logic between the credit manufacturer and the merchant through business logic layer contracts, and credit data are saved in the data processing layer contracts.
The common account is a common external account on the block chain, is composed of a public key and a private key pair, and has no specified authority. The user entity corresponds to a common account on the blockchain, and generally only calls an acquisition method of a data processing layer contract to acquire a data query result, such as a user querying a point balance and an exchange condition of the user.
In summary, the right representation of each role account is quadratic, i.e. possessed/not possessed.
Thus, a contract-call function is generated by a hypervisor account, wherein the contract-call function includes at least: and endowing roles in the minimum set of the role accounts with role operation functions, endowing roles in the minimum set of the non-role accounts with addition/deletion role functions, and configuring corresponding role authority functions.
Endowing the roles of the minimum set of the non-role accounts with an adding/deleting role function, and configuring the corresponding role authority function to be expressed as follows: if the account required by the service does not belong to the current role account set, the super administrator account generates a role adding function, so that the account required by the service is added to the role account set in a role form; inputting a corresponding account address and a constant value of the role authority;
if the account except the account required by the service exists in the current role account set, the super administrator account generates a role deleting function, so that the account except the account required by the service, the corresponding account address and the role authority constant are deleted from the current role account set.
In other words, the role adding operation function compares the input account address with the role constant to determine whether a role needs to be added, and if so, executes the corresponding function command.
And the role operation function is deleted by comparing the input account address with the role constant to judge whether the role needs to be deleted, and if so, executing a corresponding function instruction.
The account-role pairing function is to judge whether the account belongs to a certain role function or not by comparing the input account address with the role constant.
The role operation function assigned to the role in the minimum set of role accounts is embodied as follows: based on the role management logic intelligent contract as the global role authority judgment, the role operation function at least comprises: an operating function with respect to institutional committee accounts, an operating function with respect to authorized institution accounts. In other words, the role management logic intelligent contract is used as an interface for data interaction on the block chain in the step, namely, related logic operations of adding, deleting and modifying institution committee accounts and authority accounts and data change are all realized through business logic layer contract.
Further, the operating functions of the institutional commission account include at least: determining whether the function is an institutional committee account function, a delete institutional committee account function, an add institutional committee account function, and a get institutional committee account data array length function and a get institutional committee account address index function.
It should be noted that the role of the length function of the array of acquisition institutional commission account data is to acquire the number of institutional commission accounts; the acquisition institutional committee account address indexing function is directed to acquiring a linked contract address for an institutional committee account.
The operating functions of the authority account include at least: and judging whether the function is an authority account function, adding an authority account function, deleting the authority account function, acquiring an authority account data length function and returning the authority data array length. Correspondingly, the function of acquiring the length function of the authority account data array is to acquire the number of the authority accounts; the get authority account address index function is intended to get the chain contract address of the authority account.
In other words, the role-based management logic intelligence contract is divided into a business logic layer contract regarding a role and a data logic layer contract corresponding to the business logic layer contract. The data processing layer contract is used for storing and inquiring the contract calling function based on the contract calling function definition data structure, and is not directly butted with a third party intelligent contract. The various dependencies between role rights management intelligent contracts are shown in fig. 1.
Programming a contract calling function to a processing interface in a compiling code mode, and obtaining a corresponding contract address on the chain to further express that: and a block chain application network is built, a block chain alliance chain of at least 3 nodes is created, and communication, consensus and data synchronization among all the nodes are ensured to be in a healthy and normal state. And writing a role management logic intelligent contract by using a smart contract SDK tool provided by the blockchain and using a language of gender or go, and deploying the role management logic intelligent contract into the blockchain network node to obtain a linked contract address related to the role account. And meanwhile, compiling the block chain traced business requirement into a code and deploying the code into a corresponding node by compiling the corresponding address by using a ontology or go language based on the chain contract address corresponding to the role account in the business logic layer contract. For example, a block chain tracing service intelligent contract introduces a chain contract address of a service logic layer contract, and the chain contract address is used as an external call and compiled and deployed in a block chain node. The deployment and invocation logic of the role rights intelligence contract is shown in fig. 2.
In this embodiment, the deployment account of the intelligent contract is a super administrator account, and the super administrator account initializes the authority role account and the operation authority thereof by calling the role management logic intelligent contract initialization authority committee role account and the operation authority thereof.
In summary, the service logic layer Contract (Controller Contract): and providing a service logic processing interface for the outside, and packaging the method for calling the data read-write contract without directly accessing and storing the data.
Data processing layer Contract (Data Contract): realizing defining a data structure, carrying out logic processing on data storage and returning a result, providing data query logic and returning a result, and providing a contract method for upper-layer service logic contract calling;
role management logic intelligence Contract (Role Contract): the contract is used as an entrance for calling a business logic contract, and whether roles of different calling parties have operation authorities for operating a business logic contract method or not is judged.
Based on the embodiment, the role authority management intelligent contract upgrading method has the advantages that:
1. the rule of the point exchange is defined in Controller Contract, the exchange rule is various and is changed and adjusted frequently, the traditional intelligent Contract mode is not flexible enough, and the exchange rule can not be updated and modified.
2. After the role authority management intelligent Contract upgrading method is adopted, the scene of the exchange rule modification can be solved only by upgrading the Controller Contract, the Data Contract is kept unchanged, the integral Data is not required to be changed, and only the authority and the rule of the integral exchange can be changed.
Example 2
This embodiment further discloses an embodiment, based on the description of embodiment 1, further including:
generating a contract calling function further comprises: and creating an authority check function as a function for checking the operation authority globally at the entrance of the call. Inputting an account address and an operation item constant, and judging whether the current input account address has an operation authority for executing a corresponding operation item; if the authority is provided, the contract calling function is allowed to continue executing, if the authority is not provided, the contract calling function is prohibited from executing, and illegal calling event broadcasting of the contract calling function is generated. Wherein, the operation item constant comprises adding items, deleting items, changing items and inquiring items.
Wherein the account address is an original user address, denoted as tx. All rights are verified by taking the tx.origin address of the most original user as a judgment standard, and the msg.sender is not simply relied on, so that the real rights of the calling address are guaranteed to be tracked; by the method, the distribution and control of the user authority are realized, the account of the specific account address (tx. Origin) has the specific authority, the authority layering is realized, the condition that data is visible to all users is avoided, a data isolation mechanism is formed, and the risk of data leakage is avoided.
When the role management logic intelligent contract is changed, the corresponding compiled code is changed based on the service requirement, and the compiled code is redeployed to the node of the block chain application network based on the modified compiled code, so as to obtain the new address of the updated role management logic intelligent contract. The business contract and data contract hierarchical design logic is shown in fig. 3.
The specific upgrading process is as follows:
1. and updating contract calling function codes matched with the role management logic intelligent contract, compiling and deploying the contract calling function codes to the block chain, and acquiring a new contract address.
2. The business logic layer contract and the data processing layer contract are not changed, the original contract address is still used for storage, and data are not changed.
3. And calling the upgraded intelligent contract of the role management logic, namely a contract calling function, by means of an SDK (software development kit) and the like, accessing a service logic layer contract and a data processing layer contract, realizing the separation of authority and data, and modifying the access authority under the condition that the data is not changed.
Example 3
The embodiment discloses a role authority management intelligent contract upgrading system based on a block chain, which is used for realizing the intelligent contract upgrading method described in the embodiments 1 to 2, and comprises the following steps: a first module configured to create a role management logic intelligence contract: establishing a minimum set of role accounts based on business requirements, and establishing authority relationships among elements in the minimum set of role accounts;
the second module is set to divide the role management logic intelligent contract into a business logic layer contract and a data processing layer contract by adopting a layered design; the business logic layer is provided with a processing interface about the business requirement of the third-party intelligent contract, a contract calling function is generated based on the business requirement, and a corresponding authority and an account address are given to the designated role account; compiling a contract calling function to a processing interface in a compiling code mode to obtain a corresponding contract address on a chain; the data processing layer contract defines a data structure based on a contract calling function, and the data structure is used for storing and inquiring the contract calling function;
the third module is set to update the contract calling function based on the changed service demand and compile the contract calling function to the corresponding processing interface again in the form of compiling codes based on the updated contract calling function when the service demand is changed, and obtain the updated on-chain contract address; and the third-party intelligent contract transmits the updated on-chain contract address.

Claims (8)

1. The intelligent contract upgrading method based on the block chain role authority management is characterized by at least comprising the following steps:
creating a role management logic intelligent contract: establishing a minimum set of role accounts based on business requirements, and establishing authority relations among elements in the minimum set of the role accounts; the minimum set of role accounts at least comprises: a super administrator account, an institutional committee account, an accreditation account, and a general account; the authority relationship is as follows:
the super administrator account has the highest authority, is set to specify a subject institution and a corresponding authority based on business requirements, and is defined as an institution committee account and an authority account; assigning operation authority to the institution committee account and the authorized institution account, and modifying the contract address on the chain;
the authority of the institutional committee account is: giving operation authority and starting/forbidding to the main body mechanism under the name and the authorized mechanism account corresponding to the main body mechanism;
the authority account permissions are: giving operation authority and starting/disabling to the authority under the name;
the role management logic intelligent contract is designed in a layered mode and is divided into a business logic layer contract and a data processing layer contract; the business logic layer is a processing interface which is about the business requirement of the third-party intelligent contract, a contract calling function is generated based on the business requirement, and a corresponding authority and an account address are given to the specified role account; compiling a contract calling function to a processing interface in a compiling code mode to obtain a corresponding contract address on a chain; the data processing layer contract defines a data structure based on a contract calling function, and the data structure is used for storing and inquiring the contract calling function;
when the service requirement is changed, the processing interface updates a contract calling function based on the changed service requirement, and the contract calling function is compiled again to the corresponding processing interface in a compiling code mode based on the updating contract, so that an updated on-chain contract address is obtained; and the third-party intelligent contract transmits the updated on-chain contract address.
2. The intelligent contract upgrading method for block chain-based role authority management according to claim 1, wherein generating the contract calling function further comprises: creating an authority check function; the authority check function judges whether the account address has the operation authority for executing the corresponding operation item or not based on the account address and the required operation item constant; if the contract calling function has the authority, allowing the contract calling function to be continuously executed, if the contract calling function does not have the authority, forbidding the contract calling function to be executed, and generating illegal calling event broadcasting of the contract calling function;
wherein the account address is an original user address, denoted as tx.
3. The intelligent contract upgrade method for block chain based role authority management according to claim 1, wherein the contract calling function is generated by a super administrator account, the contract calling function at least comprises: and endowing roles in the minimum set of the role accounts with role operation functions, endowing roles in the minimum set of the non-role accounts with addition/deletion role functions, and configuring corresponding role authority functions.
4. The intelligent contract upgrading method for block chain-based role authority management according to claim 3, wherein the role operation function at least comprises: an operating function on an institutional commission account, an operating function on an accredited institution account;
the operating functions of the institutional committee account include at least: determining whether the function is an institutional committee account function, a delete institutional committee account function, an add institutional committee account function, and a get institutional committee account data array length function and a get institutional committee account address index function.
5. The intelligent contract upgrading method for block chain-based role authority management according to claim 4, wherein the operation function of the authority account at least comprises: and judging whether the function is an authority account function, adding an authority account function, deleting the authority account function, acquiring an authority account data length function and returning the authority data array length.
6. The intelligent contract upgrading method for role authority management based on the block chain according to claim 3, wherein if the account required by the service does not belong to the current role account set, the super administrator account generates a role adding function to add the account required by the service to the role account set in a role form; inputting a corresponding account address and giving a role authority constant;
if the account except the account required by the service exists in the current role account set, the super administrator account generates a role deleting function, so that the account except the account required by the service, the corresponding account address and the role authority constant are deleted from the current role account set.
7. The intelligent contract upgrading method for role authority management based on blockchain according to claim 1, wherein the common account is a common external account on the blockchain and is composed of a public key and a private key pair.
8. A block chain-based role authority management intelligent contract upgrading system for realizing the intelligent contract upgrading method according to any one of claims 1 to 7, which is characterized by comprising the following steps:
a first module configured to create a role management logic intelligence contract: establishing a minimum set of role accounts based on business requirements, and establishing authority relationships among elements in the minimum set of role accounts; the minimum set of role accounts at least comprises: a super administrator account, an institutional committee account, an accreditation account, and a general account; the rights relationships are as follows:
the super administrator account has the highest authority, is set to specify a subject institution and a corresponding authority based on business requirements, and is defined as an institution committee account and an authority account; assigning operation authority to the institution committee account and the authorized institution account, and modifying the contract address on the chain;
the authority of the institutional committee account is: giving operation authority and starting/forbidding to the main body mechanism under the name and the authorized mechanism account corresponding to the main body mechanism;
the authority account rights are: giving operation authority and starting/disabling to the authority under the name;
the second module is arranged to divide the role management logic intelligent contract into a business logic layer contract and a data processing layer contract by adopting a layered design; the business logic layer is provided with a processing interface about the business requirement of the third-party intelligent contract, a contract calling function is generated based on the business requirement, and a corresponding authority and an account address are given to the designated role account; compiling a contract calling function to a processing interface in a compiling code mode to obtain a corresponding contract address on a chain; the data processing layer contract defines a data structure based on a contract calling function, and the data structure is used for storing and inquiring the contract calling function;
the third module is set to update the contract calling function based on the changed service demand and compile the contract calling function to the corresponding processing interface again in the form of compiling codes based on the updated contract calling function when the service demand is changed, and obtain the updated on-chain contract address; and the third-party intelligent contract transmits the updated on-chain contract address.
CN202211244143.8A 2022-10-12 2022-10-12 Intelligent contract upgrading method and system based on block chain for role authority management Active CN115309433B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211244143.8A CN115309433B (en) 2022-10-12 2022-10-12 Intelligent contract upgrading method and system based on block chain for role authority management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211244143.8A CN115309433B (en) 2022-10-12 2022-10-12 Intelligent contract upgrading method and system based on block chain for role authority management

Publications (2)

Publication Number Publication Date
CN115309433A CN115309433A (en) 2022-11-08
CN115309433B true CN115309433B (en) 2022-12-20

Family

ID=83867845

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211244143.8A Active CN115309433B (en) 2022-10-12 2022-10-12 Intelligent contract upgrading method and system based on block chain for role authority management

Country Status (1)

Country Link
CN (1) CN115309433B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110334525A (en) * 2019-05-23 2019-10-15 积惠多(北京)科技有限公司 One kind being based on block chain multilayer alliance formula account management system and method
CN110348202A (en) * 2019-07-12 2019-10-18 北京物资学院 A kind of mutual role help system and method based on block chain intelligence contract
WO2021132454A1 (en) * 2019-12-26 2021-07-01 シビラ株式会社 Transaction delegation method, transaction delegation system, and computer program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110334525A (en) * 2019-05-23 2019-10-15 积惠多(北京)科技有限公司 One kind being based on block chain multilayer alliance formula account management system and method
CN110348202A (en) * 2019-07-12 2019-10-18 北京物资学院 A kind of mutual role help system and method based on block chain intelligence contract
WO2021132454A1 (en) * 2019-12-26 2021-07-01 シビラ株式会社 Transaction delegation method, transaction delegation system, and computer program

Also Published As

Publication number Publication date
CN115309433A (en) 2022-11-08

Similar Documents

Publication Publication Date Title
CN110348202B (en) Role access control system and method based on intelligent contract of block chain
US8893298B2 (en) Network linker for secure execution of unsecured apps on a device
CN101196974B (en) Method and system for auto-configuratoin of software application program
US8955142B2 (en) Secure execution of unsecured apps on a device
US9542552B2 (en) Extensible platform for securing apps on a mobile device using policies and customizable action points
US7490333B2 (en) Capability-based access control for applications in particular co-operating applications in a chip card
US20040176968A1 (en) Systems and methods for dynamically configuring business processes
US20130247027A1 (en) Distribution and installation of solidified software on a computer
CN1989472A (en) A generic declarative authorization scheme for java
US20040193917A1 (en) Application programming interface to securely manage different execution environments
CN103544447A (en) Method and terminal for preventing leakage of confidential information according to Android system
CN113297550A (en) Authority control method, device, equipment, storage medium and program product
KR20200094618A (en) Method for auditing source code using smart contract similarity analysis and apparatus thereof
CN110727930B (en) Authority control method and device
CN104462982A (en) Combining algorithm of cross application shared delegated strategy object, object definition and decision
CN103885784B (en) Method for establishing Android platform with security module and plugging function
US20240095402A1 (en) Methods and Systems for Recursive Descent Parsing
Karjoth et al. A security model for aglets
CN115309433B (en) Intelligent contract upgrading method and system based on block chain for role authority management
CN111813836A (en) Method for improving Ethereum block chain system expansibility
CN113904875B (en) Multi-chain fusion authority control system based on block chain
KR102247233B1 (en) Method for auditing smart contract with multi layer and apparatus thereof
US20120240097A1 (en) Method of providing software development services
Gorla et al. Enforcing security policies via types
Lee et al. SWC-based smart contract development guide research

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant