CN107911373B - A kind of block chain right management method and system - Google Patents
A kind of block chain right management method and system Download PDFInfo
- Publication number
- CN107911373B CN107911373B CN201711193847.6A CN201711193847A CN107911373B CN 107911373 B CN107911373 B CN 107911373B CN 201711193847 A CN201711193847 A CN 201711193847A CN 107911373 B CN107911373 B CN 107911373B
- Authority
- CN
- China
- Prior art keywords
- permission
- transaction
- block
- modification
- promoter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/90—Buffering arrangements
- H04L49/9015—Buffering arrangements for supporting a linked list
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The invention discloses a kind of block chain right management method and systems, this method comprises: the permission modification transaction that identification user sends;Wherein, the content of permission modification transaction includes promoter, change permission user, need to change permission and corresponding change authority credentials;Judge whether the promoter in permission modification transaction has permission modification permission;If promoter has permission modification permission, the authority credentials that each of change permission user need to change permission is revised as corresponding change authority credentials, and by the permission modification transaction record after execution into block;It knows together to the transaction in block, corresponding permission modification transaction comes into force in block after common recognition passes through.The rights management of this method directly carries out in block chain, and without outside plant, and Deep integrating is into block chain, comprehensive permission control can be carried out to block chain, need to be known together by the whole network to the change of permission, and be recorded in block chain, it distort change record can not, convenient for audit.
Description
Technical field
The present invention relates to block chain technical field, in particular to a kind of block chain right management method and system.
Background technique
The means that block chain passes through cryptography are that each participant establishes corresponding digital identity.The number of each participant
Identity is made of a pair of asymmetric public private key pair, and wherein public key can be generated by private key.Participant is using private key to Information Signature
After be sent to block chain, block chain recovers public key according to signature, and based on public key (or its abstract) identification participant, into one
Step authenticates the operation of participant.
Publicly-owned block chain needs to consume certain service charge, usually block chain when handling the information that participant provides
In token.Only participant has full-amount token deposit, and information can be charged to block chain.However, above-mentioned limited
In simple, more complicated application scenarios can not be adapted to.When block chain technology is applied in specific industry, participant is often
It is enterprise, the mechanism etc. in industry.For factors such as safety, performances, need to carry out more the permission of participant in block chain
For careful management.
Currently, being directed to above-mentioned application scenarios, it has been suggested that some digital right management schemes.The type and shortcoming of existing scheme
It is as follows:
The first, the control of access authority is realized by way of isolation.Specific implementation method includes but is not limited to: establishing
Virtual Private Network, the participant for being connectable to network node then have permission;Gateway is established in block chain periphery, only
It just can connect in block chain network by gateway, and carry out rights management in gateway.The crucial place of such scheme is permission
Management is undertaken by outside plant, is not carried out in block chain directly.It needs to undertake outside plant failure using such scheme, do evil
Etc. risks, therefore such scheme is mostly used in the higher scene of the degree of belief between participant.
The second, rights management is carried out using intelligent contract.The key of this scheme is rights management intelligence contract.This is intelligently closed
Identity and authority information are saved in about, other intelligent contracts pass through the interface for calling the intelligence contract during execution,
Realize the identification of permission.Authority information in this scheme and authentication logic realize in intelligent contract level, therefore can not be to low
It is controlled in the permission (such as transmission transaction, acquisition block chain state etc.) of intelligent contract level.It is needed using such scheme
Undertake the risks such as transaction flood attack (a large amount of useless transaction of record are in block chain).
Therefore, how to solve the above problems, realization carries out comprehensive configuration to the permission in block chain, is not limited only to intelligence
Energy contract level, does not need by outside plant yet, is those skilled in the art's technical issues that need to address.
Summary of the invention
The object of the present invention is to provide a kind of block chain right management method and system, realize to the permission in block chain into
The comprehensive configuration of row, is not limited only to intelligent contract level, does not also need by outside plant.
In order to solve the above technical problems, the present invention provides a kind of block chain right management method, which comprises
Identify the permission modification transaction that user sends;Wherein, the content of the permission modification transaction includes promoter, change
Permission user need to change permission and corresponding change authority credentials;
Judge whether the promoter in the permission modification transaction has permission modification permission;
If the promoter has permission modification permission, each of described change permission user need to be changed to the power of permission
Limit value is revised as corresponding change authority credentials, and by the permission modification transaction record after execution into block;
It knows together to the transaction in the block, corresponding permission modification is handed in the block after common recognition passes through
Easily come into force.
Optionally, described to judge whether the promoter in the permission modification transaction has permission modification permission, it wraps
It includes:
Newest block is obtained from block chain, and root of the check information as MPT tree is obtained from the newest block;
MPT tree is constructed using the root of the MPT tree, and obtains the corresponding permission letter of the promoter from the MPT tree
Breath;
Judge whether the promoter in the permission modification transaction has permission modification power according to the authority information
Limit.
Optionally, described to judge whether the promoter in the permission modification transaction has permission modification permission, it wraps
It includes:
Intelligent contract-defined interface is called to obtain the corresponding authority information of the promoter from database;
Judge whether the promoter in the permission modification transaction has permission modification power according to the authority information
Limit.
Optionally, the transaction in block is known together, the corresponding power in the block after common recognition passes through
Limit change transaction comes into force, comprising:
When receiving the block, whole transaction in the block are extracted;
Interim block is constructed on the basis of father's block of the block received, and in the interim block successively
Execute each transaction;
After the completion of all transaction execution, judge the authorization check information in the interim block whether with receive
The block in authorization check information it is consistent;
If consistent, the transaction verification in the block passes through, and knows together, when the common recognition passes through, the block
In corresponding permission modification transaction come into force.
Optionally, the permission modification transaction that the identification user sends, comprising:
Receive the transaction that user sends;
Judge whether the transaction has permission modification transaction setting mark;
If having, it is determined that the transaction is that permission modification is traded.
Optionally, the mode that permission saves in block chain, comprising:
Each authority information is handled using data summarization algorithm, generates the corresponding verification of each authority information
Information;
The critical field for increasing the check information in block structure, for recording the corresponding permission letter of each block
Breath.
Optionally, this method further include:
Identify the operation that user sends;
Judge whether the promoter of the operation has the permission for executing the operation;
If the promoter of the operation has the permission for executing the operation, the operation is executed.
The present invention also provides a kind of block chain Rights Management System, the system comprises:
Identification module, the permission modification transaction that user sends for identification;Wherein, the content packet of the permission modification transaction
It includes promoter, change permission user, permission and corresponding change authority credentials need to be changed;
Judgment module, for judging whether the promoter in the permission modification transaction has permission modification permission;
Permission modification execution module uses the change permission if having permission modification permission for the promoter
The authority credentials that each of family need to change permission is revised as corresponding change authority credentials, and the permission modification after execution is traded
It is recorded in block;
Common recognition module is right in the block after common recognition passes through for knowing together to the transaction in the block
The permission modification transaction answered comes into force.
Optionally, the judgment module, comprising:
Permission reading unit, for obtaining newest block from block chain;
Check information acquiring unit, for obtaining root of the check information as MPT tree from the newest block;
First authority information acquiring unit for constructing MPT tree using the root of the MPT tree, and is obtained from the MPT tree
Take the corresponding authority information of the promoter;
First judging unit, for judging that the promoter in the permission modification transaction is according to the authority information
It is no that there is permission modification permission.
Optionally, the judgment module, comprising:
Second authority information acquiring unit, it is corresponding for calling intelligent contract-defined interface to obtain the promoter from database
Authority information;
Second judgment unit, for judging that the promoter in the permission modification transaction is according to the authority information
It is no that there is permission modification permission.
A kind of block chain right management method provided by the present invention is by rights management Deep integrating in block chain.It is each
The secondary operation carried out to permission, is required to the whole network and reaches common understanding just come into force.It operates be packaged each time and is recorded in block chain
In, convenient for audit.Since Deep integrating is in block chain, in the process of implementation, can to the permission in block chain into
The comprehensive configuration of row, is not limited only to intelligent contract level, does not also need by outside plant.The present invention also provides a kind of blocks
Chain Rights Management System has above-mentioned beneficial effect, and details are not described herein.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The embodiment of invention for those of ordinary skill in the art without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 is the flow chart of block chain right management method provided by the embodiment of the present invention;
Fig. 2 is the structural block diagram of block chain Rights Management System provided by the embodiment of the present invention.
Specific embodiment
Core of the invention is to provide a kind of block chain right management method and system, and rights management is directly in block chain
Middle progress, without outside plant, and Deep integrating can carry out comprehensive permission control into block chain to block chain
System need to know together to the change of permission by the whole network, and be recorded in block chain, distort change record can not, convenient for audit.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Referring to FIG. 1, Fig. 1 is the flow chart of block chain right management method provided by the embodiment of the present invention;This method
May include:
The permission modification transaction that S100, identification user send;Wherein, the content of permission modification transaction includes promoter, becomes
More permission user need to change permission and corresponding change authority credentials.
It, can be to block since block chain right management method provided in this embodiment requires Deep integrating into block chain
Chain carries out comprehensive permission control, is only capable of realizing the rights management of block chain in intelligent contract level in the prior art to overcome
(i.e. can not be to permission lower than intelligent contract level, such as send transaction, obtain block chain state etc. and be controlled) either
By outside plant.Therefore the present embodiment increases a kind of i.e. permission modification transaction of new type of transaction in block chain, corresponding
In the operation of permission.When block chain receives the change request of permission, corresponding permission modification transaction can be generated.The permission becomes
More transaction can be similar with general transaction, will record the change historical record of authority information exists within a block after execution
In block chain, to audit.Simultaneously receipt (Receipt) can be generated as general transaction, so as to user can according to return
Hold whether the change transaction that defines the competence succeeds, i.e., the execution feelings that permission modification transaction is recognized at family in time can be used in the receipt
Condition.The present embodiment is traded by permission modification realizes that the change operation of authority information includes: increase, deletion, modification etc..Embodiment
In the permission that is related to may include rights management, deployment contract and send general transaction, be actually not limited to above-mentioned three
Kind, it might even be possible to including having the complicated permission of limitation (such as validity period).
Further, the present embodiment does not limit by way of sending permission modification transaction into block chain, such as can
To be to change to trade by external call interface sending permission, or pass through intelligent contract-defined interface sending permission change transaction.
Specifically, user can be by calling the external interface come operation permission information.Either user, which passes through, calls intelligent contract-defined interface,
Make intelligent contract during execution, by intelligent contract virtual machine come operation permission information.It, can be real by intelligent contract-defined interface
The automatic configuration of permission is now carried out using intelligent contract.Certainly as being not necessarily to automatic configuration, can not also provide has the function of this
Intelligent contract-defined interface.Other intelligent contracts on block chain, can be by the message call between contract, directly change, acquisition power
Limit information.The access interface of external user can be JSONRPC.Illustrate that permission modification is traded by taking JSONRPC interface as an example below
The concrete form of request.
JSONRPC interface requests example:
{"jsonrpc":"2.0","method":"get_permission","params":["0x123456789012
3456789012345678901234567890"],"id":1}
JSONRPC interface responds example:
{"jsonrpc":"2.0","id":1,"result":{"change_permission":false,"deploy_
contract":true,"send_transaction":false}}
Since permission modification transaction is similar with other general transactions, it is therefore desirable to so that block chain can recognize that the power
Limit change transaction.The present embodiment does not limit specific recognition methods.Such as it can be special by being added in permission modification is traded
Different mark is allowed to distinguish with general transaction, is also possible to trade corresponding special interface by sending the permission modification
The unique identification informations such as address are allowed to distinguish with general transaction.The present embodiment does not limit the type and form of mark, only
If can trade with permission modification has unique corresponding relation.I.e. optional, the permission modification that identification user sends is handed over
Easily may include:
Receive the transaction that user sends;
Judge whether transaction has permission modification transaction setting mark;
If having, it is determined that trade as permission modification transaction.
Specifically, the present embodiment does not limit the form of permission modification transaction setting mark.Such as it can be in transaction
Add special identifier position;Either according to the address etc. of the intelligent contract of calling.For example, user can directly transmit transaction, call
Interface in permission intelligence contract.Can distinguish whether the transaction is permission modification transaction according to the address for calling contract.Or user
Block chain is arrived in sending permission change transaction, which has special mark, so that block chain can recognize that the operation of the transaction
For permission modification.
The present embodiment is not defined the content and content format etc. that include in permission modification transaction, and user can be with
It is set according to the actual situation.But permission modification transaction at least needs to include the promoter of permission modification transaction, change
Permission user (external account address can be used to indicate in user i.e. to be changed), need to change permission (permission i.e. to be changed
Project, such as deployment contract, send transaction etc.), the change authority credentials (value of permission i.e. to be changed, such as True can be used
Or False is indicated).
S110, judge whether the promoter in permission modification transaction has permission modification permission.
Specifically, step S110 and S120 are specific implementation procedure of trading to permission modification.Wherein step S110 is main
It is to judge whether permission modification transaction initiator is legal, i.e., whether promoter has permission the change modification behaviour for executing block chain permission
Make.Only when permission modification transaction initiator is legal, specific change operation can be just executed.As permission modification transaction initiator
When illegal, then permission modification Fail Transaction.The present embodiment does not limit specific deterministic process, the process and authority information
Preservation form etc. is related.How permission is saved in such a application scenarios of block chain, such as how to maintain one
A authority list.In order to further ensure the reliability of rights management, the change record of authority information can be learned to do by password
Duan Jinhang protection, can not be tampered.It is also convenient for audit.Such as it is saved using a kind of data structure that can verify that of cryptography
Authority information.The data structure is saving except initial data, provides check information.Check information has the property that
First: identical initial data check information having the same;
Second: being difficult to construct matching initial data according to check information.
Wherein, information field is generated usually using the digest algorithm in cryptography.The check information conduct of authority information
Critical field is included in block structure.The meaning of critical field is: the field can be encoded into block data, and be used for
Generate the Hash of block.By above-mentioned design, the variation of authority information will lead to the variation of its check information, the change of check information
Change the variation that will lead to block data and its Hash.Therefore, can quickly check whether authority information is correct, makes by block Hash
Authority information is difficult to be tampered.Any block Hash that can result in can be used to occur to determine the method sexually revised to realize, such as
It is realized by Trie.Preferably, the mode of permission preservation may include: in block chain
Each authority information is handled using data summarization algorithm, generates the corresponding verification letter of each authority information
Breath;The critical field for increasing the check information in block structure, for recording the corresponding authority information of each block.In this way
The variation of corresponding check information in each block (i.e. the block correspond to critical field data) will lead to the block data and
The variation of its Hash.Therefore, can quickly check whether authority information is correct by block Hash, authority information is made to be difficult to be usurped
Change.Two kinds of optional embodiments are set forth below.
The first optionally judges whether the promoter in permission modification transaction there is permission modification permission may include:
Newest block is obtained from block chain, and root of the check information as MPT tree is obtained from newest block;
MPT tree is constructed using the root of MPT tree, and obtains the corresponding authority information of promoter from MPT tree;
Judge whether the promoter in permission modification transaction has permission modification permission according to authority information.
Wherein, the preservation form of the corresponding authority information of this kind of judgment mode can be such that
Using MPT (Merkle Patricia Trie) set save permissions data, and use the Hash of its root node as
The check information of permissions data.Block field (such as permissions field) is increased newly in block structure, for saving permission
The check information of data.The structure of permissions data can be the list based on user, list based on group etc., not limit herein
System.The permission being related to can be configured according to the characteristic of block chain, such as sent transaction, deployment contract, called read-only interface
Deng specifically with no restrictions.At this time according to the characteristic of block chain, the authority information in a certain block can be obtained, specific steps are such as
Under:
1, specified block is obtained from database (can determine specified area according to block number or block Hash
Block, specified block here can be newest block).
2, the value of permissions field is obtained from block critical field.
3, a Merkle Patricia Trie tree is constructed according to the value of permissions.
4, the corresponding authority information of promoter is obtained from Merkle Patricia Trie tree.
Second, optionally, judge whether the promoter in permission modification transaction there is permission modification permission may include:
Intelligent contract-defined interface is called to obtain the corresponding authority information of promoter from database;
Judge whether the promoter in permission modification transaction has permission modification permission according to authority information.
Wherein, this kind of judgment mode corresponding authority information is stored in intelligent contract.Specific embodiment is as follows:
1, it writes intelligent contract and is referred to as permission intelligence contract.
2, permission intelligence contract is written in wound generation block.
3, specific address is distributed for permission intelligence contract.
After above-mentioned steps, authority information will be saved in the memory block (storage) of permission intelligence contract.To power
The change of limit information will lead to the change of the contract memory block, so that State Tree (State Trie) is changed, so as to cause area
The Hash of block changes.In the present embodiment, State Tree can be used as the check information of permission.Due to using the shape of intelligent contract
Formula, external user search access right information can call directly the interface in permission intelligence contract.With common intelligent contract issuer
Formula is completely the same, and details are not described herein.It is following for can be used when controlling operation that authority information is obtained inside block chain
Two ways carries out.
First: in the execution of block chain internal simulation call, intelligent contract-defined interface being called to obtain authority credentials.
Second: simulating the execution of intelligent contract, authority credentials is directly obtained from database.
If S120, promoter have permission modification permission, will change each of permission user need to change the permission of permission
Value is revised as corresponding change authority credentials, and by the permission modification transaction record after execution into block.
Specifically, if promoter does not have permission modification permission, permission modification Fail Transaction, for complete documentation at this time
The process of permission modification, is also required at this time by the permission modification transaction record into block.If further promoter has permission
Permission is changed, then no matter the authority credentials that each of change permission user need to change permission is revised as corresponding change authority credentials
Whether modification is successful by the permission modification transaction record after execution into block.
The mode that transaction is executed in both modes is also different.The first, first obtains check information from interim block, and
MPT tree is constructed using it as root.Authority information after change is updated to MPT tree.The root for obtaining updated MPT tree, as area
The new authorization check information of block.It second, calls directly intelligent contract-defined interface and executes the transaction, intelligent contract executes it
The check information in block can be automatically updated afterwards.
No matter which kind of can generate receipt in the case of, promoter is allowed to judge to weigh by the particular content of receipt
The specific implementation of limit change transaction.
S130, it knows together to the transaction in block, corresponding permission modification transaction comes into force in block after common recognition passes through.
Specifically, the present embodiment, in order to guarantee the legitimacy and validity of permission modification, permission transaction needs to reach in the whole network
It after common recognition, just will record in block chain, the permission modification done can just come into force.Can be interpreted as step S130 is block
Chain is in the process of common recognition, and which includes the processes that the variation to authority information is verified.The present embodiment does not limit the whole network
The actual conditions that common recognition passes through.Such as it can be the user that the whole network is more than 2/3rds and know together by thinking that the permission modification is handed over
Easily realize the whole network common recognition.Common recognition is come into force by permission modification corresponding in rear block transaction at this time.It is i.e. optional, in block
Transaction know together, when common recognition by after block in corresponding permission modification transaction come into force and may include:
When receiving block, whole transaction in block are extracted;
Interim block is constructed on the basis of father's block of the block received, and successively executes each friendship in interim block
Easily;
After the completion of all transaction executes, judge the authorization check information in interim block whether in the block that receives
Authorization check information it is consistent;
If consistent, the transaction verification in the block passes through, and knows together, when the common recognition passes through, the block
In corresponding permission modification transaction come into force.
Wherein, the specific execution form of each transaction, i.e. the execution side of permission modification transaction are successively executed in interim block
Formula is different and different according to authority acquiring form.Such as when obtaining authority information using the tree-like formula of MPT, corresponding power
The executive mode of limit change transaction are as follows: first obtain check information from interim block and construct MPT tree using it as root.After changing
Authority information update to MPT tree.The root for obtaining updated MPT tree, the new authorization check information as block.Work as utilization
When intelligent contract-defined interface form obtains authority information, the executive mode of corresponding permission modification transaction are as follows: call directly intelligent conjunction
About interface executes the transaction, and intelligent contract can automatically update the check information in block after executing.
Wherein, the condition not passed through to common recognition in the present embodiment is defined, and actual conditions are calculated because of used common recognition
Method and it is different.
Specifically, it also includes general transaction that whole transaction in block, which include permission modification transaction, at this time, i.e., permission is believed
The verifying of breath change is usually carried out with the verifying of general transaction simultaneously.Each block chain user can execute above-mentioned verification process,
When the process of common recognition is completed and result is correct, corresponding permission modification transaction comes into force in block.The present embodiment was not to knowing together
Specific algorithm used in journey is defined.
Based on the above-mentioned technical proposal, block chain right management method provided in an embodiment of the present invention is by rights management depth collection
At in block chain.Block chain provides the operation interface of permission, including increases, deletes, changes, looks into.The behaviour that permission is carried out each time
Make, be required to the whole network and reach common understanding just come into force, knows together and the process that comes into force is without manual intervention.Operating each time will record
In block chain, convenient for audit.Authority information and the historical record of operation are protected by the means of cryptography, can not be by
Malice is distorted.Since Deep integrating is in block chain, this programme in the process of implementation, can be carried out the permission in block chain
Comprehensive configuration is not limited only to intelligent contract level, does not also need by outside plant.
During the operation of block chain, whenever encountering the scene for needing to judge permission, no matter promoter is by assorted
No matter the transaction (such as the transaction initiated by intelligent contract-defined interface) that form is initiated is related in the transaction what kind of
Whether permission can all have the permission of the operation to verify promoter, only when promoter has this kind of permission, Cai Huiyun
Perhaps it executes corresponding operation.Even user may only send out a common request without initiating transaction.Such as work as user
When the transaction initiated by intelligent contract-defined interface, judge whether the promoter disposed in intelligent contract transaction has deployment intelligence
The permission of contract.Therefore, it is based on above-mentioned any embodiment, this method can also include:
Identify the operation that user sends;
Judge whether the promoter of the operation has the permission for executing the operation;
If the promoter of the operation has the permission for executing the operation, the operation is executed.
Based on the above-mentioned technical proposal, block chain right management method provided in an embodiment of the present invention can not only will be by permission
Deep integrating is managed in block chain, comprehensive configuration can be carried out to the permission in block chain, is not limited only to intelligent contract
Level is not needed by outside plant yet.The permission of various forms of operations in block chain can also be verified, guarantee behaviour
The reliability of work.
Block chain Rights Management System provided in an embodiment of the present invention is introduced below, block chain power described below
Reference can be corresponded to each other with above-described block chain right management method by limiting management system.
Referring to FIG. 2, Fig. 2 is the structural block diagram of block chain Rights Management System provided by the embodiment of the present invention;This is
System may include:
Identification module 100, the permission modification transaction that user sends for identification;Wherein, the content packet of permission modification transaction
It includes promoter, change permission user, permission and corresponding change authority credentials need to be changed;
Judgment module 200, for judging whether the promoter in permission modification transaction has permission modification permission;
Permission modification execution module 300 will change the every of permission user if having permission modification permission for promoter
The authority credentials of a need change permission is revised as corresponding change authority credentials, and by the permission modification transaction record after execution to block
In;
Common recognition module 400, for knowing together to the transaction in block, corresponding permission becomes in block after common recognition passes through
More transaction comes into force.
Based on the above embodiment, judgment module 200 may include:
Permission reading unit, for obtaining newest block from block chain;
Check information acquiring unit, for obtaining root of the check information as MPT tree from newest block;
First authority information acquiring unit for constructing MPT tree using the root of the MPT tree, and is obtained from the MPT tree
Take the corresponding authority information of the promoter;
First judging unit, for judging whether the promoter in permission modification transaction has permission change according to authority information
More permission.
Based on the above embodiment, judgment module 200 may include:
Second authority information acquiring unit, for calling intelligent contract-defined interface to obtain the corresponding power of promoter from database
Limit information;
Second judgment unit, for judging whether the promoter in permission modification transaction has permission change according to authority information
More permission.
Based on above-mentioned any embodiment, identification module 100 may include:
Receiving unit, for receiving the transaction of user's transmission;
Judging unit is identified, for judging whether transaction has permission modification transaction setting mark;
Recognition unit, if for having permission modification transaction setting mark, it is determined that trade as permission modification transaction.
Based on above-mentioned any embodiment, which can also include:
Identification module is operated, the operation that user sends for identification;
Operating right judgment module, for judging whether the promoter of the operation has the permission for executing the operation;
Operation executing module, if having the permission of the execution operation for the promoter of the operation, described in execution
Operation.
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realities
The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For device disclosed in embodiment
Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration
?.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology
In any other form of storage medium well known in field.
A kind of block chain right management method provided by the present invention and system are described in detail above.Herein
Apply that a specific example illustrates the principle and implementation of the invention, the explanation of above example is only intended to help
Understand method and its core concept of the invention.It should be pointed out that for those skilled in the art, not taking off
, can be with several improvements and modifications are made to the present invention under the premise of from the principle of the invention, these improvement and modification also fall into this
In invention scope of protection of the claims.
Claims (9)
1. a kind of block chain right management method, which is characterized in that the described method includes:
Identify the permission modification transaction that user sends;Wherein, the content of the permission modification transaction includes promoter, change permission
User need to change permission and corresponding change authority credentials;And the permission modification transaction is similar with general transaction in block chain;
The permission being related to includes rights management, deployment contract, sends general transaction;The permission modification is sent by intelligent contract-defined interface
Transaction;
Judge whether the promoter in the permission modification transaction has permission modification permission;
If the promoter has permission modification permission, each of described change permission user need to be changed to the authority credentials of permission
It is revised as corresponding change authority credentials, and by the permission modification transaction record after execution into block;Utilize the intelligence
The automatic configuration of contract-defined interface progress permission;
It knows together to the transaction in the block, the corresponding permission modification transaction life in the block after common recognition passes through
Effect;
Further include:
Identify the operation that user sends;
It calls the intelligent contract-defined interface to judge whether the promoter of the operation has by direct or simulation and executes the operation
Permission;Wherein, the execution referred in block chain internal simulation call is called directly, intelligent contract-defined interface is called to obtain permission
Value, simulation call the execution for referring to and simulating intelligent contract, authority credentials are directly obtained from database;
If the promoter of the operation has the permission for executing the operation, the operation is executed.
2. the method according to claim 1, wherein the initiation in the judgement permission modification transaction
Whether person has permission modification permission, comprising:
Newest block is obtained from block chain, and root of the check information as MPT tree is obtained from the newest block;
MPT tree is constructed using the root of the MPT tree, and obtains the corresponding authority information of the promoter from the MPT tree;
Judge whether the promoter in the permission modification transaction has permission modification permission according to the authority information.
3. the method according to claim 1, wherein the initiation in the judgement permission modification transaction
Whether person has permission modification permission, comprising:
Intelligent contract-defined interface is called to obtain the corresponding authority information of the promoter from database;
Judge whether the promoter in the permission modification transaction has permission modification permission according to the authority information.
4. the method according to claim 1, wherein the transaction in block is known together, when described total
Know and come into force by permission modification corresponding in rear block transaction, comprising:
When receiving the block, whole transaction in the block are extracted;
Interim block is constructed on the basis of father's block of the block received, and is successively executed in the interim block
Each transaction;
After the completion of all transaction execution, judge the authorization check information in the interim block whether with the institute that receives
The authorization check information stated in block is consistent;
If consistent, the transaction verification in the block passes through, and knows together, right in the block when the common recognition passes through
The permission modification transaction answered comes into force.
5. according to the method described in claim 4, it is characterized in that, the permission modification transaction that the identification user sends, comprising:
Receive the transaction that user sends;
Judge whether the transaction has permission modification transaction setting mark;
If having, it is determined that the transaction is that permission modification is traded.
6. method according to claim 1-5, which is characterized in that the mode that permission saves in block chain, comprising:
Each authority information is handled using data summarization algorithm, generates the corresponding verification letter of each authority information
Breath;
The critical field for increasing the check information in block structure, for recording the corresponding authority information of each block.
7. a kind of block chain Rights Management System, which is characterized in that the system comprises:
Identification module, the permission modification transaction that user sends for identification;Wherein, the content of the permission modification transaction includes hair
It plays person, change permission user, permission and corresponding change authority credentials need to be changed;And in the permission modification transaction and block chain
General transaction is similar;The permission being related to includes rights management, deployment contract, sends general transaction;It is sent out by intelligent contract-defined interface
The permission modification is sent to trade;
Judgment module, for judging whether the promoter in the permission modification transaction has permission modification permission;
Permission modification execution module, if there is permission modification permission for the promoter, by the change permission user's
Each authority credentials that need to change permission is revised as corresponding change authority credentials, and by the permission modification transaction record after execution
Into block;The automatic configuration of permission is carried out using the intelligent contract-defined interface;
Common recognition module, it is corresponding in the block after common recognition passes through for knowing together to the transaction in the block
Permission modification transaction comes into force;
Further include:
Identification module is operated, the operation that user sends for identification;
Operating right judgment module, for judging the initiation of the operation by the direct or simulation calling intelligent contract-defined interface
Whether person has the permission for executing the operation;Wherein, the execution referred in block chain internal simulation call is called directly, intelligence is called
Energy contract-defined interface obtains authority credentials, and simulation calls the execution for referring to and simulating intelligent contract, authority credentials is directly obtained from database;
Operation executing module executes the operation if the promoter for the operation has the permission for executing the operation.
8. system according to claim 7, which is characterized in that the judgment module, comprising:
Permission reading unit, for obtaining newest block from block chain;
Check information acquiring unit, for obtaining root of the check information as MPT tree from the newest block;
First authority information acquiring unit for constructing MPT tree using the root of the MPT tree, and obtains institute from the MPT tree
State the corresponding authority information of promoter;
First judging unit, for judging whether the promoter in the permission modification transaction has according to the authority information
Have permission change permission.
9. system according to claim 7, which is characterized in that the judgment module, comprising:
Second authority information acquiring unit, for calling intelligent contract-defined interface to obtain the corresponding power of the promoter from database
Limit information;
Second judgment unit, for judging whether the promoter in the permission modification transaction has according to the authority information
Have permission change permission.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711193847.6A CN107911373B (en) | 2017-11-24 | 2017-11-24 | A kind of block chain right management method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711193847.6A CN107911373B (en) | 2017-11-24 | 2017-11-24 | A kind of block chain right management method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107911373A CN107911373A (en) | 2018-04-13 |
CN107911373B true CN107911373B (en) | 2019-09-06 |
Family
ID=61848018
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711193847.6A Active CN107911373B (en) | 2017-11-24 | 2017-11-24 | A kind of block chain right management method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107911373B (en) |
Families Citing this family (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108712423A (en) * | 2018-05-18 | 2018-10-26 | 北京三六五八网络科技有限公司 | Right management method and device |
US10929352B2 (en) * | 2018-05-29 | 2021-02-23 | Oracle International Corporation | Securing access to confidential data using a blockchain ledger |
CN108846755A (en) * | 2018-06-22 | 2018-11-20 | 中链科技有限公司 | A kind of right management method and device based on intelligent contract |
CN109003185B (en) * | 2018-06-29 | 2022-03-22 | 中国银联股份有限公司 | Intelligent contract establishing method and device, computing equipment and storage medium |
CN113408009B (en) | 2018-07-05 | 2022-12-06 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and medium |
CN109002729B (en) * | 2018-07-09 | 2021-11-23 | 福建省农村信用社联合社 | Client privacy data management method based on financial block chain |
CN109102261A (en) * | 2018-08-02 | 2018-12-28 | 刘卓 | Based on the encryption currency for matching the decentralization for winning banknote, safety, power saving |
CN109345251A (en) * | 2018-08-24 | 2019-02-15 | 深圳壹账通智能科技有限公司 | Negotiable block chain method of commerce, device, equipment and storage medium |
CN109286616B (en) * | 2018-09-10 | 2021-04-16 | 湖南智慧政务区块链科技有限公司 | Permission verification method and device based on block chain technology |
CN109391617B (en) * | 2018-10-15 | 2021-01-12 | 天津理工大学 | Block chain-based network equipment configuration management method and client |
CN109508561A (en) * | 2018-10-18 | 2019-03-22 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | Block chain network and right management method |
CN110046522A (en) * | 2018-11-28 | 2019-07-23 | 阿里巴巴集团控股有限公司 | Method for processing business and device, electronic equipment based on block chain |
CN110032846B (en) * | 2018-11-30 | 2021-11-02 | 创新先进技术有限公司 | Identity data anti-misuse method and device and electronic equipment |
CN109711838B (en) * | 2018-12-06 | 2020-12-29 | 杭州秘猿科技有限公司 | System function management method, system and equipment in block chain |
CN109885612B (en) * | 2018-12-26 | 2021-04-20 | 联动优势科技有限公司 | Synchronous validation method and device for intelligent contracts of block chains |
CN110008665B (en) * | 2019-03-05 | 2024-02-06 | 深圳前海微众银行股份有限公司 | Authority control method and device for blockchain |
CN110011978B (en) * | 2019-03-08 | 2021-02-12 | 创新先进技术有限公司 | Method, system, device and computer equipment for modifying block chain network configuration |
CN110049111A (en) * | 2019-03-27 | 2019-07-23 | 厦门大学 | A kind of industrial control system teleinstruction control method based on block chain technology |
CN110032865B (en) * | 2019-03-28 | 2022-01-25 | 腾讯科技(深圳)有限公司 | Authority management method, device and storage medium |
CN110135190B (en) * | 2019-04-29 | 2023-05-05 | 深圳市元征科技股份有限公司 | Data management method, server and computer storage medium |
CN110071813B (en) * | 2019-04-30 | 2021-10-01 | 杭州复杂美科技有限公司 | Account permission changing method and system, account platform and user terminal |
CN110049066B (en) * | 2019-05-23 | 2020-05-26 | 中国科学院软件研究所 | Resource access authorization method based on digital signature and block chain |
CN110290111B (en) * | 2019-05-29 | 2022-11-04 | 达闼机器人股份有限公司 | Operation authority management method and device, block chain node and storage medium |
CN110290144B (en) * | 2019-07-01 | 2022-02-25 | 深圳市元征科技股份有限公司 | User authority information updating method, system, storage medium and electronic equipment |
CN110503552A (en) * | 2019-08-13 | 2019-11-26 | 安徽科技学院 | A kind of block chain financial payments management method and system |
CN110717172B (en) * | 2019-09-25 | 2021-04-27 | 蚂蚁区块链科技(上海)有限公司 | Permission transfer method, device and equipment in block chain type account book |
CN110888935A (en) * | 2019-11-12 | 2020-03-17 | 北京芯际科技有限公司 | Data transaction method based on block chain |
CN110807188A (en) * | 2019-11-12 | 2020-02-18 | 北京芯际科技有限公司 | Authority management method and system based on block chain |
CN110992027B (en) * | 2019-11-29 | 2022-02-25 | 支付宝(杭州)信息技术有限公司 | Efficient transaction method and device for realizing privacy protection in block chain |
CN111046055A (en) * | 2019-12-11 | 2020-04-21 | 杭州趣链科技有限公司 | Block chain global configuration changing method, equipment and storage medium |
CN113744852B (en) * | 2020-05-28 | 2024-01-30 | 陕西尚品信息科技有限公司 | Medical data management system, method, server and client device |
CN111385103B (en) * | 2020-05-29 | 2020-09-25 | 腾讯科技(深圳)有限公司 | Authority processing method, system and device and electronic equipment |
CN112487484A (en) * | 2020-12-15 | 2021-03-12 | 深圳壹账通智能科技有限公司 | Dynamic configuration method and device for node permission in block chain network |
CN113988849A (en) * | 2021-11-02 | 2022-01-28 | 山东大学 | System and method for modifying block chain capable of being traced in modification process |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105488431A (en) * | 2015-11-30 | 2016-04-13 | 布比(北京)网络技术有限公司 | Authority management method and device for block chain system |
CN105976232A (en) * | 2016-06-24 | 2016-09-28 | 深圳前海微众银行股份有限公司 | Asset transaction method and device |
CN106250721A (en) * | 2016-07-28 | 2016-12-21 | 杭州云象网络技术有限公司 | A kind of electronic copyright protection method based on block chain |
CN106534085A (en) * | 2016-10-25 | 2017-03-22 | 杭州云象网络技术有限公司 | Privacy protection method based on block chain technology |
CN106796685A (en) * | 2016-12-30 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Block chain authority control method and device and node equipment |
CN106796688A (en) * | 2016-12-26 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Permission control method, device and system of block chain and node equipment |
CN106992990A (en) * | 2017-05-19 | 2017-07-28 | 北京牛链科技有限公司 | Data sharing method and system and block catenary system and computing device |
CN107018125A (en) * | 2017-02-17 | 2017-08-04 | 阿里巴巴集团控股有限公司 | A kind of block catenary system, date storage method and device |
CN107273760A (en) * | 2017-06-09 | 2017-10-20 | 济南浪潮高新科技投资发展有限公司 | One kind is based on many CA application authentication methods of block chain |
CN107332701A (en) * | 2017-06-26 | 2017-11-07 | 中国人民银行数字货币研究所 | The method and system of management node |
-
2017
- 2017-11-24 CN CN201711193847.6A patent/CN107911373B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105488431A (en) * | 2015-11-30 | 2016-04-13 | 布比(北京)网络技术有限公司 | Authority management method and device for block chain system |
CN105976232A (en) * | 2016-06-24 | 2016-09-28 | 深圳前海微众银行股份有限公司 | Asset transaction method and device |
CN106250721A (en) * | 2016-07-28 | 2016-12-21 | 杭州云象网络技术有限公司 | A kind of electronic copyright protection method based on block chain |
CN106534085A (en) * | 2016-10-25 | 2017-03-22 | 杭州云象网络技术有限公司 | Privacy protection method based on block chain technology |
CN106796688A (en) * | 2016-12-26 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Permission control method, device and system of block chain and node equipment |
CN106796685A (en) * | 2016-12-30 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Block chain authority control method and device and node equipment |
CN107018125A (en) * | 2017-02-17 | 2017-08-04 | 阿里巴巴集团控股有限公司 | A kind of block catenary system, date storage method and device |
CN106992990A (en) * | 2017-05-19 | 2017-07-28 | 北京牛链科技有限公司 | Data sharing method and system and block catenary system and computing device |
CN107273760A (en) * | 2017-06-09 | 2017-10-20 | 济南浪潮高新科技投资发展有限公司 | One kind is based on many CA application authentication methods of block chain |
CN107332701A (en) * | 2017-06-26 | 2017-11-07 | 中国人民银行数字货币研究所 | The method and system of management node |
Also Published As
Publication number | Publication date |
---|---|
CN107911373A (en) | 2018-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107911373B (en) | A kind of block chain right management method and system | |
CN109190410B (en) | Log behavior auditing method based on block chain in cloud storage environment | |
CN109670801B (en) | Digital encryption money transfer method for block chain | |
CN106875518B (en) | Control method and device of intelligent lock and intelligent lock | |
KR101937220B1 (en) | Method for generating and verifying a digital signature or message authentication code based on a block chain that does not require key management | |
CN110401655A (en) | Access control right management system based on user and role | |
CN105915338A (en) | Key generation method and key generation system | |
CN109242404A (en) | History information management method, device, computer equipment and readable storage medium storing program for executing | |
CN110060161A (en) | It trades anti-heavy client service implementation method and serviced component for block chain | |
CN111107085A (en) | Safety communication method based on publish-subscribe mode | |
CN115345618B (en) | Block chain transaction verification method and system based on mixed quantum digital signature | |
CN110138767A (en) | Processing method, device, equipment and the storage medium of transactions requests | |
CN113901432A (en) | Block chain identity authentication method, equipment, storage medium and computer program product | |
CN111371588A (en) | SDN edge computing network system based on block chain encryption, encryption method and medium | |
CN113556393B (en) | Multi-type intermodal data exchange system and method based on block chain | |
CN112101945B (en) | Method and system for supervising block chain content | |
CN112699136B (en) | Cross-link certificate storage method and related device | |
CN110266653A (en) | A kind of method for authenticating, system and terminal device | |
CN105516219A (en) | Safe deactivation method and system for embedded intelligent card, and card management server for safe deactivation of embedded intelligent card | |
CN109241783A (en) | Mobile terminal manages implementation of strategies method and device | |
US10862831B2 (en) | System, method, and computer program product providing end-to-end security of centrally accessible group membership information | |
CN113378196B (en) | Multi-party contract signing method based on block chain | |
CN106097600B (en) | Device management method, system and financial self-service equipment based on ATL | |
CN113890751A (en) | Method, apparatus and readable storage medium for controlling voting of alliance link authority | |
CN112667977A (en) | Smart city-oriented block chain identity authentication and access control method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |