CN107911373B - A kind of block chain right management method and system - Google Patents

A kind of block chain right management method and system Download PDF

Info

Publication number
CN107911373B
CN107911373B CN201711193847.6A CN201711193847A CN107911373B CN 107911373 B CN107911373 B CN 107911373B CN 201711193847 A CN201711193847 A CN 201711193847A CN 107911373 B CN107911373 B CN 107911373B
Authority
CN
China
Prior art keywords
permission
transaction
block
modification
promoter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711193847.6A
Other languages
Chinese (zh)
Other versions
CN107911373A (en
Inventor
王加楠
张一锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongchao Credit Card Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Original Assignee
Zhongchao Credit Card Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongchao Credit Card Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute filed Critical Zhongchao Credit Card Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Priority to CN201711193847.6A priority Critical patent/CN107911373B/en
Publication of CN107911373A publication Critical patent/CN107911373A/en
Application granted granted Critical
Publication of CN107911373B publication Critical patent/CN107911373B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/90Buffering arrangements
    • H04L49/9015Buffering arrangements for supporting a linked list
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The invention discloses a kind of block chain right management method and systems, this method comprises: the permission modification transaction that identification user sends;Wherein, the content of permission modification transaction includes promoter, change permission user, need to change permission and corresponding change authority credentials;Judge whether the promoter in permission modification transaction has permission modification permission;If promoter has permission modification permission, the authority credentials that each of change permission user need to change permission is revised as corresponding change authority credentials, and by the permission modification transaction record after execution into block;It knows together to the transaction in block, corresponding permission modification transaction comes into force in block after common recognition passes through.The rights management of this method directly carries out in block chain, and without outside plant, and Deep integrating is into block chain, comprehensive permission control can be carried out to block chain, need to be known together by the whole network to the change of permission, and be recorded in block chain, it distort change record can not, convenient for audit.

Description

A kind of block chain right management method and system
Technical field
The present invention relates to block chain technical field, in particular to a kind of block chain right management method and system.
Background technique
The means that block chain passes through cryptography are that each participant establishes corresponding digital identity.The number of each participant Identity is made of a pair of asymmetric public private key pair, and wherein public key can be generated by private key.Participant is using private key to Information Signature After be sent to block chain, block chain recovers public key according to signature, and based on public key (or its abstract) identification participant, into one Step authenticates the operation of participant.
Publicly-owned block chain needs to consume certain service charge, usually block chain when handling the information that participant provides In token.Only participant has full-amount token deposit, and information can be charged to block chain.However, above-mentioned limited In simple, more complicated application scenarios can not be adapted to.When block chain technology is applied in specific industry, participant is often It is enterprise, the mechanism etc. in industry.For factors such as safety, performances, need to carry out more the permission of participant in block chain For careful management.
Currently, being directed to above-mentioned application scenarios, it has been suggested that some digital right management schemes.The type and shortcoming of existing scheme It is as follows:
The first, the control of access authority is realized by way of isolation.Specific implementation method includes but is not limited to: establishing Virtual Private Network, the participant for being connectable to network node then have permission;Gateway is established in block chain periphery, only It just can connect in block chain network by gateway, and carry out rights management in gateway.The crucial place of such scheme is permission Management is undertaken by outside plant, is not carried out in block chain directly.It needs to undertake outside plant failure using such scheme, do evil Etc. risks, therefore such scheme is mostly used in the higher scene of the degree of belief between participant.
The second, rights management is carried out using intelligent contract.The key of this scheme is rights management intelligence contract.This is intelligently closed Identity and authority information are saved in about, other intelligent contracts pass through the interface for calling the intelligence contract during execution, Realize the identification of permission.Authority information in this scheme and authentication logic realize in intelligent contract level, therefore can not be to low It is controlled in the permission (such as transmission transaction, acquisition block chain state etc.) of intelligent contract level.It is needed using such scheme Undertake the risks such as transaction flood attack (a large amount of useless transaction of record are in block chain).
Therefore, how to solve the above problems, realization carries out comprehensive configuration to the permission in block chain, is not limited only to intelligence Energy contract level, does not need by outside plant yet, is those skilled in the art's technical issues that need to address.
Summary of the invention
The object of the present invention is to provide a kind of block chain right management method and system, realize to the permission in block chain into The comprehensive configuration of row, is not limited only to intelligent contract level, does not also need by outside plant.
In order to solve the above technical problems, the present invention provides a kind of block chain right management method, which comprises
Identify the permission modification transaction that user sends;Wherein, the content of the permission modification transaction includes promoter, change Permission user need to change permission and corresponding change authority credentials;
Judge whether the promoter in the permission modification transaction has permission modification permission;
If the promoter has permission modification permission, each of described change permission user need to be changed to the power of permission Limit value is revised as corresponding change authority credentials, and by the permission modification transaction record after execution into block;
It knows together to the transaction in the block, corresponding permission modification is handed in the block after common recognition passes through Easily come into force.
Optionally, described to judge whether the promoter in the permission modification transaction has permission modification permission, it wraps It includes:
Newest block is obtained from block chain, and root of the check information as MPT tree is obtained from the newest block;
MPT tree is constructed using the root of the MPT tree, and obtains the corresponding permission letter of the promoter from the MPT tree Breath;
Judge whether the promoter in the permission modification transaction has permission modification power according to the authority information Limit.
Optionally, described to judge whether the promoter in the permission modification transaction has permission modification permission, it wraps It includes:
Intelligent contract-defined interface is called to obtain the corresponding authority information of the promoter from database;
Judge whether the promoter in the permission modification transaction has permission modification power according to the authority information Limit.
Optionally, the transaction in block is known together, the corresponding power in the block after common recognition passes through Limit change transaction comes into force, comprising:
When receiving the block, whole transaction in the block are extracted;
Interim block is constructed on the basis of father's block of the block received, and in the interim block successively Execute each transaction;
After the completion of all transaction execution, judge the authorization check information in the interim block whether with receive The block in authorization check information it is consistent;
If consistent, the transaction verification in the block passes through, and knows together, when the common recognition passes through, the block In corresponding permission modification transaction come into force.
Optionally, the permission modification transaction that the identification user sends, comprising:
Receive the transaction that user sends;
Judge whether the transaction has permission modification transaction setting mark;
If having, it is determined that the transaction is that permission modification is traded.
Optionally, the mode that permission saves in block chain, comprising:
Each authority information is handled using data summarization algorithm, generates the corresponding verification of each authority information Information;
The critical field for increasing the check information in block structure, for recording the corresponding permission letter of each block Breath.
Optionally, this method further include:
Identify the operation that user sends;
Judge whether the promoter of the operation has the permission for executing the operation;
If the promoter of the operation has the permission for executing the operation, the operation is executed.
The present invention also provides a kind of block chain Rights Management System, the system comprises:
Identification module, the permission modification transaction that user sends for identification;Wherein, the content packet of the permission modification transaction It includes promoter, change permission user, permission and corresponding change authority credentials need to be changed;
Judgment module, for judging whether the promoter in the permission modification transaction has permission modification permission;
Permission modification execution module uses the change permission if having permission modification permission for the promoter The authority credentials that each of family need to change permission is revised as corresponding change authority credentials, and the permission modification after execution is traded It is recorded in block;
Common recognition module is right in the block after common recognition passes through for knowing together to the transaction in the block The permission modification transaction answered comes into force.
Optionally, the judgment module, comprising:
Permission reading unit, for obtaining newest block from block chain;
Check information acquiring unit, for obtaining root of the check information as MPT tree from the newest block;
First authority information acquiring unit for constructing MPT tree using the root of the MPT tree, and is obtained from the MPT tree Take the corresponding authority information of the promoter;
First judging unit, for judging that the promoter in the permission modification transaction is according to the authority information It is no that there is permission modification permission.
Optionally, the judgment module, comprising:
Second authority information acquiring unit, it is corresponding for calling intelligent contract-defined interface to obtain the promoter from database Authority information;
Second judgment unit, for judging that the promoter in the permission modification transaction is according to the authority information It is no that there is permission modification permission.
A kind of block chain right management method provided by the present invention is by rights management Deep integrating in block chain.It is each The secondary operation carried out to permission, is required to the whole network and reaches common understanding just come into force.It operates be packaged each time and is recorded in block chain In, convenient for audit.Since Deep integrating is in block chain, in the process of implementation, can to the permission in block chain into The comprehensive configuration of row, is not limited only to intelligent contract level, does not also need by outside plant.The present invention also provides a kind of blocks Chain Rights Management System has above-mentioned beneficial effect, and details are not described herein.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The embodiment of invention for those of ordinary skill in the art without creative efforts, can also basis The attached drawing of offer obtains other attached drawings.
Fig. 1 is the flow chart of block chain right management method provided by the embodiment of the present invention;
Fig. 2 is the structural block diagram of block chain Rights Management System provided by the embodiment of the present invention.
Specific embodiment
Core of the invention is to provide a kind of block chain right management method and system, and rights management is directly in block chain Middle progress, without outside plant, and Deep integrating can carry out comprehensive permission control into block chain to block chain System need to know together to the change of permission by the whole network, and be recorded in block chain, distort change record can not, convenient for audit.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Referring to FIG. 1, Fig. 1 is the flow chart of block chain right management method provided by the embodiment of the present invention;This method May include:
The permission modification transaction that S100, identification user send;Wherein, the content of permission modification transaction includes promoter, becomes More permission user need to change permission and corresponding change authority credentials.
It, can be to block since block chain right management method provided in this embodiment requires Deep integrating into block chain Chain carries out comprehensive permission control, is only capable of realizing the rights management of block chain in intelligent contract level in the prior art to overcome (i.e. can not be to permission lower than intelligent contract level, such as send transaction, obtain block chain state etc. and be controlled) either By outside plant.Therefore the present embodiment increases a kind of i.e. permission modification transaction of new type of transaction in block chain, corresponding In the operation of permission.When block chain receives the change request of permission, corresponding permission modification transaction can be generated.The permission becomes More transaction can be similar with general transaction, will record the change historical record of authority information exists within a block after execution In block chain, to audit.Simultaneously receipt (Receipt) can be generated as general transaction, so as to user can according to return Hold whether the change transaction that defines the competence succeeds, i.e., the execution feelings that permission modification transaction is recognized at family in time can be used in the receipt Condition.The present embodiment is traded by permission modification realizes that the change operation of authority information includes: increase, deletion, modification etc..Embodiment In the permission that is related to may include rights management, deployment contract and send general transaction, be actually not limited to above-mentioned three Kind, it might even be possible to including having the complicated permission of limitation (such as validity period).
Further, the present embodiment does not limit by way of sending permission modification transaction into block chain, such as can To be to change to trade by external call interface sending permission, or pass through intelligent contract-defined interface sending permission change transaction. Specifically, user can be by calling the external interface come operation permission information.Either user, which passes through, calls intelligent contract-defined interface, Make intelligent contract during execution, by intelligent contract virtual machine come operation permission information.It, can be real by intelligent contract-defined interface The automatic configuration of permission is now carried out using intelligent contract.Certainly as being not necessarily to automatic configuration, can not also provide has the function of this Intelligent contract-defined interface.Other intelligent contracts on block chain, can be by the message call between contract, directly change, acquisition power Limit information.The access interface of external user can be JSONRPC.Illustrate that permission modification is traded by taking JSONRPC interface as an example below The concrete form of request.
JSONRPC interface requests example:
{"jsonrpc":"2.0","method":"get_permission","params":["0x123456789012 3456789012345678901234567890"],"id":1}
JSONRPC interface responds example:
{"jsonrpc":"2.0","id":1,"result":{"change_permission":false,"deploy_ contract":true,"send_transaction":false}}
Since permission modification transaction is similar with other general transactions, it is therefore desirable to so that block chain can recognize that the power Limit change transaction.The present embodiment does not limit specific recognition methods.Such as it can be special by being added in permission modification is traded Different mark is allowed to distinguish with general transaction, is also possible to trade corresponding special interface by sending the permission modification The unique identification informations such as address are allowed to distinguish with general transaction.The present embodiment does not limit the type and form of mark, only If can trade with permission modification has unique corresponding relation.I.e. optional, the permission modification that identification user sends is handed over Easily may include:
Receive the transaction that user sends;
Judge whether transaction has permission modification transaction setting mark;
If having, it is determined that trade as permission modification transaction.
Specifically, the present embodiment does not limit the form of permission modification transaction setting mark.Such as it can be in transaction Add special identifier position;Either according to the address etc. of the intelligent contract of calling.For example, user can directly transmit transaction, call Interface in permission intelligence contract.Can distinguish whether the transaction is permission modification transaction according to the address for calling contract.Or user Block chain is arrived in sending permission change transaction, which has special mark, so that block chain can recognize that the operation of the transaction For permission modification.
The present embodiment is not defined the content and content format etc. that include in permission modification transaction, and user can be with It is set according to the actual situation.But permission modification transaction at least needs to include the promoter of permission modification transaction, change Permission user (external account address can be used to indicate in user i.e. to be changed), need to change permission (permission i.e. to be changed Project, such as deployment contract, send transaction etc.), the change authority credentials (value of permission i.e. to be changed, such as True can be used Or False is indicated).
S110, judge whether the promoter in permission modification transaction has permission modification permission.
Specifically, step S110 and S120 are specific implementation procedure of trading to permission modification.Wherein step S110 is main It is to judge whether permission modification transaction initiator is legal, i.e., whether promoter has permission the change modification behaviour for executing block chain permission Make.Only when permission modification transaction initiator is legal, specific change operation can be just executed.As permission modification transaction initiator When illegal, then permission modification Fail Transaction.The present embodiment does not limit specific deterministic process, the process and authority information Preservation form etc. is related.How permission is saved in such a application scenarios of block chain, such as how to maintain one A authority list.In order to further ensure the reliability of rights management, the change record of authority information can be learned to do by password Duan Jinhang protection, can not be tampered.It is also convenient for audit.Such as it is saved using a kind of data structure that can verify that of cryptography Authority information.The data structure is saving except initial data, provides check information.Check information has the property that
First: identical initial data check information having the same;
Second: being difficult to construct matching initial data according to check information.
Wherein, information field is generated usually using the digest algorithm in cryptography.The check information conduct of authority information Critical field is included in block structure.The meaning of critical field is: the field can be encoded into block data, and be used for Generate the Hash of block.By above-mentioned design, the variation of authority information will lead to the variation of its check information, the change of check information Change the variation that will lead to block data and its Hash.Therefore, can quickly check whether authority information is correct, makes by block Hash Authority information is difficult to be tampered.Any block Hash that can result in can be used to occur to determine the method sexually revised to realize, such as It is realized by Trie.Preferably, the mode of permission preservation may include: in block chain
Each authority information is handled using data summarization algorithm, generates the corresponding verification letter of each authority information Breath;The critical field for increasing the check information in block structure, for recording the corresponding authority information of each block.In this way The variation of corresponding check information in each block (i.e. the block correspond to critical field data) will lead to the block data and The variation of its Hash.Therefore, can quickly check whether authority information is correct by block Hash, authority information is made to be difficult to be usurped Change.Two kinds of optional embodiments are set forth below.
The first optionally judges whether the promoter in permission modification transaction there is permission modification permission may include:
Newest block is obtained from block chain, and root of the check information as MPT tree is obtained from newest block;
MPT tree is constructed using the root of MPT tree, and obtains the corresponding authority information of promoter from MPT tree;
Judge whether the promoter in permission modification transaction has permission modification permission according to authority information.
Wherein, the preservation form of the corresponding authority information of this kind of judgment mode can be such that
Using MPT (Merkle Patricia Trie) set save permissions data, and use the Hash of its root node as The check information of permissions data.Block field (such as permissions field) is increased newly in block structure, for saving permission The check information of data.The structure of permissions data can be the list based on user, list based on group etc., not limit herein System.The permission being related to can be configured according to the characteristic of block chain, such as sent transaction, deployment contract, called read-only interface Deng specifically with no restrictions.At this time according to the characteristic of block chain, the authority information in a certain block can be obtained, specific steps are such as Under:
1, specified block is obtained from database (can determine specified area according to block number or block Hash Block, specified block here can be newest block).
2, the value of permissions field is obtained from block critical field.
3, a Merkle Patricia Trie tree is constructed according to the value of permissions.
4, the corresponding authority information of promoter is obtained from Merkle Patricia Trie tree.
Second, optionally, judge whether the promoter in permission modification transaction there is permission modification permission may include:
Intelligent contract-defined interface is called to obtain the corresponding authority information of promoter from database;
Judge whether the promoter in permission modification transaction has permission modification permission according to authority information.
Wherein, this kind of judgment mode corresponding authority information is stored in intelligent contract.Specific embodiment is as follows:
1, it writes intelligent contract and is referred to as permission intelligence contract.
2, permission intelligence contract is written in wound generation block.
3, specific address is distributed for permission intelligence contract.
After above-mentioned steps, authority information will be saved in the memory block (storage) of permission intelligence contract.To power The change of limit information will lead to the change of the contract memory block, so that State Tree (State Trie) is changed, so as to cause area The Hash of block changes.In the present embodiment, State Tree can be used as the check information of permission.Due to using the shape of intelligent contract Formula, external user search access right information can call directly the interface in permission intelligence contract.With common intelligent contract issuer Formula is completely the same, and details are not described herein.It is following for can be used when controlling operation that authority information is obtained inside block chain Two ways carries out.
First: in the execution of block chain internal simulation call, intelligent contract-defined interface being called to obtain authority credentials.
Second: simulating the execution of intelligent contract, authority credentials is directly obtained from database.
If S120, promoter have permission modification permission, will change each of permission user need to change the permission of permission Value is revised as corresponding change authority credentials, and by the permission modification transaction record after execution into block.
Specifically, if promoter does not have permission modification permission, permission modification Fail Transaction, for complete documentation at this time The process of permission modification, is also required at this time by the permission modification transaction record into block.If further promoter has permission Permission is changed, then no matter the authority credentials that each of change permission user need to change permission is revised as corresponding change authority credentials Whether modification is successful by the permission modification transaction record after execution into block.
The mode that transaction is executed in both modes is also different.The first, first obtains check information from interim block, and MPT tree is constructed using it as root.Authority information after change is updated to MPT tree.The root for obtaining updated MPT tree, as area The new authorization check information of block.It second, calls directly intelligent contract-defined interface and executes the transaction, intelligent contract executes it The check information in block can be automatically updated afterwards.
No matter which kind of can generate receipt in the case of, promoter is allowed to judge to weigh by the particular content of receipt The specific implementation of limit change transaction.
S130, it knows together to the transaction in block, corresponding permission modification transaction comes into force in block after common recognition passes through.
Specifically, the present embodiment, in order to guarantee the legitimacy and validity of permission modification, permission transaction needs to reach in the whole network It after common recognition, just will record in block chain, the permission modification done can just come into force.Can be interpreted as step S130 is block Chain is in the process of common recognition, and which includes the processes that the variation to authority information is verified.The present embodiment does not limit the whole network The actual conditions that common recognition passes through.Such as it can be the user that the whole network is more than 2/3rds and know together by thinking that the permission modification is handed over Easily realize the whole network common recognition.Common recognition is come into force by permission modification corresponding in rear block transaction at this time.It is i.e. optional, in block Transaction know together, when common recognition by after block in corresponding permission modification transaction come into force and may include:
When receiving block, whole transaction in block are extracted;
Interim block is constructed on the basis of father's block of the block received, and successively executes each friendship in interim block Easily;
After the completion of all transaction executes, judge the authorization check information in interim block whether in the block that receives Authorization check information it is consistent;
If consistent, the transaction verification in the block passes through, and knows together, when the common recognition passes through, the block In corresponding permission modification transaction come into force.
Wherein, the specific execution form of each transaction, i.e. the execution side of permission modification transaction are successively executed in interim block Formula is different and different according to authority acquiring form.Such as when obtaining authority information using the tree-like formula of MPT, corresponding power The executive mode of limit change transaction are as follows: first obtain check information from interim block and construct MPT tree using it as root.After changing Authority information update to MPT tree.The root for obtaining updated MPT tree, the new authorization check information as block.Work as utilization When intelligent contract-defined interface form obtains authority information, the executive mode of corresponding permission modification transaction are as follows: call directly intelligent conjunction About interface executes the transaction, and intelligent contract can automatically update the check information in block after executing.
Wherein, the condition not passed through to common recognition in the present embodiment is defined, and actual conditions are calculated because of used common recognition Method and it is different.
Specifically, it also includes general transaction that whole transaction in block, which include permission modification transaction, at this time, i.e., permission is believed The verifying of breath change is usually carried out with the verifying of general transaction simultaneously.Each block chain user can execute above-mentioned verification process, When the process of common recognition is completed and result is correct, corresponding permission modification transaction comes into force in block.The present embodiment was not to knowing together Specific algorithm used in journey is defined.
Based on the above-mentioned technical proposal, block chain right management method provided in an embodiment of the present invention is by rights management depth collection At in block chain.Block chain provides the operation interface of permission, including increases, deletes, changes, looks into.The behaviour that permission is carried out each time Make, be required to the whole network and reach common understanding just come into force, knows together and the process that comes into force is without manual intervention.Operating each time will record In block chain, convenient for audit.Authority information and the historical record of operation are protected by the means of cryptography, can not be by Malice is distorted.Since Deep integrating is in block chain, this programme in the process of implementation, can be carried out the permission in block chain Comprehensive configuration is not limited only to intelligent contract level, does not also need by outside plant.
During the operation of block chain, whenever encountering the scene for needing to judge permission, no matter promoter is by assorted No matter the transaction (such as the transaction initiated by intelligent contract-defined interface) that form is initiated is related in the transaction what kind of Whether permission can all have the permission of the operation to verify promoter, only when promoter has this kind of permission, Cai Huiyun Perhaps it executes corresponding operation.Even user may only send out a common request without initiating transaction.Such as work as user When the transaction initiated by intelligent contract-defined interface, judge whether the promoter disposed in intelligent contract transaction has deployment intelligence The permission of contract.Therefore, it is based on above-mentioned any embodiment, this method can also include:
Identify the operation that user sends;
Judge whether the promoter of the operation has the permission for executing the operation;
If the promoter of the operation has the permission for executing the operation, the operation is executed.
Based on the above-mentioned technical proposal, block chain right management method provided in an embodiment of the present invention can not only will be by permission Deep integrating is managed in block chain, comprehensive configuration can be carried out to the permission in block chain, is not limited only to intelligent contract Level is not needed by outside plant yet.The permission of various forms of operations in block chain can also be verified, guarantee behaviour The reliability of work.
Block chain Rights Management System provided in an embodiment of the present invention is introduced below, block chain power described below Reference can be corresponded to each other with above-described block chain right management method by limiting management system.
Referring to FIG. 2, Fig. 2 is the structural block diagram of block chain Rights Management System provided by the embodiment of the present invention;This is System may include:
Identification module 100, the permission modification transaction that user sends for identification;Wherein, the content packet of permission modification transaction It includes promoter, change permission user, permission and corresponding change authority credentials need to be changed;
Judgment module 200, for judging whether the promoter in permission modification transaction has permission modification permission;
Permission modification execution module 300 will change the every of permission user if having permission modification permission for promoter The authority credentials of a need change permission is revised as corresponding change authority credentials, and by the permission modification transaction record after execution to block In;
Common recognition module 400, for knowing together to the transaction in block, corresponding permission becomes in block after common recognition passes through More transaction comes into force.
Based on the above embodiment, judgment module 200 may include:
Permission reading unit, for obtaining newest block from block chain;
Check information acquiring unit, for obtaining root of the check information as MPT tree from newest block;
First authority information acquiring unit for constructing MPT tree using the root of the MPT tree, and is obtained from the MPT tree Take the corresponding authority information of the promoter;
First judging unit, for judging whether the promoter in permission modification transaction has permission change according to authority information More permission.
Based on the above embodiment, judgment module 200 may include:
Second authority information acquiring unit, for calling intelligent contract-defined interface to obtain the corresponding power of promoter from database Limit information;
Second judgment unit, for judging whether the promoter in permission modification transaction has permission change according to authority information More permission.
Based on above-mentioned any embodiment, identification module 100 may include:
Receiving unit, for receiving the transaction of user's transmission;
Judging unit is identified, for judging whether transaction has permission modification transaction setting mark;
Recognition unit, if for having permission modification transaction setting mark, it is determined that trade as permission modification transaction.
Based on above-mentioned any embodiment, which can also include:
Identification module is operated, the operation that user sends for identification;
Operating right judgment module, for judging whether the promoter of the operation has the permission for executing the operation;
Operation executing module, if having the permission of the execution operation for the promoter of the operation, described in execution Operation.
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realities The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For device disclosed in embodiment Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration ?.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology In any other form of storage medium well known in field.
A kind of block chain right management method provided by the present invention and system are described in detail above.Herein Apply that a specific example illustrates the principle and implementation of the invention, the explanation of above example is only intended to help Understand method and its core concept of the invention.It should be pointed out that for those skilled in the art, not taking off , can be with several improvements and modifications are made to the present invention under the premise of from the principle of the invention, these improvement and modification also fall into this In invention scope of protection of the claims.

Claims (9)

1. a kind of block chain right management method, which is characterized in that the described method includes:
Identify the permission modification transaction that user sends;Wherein, the content of the permission modification transaction includes promoter, change permission User need to change permission and corresponding change authority credentials;And the permission modification transaction is similar with general transaction in block chain; The permission being related to includes rights management, deployment contract, sends general transaction;The permission modification is sent by intelligent contract-defined interface Transaction;
Judge whether the promoter in the permission modification transaction has permission modification permission;
If the promoter has permission modification permission, each of described change permission user need to be changed to the authority credentials of permission It is revised as corresponding change authority credentials, and by the permission modification transaction record after execution into block;Utilize the intelligence The automatic configuration of contract-defined interface progress permission;
It knows together to the transaction in the block, the corresponding permission modification transaction life in the block after common recognition passes through Effect;
Further include:
Identify the operation that user sends;
It calls the intelligent contract-defined interface to judge whether the promoter of the operation has by direct or simulation and executes the operation Permission;Wherein, the execution referred in block chain internal simulation call is called directly, intelligent contract-defined interface is called to obtain permission Value, simulation call the execution for referring to and simulating intelligent contract, authority credentials are directly obtained from database;
If the promoter of the operation has the permission for executing the operation, the operation is executed.
2. the method according to claim 1, wherein the initiation in the judgement permission modification transaction Whether person has permission modification permission, comprising:
Newest block is obtained from block chain, and root of the check information as MPT tree is obtained from the newest block;
MPT tree is constructed using the root of the MPT tree, and obtains the corresponding authority information of the promoter from the MPT tree;
Judge whether the promoter in the permission modification transaction has permission modification permission according to the authority information.
3. the method according to claim 1, wherein the initiation in the judgement permission modification transaction Whether person has permission modification permission, comprising:
Intelligent contract-defined interface is called to obtain the corresponding authority information of the promoter from database;
Judge whether the promoter in the permission modification transaction has permission modification permission according to the authority information.
4. the method according to claim 1, wherein the transaction in block is known together, when described total Know and come into force by permission modification corresponding in rear block transaction, comprising:
When receiving the block, whole transaction in the block are extracted;
Interim block is constructed on the basis of father's block of the block received, and is successively executed in the interim block Each transaction;
After the completion of all transaction execution, judge the authorization check information in the interim block whether with the institute that receives The authorization check information stated in block is consistent;
If consistent, the transaction verification in the block passes through, and knows together, right in the block when the common recognition passes through The permission modification transaction answered comes into force.
5. according to the method described in claim 4, it is characterized in that, the permission modification transaction that the identification user sends, comprising:
Receive the transaction that user sends;
Judge whether the transaction has permission modification transaction setting mark;
If having, it is determined that the transaction is that permission modification is traded.
6. method according to claim 1-5, which is characterized in that the mode that permission saves in block chain, comprising:
Each authority information is handled using data summarization algorithm, generates the corresponding verification letter of each authority information Breath;
The critical field for increasing the check information in block structure, for recording the corresponding authority information of each block.
7. a kind of block chain Rights Management System, which is characterized in that the system comprises:
Identification module, the permission modification transaction that user sends for identification;Wherein, the content of the permission modification transaction includes hair It plays person, change permission user, permission and corresponding change authority credentials need to be changed;And in the permission modification transaction and block chain General transaction is similar;The permission being related to includes rights management, deployment contract, sends general transaction;It is sent out by intelligent contract-defined interface The permission modification is sent to trade;
Judgment module, for judging whether the promoter in the permission modification transaction has permission modification permission;
Permission modification execution module, if there is permission modification permission for the promoter, by the change permission user's Each authority credentials that need to change permission is revised as corresponding change authority credentials, and by the permission modification transaction record after execution Into block;The automatic configuration of permission is carried out using the intelligent contract-defined interface;
Common recognition module, it is corresponding in the block after common recognition passes through for knowing together to the transaction in the block Permission modification transaction comes into force;
Further include:
Identification module is operated, the operation that user sends for identification;
Operating right judgment module, for judging the initiation of the operation by the direct or simulation calling intelligent contract-defined interface Whether person has the permission for executing the operation;Wherein, the execution referred in block chain internal simulation call is called directly, intelligence is called Energy contract-defined interface obtains authority credentials, and simulation calls the execution for referring to and simulating intelligent contract, authority credentials is directly obtained from database;
Operation executing module executes the operation if the promoter for the operation has the permission for executing the operation.
8. system according to claim 7, which is characterized in that the judgment module, comprising:
Permission reading unit, for obtaining newest block from block chain;
Check information acquiring unit, for obtaining root of the check information as MPT tree from the newest block;
First authority information acquiring unit for constructing MPT tree using the root of the MPT tree, and obtains institute from the MPT tree State the corresponding authority information of promoter;
First judging unit, for judging whether the promoter in the permission modification transaction has according to the authority information Have permission change permission.
9. system according to claim 7, which is characterized in that the judgment module, comprising:
Second authority information acquiring unit, for calling intelligent contract-defined interface to obtain the corresponding power of the promoter from database Limit information;
Second judgment unit, for judging whether the promoter in the permission modification transaction has according to the authority information Have permission change permission.
CN201711193847.6A 2017-11-24 2017-11-24 A kind of block chain right management method and system Active CN107911373B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711193847.6A CN107911373B (en) 2017-11-24 2017-11-24 A kind of block chain right management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711193847.6A CN107911373B (en) 2017-11-24 2017-11-24 A kind of block chain right management method and system

Publications (2)

Publication Number Publication Date
CN107911373A CN107911373A (en) 2018-04-13
CN107911373B true CN107911373B (en) 2019-09-06

Family

ID=61848018

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711193847.6A Active CN107911373B (en) 2017-11-24 2017-11-24 A kind of block chain right management method and system

Country Status (1)

Country Link
CN (1) CN107911373B (en)

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712423A (en) * 2018-05-18 2018-10-26 北京三六五八网络科技有限公司 Right management method and device
US10929352B2 (en) * 2018-05-29 2021-02-23 Oracle International Corporation Securing access to confidential data using a blockchain ledger
CN108846755A (en) * 2018-06-22 2018-11-20 中链科技有限公司 A kind of right management method and device based on intelligent contract
CN109003185B (en) * 2018-06-29 2022-03-22 中国银联股份有限公司 Intelligent contract establishing method and device, computing equipment and storage medium
CN113408009B (en) 2018-07-05 2022-12-06 腾讯科技(深圳)有限公司 Data processing method, device, equipment and medium
CN109002729B (en) * 2018-07-09 2021-11-23 福建省农村信用社联合社 Client privacy data management method based on financial block chain
CN109102261A (en) * 2018-08-02 2018-12-28 刘卓 Based on the encryption currency for matching the decentralization for winning banknote, safety, power saving
CN109345251A (en) * 2018-08-24 2019-02-15 深圳壹账通智能科技有限公司 Negotiable block chain method of commerce, device, equipment and storage medium
CN109286616B (en) * 2018-09-10 2021-04-16 湖南智慧政务区块链科技有限公司 Permission verification method and device based on block chain technology
CN109391617B (en) * 2018-10-15 2021-01-12 天津理工大学 Block chain-based network equipment configuration management method and client
CN109508561A (en) * 2018-10-18 2019-03-22 中钞信用卡产业发展有限公司杭州区块链技术研究院 Block chain network and right management method
CN110046522A (en) * 2018-11-28 2019-07-23 阿里巴巴集团控股有限公司 Method for processing business and device, electronic equipment based on block chain
CN110032846B (en) * 2018-11-30 2021-11-02 创新先进技术有限公司 Identity data anti-misuse method and device and electronic equipment
CN109711838B (en) * 2018-12-06 2020-12-29 杭州秘猿科技有限公司 System function management method, system and equipment in block chain
CN109885612B (en) * 2018-12-26 2021-04-20 联动优势科技有限公司 Synchronous validation method and device for intelligent contracts of block chains
CN110008665B (en) * 2019-03-05 2024-02-06 深圳前海微众银行股份有限公司 Authority control method and device for blockchain
CN110011978B (en) * 2019-03-08 2021-02-12 创新先进技术有限公司 Method, system, device and computer equipment for modifying block chain network configuration
CN110049111A (en) * 2019-03-27 2019-07-23 厦门大学 A kind of industrial control system teleinstruction control method based on block chain technology
CN110032865B (en) * 2019-03-28 2022-01-25 腾讯科技(深圳)有限公司 Authority management method, device and storage medium
CN110135190B (en) * 2019-04-29 2023-05-05 深圳市元征科技股份有限公司 Data management method, server and computer storage medium
CN110071813B (en) * 2019-04-30 2021-10-01 杭州复杂美科技有限公司 Account permission changing method and system, account platform and user terminal
CN110049066B (en) * 2019-05-23 2020-05-26 中国科学院软件研究所 Resource access authorization method based on digital signature and block chain
CN110290111B (en) * 2019-05-29 2022-11-04 达闼机器人股份有限公司 Operation authority management method and device, block chain node and storage medium
CN110290144B (en) * 2019-07-01 2022-02-25 深圳市元征科技股份有限公司 User authority information updating method, system, storage medium and electronic equipment
CN110503552A (en) * 2019-08-13 2019-11-26 安徽科技学院 A kind of block chain financial payments management method and system
CN110717172B (en) * 2019-09-25 2021-04-27 蚂蚁区块链科技(上海)有限公司 Permission transfer method, device and equipment in block chain type account book
CN110888935A (en) * 2019-11-12 2020-03-17 北京芯际科技有限公司 Data transaction method based on block chain
CN110807188A (en) * 2019-11-12 2020-02-18 北京芯际科技有限公司 Authority management method and system based on block chain
CN110992027B (en) * 2019-11-29 2022-02-25 支付宝(杭州)信息技术有限公司 Efficient transaction method and device for realizing privacy protection in block chain
CN111046055A (en) * 2019-12-11 2020-04-21 杭州趣链科技有限公司 Block chain global configuration changing method, equipment and storage medium
CN113744852B (en) * 2020-05-28 2024-01-30 陕西尚品信息科技有限公司 Medical data management system, method, server and client device
CN111385103B (en) * 2020-05-29 2020-09-25 腾讯科技(深圳)有限公司 Authority processing method, system and device and electronic equipment
CN112487484A (en) * 2020-12-15 2021-03-12 深圳壹账通智能科技有限公司 Dynamic configuration method and device for node permission in block chain network
CN113988849A (en) * 2021-11-02 2022-01-28 山东大学 System and method for modifying block chain capable of being traced in modification process

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105488431A (en) * 2015-11-30 2016-04-13 布比(北京)网络技术有限公司 Authority management method and device for block chain system
CN105976232A (en) * 2016-06-24 2016-09-28 深圳前海微众银行股份有限公司 Asset transaction method and device
CN106250721A (en) * 2016-07-28 2016-12-21 杭州云象网络技术有限公司 A kind of electronic copyright protection method based on block chain
CN106534085A (en) * 2016-10-25 2017-03-22 杭州云象网络技术有限公司 Privacy protection method based on block chain technology
CN106796685A (en) * 2016-12-30 2017-05-31 深圳前海达闼云端智能科技有限公司 Block chain authority control method and device and node equipment
CN106796688A (en) * 2016-12-26 2017-05-31 深圳前海达闼云端智能科技有限公司 Permission control method, device and system of block chain and node equipment
CN106992990A (en) * 2017-05-19 2017-07-28 北京牛链科技有限公司 Data sharing method and system and block catenary system and computing device
CN107018125A (en) * 2017-02-17 2017-08-04 阿里巴巴集团控股有限公司 A kind of block catenary system, date storage method and device
CN107273760A (en) * 2017-06-09 2017-10-20 济南浪潮高新科技投资发展有限公司 One kind is based on many CA application authentication methods of block chain
CN107332701A (en) * 2017-06-26 2017-11-07 中国人民银行数字货币研究所 The method and system of management node

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105488431A (en) * 2015-11-30 2016-04-13 布比(北京)网络技术有限公司 Authority management method and device for block chain system
CN105976232A (en) * 2016-06-24 2016-09-28 深圳前海微众银行股份有限公司 Asset transaction method and device
CN106250721A (en) * 2016-07-28 2016-12-21 杭州云象网络技术有限公司 A kind of electronic copyright protection method based on block chain
CN106534085A (en) * 2016-10-25 2017-03-22 杭州云象网络技术有限公司 Privacy protection method based on block chain technology
CN106796688A (en) * 2016-12-26 2017-05-31 深圳前海达闼云端智能科技有限公司 Permission control method, device and system of block chain and node equipment
CN106796685A (en) * 2016-12-30 2017-05-31 深圳前海达闼云端智能科技有限公司 Block chain authority control method and device and node equipment
CN107018125A (en) * 2017-02-17 2017-08-04 阿里巴巴集团控股有限公司 A kind of block catenary system, date storage method and device
CN106992990A (en) * 2017-05-19 2017-07-28 北京牛链科技有限公司 Data sharing method and system and block catenary system and computing device
CN107273760A (en) * 2017-06-09 2017-10-20 济南浪潮高新科技投资发展有限公司 One kind is based on many CA application authentication methods of block chain
CN107332701A (en) * 2017-06-26 2017-11-07 中国人民银行数字货币研究所 The method and system of management node

Also Published As

Publication number Publication date
CN107911373A (en) 2018-04-13

Similar Documents

Publication Publication Date Title
CN107911373B (en) A kind of block chain right management method and system
CN109190410B (en) Log behavior auditing method based on block chain in cloud storage environment
CN109670801B (en) Digital encryption money transfer method for block chain
CN106875518B (en) Control method and device of intelligent lock and intelligent lock
KR101937220B1 (en) Method for generating and verifying a digital signature or message authentication code based on a block chain that does not require key management
CN110401655A (en) Access control right management system based on user and role
CN105915338A (en) Key generation method and key generation system
CN109242404A (en) History information management method, device, computer equipment and readable storage medium storing program for executing
CN110060161A (en) It trades anti-heavy client service implementation method and serviced component for block chain
CN111107085A (en) Safety communication method based on publish-subscribe mode
CN115345618B (en) Block chain transaction verification method and system based on mixed quantum digital signature
CN110138767A (en) Processing method, device, equipment and the storage medium of transactions requests
CN113901432A (en) Block chain identity authentication method, equipment, storage medium and computer program product
CN111371588A (en) SDN edge computing network system based on block chain encryption, encryption method and medium
CN113556393B (en) Multi-type intermodal data exchange system and method based on block chain
CN112101945B (en) Method and system for supervising block chain content
CN112699136B (en) Cross-link certificate storage method and related device
CN110266653A (en) A kind of method for authenticating, system and terminal device
CN105516219A (en) Safe deactivation method and system for embedded intelligent card, and card management server for safe deactivation of embedded intelligent card
CN109241783A (en) Mobile terminal manages implementation of strategies method and device
US10862831B2 (en) System, method, and computer program product providing end-to-end security of centrally accessible group membership information
CN113378196B (en) Multi-party contract signing method based on block chain
CN106097600B (en) Device management method, system and financial self-service equipment based on ATL
CN113890751A (en) Method, apparatus and readable storage medium for controlling voting of alliance link authority
CN112667977A (en) Smart city-oriented block chain identity authentication and access control method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant