CN108632268A - The method for authenticating and device, storage medium, electronic device that block chain accesses - Google Patents
The method for authenticating and device, storage medium, electronic device that block chain accesses Download PDFInfo
- Publication number
- CN108632268A CN108632268A CN201810404745.2A CN201810404745A CN108632268A CN 108632268 A CN108632268 A CN 108632268A CN 201810404745 A CN201810404745 A CN 201810404745A CN 108632268 A CN108632268 A CN 108632268A
- Authority
- CN
- China
- Prior art keywords
- block chain
- role
- access rights
- business
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The method for authenticating and device, storage medium, electronic device accessed the invention discloses a kind of block chain.Wherein, this method includes:Obtain the access request of the first account number, wherein access request accesses to business block chain link point for the request of the first account number;In response to access request, the first access rights of the role belonging to the first account number are determined based on the permissions data preserved on target block chain node, wherein the data write-in permission of target block chain node is closed after the permissions data that write-in preserves;In the case where the first access rights indicate that the first account number is allowed to access business block chain link point, the state of business block chain link point is positioned to allow for the first account number and is accessed.The present invention solves the relatively low technical problem of safety of permissions data in the related technology.
Description
Technical field
The present invention relates to internet arena, the method for authenticating accessed in particular to a kind of block chain and device, storage
Medium, electronic device.
Background technology
Since bit coin system is released, using bit coin and its derivative competition coin as the decentralization of representative encrypt currency by
Extensive concern is arrived.The characteristics of currency class system is to be based on block chain building Distributed sharing general ledger, to ensure that system is transported
Capable safe and reliable, decentralization characteristic.Block chain refer to decentralization and go trust by way of collective safeguard one can
By the technical solution of database.The technical solution mainly lets on any number of nodes in system, and password is used by a string
Method is associated the data block generated, and the system all information exchange data in certain time are contained in each data block,
And generate validity and link next database block of the data fingerprint for verifying its information.
Rights management is the core content of block catenary system, since block catenary system number of users is huge, number of blocks is many
More, rights management techniques in the related technology have that resource consumption is big, permission control efficiency is low, safety is relatively low, such as
Access list control method carries out rights management by list, and a simple access list is one by user and resource composition
Array, when data volume is huge, rights management inefficiency, and be easy to be tampered;In forced access control method, once be
Construction in a systematic way is vertical, and the access control of user behavior is enforced, and user can not change the security attribute of security level or object, and resource disappears
Consumption is big, permission control efficiency is low.
For above-mentioned problem, currently no effective solution has been proposed.
Invention content
The method for authenticating and device, storage medium, electronic device accessed an embodiment of the present invention provides a kind of block chain, with
At least solve the relatively low technical problem of the safety of permissions data in the related technology.
One side according to the ... of the embodiment of the present invention provides a kind of method for authenticating that block chain accesses, including:Obtain the
The access request of one account number, wherein access request accesses to business block chain link point for the request of the first account number;In response to
Access request determines the first access right of the role belonging to the first account number based on the permissions data preserved on target block chain node
Limit, wherein the data write-in permission of target block chain node is closed after the permissions data that write-in preserves;In the first access rights
In the case that instruction allows the first account number to access business block chain link point, set the state of business block chain link point to
The first account number is allowed to access.
Another aspect according to the ... of the embodiment of the present invention additionally provides a kind of authentication device that block chain accesses, including:It obtains
Unit, the access request for obtaining the first account number, wherein access request is asked for the first account number to business block chain link point
It accesses;Authenticating unit determines the in response to access request based on the permissions data preserved on target block chain node
The first access rights of role belonging to one account number, wherein what the data write-in permission of target block chain node was preserved in write-in
It is closed after permissions data;Setting unit allows the first account number to click through business block chain link for being indicated in the first access rights
In the case that row accesses, the state of business block chain link point is positioned to allow for the first account number and is accessed.
Another aspect according to the ... of the embodiment of the present invention additionally provides a kind of storage medium, which includes storage
Program, program execute above-mentioned method when running.
Another aspect according to the ... of the embodiment of the present invention, additionally provides a kind of electronic device, including memory, processor and deposits
The computer program that can be run on a memory and on a processor is stored up, processor executes above-mentioned side by computer program
Method.
In embodiments of the present invention, when getting the access request of the first account number, based on being protected on target block chain node
The permissions data deposited determines the first access rights of the role belonging to the first account number, indicates to allow the first account in the first access rights
In the case of number accessing to business block chain link point, the state of business block chain link point is positioned to allow for the first account number and is visited
It asks, the data write-in permission of preceding aim block chain node is closed after the permissions data that write-in preserves namely the application is based on
Block chain technology carry out permissions data preservation, ensure that after permissions data cochain can not tamper and trackability, can solve
The certainly relatively low technical problem of the safety of permissions data in the related technology, and then reach the safety and reliability of raising system
Technique effect.
Description of the drawings
Attached drawing described herein is used to provide further understanding of the present invention, and is constituted part of this application, this hair
Bright illustrative embodiments and their description are not constituted improper limitations of the present invention for explaining the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of the hardware environment for the method for authenticating that block chain according to the ... of the embodiment of the present invention accesses;
Fig. 2 is the flow chart for the method for authenticating that a kind of optional block chain according to the ... of the embodiment of the present invention accesses;
Fig. 3 is a kind of schematic diagram of optional Permission Management Model according to the ... of the embodiment of the present invention;
Fig. 4 is a kind of schematic diagram of optional Permission Management Model according to the ... of the embodiment of the present invention;
Fig. 5 is a kind of schematic diagram of optional Permission Management Model according to the ... of the embodiment of the present invention;
Fig. 6 is a kind of schematic diagram of optional Permission Management Model according to the ... of the embodiment of the present invention;
Fig. 7 is the flow chart for the method for authenticating that a kind of optional block chain according to the ... of the embodiment of the present invention accesses;
Fig. 8 is the schematic diagram for the authentication device that a kind of optional block chain according to the ... of the embodiment of the present invention accesses;
Fig. 9 is the schematic diagram for the authentication device that a kind of optional block chain according to the ... of the embodiment of the present invention accesses;And
Figure 10 is a kind of structure diagram of terminal according to the ... of the embodiment of the present invention.
Specific implementation mode
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The every other embodiment that member is obtained without making creative work should all belong to the model that the present invention protects
It encloses.
It should be noted that term " first " in description and claims of this specification and above-mentioned attached drawing, "
Two " etc. be for distinguishing similar object, without being used to describe specific sequence or precedence.It should be appreciated that using in this way
Data can be interchanged in the appropriate case, so as to the embodiment of the present invention described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover
It includes to be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment to cover non-exclusive
Those of clearly list step or unit, but may include not listing clearly or for these processes, method, product
Or the other steps or unit that equipment is intrinsic.
First, the part noun or term occurred during the embodiment of the present invention is described is suitable for as follows
It explains:
CA:Certificate Authority, digital certificate authentication mechanism, also referred to as e-business certification center, electronics
Business confirming authorized organization is responsible for the authoritative institution of distribution & management digital certificate, and as accredited in e-commerce transaction
The third party appointed undertakes the responsibility that the legitimacy of public key in Public Key Infrastructure is examined.
MSP:Membership Service Provider, member service supplier MSP are one and provide abstract member
The component of operation framework, MSP is issued and verified by digital certificate and all cryptography mechanism and agreement of user authentication behind
It has all been abstracted out, a MSP oneself can define identity and the management (authentication) of identity (is generated and tested with certification
Signed certificate name) rule.
ACL:Access Control List, access control list, also known as access control tandem are uses with access control
Access control list based on matrix, each object correspond to a tandem main body, access control list describe user or system into
Access control right of the journey to each object.
RBAC:Role-based access control, the access control based on role are message safety fields
In, a kind of widely used access control mechanisms are different from forced symmetric centralization and freely select access control and directly assign
Give user's permission, but by permission type ascribed role.
ABAC:Attribute-based access control, beam-based alignment is a kind of for solution row
Industry Distributed Application trusted relationships access control model, it is using the attribute of related entities (such as main body, object, environment) as awarding
The basis of power is come the control that accesses.Based on such purpose, entity attributes can be divided into body attribute, object attribute and ring
Border attribute.
" endorsement " this etymology comes from bank money business, refers to that original holder is capped certainly in the back of bill when bill is transferred the possession of
Oneself signature or seal, to prove the authentic and valid of the bill, and endorsement (endorse) signified in block chain is carried to some
Case or transaction are promised and are ensured, that is, approve and support, improve the confidence level of things, reach in a certain range whereby altogether
Know, finally approves this motion or transaction.
One side according to the ... of the embodiment of the present invention provides a kind of embodiment of the method for the method for authenticating that block chain accesses.
Optionally, in the present embodiment, the method for authenticating that above-mentioned block chain accesses can be applied to as shown in Figure 1 by taking
In the hardware environment that business device 101 and terminal 103 are constituted.As shown in Figure 1, server 101 is connected by network and terminal 103
It connects, can be used for providing service (such as game services, application service, Video service, authentication for the client installed in terminal or terminal
Service etc.), (namely the target block chain link of block chain node 105 of authentication can be set on the server or independently of server
Point), for providing permissions data storage service for server 101, above-mentioned network includes but not limited to:Wide area network, Metropolitan Area Network (MAN) or
LAN, terminal 103 are not limited to PC, mobile phone, tablet computer etc..
The method for authenticating that the block chain of the embodiment of the present invention accesses can be executed by server 101.Fig. 2 is according to this hair
The flow chart for the method for authenticating that a kind of optional block chain of bright embodiment accesses, as shown in Fig. 2, this method may include following
Step:
Step S202, server obtain the access request of the first account number, and access request is asked for the first account number to business
Block chain link point accesses.
Optionally, above-mentioned first account number is the account number that is used in terminal 103, and user can be asked pair by terminal 103
Business block chain link point accesses.
Step S204, in response to access request, server is determined based on the permissions data preserved on target block chain node
The permission preserved is being written in the data write-in permission of the first access rights of role belonging to first account number, target block chain node
It is closed after data, the access rights of different role is configured in permissions data, in other words, the access rights of these roles are can be with
Variation, when the business such as provided in business block chain is reached the standard grade or during service operation, it can carry out the access of role
The configuration of permission.
Step S206, the case where the first access rights indicate that the first account number is allowed to access business block chain link point
Under, the state of business block chain link point is positioned to allow for the first account number and is accessed.
Above-described embodiment is said so that the method for authenticating that the block chain of the application accesses is executed by server 101 as an example
Bright, the method for authenticating that the block chain of the application accesses also can jointly be executed by server 101 and terminal 103, if terminal is to service
Device initiates request, and server executes the present processes after receiving request.
S202 to step S206 through the above steps is based on target block when getting the access request of the first account number
The permissions data preserved on chain node determines the first access rights of the role belonging to the first account number, is indicated in the first access rights
In the case of allowing the first account number to access business block chain link point, the state of business block chain link point is positioned to allow for
First account number accesses, and the data write-in permission of preceding aim block chain node is closed after the permissions data that write-in preserves, namely
The application is based on block chain technology and carries out permissions data preservation, ensure that tamper and can not can trace after permissions data cochain
Property, the relatively low technical problem of the safety of permissions data in the related technology can be solved, and then reach the safety of raising system
The technique effect of property and reliability.
In embodiments herein, a kind of optional embodiment is provided, as shown in figure 3, using based on MSP
Permission Management Model, in this set of model, MSP in conjunction with CA by realizing the issuing of certificate, certificate management, authentication, power
It is as shown in Figure 3 to limit functions, the combinations of MSP and other components such as justice.
Rights management and common recognition mechanism (including P2P networks, are saved between operation layer (including chain code, channel etc.) and basal layer
Point, storage, encryption etc.) between, the Floor layer Technology that can be dependent on static models offer realizes that static models provide manager
Two kinds of roles of Admin and member Member, and the management of role and permission is verified based on the certificate that CA is signed and issued, it is whole to think
Road is prior preset scheme, i.e., pre-defines authority models in advance, and then operation system is accessed according to authority models, by
Then preset authority models, therefore the management and control of permission can not possibly be got involved deeply in the design of service logic, but business
Model accesses control according to the authority models set in advance.
Above-mentioned alliance's chain provide a kind of static state, do not access the rights management system of specific upper-layer service logic details design
System, and this system is strongly dependent upon the infrastructure such as CA, P2P network, has following certain defect, in this technical solution
Limitation pass through the intelligent contract based on block chain this application provides another optional embodiment, build upper layer application grade
Other permission/Role Management structure can improve entire block chain Access Control System, its defect can be overcome, below in conjunction with Fig. 2
Shown step illustrates.
In one embodiment in front, the rights management based on MSP is used, static models are in use
Larger role and permission adjustment cannot be made, needs to have planned prediction scheme in advance, if the permission of user changes, to upper layer
Operation system impact it is larger, need to make a change service logic and service design, especially alliance's catenary system does not support angle
The definition of color, meaning operation system will plan the permission correspondence of role and role and particular user in advance;The pipe of permission
Have the several ways such as ACL, rights management table, Role Dilemma in reason pattern, due to permission management and the bottom code degree of coupling compared with
Height, alliance's chain can only select one such control model as itself, can not make plug-in design.
Optionally, in order to overcome drawbacks described above, in the embodiment shown in Figure 2, in the implementation for executing step S202 offers
Before example, i.e., can be that target service is configured to preserve power by dynamic model before the access request for obtaining the first account number
The target block chain node of data is limited, the business datum of target service is stored on business block chain link point.
Optionally, may include in the target block chain node for being configured to preservation permissions data for target service following two
Form:When creating target service, the first block chain node is configured for target service, wherein target block chain link includes first
Block chain node;During target service is run, the second block chain node is configured for target service, wherein target block
Chain link includes the second block chain node.
, can be according to upper-layer service scene using a kind of dynamic model provided by the present application, dynamic adjusts permission control model,
It is not limited to the authority models constructed by bottom.By being then based on the permission mode of intelligent contract, therefore plasticity is stronger, can lead to
Permission is controlled and is operated by intelligent contract by the mode for crossing programming;Simultaneously because the flexibility of intelligent contract, it can be achieved that
The plug type of authority models is replaced;It, can be according to scene, dynamically, soon since authority definition is stored in the data on chain
Speed easily realizes that permission is redefined and changed, to overcome drawbacks described above.
The rights management based on MSP is used, the rights management of service logic can not be participated in, what block catenary system embedded
Rights management mechanism is the permission pipe operation mode preset in advance, can not participate in the exploitation of specific service logic and set
In meter, but there are a large amount of demands in many scenes, and authority models is needed closely to be combined with operation system, and alliance
Chain cannot meet this requirement as the preset model planned in advance;And the permission of service logic controls in intelligent contract,
Due to being coupled with the code of user's later development, above-mentioned block catenary system is even more helpless.
Optionally, it in order to overcome drawbacks described above, is being configured to preserve the target block chain of permissions data for target service
During node, service supplier may participate in the design and integration of service logic, target block chain node be created, in block chain
In system, the part business logic of business model is realized by intelligent contract, and the intelligence of permission control section is closed
The integration that about can mutually call, and be designed between the intelligent contract of service logic, is patrolled by participation business
Volume planning and design, may be implemented more to enrich, close to the rights management of business demand.
The rights management based on MSP is used, using coarse grain privilege management mode, alliance's chain is all in order to be adapted to
Business scenario and user demand need to make general design, therefore Controlling model, definition mechanism are more rough and single, this
In a little models, lack the fine-grained permission control to all kinds of subsystems, submodule or a certain function, especially for reading and writing
Ability, and the control of alliance's chain is also incomplete;
In addition, using the ability that the rights management based on MSP is strongly dependent upon underlying model, block catenary system provides assorted
The ability of sample, user can only develop according to such model, can not surmount, if such as system only provide it is several compared with
For simple role, then user cannot complete the fine granularity of fining to attribute Attributes numerous in block chain
It is controlled;
And use the rights management based on MSP that can not provide the management mode decoupled with bottom, if user removes
Outside the permission mode embedded using block chain, it is also necessary to realize a set of rights management mould for being detached from bottom control in logical layer
Formula, current scheme can not also provide such ability.
In order to overcome drawbacks described above, in the technical solution of the application, the first block chain node is being configured for target service
When, it can be preserved the access rights of the role configured in static models as the access rights of first role to the firstth area
In the permissions data of block chain node, static models are used to provide the administrative model of the role and access rights that have configured, to realize
To the compatibility of static models;It can also be preserved the access rights of third role as the access rights of first role to the first block
In the permissions data of chain node, the access rights of third role are the service supplier establishment of target service.
Optionally, it is preserved the access rights of third role as the access rights of first role to the first block chain node
Permissions data in before, service supplier can create role-security as follows:
1) service supplier can carry out the management of permission as unit of business, can obtain the of service supplier establishment at this time
The first access rights of three roles, the first access rights are used to indicate access rights of the third role to multiple business, first
In the case that access rights instruction allows third role to access the first business in multiple business, for preserving the first industry
The state of all block chain nodes of the business datum of business is all set to allow third role access, in other words, as long as configuration
Certain role can access some business, then all data of the business may have access to it, the first business is a variety of industry
Any one and multiple business in business include target service;
2) service supplier can carry out the management of permission as unit of business block chain link point, can obtain business offer at this time
The second access rights for the third role that person creates, the second access rights are used to indicate third role to all block chain nodes
Access rights indicate that third role is allowed to carry out the third block chain link point in all block chain nodes in the second access rights
In the case of access, the state of third block chain is arranged to allow third role access;
3) service supplier can carry out the management of permission as unit of traffic data type, can obtain service supplier at this time
The third access rights of the third role of establishment, third access rights are used to indicate access of the third role to multiple business data
Permission, in the case where third access rights indicate that third the first business datum of role couple is allowed to access, block chain node
The state of upper first business datum is arranged to that third role access, the first business datum is allowed to be appointing in multiple business data
Meaning is a kind of, and multiple business data are the business datum of multiple business, can be combined with the first above-mentioned or alternative plan herein,
Such as, certain business is specified, then configures the data class for allowing to access under the business or specified services block chain node, so
The data class for allowing to access under the business block chain link point is configured afterwards;
4) service supplier can carry out particular traffic data the management of permission, can obtain service supplier establishment at this time
Third role the 4th access rights, the 4th access rights are used to indicate the access right of the second business datum of third role couple
Limit, in the case where the 4th access rights indicate that third the second business datum of role couple is allowed to access, on block chain node
The state of second business datum is arranged to that third role access, the second business datum is allowed to be in the business datum of multiple business
The specified business datum of service supplier;
5) in addition, service supplier can be managed the write-in permission of business block chain link point, industry can be obtained at this time
The 5th access rights for the third role that business supplier creates, the 5th access rights are used to indicate the 4th block chain of third role couple
The access rights of node, the case where the 5th access rights indicate that the 4th block chain link point of third role couple is allowed to access
Under, the state of the 4th block chain is arranged to allow third role that data are written.
Can be seen that from the technical solution of above-mentioned the application can realize fine-grained permission control, be such as single with business
Position is managed, is managed as unit of block chain, is managed as unit of data type, can preserve authority definition
It on block chain, or is stored in slip condition database, by intelligent contract, and coordinates block chain is existing to embed rights management, it can
Realize fine-grained permission/role definition, such as:The authority models of block chain bottom are can not be to the business generation of upper layer application side
The intelligent contract of code carries out permission control, but the technology of the application can be according to the division of business scenario for different functions, difference
Module definition access limit;
And realize with Floor layer Technology loose coupling, since control logic is based entirely on intelligent contract, and the definition of permission is deposited
Be stored on chain or in database, the application can not depend on existing permission control ability, it can be achieved that based entirely on application layer into
Capable Permission Design is such as managed the access rights of data class, specified data, realizes and realizes loose coupling with Floor layer Technology
It closes, since the authority models of alliance's chain or publicly-owned chain are not perfect, the limitation of bottom control ability or bottom permission mould
The change of type would not influence the logic of upper layer application side by using the technical solution of the application.
It is above-mentioned to be illustrated for configuring the first block chain node for target service, configuring the secondth area for target service
During block chain node, there is a situation where change for the permission of the first role such as in the permissions data of the first block chain node
Under, the permissions data after being changed to the permission of first role is stored in the second block chain node;And when needs exist
In the case of the permission for increasing second role in the permissions data of first block chain node, the power of the permission of second role will be increased
Limit data are stored in the second block chain, " permissions data after being changed to the permission of first role are stored in the secondth area
In block chain node " and " permissions data for the permission for increasing second role is stored in the second block chain " can according to it is upper
Similar mode is stated to realize rights management.
It should be noted that the application can replace the rights management pattern embedded in above-mentioned block catenary system, can also make
It is organically combined, is provided more for the useful supplement and the system of rights management pattern embedded in above-mentioned block catenary system
Perfect, more flexible permission/Role Management model provides better service ability for the operation system of user.
Optionally, while being configured to preserve the target block chain node of permissions data for target service or later,
It can be that target service creates index list, due to the characteristic that can not distort of block chain when configuring permission, therefore index column can be created
Table, the version for preserving permissions data on block chain search the target block chain node of newest establishment using index list, can
Convenient for the access rights of indexing role.
In the technical solution that step S204 is provided, server is true based on the permissions data preserved on target block chain node
The power preserved is being written in the data write-in permission of the first access rights of role belonging to fixed first account number, target block chain node
It is closed after limit data.
Optionally, first of the role belonging to the first account number is determined based on the permissions data preserved on target block chain node
Access rights may include following two steps:
Step 1, it is authenticated by the first account number of digital signature pair in access request.
Optionally, before being authenticated by the first account number of digital signature pair in access request, can received
In the case of the certificate request of one account number, it is that the first account number issues digital certificate by digital authenticating center, is asked sending to access
When asking, access request is digitally signed using digital certificate.
Optionally, authentication is carried out by the first account number of digital signature pair in access request and may include the following aspects:
One is judging whether digital signature and local certificate are consistent, the second is judging the account of the first account number and local account number
Whether information is consistent, the third is whether digital certificate used in judging is expired, it is otherwise obstructed by authentication if being to be
It crosses.
Step 2, in the case where the first account number is by authentication, first is determined according to the permissions data of target block chain node
The first access rights of the affiliated role of account number.
Optionally, determine that the first access rights of the first account number may include according to the permissions data of target block chain node:
By rights management intelligence contract, the 5th block chain node is inquired from index list, wherein the 5th block chain node is mesh
The block chain node of the access rights of the first account number is preserved in mark block chain link;It is searched and first from the 5th block chain node
First access rights of the role match of account number.
In the technical solution that step S206 is provided, indicate to allow the first account number to business block chain in the first access rights
In the case that node accesses, the state of business block chain link point is positioned to allow for the first account number and is accessed.
Or permission and Role Management are more weakened or are lacked in block catenary system in the related technology, such as is publicly-owned
Chain, the user on chain use equal rights ad-hoc mode, anyone can be added in chain, and block linkwork is added to using ad-hoc mode
The user of system, theoretically permission ability is identical;The control of permission and role, which are overly dependent upon block chain bottom, to be had
Right control model, such as although alliance's chain and privately owned chain, alliance's chain have permission the ability of control, but is limited to underlying platform
Ability, on the one hand this Controlling model is more static, dynamic to adjust permission and role it is difficult to according to operation system needs
Control, especially in the occasion of the interim adjustment control authority of some needs, it is difficult to quickly actively respond, on the other hand
Existing alliance's chain is in order to meet blanket demand, and permission/Role Dilemma ability is more general and simple, it is difficult to adapt to business
Complicated Permission Management Model in system, it is therefore desirable to more flexible control model is used in block catenary system.
The technologies such as the application is issued by the intelligent contract of integration, digital certificate, and index management, permissions data preserve, are realized
Dynamic rights on block catenary system and Role Management model, not only the authority definition ability on the publicly-owned chain of polishing, Er Qieneng
After the enough static rights control with existing alliance's chain is integrated, more complete control ability provides richer for application layer
Rich administrative model.Simultaneously by providing this dynamic mandatory control ability, by underlying platform capability development and upper-layer service system
System is isolated, and improves entire application system development process.
As a kind of optional embodiment, the technical solution of the application is described in detail with reference to specific embodiment.
As shown in Figure 4 and Figure 5, if intelligent contract or other function of the service application if necessary to access service system
, management and control can be carried out by the Rights Management System (system for applying the present processes to realize) based on block chain, it is right
In alliance's chain, because may exist multichain or multichannel Channel structures, therefore these power can be preserved using independent chain
Limit/role definition data, i.e. permissions data are stored on " system " chain;For publicly-owned chain, the presence of usually only one chain, because
The definition of this permission/role and business datum are all stored on the same chain, or are stored on side chain, then are somebody's turn to do " system " chain, are led to
Directory system is crossed to simulate a virtual logic chain for being used for preserving access control right, the permission of user is accessed, only passed through
Cross the verification of the Rights Management System based on block chain, the function in ability access service system.And Rights Management System is interior
Portion's details is as follows:
Rights Management System based on block chain is mainly by control centre's (can carry on the server), CA certificate management
Center, directory system, the intelligent part such as contract and block chain form.
Intelligent contract:The wherein management of permission using intelligent contract as core (i.e. rights management intelligence contract), control logic,
Control rule is managed by intelligent contract.The intelligent contract of rights management, can be by one or more intelligent contract programs
Composition completes permission/definition of role's rule, the write-in of permission/role, the inspection of permission/role on permissions data block chain
Etc. functions.Different from the business intelligence contract of service logic of application is realized, the intelligent contract of rights management belongs to " system " intelligence
Energy contract, it is serviced for business intelligence contract, provides permission, the management function of role.
Control centre:It is the hinge coordinated, communicate and managed, the core component of the management system as permission is played and held
On open under effect, externally provide to the interface of application side, be responsible for permission inquiry and verification;Internally it is responsible for calling rights management
Intelligent contract realizes that the verification and management of permission, control centre can also handle the application request of user right, and control centre combines
Applications management module issues digital certificate to legal user.
Permissions data block chain:Preserve permission/role definition and the block of the data such as permission and the customer relationship table of comparisons
The intelligent contract of chain, rights management realizes the management of permission in conjunction with regulation engine, such as by accessing the data on block chain
It authenticated, determine contract state and contract value, in rights management, there may be ACL, the right access controls of based role
RBAC, Distributed Application trusted relationships access control model ABAC isotypes, since the data preservation on block chain has opening
Property, you can be preserved to data with many flexible modes, such as json formats, different permission control can be introduced in this way
Create condition in model to system, this programme is not limited using any authority models, system developer can according to itself
Situation is selected.It is only illustrated by taking simplest access control list ACL as an example below:
Directory system:Since the definition data of permission/role are stored on permissions data block chain, and the data of block chain
With can not tamper, therefore when the definition of permission/role is changed, behaviour cannot be updated as traditional database
Make, therefore the application introduces the concept of version, when needs " update " permission/role definition, the new new block that is defined as chases after
It is added on " system " block chain of authority definition, and forms the new version of the rule, while by the new version number of the rules of competence
The Data Position newly defined is recorded in directory system, when system carries out scope check, can index the newest of the rules of competence
Version, and read rule and define data.
The centers CA:As shown in fig. 6, the centers management system CA of certificate can be able to be two independently of Rights Management System, the two
Entirely different system is covered, safer, more perfect service can be provided to block catenary system in this way, together with Rights Management System
Common cooperation, CA such as is responsible at center the request of application side user certificate, creates, issues, recycling at the work, due to block catenary system
In, the certification of user and the verification of transaction often rely on digital certificate system, therefore can introduce the management of CA, in controlling
Hearty cord shares family authority application management module, to the application of user certificate, issues, recycles etc. and be managed.
For new user, propose that this request can be pushed to applying digital certificate by certificate request request, control centre
Management system, is veritified, and for legal user, then creates new digital certificate, and by control centre by certificate authority
To user;For having the user of certificate, the information sent in request can carry the signature of oneself, by being preserved in control centre
User certificate carry out sign test, after verification, then it is operated, permission veritification is carried out by block chain Rights Management System,
The cooperation of two systems is completed, realizes the better dual fail-safe inspection mechanism of security level.
The flow of rights management is as shown in Figure 7:
Step S702, client are initiated to ask to control centre, and control centre verifies user certificate;It is carried in solicited message
The functional item etc. that the basic metadata (such as User ID) of user, user's signature and needs access;
Step S704, if digital certificate authentication failure (such as user illegal or certificate expired), returns to carrying for authentication failed
Show;
Step S706 is initiated to ask, be inquired according to the ID of user by control centre if being proved to be successful to directory system
Position of the user right information on block chain;
Step S708 returns to failure information if search index fails;
Index data is sent to rights management intelligence contract, intelligent contract is logical by step S710 if search index success
The data on index accesses block chain are crossed, it is detailed to read in corresponding permission;
Step S712, rights management intelligence contract to visit user using permission block chain according to rules of competence engine
The function items asked are authenticated;
Step S714, the result of back-checking is to control centre;
Step S716, control centre determines whether user has access rights according to the result of verification, if having power
Limit, then can access corresponding function module.
Using embodiments herein, can jointly be cooperated with operation system, i.e., according to the operation system of exploitation
Function, targetedly to carry out authority setting, it is achieved that permission/Role Management model dynamically, expansible, polishing
Rights management pattern not available for publicly-owned chain, the fine granularity control not available for complete alliance chain;Meanwhile being based on block
Chain technology carries out permissions data preservation, may be implemented after permissions data cochain can not tamper and trackability, improve and be
The safety and reliability of system.
It should be noted that for each method embodiment above-mentioned, for simple description, therefore it is all expressed as a series of
Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the described action sequence because
According to the present invention, certain steps can be performed in other orders or simultaneously.Secondly, those skilled in the art should also know
It knows, embodiment described in this description belongs to preferred embodiment, and involved action and module are not necessarily of the invention
It is necessary.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but it is very much
In the case of the former be more preferably embodiment.Based on this understanding, technical scheme of the present invention is substantially in other words to existing
The part that technology contributes can be expressed in the form of software products, which is stored in a storage
In medium (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment (can be mobile phone, calculate
Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
Other side according to the ... of the embodiment of the present invention additionally provides a kind of authentication accessed for implementing above-mentioned block chain
The authentication device that the block chain of method accesses.Fig. 8 is the authentication that a kind of optional block chain according to the ... of the embodiment of the present invention accesses
The schematic diagram of device, as shown in figure 8, the device may include:
Acquiring unit 801, the access request for obtaining the first account number, wherein access request is asked for the first account number
It accesses to business block chain link point;
Authenticating unit 803, in response to access request, being determined based on the permissions data preserved on target block chain node
The first access rights of role belonging to first account number, wherein the data write-in permission of target block chain node is preserved in write-in
Permissions data after close, in permissions data be configured with different role access rights;
Setting unit 805 allows the first account number to visit business block chain link point for being indicated in the first access rights
In the case of asking, the state of business block chain link point is positioned to allow for the first account number and is accessed.
It should be noted that the acquiring unit 801 in the embodiment can be used for executing the step in the embodiment of the present application
S202, the authenticating unit 803 in the embodiment can be used for executing the step S204 in the embodiment of the present application, in the embodiment
Setting unit 805 can be used for executing the step S206 in the embodiment of the present application.
Herein it should be noted that above-mentioned module is identical as example and application scenarios that corresponding step is realized, but not
It is limited to above-described embodiment disclosure of that.It should be noted that above-mentioned module as a part for device may operate in as
In hardware environment shown in FIG. 1, it can also pass through hardware realization by software realization.
By above-mentioned module, when getting the access request of the first account number, based on what is preserved on target block chain node
Permissions data determines the first access rights of the role belonging to the first account number, indicates to allow the first account number pair in the first access rights
In the case that business block chain link point accesses, the state of business block chain link point is positioned to allow for the first account number and is accessed,
The data write-in permission of preceding aim block chain node is closed after the permissions data that write-in preserves namely the application is based on block
Chain technology carry out permissions data preservation, ensure that after permissions data cochain can not tamper and trackability, phase can be solved
The relatively low technical problem of the safety of permissions data in the technology of pass, and then reach the skill of the safety and reliability of raising system
Art effect.
Optionally, as shown in figure 9, the device of the application may also include:Dispensing unit 807, for obtaining the first account number
Access request before, for target service be configured to preserve permissions data target block chain node, wherein target service
Business datum is stored on business block chain link point.
Above-mentioned dispensing unit includes:First configuration module, for when creating target service, first to be configured for target service
Block chain node, wherein target block chain link includes the first block chain node;Second configuration module, for being transported in target service
In capable process, the second block chain node is configured for target service, wherein target block chain link includes the second block chain node.
Optionally, the second configuration module may also include:First configuration submodule, for the permission in the first block chain node
In the case that the permission of first role in data changes, by the permissions data after being changed to the permission of first role
It is stored in the second block chain node;Second configuration submodule, for when needs are in the permissions data of the first block chain node
In the case of the permission for increasing second role, the permissions data for the permission for increasing second role is stored in the second block chain.
Optionally, the first configuration module may include:Third configures submodule, the angle for will have been configured in static models
The access rights of color are preserved as the access rights of first role into the permissions data of the first block chain node, wherein static
Model is used to provide the administrative model of the role and access rights that have configured;4th configuration submodule, for by third role's
Access rights are preserved as the access rights of first role into the permissions data of the first block chain node, wherein third role
Access rights be target service service supplier create.
4th configuration submodule, it may also be used for protected using the access rights of third role as the access rights of first role
Before depositing into the permissions data of the first block chain node, at least one of is executed:
Obtain the first access rights for the third role that service supplier creates, wherein the first access rights are used to indicate
Third role indicates to allow third role to first in multiple business in the first access rights to the access rights of multiple business
In the case that business accesses, the state of all block chain nodes of the business datum for preserving the first business is arranged to
Allow third role access, the first business is any one in multiple business and multiple business includes target service;
Obtain the second access rights for the third role that service supplier creates, wherein the second access rights are used to indicate
Third role indicates to allow third role to all block chains in the second access rights to the access rights of all block chain nodes
In the case that third block chain link point in node accesses, the state of third block chain is arranged to that third role is allowed to visit
It asks;
Obtain the third access rights for the third role that service supplier creates, wherein third access rights are used to indicate
Third role indicates to allow third the first business datum of role couple in third access rights to the access rights of multiple business data
In the case of accessing, on block chain node the state of the first business datum be arranged to allow third role access, first
Business datum is any one in multiple business data, and multiple business data are the business datum of multiple business;
Obtain the 4th access rights for the third role that service supplier creates, wherein the 4th access rights are used to indicate
The access rights of the second business datum of third role couple indicate to allow third the second business datum of role couple in the 4th access rights
In the case of accessing, on block chain node the state of the second business datum be arranged to allow third role access, second
Business datum is the specified business datum of service supplier in the business datum of multiple business;
Obtain the 5th access rights for the third role that service supplier creates, wherein the 5th access rights are used to indicate
The access rights of the 4th block chain node of third role couple indicate to allow the 4th block chain of third role couple in the 5th access rights
In the case that node accesses, the state of the 4th block chain is arranged to allow third role that data are written.
Optionally, the device of the application may also include, creating unit, for being configured to preserve permission for target service
While the target block chain node of data or later, index list is created for target service, wherein index list instruction passes through
The target block chain node of newest establishment carrys out the access rights of indexing role.
Optionally, authenticating unit may include:Authentication module, for passing through the first account number of digital signature pair in access request
It is authenticated;Determining module is used in the case where the first account number is by authentication, according to the permissions data of target block chain node
Determine the first access rights of the first account number.
Above-mentioned determining module can be with:By rights management intelligence contract, the 5th block chain is inquired from index list
Node, wherein the 5th block chain node is the block chain node for the access rights that the first account number is preserved in target block chain link;
The first access rights with the role match of the first account number are searched from the 5th block chain node.
The device of the application may also include, certificate request unit, for passing through the digital signature pair in access request the
It is first by digital authenticating center in the case where receiving the certificate request of the first account number before one account number is authenticated
Account number issues digital certificate, wherein digital certificate is for being digitally signed.
Using embodiments herein, can jointly be cooperated with operation system, i.e., according to the operation system of exploitation
Function, targetedly to carry out authority setting, it is achieved that permission/Role Management model dynamically, expansible, polishing
Rights management pattern not available for publicly-owned chain, the fine granularity control not available for complete alliance chain;Meanwhile being based on block
Chain technology carries out permissions data preservation, may be implemented after permissions data cochain can not tamper and trackability, improve and be
The safety and reliability of system.
Herein it should be noted that above-mentioned module is identical as example and application scenarios that corresponding step is realized, but not
It is limited to above-described embodiment disclosure of that.It should be noted that above-mentioned module as a part for device may operate in as
In hardware environment shown in FIG. 1, it can also pass through hardware realization by software realization, wherein hardware environment includes network
Environment.
Other side according to the ... of the embodiment of the present invention additionally provides a kind of authentication accessed for implementing above-mentioned block chain
The server or terminal of method.
Figure 10 is a kind of structure diagram of terminal according to the ... of the embodiment of the present invention, and as shown in Figure 10, which may include:
One or more (one is only shown in Figure 10) processors 1001, memory 1003 and (such as above-mentioned implementation of transmitting device 1005
Sending device in example), as shown in Figure 10, which can also include input-output equipment 1007.
Wherein, memory 1003 can be used for storing software program and module, as the block chain in the embodiment of the present invention is visited
Corresponding program instruction/the module of method for authenticating and device asked, processor 1001 are stored in by operation in memory 1003
Software program and module realize the mirror that above-mentioned block chain accesses to perform various functions application and data processing
Power method.Memory 1003 may include high speed random access memory, can also include nonvolatile memory, such as one or more
Magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, memory 1003 can be further
Include the memory remotely located relative to processor 1001, these remote memories can pass through network connection to terminal.On
The example for stating network includes but not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.
Above-mentioned transmitting device 1005 is used to receive via network or transmission data, can be also used for processor with
Data transmission between memory.Above-mentioned network specific example may include cable network and wireless network.In an example,
Transmitting device 1005 includes a network adapter (Network Interface Controller, NIC), can pass through cable
It is connected with other network equipments with router so as to be communicated with internet or LAN.In an example, transmission dress
It is radio frequency (Radio Frequency, RF) module to set 1005, is used to wirelessly be communicated with internet.
Wherein, specifically, memory 1003 is for storing application program.
Processor 1001 can call the application program that memory 1003 stores by transmitting device 1005, following to execute
Step:
Obtain the access request of the first account number, wherein access request is asked for the first account number to business block chain link point
It accesses;
In response to access request, the angle belonging to the first account number is determined based on the permissions data preserved on target block chain node
First access rights of color, wherein the data write-in permission of target block chain node is closed after the permissions data that write-in preserves;
In the case where the first access rights indicate that the first account number is allowed to access business block chain link point, by business
The state of block chain node is positioned to allow for the access of the first account number.
Processor 1001 is additionally operable to execute following step:
Obtain the first access rights for the third role that service supplier creates, wherein the first access rights are used to indicate
Third role indicates to allow third role to first in multiple business in the first access rights to the access rights of multiple business
In the case that business accesses, the state of all block chain nodes of the business datum for preserving the first business is arranged to
Allow third role access, the first business is any one in multiple business and multiple business includes target service;
Obtain the second access rights for the third role that service supplier creates, wherein the second access rights are used to indicate
Third role indicates to allow third role to all block chains in the second access rights to the access rights of all block chain nodes
In the case that third block chain link point in node accesses, the state of third block chain is arranged to that third role is allowed to visit
It asks;
Obtain the third access rights for the third role that service supplier creates, wherein third access rights are used to indicate
Third role indicates to allow third the first business datum of role couple in third access rights to the access rights of multiple business data
In the case of accessing, on block chain node the state of the first business datum be arranged to allow third role access, first
Business datum is any one in multiple business data, and multiple business data are the business datum of multiple business;
Obtain the 4th access rights for the third role that service supplier creates, wherein the 4th access rights are used to indicate
The access rights of the second business datum of third role couple indicate to allow third the second business datum of role couple in the 4th access rights
In the case of accessing, on block chain node the state of the second business datum be arranged to allow third role access, second
Business datum is the specified business datum of service supplier in the business datum of multiple business;
Obtain the 5th access rights for the third role that service supplier creates, wherein the 5th access rights are used to indicate
The access rights of the 4th block chain node of third role couple indicate to allow the 4th block chain of third role couple in the 5th access rights
In the case that node accesses, the state of the 4th block chain is arranged to allow third role that data are written.
Using the embodiment of the present invention, when getting the access request of the first account number, based on being protected on target block chain node
The permissions data deposited determines the first access rights of the role belonging to the first account number, indicates to allow the first account in the first access rights
In the case of number accessing to business block chain link point, the state of business block chain link point is positioned to allow for the first account number and is visited
It asks, the data write-in permission of preceding aim block chain node is closed after the permissions data that write-in preserves namely the application is based on
Block chain technology carry out permissions data preservation, ensure that after permissions data cochain can not tamper and trackability, can solve
The certainly relatively low technical problem of the safety of permissions data in the related technology, and then reach the safety and reliability of raising system
Technique effect.
Optionally, the specific example in the present embodiment can refer to the example described in above-described embodiment, the present embodiment
Details are not described herein.
It will appreciated by the skilled person that structure shown in Fig. 10 is only to illustrate, terminal can be smart mobile phone
(such as Android phone, iOS mobile phones), tablet computer, palm PC and mobile internet device (Mobile Internet
Devices, MID), the terminal devices such as PAD.Figure 10 it does not cause to limit to the structure of above-mentioned electronic device.For example, terminal is also
It may include more either less components (such as network interface, display device) than shown in Figure 10 or have and Figure 10 institutes
Show different configurations.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
To be completed come command terminal device-dependent hardware by program, which can be stored in a computer readable storage medium
In, storage medium may include:Flash disk, read-only memory (Read-Only Memory, ROM), random access device (Random
Access Memory, RAM), disk or CD etc..
The embodiments of the present invention also provide a kind of storage mediums.Optionally, in the present embodiment, above-mentioned storage medium can
For executing the program code for the method for authenticating that block chain accesses.
Optionally, in the present embodiment, above-mentioned storage medium can be located at multiple in network shown in above-described embodiment
On at least one of network equipment network equipment.
Optionally, in the present embodiment, storage medium is arranged to store the program code for executing following steps:
S11 obtains the access request of the first account number, wherein access request is asked for the first account number to business block chain
Node accesses;
S12 is determined based on the permissions data preserved on target block chain node belonging to the first account number in response to access request
Role the first access rights, wherein target block chain node data write-in permission write-in preserve permissions data after
It closes;
S13 will in the case where the first access rights indicate that the first account number is allowed to access business block chain link point
The state of business block chain link point is positioned to allow for the access of the first account number.
Optionally, storage medium is also configured to store the program code for executing following steps:
S21 obtains the first access rights for the third role that service supplier creates, wherein the first access rights are used for
It indicates access rights of the third role to multiple business, indicates to allow third role in multiple business in the first access rights
In the case that first business accesses, the state of all block chain nodes of the business datum for preserving the first business is set
Being set to allows third role access, and the first business is any one in multiple business and multiple business includes target service;
S22 obtains the second access rights for the third role that service supplier creates, wherein the second access rights are used for
It indicates access rights of the third role to all block chain nodes, indicates to allow third role to all areas in the second access rights
In the case that third block chain link point in block chain node accesses, the state of third block chain is arranged to allow the third angle
Color accesses;
S23 obtains the third access rights for the third role that service supplier creates, wherein third access rights are used for
It indicates access rights of the third role to multiple business data, indicates to allow third the first business of role couple in third access rights
In the case that data access, the state of the first business datum is arranged to allow third role access on block chain node,
First business datum is any one in multiple business data, and multiple business data are the business datum of multiple business;
S24 obtains the 4th access rights for the third role that service supplier creates, wherein the 4th access rights are used for
The access rights for indicating third the second business datum of role couple indicate to allow third the second business of role couple in the 4th access rights
In the case that data access, the state of the second business datum is arranged to allow third role access on block chain node,
Second business datum is the specified business datum of service supplier in the business datum of multiple business;
S25 obtains the 5th access rights for the third role that service supplier creates, wherein the 5th access rights are used for
The access rights for indicating the 4th block chain node of third role couple indicate to allow the 4th area of third role couple in the 5th access rights
In the case that block chain link point accesses, the state of the 4th block chain is arranged to allow third role that data are written.
Optionally, the specific example in the present embodiment can refer to the example described in above-described embodiment, the present embodiment
Details are not described herein.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to:USB flash disk, read-only memory (ROM,
Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or
The various media that can store program code such as CD.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
If the integrated unit in above-described embodiment is realized in the form of SFU software functional unit and as independent product
Sale in use, can be stored in the storage medium that above computer can be read.Based on this understanding, skill of the invention
Substantially all or part of the part that contributes to existing technology or the technical solution can be with soft in other words for art scheme
The form of part product embodies, which is stored in a storage medium, including some instructions are used so that one
Platform or multiple stage computers equipment (can be personal computer, server or network equipment etc.) execute each embodiment institute of the present invention
State all or part of step of method.
In the above embodiment of the present invention, all emphasizes particularly on different fields to the description of each embodiment, do not have in some embodiment
The part of detailed description may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed client, it can be by others side
Formula is realized.Wherein, the apparatus embodiments described above are merely exemplary, for example, the unit division, only one
Kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can combine or
It is desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed it is mutual it
Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module
It connects, can be electrical or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple
In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list
The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (15)
1. the method for authenticating that a kind of block chain accesses, which is characterized in that including:
Obtain the access request of the first account number, wherein the access request is asked for first account number to business block chain
Node accesses;
In response to the access request, determined belonging to first account number based on the permissions data preserved on target block chain node
Role the first access rights, wherein the data write-in permission of the target block chain node is in the power that the preservation is written
It is closed after limit data, the access rights of different role is configured in the permissions data;
The case where first access rights instruction allows first account number to access the business block chain link point
Under, the state of the business block chain link point is positioned to allow for first account number and is accessed.
2. according to the method described in claim 1, it is characterized in that, obtain the first account number access request before, the side
Method further includes:
It is configured to preserve the target block chain node of permissions data for target service, wherein the industry of the target service
Business data are stored on the business block chain link point.
3. according to the method described in claim 2, it is characterized in that, being configured to preserve the described of permissions data for target service
Target block chain node includes:
When creating the target service, the first block chain node is configured for the target service, wherein the target block chain
Section includes the first block chain node;And/or
During the target service is run, the second block chain node is configured for the target service, wherein the target
Block chain link includes the second block chain node.
4. according to the method described in claim 3, it is characterized in that, configuring the second block chain node packet for the target service
It includes:
It, will be to described in the case that the permission of first role in the permissions data of the first block chain node changes
Permissions data after the permission of first role changes is stored in the second block chain node;And/or
In the case of needing to increase the permission of second role in the permissions data of the first block chain node, it will increase
The permissions data of the permission of the second role is stored in the second block chain.
5. according to the method described in claim 3, it is characterized in that, configuring the first block chain node packet for the target service
It includes:
It is preserved the access rights of the role configured in static models as the access rights of first role to described first
In the permissions data of block chain node, wherein the static models are used to provide the management of the role and access rights that have configured
Model;
It is preserved the access rights of third role as the access rights of the first role to the first block chain node
In permissions data, wherein the access rights of the third role are that the service supplier of the target service creates.
6. according to the method described in claim 5, it is characterized in that, using the access rights of third role as the first role
Access rights preserve into the permissions data of the first block chain node before, the method further include it is following at least it
One:
Obtain the first access rights for the third role that the service supplier creates, wherein first access rights
Access rights of the third role to multiple business are used to indicate, allow the third angle in first access rights instruction
In the case that color accesses to the first business in the multiple business, the business datum for preserving first business
The state of all block chain nodes is arranged to that the third role access, first business is allowed to be appointing in multiple business
A kind of and described multiple business of anticipating includes the target service;
Obtain the second access rights for the third role that the service supplier creates, wherein second access rights
Access rights of the third role to all block chain nodes are used to indicate, indicate to allow in second access rights
In the case that the third role accesses to the third block chain link point in all block chain nodes, the third area
The state of block chain is arranged to allow the third role access;
Obtain the third access rights for the third role that the service supplier creates, wherein the third access rights
Access rights of the third role to multiple business data are used to indicate, allow described the in third access rights instruction
In the case that three the first business datums of role couple access, first industry on the block chain node for preserving business datum
The state of business data is arranged to that the third role access, first business datum is allowed to be in the multiple business data
Any one, the multiple business data be the multiple business business datum;
Obtain the 4th access rights for the third role that the service supplier creates, wherein the 4th access rights
The access rights of second business datum of third role couple are used to indicate, allow described the in the 4th access rights instruction
In the case that three roles access to second business datum, described on the block chain node for preserving business datum
The state of two business datums is arranged to that the third role access, second business datum is allowed to be the multiple business
The specified business datum of service supplier described in business datum;
Obtain the 5th access rights for the third role that the service supplier creates, wherein the 5th access rights
The access rights of the 4th block chain node of the third role couple are used to indicate, described in the 5th access rights instruction permission
In the case that third role accesses to the 4th block chain link point, the state of the 4th block chain is arranged to allow
Data are written in the third role.
7. according to the method described in claim 2, it is characterized in that, being configured to preserve the institute of permissions data for target service
While stating target block chain node or later, the method further includes:
Index list is created for the target service, wherein the index list is used to indicate the mesh by newest establishment
Mark block chain node carrys out the access rights of indexing role.
8. method as claimed in any of claims 1 to 7, which is characterized in that based on being protected on target block chain node
The permissions data deposited determines that the first access rights of the role belonging to first account number include:
First account number is authenticated by the digital signature in the access request;
In the case where first account number is by authentication, described is determined according to the permissions data of the target block chain node
First access rights of role belonging to one account number.
9. according to the method described in claim 8, it is characterized in that, being determined according to the permissions data of the target block chain node
First access rights of role belonging to first account number include:
By rights management intelligence contract, the 5th block chain node is inquired from index list, wherein the 5th block chain
Node is the block chain node for the access rights that first account number is preserved in the target block chain link;
First access rights with the role match of first account number are searched from the 5th block chain node.
10. according to the method described in claim 8, it is characterized in that, by the digital signature in the access request to institute
It states before the first account number authenticated, the method further includes:
It is that first account number is issued by digital authenticating center in the case where receiving the certificate request of first account number
Digital certificate, wherein the digital certificate is for being digitally signed.
11. the authentication device that a kind of block chain accesses, which is characterized in that including:
Acquiring unit, the access request for obtaining the first account number, wherein the access request is asked for first account number
It accesses to business block chain link point;
Authenticating unit, in response to the access request, institute to be determined based on the permissions data preserved on target block chain node
State the first access rights of the role belonging to the first account number, wherein the data write-in permission of the target block chain node is being write
It is closed after entering the permissions data of the preservation, the access rights of different role is configured in the permissions data;
Setting unit, for allowing first account number to click through the business block chain link in first access rights instruction
In the case that row accesses, the state of the business block chain link point is positioned to allow for first account number and is accessed.
12. according to the devices described in claim 11, which is characterized in that described device further includes:
Dispensing unit preserves permissions data for before the access request for obtaining the first account number, being configured to for target service
The target block chain node, wherein the business datum of the target service is stored on the business block chain link point.
13. device according to claim 12, which is characterized in that the dispensing unit includes:
First configuration module, for when creating the target service, the first block chain node to be configured for the target service,
In, the target block chain link includes the first block chain node;
Second configuration module, for during the target service is run, the second block chain to be configured for the target service
Node, wherein the target block chain link includes the second block chain node.
14. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein when described program is run
Execute the method described in 1 to 10 any one of the claims.
15. a kind of electronic device, including memory, processor and it is stored on the memory and can transports on the processor
Capable computer program, which is characterized in that the processor executes the claims 1 to 10 by the computer program
Method described in one.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910750778.7A CN110602050B (en) | 2018-04-28 | 2018-04-28 | Authentication method and device for block chain access, storage medium and electronic device |
| CN201810404745.2A CN108632268B (en) | 2018-04-28 | 2018-04-28 | Authentication method and device for block chain access, storage medium and electronic device |
| PCT/CN2019/079334 WO2019205849A1 (en) | 2018-04-28 | 2019-03-22 | Authentication method and apparatus for blockchain access, and storage medium and electronic apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810404745.2A CN108632268B (en) | 2018-04-28 | 2018-04-28 | Authentication method and device for block chain access, storage medium and electronic device |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910750778.7A Division CN110602050B (en) | 2018-04-28 | 2018-04-28 | Authentication method and device for block chain access, storage medium and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108632268A true CN108632268A (en) | 2018-10-09 |
| CN108632268B CN108632268B (en) | 2021-04-09 |
Family
ID=63695063
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810404745.2A Active CN108632268B (en) | 2018-04-28 | 2018-04-28 | Authentication method and device for block chain access, storage medium and electronic device |
| CN201910750778.7A Active CN110602050B (en) | 2018-04-28 | 2018-04-28 | Authentication method and device for block chain access, storage medium and electronic device |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910750778.7A Active CN110602050B (en) | 2018-04-28 | 2018-04-28 | Authentication method and device for block chain access, storage medium and electronic device |
Country Status (2)
| Country | Link |
|---|---|
| CN (2) | CN108632268B (en) |
| WO (1) | WO2019205849A1 (en) |
Cited By (51)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109299598A (en) * | 2018-11-08 | 2019-02-01 | 国久大数据有限公司 | Data managing method and device |
| CN109446830A (en) * | 2018-11-13 | 2019-03-08 | 中链科技有限公司 | Data center environment information processing method and device based on block chain |
| CN109731328A (en) * | 2018-12-29 | 2019-05-10 | 杭州趣链科技有限公司 | A kind of block chain game data storage method based on BaaS |
| CN110022318A (en) * | 2019-04-02 | 2019-07-16 | 北京众享比特科技有限公司 | A kind of alliance's chain management method, device and computer readable storage medium |
| CN110071920A (en) * | 2019-04-22 | 2019-07-30 | 新华三技术有限公司 | Member service supplier implementation method and device |
| CN110213266A (en) * | 2019-05-31 | 2019-09-06 | 联想(北京)有限公司 | A kind of information processing method and electronic equipment of the block chain across chain |
| CN110232569A (en) * | 2019-05-07 | 2019-09-13 | 北京奇艺世纪科技有限公司 | A kind of read method of transaction record, device and storage medium |
| CN110278255A (en) * | 2019-06-13 | 2019-09-24 | 深圳前海微众银行股份有限公司 | A kind of method and device of the Internet of Things IOT communication between devices based on block chain |
| CN110336813A (en) * | 2019-07-02 | 2019-10-15 | 北京启迪区块链科技发展有限公司 | A kind of access control method, device, equipment and storage medium |
| WO2019205849A1 (en) * | 2018-04-28 | 2019-10-31 | 腾讯科技(深圳)有限公司 | Authentication method and apparatus for blockchain access, and storage medium and electronic apparatus |
| CN110414268A (en) * | 2019-07-23 | 2019-11-05 | 北京启迪区块链科技发展有限公司 | Access control method, device, equipment and storage medium |
| CN110418338A (en) * | 2019-07-31 | 2019-11-05 | 徐州医科大学 | The lightweight RFID Wireless Authentication Protocols and its system of implantable medical device |
| CN110442561A (en) * | 2019-07-08 | 2019-11-12 | 南京邮电大学 | Distributed file storage system and its storage method based on block chain |
| CN110516417A (en) * | 2019-08-09 | 2019-11-29 | 中国银联股份有限公司 | A kind of method for verifying authority and device of intelligence contract |
| CN110598394A (en) * | 2019-03-28 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Authority verification method and device and storage medium |
| CN110602455A (en) * | 2019-09-10 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Video storage system, video processing method, device, equipment and storage medium |
| WO2019137568A3 (en) * | 2019-04-30 | 2020-02-20 | Alibaba Group Holding Limited | Methods and devices for managing access to account in blockchain system |
| CN110874493A (en) * | 2018-12-29 | 2020-03-10 | 厦门安妮股份有限公司 | Block chain-based enterprise data tamper-proofing method |
| CN111064711A (en) * | 2019-11-27 | 2020-04-24 | 朱培培 | Block chain-based data stream detection method and device and server |
| CN111066019A (en) * | 2019-05-15 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Processing data elements stored in a blockchain network |
| CN111163089A (en) * | 2019-12-30 | 2020-05-15 | 北京智汇信元科技有限公司 | Intelligent contract authority control method and system |
| CN111199044A (en) * | 2018-11-20 | 2020-05-26 | 中国电信股份有限公司 | Data storage method, device and storage medium |
| CN111216134A (en) * | 2020-02-17 | 2020-06-02 | 深圳前海达闼云端智能科技有限公司 | Robot control method, device, controller, storage medium and robot |
| CN111310233A (en) * | 2020-03-24 | 2020-06-19 | 腾讯科技(深圳)有限公司 | Application interface display method, device, equipment and storage medium |
| CN111311254A (en) * | 2018-12-12 | 2020-06-19 | 中移动信息技术有限公司 | Service processing method, device and system based on block chain |
| CN111343177A (en) * | 2020-02-25 | 2020-06-26 | 百度在线网络技术(北京)有限公司 | Method, device, equipment and medium for supervising lightweight node |
| CN111737758A (en) * | 2020-08-07 | 2020-10-02 | 百度在线网络技术(北京)有限公司 | Authority management method, device, equipment and storage medium of block chain network |
| CN111800373A (en) * | 2019-09-27 | 2020-10-20 | 北京京东尚科信息技术有限公司 | Data access method and device based on attribute-based encryption block chain |
| CN111814176A (en) * | 2020-05-29 | 2020-10-23 | 上海申铁信息工程有限公司 | Block chain-based data access authority control method and device |
| CN111885026A (en) * | 2020-07-10 | 2020-11-03 | 海尔优家智能科技(北京)有限公司 | Block chain-based interconnection and intercommunication method and device, storage medium and electronic device |
| CN111966994A (en) * | 2020-07-08 | 2020-11-20 | 厦门达辰美网络科技有限公司 | Block chain authentication method, system and storage medium based on database |
| WO2021017433A1 (en) * | 2019-07-31 | 2021-02-04 | 创新先进技术有限公司 | Data authorization method and device employing smart contract |
| CN112468577A (en) * | 2020-11-25 | 2021-03-09 | 上海欧冶金融信息服务股份有限公司 | Data controllable sharing method and system based on data mapping relation |
| CN112487487A (en) * | 2020-12-23 | 2021-03-12 | 深圳壹账通智能科技有限公司 | Authority management method, device, equipment and storage medium for member of block chain node |
| CN112994882A (en) * | 2021-04-21 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Authentication method, device, medium and equipment based on block chain |
| US11057189B2 (en) | 2019-07-31 | 2021-07-06 | Advanced New Technologies Co., Ltd. | Providing data authorization based on blockchain |
| CN113169874A (en) * | 2018-11-27 | 2021-07-23 | 区块链控股有限公司 | Computer-implemented system and method for enabling access to data stored on blockchains |
| CN113836140A (en) * | 2018-11-23 | 2021-12-24 | 创新先进技术有限公司 | Data processing method and device and computer equipment |
| CN113992406A (en) * | 2021-10-27 | 2022-01-28 | 杭州云象网络技术有限公司 | Authority access control method for alliance chain cross-chain |
| US11250125B2 (en) | 2018-12-03 | 2022-02-15 | Ebay Inc. | Highly scalable permissioned block chains |
| US11252166B2 (en) | 2019-07-31 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Providing data authorization based on blockchain |
| US11251963B2 (en) | 2019-07-31 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
| CN114244629A (en) * | 2021-03-30 | 2022-03-25 | 支付宝(杭州)信息技术有限公司 | Cross-chain access control method and device |
| US11310051B2 (en) | 2020-01-15 | 2022-04-19 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
| WO2022095422A1 (en) * | 2020-11-03 | 2022-05-12 | 平安科技(深圳)有限公司 | Method and apparatus for assigning permissions for nodes in blockchain network, computer device, and medium |
| CN114626078A (en) * | 2022-03-21 | 2022-06-14 | 江苏仪化信息技术有限公司 | Data security management method and system for material purchasing |
| US11693979B2 (en) | 2019-11-27 | 2023-07-04 | International Business Machines Corporation | Dynamic permission assignment and enforcement for transport process |
| CN116842546A (en) * | 2023-07-14 | 2023-10-03 | 临沂大学 | Distributed data access authorization and data service method and device, equipment and medium |
| US11888966B2 (en) | 2018-12-03 | 2024-01-30 | Ebay Inc. | Adaptive security for smart contracts using high granularity metrics |
| US11899783B2 (en) | 2018-12-03 | 2024-02-13 | Ebay, Inc. | System level function based access control for smart contract execution on a blockchain |
| CN111310233B (en) * | 2020-03-24 | 2024-06-25 | 腾讯科技(深圳)有限公司 | Application interface display method, device, equipment and storage medium |
Families Citing this family (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110880069A (en) * | 2019-11-12 | 2020-03-13 | 深圳市建筑科学研究院股份有限公司 | Engineering settlement traceability method and device based on block chain technology |
| CN113141542B (en) * | 2020-01-20 | 2023-07-07 | 亦非云互联网技术(上海)有限公司 | Video stream safe playing system, method, medium and server based on block chain |
| CN111324611B (en) * | 2020-02-28 | 2023-12-29 | 北京瑞卓喜投科技发展有限公司 | Certificate retrieval method and device for asset type certificate |
| CN112333175B (en) * | 2020-03-11 | 2023-04-18 | 合肥达朴汇联科技有限公司 | Data transmission method, system, equipment and storage medium based on intermediate node |
| CN111797374B (en) * | 2020-07-21 | 2023-06-06 | 浙江同善人工智能技术有限公司 | Supply chain access control system and method based on public chain intelligent contract |
| CN111885153B (en) * | 2020-07-22 | 2023-06-13 | 东莞盟大集团有限公司 | Block chain-based data acquisition method, device, computer equipment and storage medium |
| CN112084162B (en) * | 2020-08-07 | 2024-04-23 | 同济大学 | Traceability authority management system based on blockchain and IPFS |
| CN114124943A (en) * | 2020-08-14 | 2022-03-01 | 北京金山云网络技术有限公司 | Processing method, device and system for block chain nodes and electronic device |
| CN112232819A (en) * | 2020-10-28 | 2021-01-15 | 上海优扬新媒信息技术有限公司 | Data processing method and block link point |
| CN112528334B (en) * | 2020-12-16 | 2024-01-23 | 海南博盈电子竞技有限公司 | Data acquisition method and device based on blockchain network and computer equipment |
| CN114745100B (en) * | 2020-12-24 | 2024-02-23 | 中国电力科学研究院有限公司 | Software authentication method for energy controller |
| CN113779515A (en) * | 2021-02-20 | 2021-12-10 | 北京京东乾石科技有限公司 | Authority management method, system and storage medium |
| CN113094426B (en) * | 2021-03-10 | 2024-01-09 | 贾晓丰 | Block chain-based interactive data access method and device |
| CN113111100B (en) * | 2021-03-10 | 2024-01-09 | 贾晓丰 | Data interaction system and method based on block chain |
| CN112948866B (en) * | 2021-03-29 | 2024-05-10 | iCALC控股有限公司 | Data processing method, device, equipment and readable storage medium |
| CN112884585B (en) * | 2021-04-28 | 2021-08-20 | 支付宝(杭州)信息技术有限公司 | Method for executing transaction in block chain and block chain system |
| CN113553603A (en) * | 2021-06-15 | 2021-10-26 | 北京大数据先进技术研究院 | Method, device, equipment and storage medium for managing and serving digital object resources |
| CN113806776A (en) * | 2021-09-19 | 2021-12-17 | 广州锦源网络科技有限公司 | Block chain-based medical archive query method and device, electronic equipment and medium |
| CN113868111B (en) * | 2021-12-06 | 2022-03-08 | 金锐同创(北京)科技股份有限公司 | Mutual access relation adjusting method and device based on service node and electronic equipment |
| CN113946875B (en) * | 2021-12-21 | 2022-05-20 | 北京中科金财科技股份有限公司 | Identity authentication method and system based on block chain |
| CN114938278B (en) * | 2022-04-11 | 2023-10-31 | 北京邮电大学 | Zero-trust access control method and device |
| CN116614316B (en) * | 2023-07-20 | 2023-09-22 | 国网四川省电力公司信息通信公司 | Block chain data safety control method and system for multi-terminal scene |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105488431A (en) * | 2015-11-30 | 2016-04-13 | 布比(北京)网络技术有限公司 | Authority management method and device for block chain system |
| WO2016154001A1 (en) * | 2015-03-20 | 2016-09-29 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
| CN106796688A (en) * | 2016-12-26 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Permission control method, device and system of block chain and node equipment |
| CN106992990A (en) * | 2017-05-19 | 2017-07-28 | 北京牛链科技有限公司 | Data sharing method and system and block catenary system and computing device |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3160078A1 (en) * | 2015-10-21 | 2017-04-26 | Thomson Licensing | Network, method and certificate for providing a secured communication between devices, and respective device |
| CN106375317A (en) * | 2016-08-31 | 2017-02-01 | 北京明朝万达科技股份有限公司 | Block chain-based big data security authentication method and system |
| CN106796685A (en) * | 2016-12-30 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Block chain authority control method and device and node equipment |
| CN107480555B (en) * | 2017-08-01 | 2020-03-13 | 中国联合网络通信集团有限公司 | Database access authority control method and device based on block chain |
| CN107508812B (en) * | 2017-08-29 | 2020-10-23 | 广东工业大学 | Industrial control network data storage method, calling method and system |
| CN107682378A (en) * | 2017-11-22 | 2018-02-09 | 国民认证科技(北京)有限公司 | A kind of real name identification method and system based on block chain |
| CN108632268B (en) * | 2018-04-28 | 2021-04-09 | 腾讯科技(深圳)有限公司 | Authentication method and device for block chain access, storage medium and electronic device |
-
2018
- 2018-04-28 CN CN201810404745.2A patent/CN108632268B/en active Active
- 2018-04-28 CN CN201910750778.7A patent/CN110602050B/en active Active
-
2019
- 2019-03-22 WO PCT/CN2019/079334 patent/WO2019205849A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016154001A1 (en) * | 2015-03-20 | 2016-09-29 | Rivetz Corp. | Automated attestation of device integrity using the block chain |
| CN105488431A (en) * | 2015-11-30 | 2016-04-13 | 布比(北京)网络技术有限公司 | Authority management method and device for block chain system |
| CN106796688A (en) * | 2016-12-26 | 2017-05-31 | 深圳前海达闼云端智能科技有限公司 | Permission control method, device and system of block chain and node equipment |
| CN106992990A (en) * | 2017-05-19 | 2017-07-28 | 北京牛链科技有限公司 | Data sharing method and system and block catenary system and computing device |
Cited By (78)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019205849A1 (en) * | 2018-04-28 | 2019-10-31 | 腾讯科技(深圳)有限公司 | Authentication method and apparatus for blockchain access, and storage medium and electronic apparatus |
| CN109299598A (en) * | 2018-11-08 | 2019-02-01 | 国久大数据有限公司 | Data managing method and device |
| CN109446830A (en) * | 2018-11-13 | 2019-03-08 | 中链科技有限公司 | Data center environment information processing method and device based on block chain |
| CN111199044A (en) * | 2018-11-20 | 2020-05-26 | 中国电信股份有限公司 | Data storage method, device and storage medium |
| CN111199044B (en) * | 2018-11-20 | 2022-06-17 | 中国电信股份有限公司 | Data storage method, device and storage medium |
| CN113836140B (en) * | 2018-11-23 | 2023-10-13 | 创新先进技术有限公司 | Data processing method and device and computer equipment |
| CN113836140A (en) * | 2018-11-23 | 2021-12-24 | 创新先进技术有限公司 | Data processing method and device and computer equipment |
| CN113169874A (en) * | 2018-11-27 | 2021-07-23 | 区块链控股有限公司 | Computer-implemented system and method for enabling access to data stored on blockchains |
| US11899783B2 (en) | 2018-12-03 | 2024-02-13 | Ebay, Inc. | System level function based access control for smart contract execution on a blockchain |
| US11809551B2 (en) | 2018-12-03 | 2023-11-07 | Ebay Inc. | Highly scalable permissioned block chains |
| US11250125B2 (en) | 2018-12-03 | 2022-02-15 | Ebay Inc. | Highly scalable permissioned block chains |
| US11888966B2 (en) | 2018-12-03 | 2024-01-30 | Ebay Inc. | Adaptive security for smart contracts using high granularity metrics |
| CN111311254A (en) * | 2018-12-12 | 2020-06-19 | 中移动信息技术有限公司 | Service processing method, device and system based on block chain |
| CN109731328A (en) * | 2018-12-29 | 2019-05-10 | 杭州趣链科技有限公司 | A kind of block chain game data storage method based on BaaS |
| CN110874493A (en) * | 2018-12-29 | 2020-03-10 | 厦门安妮股份有限公司 | Block chain-based enterprise data tamper-proofing method |
| WO2020192743A1 (en) * | 2019-03-28 | 2020-10-01 | 腾讯科技(深圳)有限公司 | Permission management method, permission validation method and related apparatuses |
| CN110598394A (en) * | 2019-03-28 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Authority verification method and device and storage medium |
| US11651109B2 (en) | 2019-03-28 | 2023-05-16 | Tencent Technology (Shenzhen) Company Limited | Permission management method, permission verification method, and related apparatus |
| CN110022318A (en) * | 2019-04-02 | 2019-07-16 | 北京众享比特科技有限公司 | A kind of alliance's chain management method, device and computer readable storage medium |
| CN110022318B (en) * | 2019-04-02 | 2021-07-06 | 北京众享比特科技有限公司 | Alliance chain management method and device and computer readable storage medium |
| CN110071920B (en) * | 2019-04-22 | 2022-01-28 | 新华三技术有限公司 | Member service provider implementation method and device |
| CN110071920A (en) * | 2019-04-22 | 2019-07-30 | 新华三技术有限公司 | Member service supplier implementation method and device |
| WO2019137568A3 (en) * | 2019-04-30 | 2020-02-20 | Alibaba Group Holding Limited | Methods and devices for managing access to account in blockchain system |
| US11157897B2 (en) | 2019-04-30 | 2021-10-26 | Advanced New Technologies Co., Ltd. | Methods and devices for managing access to account in blockchain system |
| CN111034151A (en) * | 2019-04-30 | 2020-04-17 | 阿里巴巴集团控股有限公司 | Method and apparatus for managing access to accounts in a blockchain system |
| CN111034151B (en) * | 2019-04-30 | 2022-01-28 | 创新先进技术有限公司 | Method and apparatus for managing access to accounts in a blockchain system |
| CN110232569B (en) * | 2019-05-07 | 2021-04-16 | 北京奇艺世纪科技有限公司 | Method and device for reading transaction record and storage medium |
| CN110232569A (en) * | 2019-05-07 | 2019-09-13 | 北京奇艺世纪科技有限公司 | A kind of read method of transaction record, device and storage medium |
| CN111066019A (en) * | 2019-05-15 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Processing data elements stored in a blockchain network |
| CN111066019B (en) * | 2019-05-15 | 2023-05-16 | 创新先进技术有限公司 | Processing data elements stored in a blockchain network |
| CN110213266A (en) * | 2019-05-31 | 2019-09-06 | 联想(北京)有限公司 | A kind of information processing method and electronic equipment of the block chain across chain |
| CN110278255B (en) * | 2019-06-13 | 2021-10-15 | 深圳前海微众银行股份有限公司 | Method and device for communication between IOT (Internet of things) devices based on block chain |
| CN110278255A (en) * | 2019-06-13 | 2019-09-24 | 深圳前海微众银行股份有限公司 | A kind of method and device of the Internet of Things IOT communication between devices based on block chain |
| CN110336813B (en) * | 2019-07-02 | 2021-08-17 | 北京启迪区块链科技发展有限公司 | Access control method, device, equipment and storage medium |
| CN110336813A (en) * | 2019-07-02 | 2019-10-15 | 北京启迪区块链科技发展有限公司 | A kind of access control method, device, equipment and storage medium |
| CN110442561A (en) * | 2019-07-08 | 2019-11-12 | 南京邮电大学 | Distributed file storage system and its storage method based on block chain |
| CN110442561B (en) * | 2019-07-08 | 2022-10-14 | 南京邮电大学 | Block chain-based distributed file storage system and storage method thereof |
| CN110414268B (en) * | 2019-07-23 | 2022-05-10 | 北京启迪区块链科技发展有限公司 | Access control method, device, equipment and storage medium |
| CN110414268A (en) * | 2019-07-23 | 2019-11-05 | 北京启迪区块链科技发展有限公司 | Access control method, device, equipment and storage medium |
| US11398914B2 (en) | 2019-07-31 | 2022-07-26 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
| US11057189B2 (en) | 2019-07-31 | 2021-07-06 | Advanced New Technologies Co., Ltd. | Providing data authorization based on blockchain |
| WO2021017433A1 (en) * | 2019-07-31 | 2021-02-04 | 创新先进技术有限公司 | Data authorization method and device employing smart contract |
| CN110418338B (en) * | 2019-07-31 | 2022-08-12 | 徐州医科大学 | Lightweight RFID wireless authentication method and system for implantable medical equipment |
| US11252166B2 (en) | 2019-07-31 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Providing data authorization based on blockchain |
| US11831656B2 (en) | 2019-07-31 | 2023-11-28 | Advanced New Technologies Co., Ltd. | Providing data authorization based on blockchain |
| CN110418338A (en) * | 2019-07-31 | 2019-11-05 | 徐州医科大学 | The lightweight RFID Wireless Authentication Protocols and its system of implantable medical device |
| US11251963B2 (en) | 2019-07-31 | 2022-02-15 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
| CN110516417B (en) * | 2019-08-09 | 2021-04-16 | 中国银联股份有限公司 | Authority verification method and device of intelligent contract |
| CN110516417A (en) * | 2019-08-09 | 2019-11-29 | 中国银联股份有限公司 | A kind of method for verifying authority and device of intelligence contract |
| CN110602455B (en) * | 2019-09-10 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Video storage system, video processing method, device, equipment and storage medium |
| CN110602455A (en) * | 2019-09-10 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Video storage system, video processing method, device, equipment and storage medium |
| CN111800373B (en) * | 2019-09-27 | 2022-08-12 | 北京京东尚科信息技术有限公司 | Data access method and device based on attribute-based encryption block chain |
| CN111800373A (en) * | 2019-09-27 | 2020-10-20 | 北京京东尚科信息技术有限公司 | Data access method and device based on attribute-based encryption block chain |
| CN111064711A (en) * | 2019-11-27 | 2020-04-24 | 朱培培 | Block chain-based data stream detection method and device and server |
| US11693979B2 (en) | 2019-11-27 | 2023-07-04 | International Business Machines Corporation | Dynamic permission assignment and enforcement for transport process |
| CN111163089B (en) * | 2019-12-30 | 2022-05-10 | 北京智汇信元科技有限公司 | Intelligent contract authority control method and system |
| CN111163089A (en) * | 2019-12-30 | 2020-05-15 | 北京智汇信元科技有限公司 | Intelligent contract authority control method and system |
| US11310051B2 (en) | 2020-01-15 | 2022-04-19 | Advanced New Technologies Co., Ltd. | Blockchain-based data authorization method and apparatus |
| CN111216134A (en) * | 2020-02-17 | 2020-06-02 | 深圳前海达闼云端智能科技有限公司 | Robot control method, device, controller, storage medium and robot |
| CN111343177A (en) * | 2020-02-25 | 2020-06-26 | 百度在线网络技术(北京)有限公司 | Method, device, equipment and medium for supervising lightweight node |
| CN111310233B (en) * | 2020-03-24 | 2024-06-25 | 腾讯科技(深圳)有限公司 | Application interface display method, device, equipment and storage medium |
| CN111310233A (en) * | 2020-03-24 | 2020-06-19 | 腾讯科技(深圳)有限公司 | Application interface display method, device, equipment and storage medium |
| CN111814176A (en) * | 2020-05-29 | 2020-10-23 | 上海申铁信息工程有限公司 | Block chain-based data access authority control method and device |
| CN111966994A (en) * | 2020-07-08 | 2020-11-20 | 厦门达辰美网络科技有限公司 | Block chain authentication method, system and storage medium based on database |
| CN111966994B (en) * | 2020-07-08 | 2022-07-26 | 厦门达辰美网络科技有限公司 | Block chain authentication method, system and storage medium based on database |
| CN111885026A (en) * | 2020-07-10 | 2020-11-03 | 海尔优家智能科技(北京)有限公司 | Block chain-based interconnection and intercommunication method and device, storage medium and electronic device |
| CN111885026B (en) * | 2020-07-10 | 2023-01-31 | 海尔优家智能科技(北京)有限公司 | Block chain-based interconnection and intercommunication method and device, storage medium and electronic device |
| CN111737758A (en) * | 2020-08-07 | 2020-10-02 | 百度在线网络技术(北京)有限公司 | Authority management method, device, equipment and storage medium of block chain network |
| WO2022095422A1 (en) * | 2020-11-03 | 2022-05-12 | 平安科技(深圳)有限公司 | Method and apparatus for assigning permissions for nodes in blockchain network, computer device, and medium |
| CN112468577A (en) * | 2020-11-25 | 2021-03-09 | 上海欧冶金融信息服务股份有限公司 | Data controllable sharing method and system based on data mapping relation |
| CN112468577B (en) * | 2020-11-25 | 2021-11-02 | 上海欧冶金融信息服务股份有限公司 | Data controllable sharing method and system based on data mapping relation |
| CN112487487A (en) * | 2020-12-23 | 2021-03-12 | 深圳壹账通智能科技有限公司 | Authority management method, device, equipment and storage medium for member of block chain node |
| CN114244629A (en) * | 2021-03-30 | 2022-03-25 | 支付宝(杭州)信息技术有限公司 | Cross-chain access control method and device |
| CN114244629B (en) * | 2021-03-30 | 2024-04-16 | 支付宝(杭州)信息技术有限公司 | Cross-chain access control method and device |
| CN112994882A (en) * | 2021-04-21 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Authentication method, device, medium and equipment based on block chain |
| CN113992406A (en) * | 2021-10-27 | 2022-01-28 | 杭州云象网络技术有限公司 | Authority access control method for alliance chain cross-chain |
| CN114626078A (en) * | 2022-03-21 | 2022-06-14 | 江苏仪化信息技术有限公司 | Data security management method and system for material purchasing |
| CN116842546A (en) * | 2023-07-14 | 2023-10-03 | 临沂大学 | Distributed data access authorization and data service method and device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110602050A (en) | 2019-12-20 |
| WO2019205849A1 (en) | 2019-10-31 |
| CN108632268B (en) | 2021-04-09 |
| CN110602050B (en) | 2022-01-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108632268A (en) | The method for authenticating and device, storage medium, electronic device that block chain accesses | |
| US11637746B2 (en) | Object identification for groups of IoT devices | |
| CN110474865B (en) | Block chain user authority system and implementation method | |
| CN110599181B (en) | Data processing method, device and equipment based on block chain and storage medium | |
| CN109639406A (en) | Efficient trust solution based on block chain and IPFS | |
| CN105637915B (en) | Method for assigning agent equipment from from the first device registry to the second device registry | |
| CN108898389A (en) | Based on the content verification method and device of block chain, electronic equipment | |
| CN104871172B (en) | Equipment for connection allocates framework | |
| TW201923639A (en) | Systems and methods for managing relationships among digital identities | |
| CN108960825A (en) | Electric endorsement method and device, electronic equipment based on block chain | |
| CN108737348A (en) | A kind of internet of things equipment access control method of the intelligent contract based on block chain | |
| CN102077210B (en) | Authorization for transient storage devices with multiple authentication silos | |
| CN110532323A (en) | Pupilage information processing method, device, electronic equipment and storage medium in block chain network | |
| WO2020108114A1 (en) | Blockchain-based data attestation method and apparatus, and electronic device | |
| CN103177201A (en) | Content security in a social network | |
| CN111213170B (en) | Asset hosting method, storage medium, blockchain system and blockchain node | |
| US20230004970A1 (en) | Distributed Ledgers with Ledger Entries Containing Redactable Payloads | |
| CN109446259B (en) | Data processing method and device, processor and storage medium | |
| CN107968763B (en) | Group file management system and method | |
| CN103038778A (en) | Authorization control | |
| US20230230066A1 (en) | Crypto Wallet Configuration Data Retrieval | |
| Shivers | Toward a secure and decentralized blockchain-based ride-hailing platform for autonomous vehicles | |
| CN104243491A (en) | Trusted security service control method and system | |
| CN116842573A (en) | Hierarchical encryption privacy protection method based on blockchain | |
| KR102324155B1 (en) | Method and apparatus for autonomous guarantee verification for p2p loan service based on blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |