Disclosure of Invention
The block chain authorization method and the block chain authorization system provided by the invention can support dynamic authorization yielding, can ensure credibility and effectiveness of transactions by matching with authorization source check, are suitable to be used as a universal block chain authorization model, and lay a foundation for transferring the bearing value of the block chain.
In a first aspect, the present invention provides a block chain authorization method, including:
a block chain platform developer writes an authorization yielding contract and deploys the authorization yielding contract to a block chain through signature transaction;
the block chain platform developer writes authorization permission checking logic and releases the authorization permission checking logic along with the node program;
the authorizing party calls an authorization yielding contract to be endowed to the authorized party to act as the authorizing party to execute partial or all actions through signature transaction;
the block chain application writes an application contract containing a call authorization check and deploys the application contract to the block chain;
when the trading party signs and calls the application contract, the system carries out authorization permission check, and after the check is passed, the authorized party acts as the authorized party to execute partial or all actions.
Optionally, the authorizing party giving the authorized party an authorization yielding contract by invoking the authorization yielding contract through the signature transaction to proxy the authorizing party to perform part or all of the actions including:
the authorizing party calls an authorizing yielding contract through signature transaction and gives all or part of behavior authority of the authorizing party to the authorized party;
and after the authorized yielding behavior of the authorized party is identified and effective through the block link points, packaging the authorized yielding behavior of the authorized party into a block, and seeing all the nodes of the whole network.
Optionally, the invoking, by the authorizer, an authorization yielding contract through signing the transaction, and the yielding of all or part of the behavioral authority of the authorizer to the authorized party includes:
checking whether the signed account is consistent with the authorized party, and if not, throwing an exception; if the two are consistent, new establishment, change or cancellation of authorization yielding is executed;
if the authorized party and the authorized party do not have authorization to give way at present, establishing authorization to give way;
if the authorized party and the authorized party currently have the authorized concession, replacing the old authorized concession with the new authorized concession;
if the authorization list is empty, existing authorization yielding is cancelled;
and finding all authorized concessions of the appointed authorized party according to the executed new creation, change or cancellation of the authorized concessional record.
Optionally, when the transaction party signs and invokes the application contract, the system performs authorization permission check including:
calling an application contract by a trading party through signature trading, and triggering authorization permission check;
carrying out contract container authorization permission check through a contract container written by a block chain platform developer to verify whether a transaction party has the right to invoke the application contract;
executing the application contract script after the contract container authorization permission check passes;
when the application contract script contains the application program interface call corresponding to the application program interface authorization permission check, triggering the authorization permission check again and executing the application program interface authorization permission check;
and presetting the contract script according to a returned result after the authorization permission check of the application program interface is executed.
Optionally, the performing the application program interface authorization permission check includes:
searching all the authorizations of the authorized party, checking whether all the authorizations of the authorized party contain the appointed authorization permission, and if so, executing the next step; if not, returning an error;
checking whether preset elements defined by authorization are met, and if so, checking to pass; if not, the check fails.
In a second aspect, the present invention provides a block chain authorization system, including:
the authorization contract compiling and deploying module is used for compiling an authorization yielding contract by a block chain platform developer and deploying the authorization yielding contract to a block chain through signature transaction;
the permission check writing module is used for writing an authorized permission check logic by a block chain platform developer and issuing the authorized permission check logic along with the node program;
the authorization yielding transaction module is used for enabling the authorized party to give an authorization yielding contract to the authorized party to act as an authorization party to execute part or all of behaviors through signature transaction calling;
the application contract compiling and deploying module is used for compiling the application contract containing the call authorization check by the block chain application and deploying the application contract to the block chain;
the authorization permission checking module is used for checking authorization permission when the transaction party signs and calls the application contract;
and the agent module is used for checking that the authorized party performs partial or all actions by acting the authorized party after the checking is passed.
Optionally, the authorization yielding transaction module comprises:
the authorization yielding sub-module is used for calling an authorization yielding contract by the authorizer through signature transaction and yielding all or part of behavior authority of the authorizer to the authorized party;
and the packing and blocking submodule is used for packing and blocking the authorized yielding behavior of the authorizer after the authorized yielding behavior of the authorizer is identified effectively through the block link points, and the authorized yielding behavior of the authorizer is visible to all network nodes.
Optionally, the authorization yielding sub-module includes:
a checking unit for checking whether the signed account is consistent with the authorized party;
the execution unit is used for executing new creation, change or cancellation of authorization yielding;
and the authorization yielding unit is used for finding all authorization yielding of the appointed authorized party according to the executed new creation, change or cancellation of the authorization yielding records.
Optionally, the license checking module includes:
the calling submodule is used for calling an application contract by a trading party through signature trading and triggering authorization permission check;
the first checking submodule is used for carrying out contract container authorization permission checking through a contract container written by a block chain platform developer so as to verify whether a transaction party has the right to invoke the application contract;
the script execution submodule is used for executing the application contract script after the contract container authorization permission check passes;
the second checking submodule is used for triggering the authorization permission check again and executing the authorization permission check of the application program interface when the application contract script contains the application program interface call corresponding to the authorization permission check of the application program interface;
and the processing submodule is used for carrying out preset processing by the contract script according to a result returned after the authorization permission check of the application program interface is executed.
Optionally, the second checking submodule includes:
a designated authorization permission checking unit, configured to search all the authorizations of the authorized party, check whether the designated authorization permission is included in all the authorizations of the authorized party, and if so, execute the next step; if not, returning an error;
the judging unit is used for checking whether preset elements defined by authorization are met or not, and if so, the checking is passed; if not, the check fails.
According to the block chain authorization method and system provided by the embodiment of the invention, firstly, an authorization yielding contract is written through a block chain platform and is deployed in a block chain, and then an authorizing party gives off part or all of action authority to an authorized party according to the deployed authorization yielding contract to serve as an authorization yielding process; secondly, the method of the embodiment also realizes authorization permission check on the transaction between the transaction party and the authorized party by deploying the application contract, and the authorized action is performed after the authorization permission check is passed, so that the authorized details can be accurately and comprehensively checked to ensure the credibility of authorization yielding and the reliable and safe execution of the authorized transaction.
In summary, the method of this embodiment can support dynamic authorization and yielding, allow one account (i.e. an authorizing party, an account corresponding to the authorizing party) to yield part of its rights to another account (i.e. an authorized party, or an account corresponding to the authorized party) during operation, and after entering a transaction block representing a right yielding action, the authorization and yielding is effective, so that the transaction or action authorized by the authorizing party can be executed by the authorized party. On the other hand, the definition and the check of the authorization of the method are realized by adopting a mechanism of the block chain, and the method is suitable for being used as a general block chain authorization model, further saves the development cost on the premise of ensuring the high reliability of the transaction, and is more suitable for commercial application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An embodiment of the present invention provides a block chain authorization method, as shown in fig. 1, the method includes:
s11, the block chain platform developer writes an authorization yielding contract and deploys the authorization yielding contract to the block chain through signature transaction;
s12, the block chain platform developer writes authorization permission check logic and issues the authorization permission check logic along with the node program;
optionally, the block chain platform developer writes a check logic of the contract container for the authorization permission according to the definition of the execution result of the authorization yielding contract, and the check logic is built in the contract container implementation code and is issued with the node program.
Optionally, the blockchain platform developer writes an Application Program Interface (API) contained in the context of the contract container for the contract script to call for authorization permission check according to the definition of the execution result of the authorization yielding contract, and the application program interface is built in the node program for issuing.
S13, the authorizing party calls an authorization yielding contract to the authorized party to act as the authorizing party to execute partial or all actions through signature transaction;
s14, compiling an application contract containing the call authorization check by the blockchain application and deploying the application contract to the blockchain;
and S15, the trading party signature calls the application contract to perform authorization permission check, and the authorized party proxies the authorized party to perform partial or all actions after the check is passed.
According to the block chain authorization method provided by the embodiment of the invention, firstly, a block chain platform developer writes an authorization yielding contract and completes deployment in a block chain, and then an authorizer gives partial or all behavior authority to an authorized party according to the deployed authorization yielding contract as an authorization yielding process; secondly, the method of the embodiment also supports the authorization permission check of the transaction between the transaction party and the authorized party in the application contract, and the authorized action is performed after the authorization permission check is passed, so that the authorized details can be accurately and comprehensively checked, and the credibility of the authorization yielding and the reliable and safe execution of the authorized transaction are ensured.
In summary, the method of the present embodiment can support dynamic authorization and yielding, allow one account (i.e. an authorizing party, an account corresponding to the authorizing party) to yield part of its rights to another account (i.e. an authorized party, or an account corresponding to the authorized party) during operation, and after entering a transaction block representing a right yielding action, the authorization and yielding is effective, so that a transaction or an action authorized by the authorizing party can be executed by the authorized party, and the transaction can be ensured to be trusted and effective in cooperation with the authorization source check. On the other hand, the definition and the check of the authorization of the method are realized by adopting a block chain own mechanism, the method is suitable for being used as a general block chain authorization model, a foundation is laid for block chain bearing value transfer, the development cost is further saved on the premise of ensuring high reliability of transaction, and the method is more suitable for commercial application.
Optionally, as shown in fig. 2, the step of enabling, by the authorizer, the authorizer to delegate the authorizer to perform some or all of the actions by invoking the authorization yielding contract through the signed transaction includes:
the authorizing party calls an authorizing yielding contract through signature transaction and gives all or part of behavior authority of the authorizing party to the authorized party;
optionally, the authorizing party can make a single authorized offer or multiple authorized offers to the authorized party; for example, in a single authorization yielding process, the authority setting may be performed on one or any combination of the geographic location of use of the authorization permission, the reason description, the start time of the authorization validation, the expiration time of the authorization validation, the contract name that can be called by the authorized party account, and the behavior under the contract that can be called by the authorized party account.
Optionally, in the process of authorizing the yielding transaction, the authorization details are completely and accurately described, and 5WH elements are used to describe the authorization details, for example: based on the XXX reason (Why), the a account (authorizer) allows the a1 account (authorized party) to perform some action (What) of the contract XXX on behalf of the a account (Who) at the start time XXX to the deadline XXX (when) at the location XXX (where).
After the authorized yielding behavior of the authorized party is identified and effective through the block link points, the authorized yielding behavior of the authorized party is packaged into a block and is visible to all network nodes;
wherein, the authorization yielding behavior and content need to be known by the nodes participating in the consensus, which is the basis for the nodes to perform the authorization permission check. That is, after the authorized yielding behavior is initiated through the signature transaction of the block chain, propagated and packaged into blocks through consensus, the content thereof is consistently known throughout the network.
Optionally, the invoking, by the authorizer, an authorization yielding contract through signing the transaction, and the yielding of all or part of the behavioral authority of the authorizer to the authorized party includes:
checking whether the signed account is consistent with the authorized party, and if not, throwing an exception; if the two are consistent, new establishment, change or cancellation of authorization yielding is executed;
if the authorized party and the authorized party do not have authorization to give way at present, establishing authorization to give way;
if the authorized party and the authorized party currently have the authorized concession, replacing the old authorized concession with the new authorized concession;
if the authorization list is empty, existing authorization yielding is cancelled;
and finding all authorized concessions of the appointed authorized party according to the executed new creation, change or cancellation of the authorized concessional record.
The authorized yielding contract of the block chain platform calls the method to execute legal authorized yielding transaction, and writes authorized yielding information into WorldState for subsequent authorized permission check and reading; the above method prohibits application contract invocation.
Optionally, the checking of the authorization permission when the transaction part signature invokes the application contract comprises:
calling an application contract by a trading party through signature trading, and triggering authorization permission check;
carrying out contract container authorization permission check through a contract container written by a block chain platform developer to verify whether a transaction party has the right to invoke the application contract;
wherein the contract container authorization permission check is that before the block link point executes the contract, the contract container by default performs the authorization permission check on an account (namely a trading party) invoked by a trade initiation contract, and if the check fails, the contract container refuses to execute the contract;
executing the application contract script after the contract container authorization permission check passes;
when the application contract script contains the application program interface call corresponding to the application program interface authorization permission check, triggering the authorization permission check again and executing the application program interface authorization permission check;
the authorization model provides the authorization permission check of the application program interface for the context of the contract container, the contract script can access the authorization definition through an API (application program interface), and the script programming is utilized to carry out more flexible authorization control;
and presetting the contract script according to a returned result after the authorization permission check of the application program interface is executed.
Optionally, the performing the application program interface authorization permission check includes:
searching all the authorizations of the authorized party, checking whether all the authorizations of the authorized party contain the appointed authorization permission, and if so, executing the next step; if not, returning an error;
checking whether preset elements defined by authorization are met, and if so, checking to pass; if not, the check fails.
An embodiment of the present invention further provides a block chain authorization system, as shown in fig. 3, the system includes:
the authorization contract compiling and deploying module 10 is used for compiling an authorization yielding contract by a block chain platform developer and deploying the authorization yielding contract to a block chain through signature transaction;
the permission check writing module 11 is used for writing an authorized permission check logic by a block chain platform developer and issuing the authorized permission check logic along with the node program;
the authorization yielding transaction module 12 is used for enabling the authorized party to give an authorization yielding contract to the authorized party to act as an authorization party to execute part or all of actions through signature transaction calling;
an application contract compiling and deploying module 13, configured to compile an application contract containing a call authorization check by a block chain application and deploy a signature of the application contract to the block chain;
an authorization permission check module 14, for the transaction party to sign and call the application contract for authorization permission check;
and the agent module 15 is used for checking that the authorized party performs partial or all actions by acting on the authorized party after the action is passed.
The block chain authorization system provided by the embodiment of the invention firstly utilizes a contract compiling and deploying module to compile an authorization yielding contract through a block chain platform developer and complete deployment in a block chain, and then an authorization yielding transaction module gives partial or all action authority to an authorized party as an authorization yielding process according to the deployed authorization yielding contract through an authorized party; secondly, the system of the embodiment also writes a deployment module through the application contract to deploy the application contract, and finally, the authorized permission check module realizes the authorized permission check of the transaction between the transaction party and the authorized party according to the deployed application contract, and the agent module performs authorized action after the authorized permission check is passed, so that the authorized details can be accurately and comprehensively checked to ensure the credibility of authorized yielding and the reliable and safe execution of the authorized transaction.
In summary, the system of this embodiment can support dynamic authorization and yielding, allow one account (i.e., an authorizing party, an account corresponding to the authorizing party) to yield its partial authority to another account (i.e., an authorized party, or an account corresponding to the authorized party) during the operation, and after a transaction representing a right yielding behavior enters a block, the authorization and yielding takes effect, so that the transaction or behavior authorized by the authorizing party can be executed by the authorized party, and in cooperation with an authorization source check, the transaction can be ensured to be credible and effective, the functions of the blocks are fully utilized, the working efficiency of the block chain is improved, and the functions of the blocks in the block chain are optimized. On the other hand, the system authorization is defined and checked by adopting a mechanism of the block chain, so that the system authorization is suitable for being used as a general block chain authorization model, lays a foundation for transferring the bearing value of the block chain, further saves the development cost on the premise of ensuring high reliability of transaction, and is more suitable for commercial application.
Optionally, as shown in fig. 4, the authorization yielding transaction module 12 includes:
the authorization yielding submodule 121 is configured to invoke an authorization yielding contract by the authorizer through signature transaction, and give over all or part of behavior permissions of the authorizer to the authorized party;
and the packing and blocking submodule 122 is used for packing and blocking the authorized yielding behavior of the authorized party after the authorized yielding behavior of the authorized party is identified and valid through the block link points, and the authorized yielding behavior of the authorized party is visible to all network nodes.
Optionally, the authorization yielding sub-module 121 includes:
a checking unit for checking whether the signed account is consistent with the authorized party;
the execution unit is used for executing new creation, change or cancellation of authorization yielding;
and the authorization yielding unit is used for finding all authorization yielding of the appointed authorized party according to the executed new creation, change or cancellation of the authorization yielding records.
Optionally, the authorized license check module 14 includes:
a calling submodule 141 for calling an application contract by a transactor through a signature transaction, triggering an authorization permission check;
the first checking sub-module 142 is configured to perform a contract container authorization permission check through a contract container written by a blockchain platform developer, so as to verify whether a transactor has a right to invoke the application contract;
a script execution sub-module 143 for executing the application contract script after the contract container authorization permission check is passed;
a second checking sub-module 144, configured to, when the application contract script includes an application program interface call corresponding to the application program interface authorization permission check, trigger the authorization permission check again and execute the application program interface authorization permission check;
and the processing submodule 145 is used for performing preset processing by the contract script according to a result returned after the authorization permission check of the application program interface is executed.
Optionally, the second checking submodule includes:
a designated authorization permission checking unit, configured to search all the authorizations of the authorized party, check whether the designated authorization permission is included in all the authorizations of the authorized party, and if so, execute the next step; if not, returning an error;
the judging unit is used for checking whether preset elements defined by authorization are met or not, and if so, the checking is passed; if not, the check fails.
The system of this embodiment may be configured to implement the technical solutions of the method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.