CN110310205B - Block chain data monitoring method, device, equipment and medium - Google Patents

Block chain data monitoring method, device, equipment and medium Download PDF

Info

Publication number
CN110310205B
CN110310205B CN201910580172.3A CN201910580172A CN110310205B CN 110310205 B CN110310205 B CN 110310205B CN 201910580172 A CN201910580172 A CN 201910580172A CN 110310205 B CN110310205 B CN 110310205B
Authority
CN
China
Prior art keywords
transaction request
intelligent contract
supervision
account
execution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910580172.3A
Other languages
Chinese (zh)
Other versions
CN110310205A (en
Inventor
郑旗
王玉操
肖伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baidu Online Network Technology Beijing Co Ltd
Original Assignee
Baidu Online Network Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baidu Online Network Technology Beijing Co Ltd filed Critical Baidu Online Network Technology Beijing Co Ltd
Priority to CN201910580172.3A priority Critical patent/CN110310205B/en
Publication of CN110310205A publication Critical patent/CN110310205A/en
Application granted granted Critical
Publication of CN110310205B publication Critical patent/CN110310205B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The embodiment of the invention discloses a block chain data monitoring method, a block chain data monitoring device, a block chain data monitoring equipment and a block chain data monitoring medium. The method is applied to the block chain node and comprises the following steps: acquiring a transaction request initiated based on an application intelligent contract; loading an application intelligence contract for executing the transaction request and loading at least one supervisory intelligence contract; processing the transaction request by adopting the supervision intelligent contract and the application intelligent contract to determine a pre-execution result of the transaction request; verifying the supervision compliance of the execution process of the transaction request according to the supervision intelligent contract execution condition in the pre-execution result of the transaction request and a permission control strategy preset in a supervision account to which the supervision intelligent contract belongs in a block chain; and determining the validity of the transaction request pre-execution result according to the verification result of the supervision compliance. By the technical scheme provided by the embodiment of the invention, the data in the block chain can be effectively supervised.

Description

Block chain data monitoring method, device, equipment and medium
Technical Field
The present invention relates to a technology of processing blockchain data, and in particular, to a method, an apparatus, a device, and a medium for monitoring blockchain data.
Background
The block chain is a distributed account book technology and has the characteristics of decentralization, difficulty in tampering, openness and transparency and the like. Block chains can be simply classified into public chains, federation chains, and private chains according to the scale and manner of the network architecture.
Public chain refers to a blockchain that anyone can participate in without access restrictions. Each internet user can be used as a block chain node, so that transaction data can be issued, verified and received on a public chain, and the internet users all have an opportunity to compete for obtaining the accounting right to be used as an accounting node, namely a generation node of the current block.
However, due to this open nature, the regulatory issues of the public chain have been a major challenge. For example, all nodes have the right to issue transaction requests, and if sensitive data, yellow-back data, etc. are carried in the transaction requests, these data are also stored in the blockchain. Once uplinked, these data are difficult to tamper with. Therefore, when public chain design is performed, the problem of supervision compliance needs to be fully considered so as to ensure the safety of data on the chain. In fact, not only does the public chain present such a problem, but there is also a need for effective supervision of data for some federation chains, even private chains.
Disclosure of Invention
The embodiment of the invention provides a block chain data monitoring method, a block chain data monitoring device and a block chain data monitoring medium, so that data in a block chain can be effectively monitored.
In a first aspect, an embodiment of the present invention provides a method for monitoring blockchain data, where the method is applied to a blockchain node, and the method includes:
acquiring a transaction request initiated based on an application intelligent contract;
loading an application intelligence contract for executing the transaction request and loading at least one supervisory intelligence contract;
processing the transaction request by adopting the supervision intelligent contract and the application intelligent contract to determine a pre-execution result of the transaction request;
verifying the supervision compliance of the execution process of the transaction request according to the supervision intelligent contract execution condition in the pre-execution result of the transaction request and a permission control strategy preset in a supervision account to which the supervision intelligent contract belongs in a block chain;
and determining the validity of the transaction request pre-execution result according to the verification result of the supervision compliance.
In a second aspect, an embodiment of the present invention further provides a device for monitoring blockchain data, where the device is configured at a blockchain node, and the device includes:
the transaction request initiating module is used for acquiring a transaction request initiated based on an application intelligent contract;
the contract loading module is used for loading an application intelligent contract used for executing the transaction request and loading at least one supervision intelligent contract;
the transaction request processing module is used for processing the transaction request by adopting the supervision intelligent contract and the application intelligent contract so as to determine a pre-execution result of the transaction request;
the supervision compliance verification module is used for verifying supervision compliance in the execution process of the transaction request according to the execution condition of the supervision intelligent contract in the pre-execution result of the transaction request and the authority control strategy of the supervision account to which the supervision intelligent contract belongs, wherein the authority control strategy is preset in a block chain;
and the validity determining module is used for determining the validity of the transaction request pre-execution result according to the verification result of the supervision compliance.
In a third aspect, an embodiment of the present invention further provides an apparatus, where the apparatus includes:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement a method for monitoring blockchain data as provided in an embodiment of the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for monitoring blockchain data as provided in the embodiment of the first aspect.
According to the block chain data monitoring method, device, equipment and medium provided by the embodiment of the invention, the application intelligent contract for executing the transaction request and the introduced supervision intelligent contract are adopted to pre-execute the transaction request initiated based on the application intelligent contract; and according to the execution condition of the supervision intelligent contract in the pre-execution result and the authority control strategy of the supervision account, carrying out supervision compliance verification on the execution process of the transaction request, thereby realizing the verification on the validity of the pre-execution result of the transaction request. According to the scheme, the supervision intelligent contract is introduced, so that all transaction requests in the block chain network need to be verified through the authority of the supervision account to which the supervision intelligent contract belongs, and therefore effective supervision on data in the block chain is achieved.
Drawings
FIG. 1A is a schematic diagram of an intelligent contract account model used in accordance with an embodiment of the present invention;
FIG. 1B is a schematic diagram of a contract account configuration used in accordance with an embodiment of the present invention;
fig. 2 is a flowchart of a block chain data monitoring method according to an embodiment of the present invention;
fig. 3 is a flowchart of a block chain data monitoring method according to a second embodiment of the present invention;
fig. 4 is a flowchart of a block chain data monitoring method according to a third embodiment of the present invention;
fig. 5 is a flowchart of a block chain data monitoring method according to a fourth embodiment of the present invention;
fig. 6 is a block diagram of a block chain data monitoring apparatus according to a fifth embodiment of the present invention;
fig. 7 is a schematic structural diagram of an apparatus provided in the sixth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
To clearly introduce the technical solutions of the embodiments of the present invention, first, a system account, a contract account, and a user account are described in detail with reference to a schematic structural diagram of an intelligent contract account model shown in fig. 1A and a schematic structural diagram of a contract account shown in fig. 1B.
The system account is a system level account correspondingly created for the blockchain system, and can be generally created when the blockchain is created, and the system account is bound with a basic intelligent contract (Kernel contract) which is an intelligent contract specially used for generating authority control data for the contract account, and usually completes system-level function management.
The contract account is a contract level account allocated for the intelligent contract in the intelligent contract account model, and is created by calling a basic intelligent contract from one or more user accounts needing to deploy the intelligent contract and is used for deploying and/or managing the intelligent contract. The contract account may be managed by the underlying intelligent contract.
The method comprises the steps that authority control data are configured in a contract account and used as a reference basis for authenticating account operation of the contract account; at least one application intelligent contract is deployed in the contract account and is used for being called by the user account so as to realize various required specific application functions by executing the application intelligent contract; the contract account can also hold the assets of any application intelligent contract in the blockchain system when issued, and is used for realizing the transfer of the account assets when participating in the application intelligent contract; the contract account is also provided with an authority control table for controlling the calling authority of the user account for calling the subprogram (method) in the application intelligent contract.
User accounts, typically owned by an individual or business, are used as the unique identification of a user in a blockchain. Each user account may be assigned an asymmetric public key and private key, the private key being managed by the user, and the public key may be used as the address of the user account.
In the intelligent contract account model, a system account and at least one contract account are typically included. The technical scheme of each embodiment of the invention is realized based on the intelligent contract account model.
Example one
Fig. 2 is a flowchart of a method for monitoring blockchain data according to an embodiment of the present invention. The embodiment of the invention can be suitable for effectively supervising the data of the transaction request in the block chain so as to ensure the safety of the data on the chain. The scheme of the embodiment of the invention is executed by the block chain node in the block chain network, and further can be executed by an initiating node of a transaction request in the block chain network, and the node can be a common block chain node or a lightweight node. The lightweight node refers to deployment data deployed with a blockchain, such as an intelligent contract, a consensus mechanism, and the like, but a blockchain network node that does not store or store part of blockchain data and transaction data may participate in a transaction request interaction process of the blockchain, and the lightweight node may be generally deployed in a terminal device.
The method may be performed by a blockchain data monitoring apparatus, which is implemented by software and/or hardware and is specifically configured in a computing device carrying the blockchain node. Referring to fig. 2, the method may specifically include:
s210, acquiring a transaction request initiated based on the application intelligent contract.
In this embodiment, as shown in fig. 1B, the application intelligent contract includes at least one subprogram, and is used to implement corresponding application functions, such as any functions to be completed, such as transfer transaction, data analysis, and the like, by calling the subprogram of the application intelligent contract.
Optionally, the native node may obtain a transaction request initiated locally based on the application intelligence contract. For example, when detecting that an application button event is clicked on a local node by a certain user account, the local node determines that the user account has an application requirement, at this time, the local node may display an application intelligent contract interface corresponding to the application requirement to the user account, and then the user account may initiate a transaction request through the application intelligent contract interface; the native node may then obtain a transaction request initiated by the user account locally based on the application intelligence contract.
Besides the application intelligent contracts, basic intelligent contracts are also deployed in the blockchain system of the local nodes. In order to distinguish between transaction requests initiated based on the application intelligent contract and transaction requests initiated based on the underlying intelligent contract, further, identification information such as a specific identifier or application intelligent contract name, etc. may be added to the transaction requests initiated based on the application intelligent contract.
S220, loading an application intelligent contract used for executing the transaction request and loading at least one supervision intelligent contract.
In this embodiment, the administrative intelligent contract is deployed based on the basic intelligent contract in the block chain network by the administrative account in the block chain network, and is used to perform a corresponding administrative function on the transaction request. The supervision account is a contract account which is deployed based on a basic intelligent contract in the block chain network. Optionally, one administrative account may belong to one or more administrative units, that is, at least one administrative account is deployed by at least one administrative unit in the blockchain network (that is, one administrative unit may deploy one or more administrative accounts, or multiple administrative units together deploy one or more administrative accounts), where the administrative unit may be, for example, a public security system, a network administrative center, a yellow counter center, and the like.
Optionally, one administrative account may be deployed with at least one administrative intelligent contract, each for performing a corresponding administrative function. The supervising intelligent contract in the embodiment may include at least one of: real-name contracts, application intelligent contract blocking contracts, sensitive word filtering contracts, and user identity contracts and yellow reflexes are initiated. The real-name contract can be used for verifying whether the real-name authentication is carried out on an initiating account of the transaction request; the application intelligent contract blocking contract can be used for verifying whether the application intelligent contract called by the transaction request is blocked or not; the sensitive word filtering contract can be used for identifying and filtering sensitive words carried in the transaction request; the initiating user identity contract can be used for verifying whether an initiating account of the transaction request belongs to a preset blacklist or a white list; the yellow reaction contract can be used for identifying whether yellow reaction data (such as yellow pictures or texts) is carried in the transaction request.
In this embodiment, the supervising intelligent contract may have specific execution logic, for example, the sensitive word filtering contract may filter by identifying the sensitive words through codes; the application intelligent contract blocking contract can identify malicious programs in the application intelligent contract through a black list or a white list of the programs for blocking. In addition, the intelligent supervision contract may not have specific execution logic, that is, the executed code is empty, and the specific data checking may be executed by the supervision unit, for example, the data may be sent to the yellow reflex center for identifying yellow pictures and characters.
Specifically, after acquiring a transaction request initiated based on an application intelligent contract, the native node needs to run by loading the intelligent contract in the form of a code, so as to process the transaction request. That is, an application intelligence contract for executing a transaction request may be loaded, as well as at least one supervisory intelligence contract. Optionally, the application intelligent contract for executing the transaction request may be loaded in parallel with the at least one monitoring intelligent contract, or sequentially, which is not limited in this embodiment.
And S230, processing the transaction request by adopting a supervision intelligent contract and an application intelligent contract to determine a pre-execution result of the transaction request.
In this embodiment, the pre-execution result may be understood as a result generated by performing a pre-execution operation on a locally initiated transaction request based on an application intelligent contract by using a supervision intelligent contract and the application intelligent contract by a local node. Optionally, the pre-execution result may include read data (i.e. read data set) required in the process of invoking the application intelligent contract to execute the transaction request, write data (i.e. write data set) required after the transaction request is executed, and supervise the intelligent contract execution condition; and resources such as interfaces to be called in the process of executing the transaction request, and signature information required by the execution of the transaction request, such as an authorization signature provided by an initiating user, can also be included.
Optionally, after loading the application intelligent contract for executing the transaction request and loading at least one supervision intelligent contract, the transaction request may be processed in parallel by using the supervision intelligent contract and the application intelligent contract, or may be processed according to a preset processing order.
It should be noted that, generally, invoking the application intelligent contract to execute the transaction request requires a relatively large amount of resources, so in order to reduce the data operation amount in the transaction request processing process and improve the processing efficiency of the transaction request, the execution order of the at least one monitoring intelligent contract loaded in the present embodiment is prior to the application intelligent contract loaded, and the specific situation will be described in detail in the following embodiments.
S240, according to the execution condition of the supervision intelligent contract in the pre-execution result of the transaction request and the authority control strategy of the supervision account to which the supervision intelligent contract belongs, the execution process of the transaction request is verified in supervision compliance.
Optionally, each administrative account is deployed with corresponding right control data through a basic intelligent contract. Wherein the rights control data may include a set of member accounts and a rights control policy. The member account set stores account addresses of at least one user account and is used for limiting the user accounts with management authority for the supervision accounts; preferably, the member account set stores account addresses of user accounts having management authority. The authority control policy is used for defining a management operation policy for the administrative account, is determined by a creator or an owner of the administrative account in a customized manner according to needs, and is an attribute of the administrative account designated when the administrative account is created.
Further, different authority control strategies can be set for different execution conditions of the supervision intelligent contract. For example, if the execution condition of the supervised intelligent contract is a verification passing result, and correspondingly, the authority control policy may be that the verification of any one of the supervised intelligent contracts fails, the application intelligent contract is not adopted to execute the transaction request. If the execution condition of the intelligent supervision contract is the called mark of the intelligent supervision contract, correspondingly, the authority control strategy can call the intelligent supervision contract only if the endorsement signature of the specified account exists in the pre-execution result of the transaction request.
In this embodiment, the pre-execution result includes the execution condition of the intelligent supervision contract, and the pre-execution result is directly analyzed, so that the execution condition of the intelligent supervision contract can be obtained from the pre-execution result; and then, the execution process of the transaction request can be verified according to the execution condition of the supervision intelligent contract and the authority control strategy of the supervision account to which the supervision intelligent contract belongs in the block chain.
For example, if the execution condition of the supervised intelligent contract is the verification passing result, the verification passing result of each supervised intelligent contract can be obtained from the pre-execution result; and then determining whether the authority control strategy is met or not according to the verification passing result of each supervision intelligent contract so as to verify the supervision compliance of the transaction request execution process.
It should be noted that, in this embodiment, by introducing the intelligent supervision contract, all the transaction requests in the block chain network need to be verified by the authority control policy of the supervision account to which the intelligent supervision contract belongs, so that the supervision unit can effectively supervise the data in the block chain.
And S250, determining the validity of the transaction request pre-execution result according to the verification result of the supervision compliance.
In this embodiment, if the verification result of the supervision compliance is passed, it may be determined that the pre-execution result of the transaction request is valid; if the result of the verification of the regulatory compliance is that the verification fails, the result of the pre-execution of the transaction request may be determined to be invalid.
In order to facilitate verification of the authenticity and/or validity of the transaction request by other block link nodes in the block chain network, after determining the validity of the execution result of the transaction request, the method may further include: and encapsulating the pre-execution result into a transaction request, and transmitting the transaction request to the block chain network to request other block chain link points to verify the transaction request.
Specifically, after the local node determines the validity of the transaction request, the pre-execution result may be encapsulated in the transaction request and transmitted to the blockchain network. After receiving the transaction request, other block chain nodes in the block chain network may first adopt S240 to verify the supervision and compliance of the execution process of the transaction request, and then invoke the application intelligent contract to execute the transaction request to obtain a verification execution result, and match the verification execution result with the pre-execution result in the obtained transaction request; further, the read data set and the write data set in the verification execution result may be respectively matched with the read data set and the write data set in the pre-execution result in the obtained transaction request; if the matching is successful, determining that the transaction request pre-execution result is valid; the pre-execution results may then be stored as transaction data into the block.
Further, other blockchain nodes that acquire the transaction request including the pre-execution result may default that the verification result of the supervision compliance of the originating node of the transaction request is passed, and then the verification process of the pre-execution result may be directly performed.
Optionally, if the local node is the current block generation node, after the validity of the execution result of the transaction request is determined, the transaction request including the pre-execution result may be stored in the block as transaction data; the block may then be transmitted to the blockchain network to request other blockchain link points to verify storage.
According to the technical scheme provided by the embodiment of the invention, the transaction request initiated based on the application intelligent contract is pre-executed by adopting the application intelligent contract for executing the transaction request and the introduced supervision intelligent contract; and according to the execution condition of the supervision intelligent contract in the pre-execution result and the authority control strategy of the supervision account, carrying out supervision compliance verification on the execution process of the transaction request, thereby realizing the verification on the validity of the pre-execution result of the transaction request. According to the scheme, the supervision intelligent contract is introduced, so that all transaction requests in the block chain network need to be verified through the authority of the supervision account to which the supervision intelligent contract belongs, and therefore effective supervision on data in the block chain is achieved.
Example two
Fig. 3 is a flowchart of a block chain data monitoring method according to a second embodiment of the present invention. On the basis of the above embodiment, the embodiment further explains and explains the verification of supervision compliance performed on the execution process of the transaction request according to the execution condition of the supervision intelligent contract in the pre-execution result of the transaction request and the authority control policy of the supervision account to which the supervision intelligent contract belongs, which is preset in the block chain. Referring to fig. 3, the method may specifically include:
s310, a transaction request initiated based on the application intelligent contract is obtained.
S320, loading an application intelligent contract used for executing the transaction request and loading at least one supervision intelligent contract.
S330, processing the transaction request by adopting a supervision intelligent contract and an application intelligent contract to determine a pre-execution result of the transaction request.
And S340, the execution condition of the supervision intelligent contract obtained from the pre-execution result is a called mark or an execution verification result of the supervision intelligent contract.
In this embodiment, for a supervising intelligent contract without specific execution logic, such as a yellow reflex contract, the supervising intelligent contract execution condition may be a called flag of the supervising intelligent contract. Optionally, the invoked flag may be a flag indicating that the yellow reflex contract was invoked. For a supervising intelligent contract, such as a sensitive word filtering contract, which records the processing result of the transaction request in the pre-execution result and verifies the processing result by a request supervising unit, the execution condition of the supervising intelligent contract may be the execution verification result.
And S350, verifying whether the execution verification result generated by the calling or the calling of the intelligent supervision contract in the execution process of the transaction request conforms to the authority control strategy or not according to the authority control strategy of the supervision account to which the intelligent supervision contract belongs in the preset block chain.
Illustratively, the rights control policy may include at least one of: 1) the threshold strategy is used for determining the overall authentication passing result according to the relationship between the sum of the weight values of the member accounts passing the authentication and the set passing threshold, wherein the weight values of all the member accounts in the member account set are distributed by a creator or an owner of the supervision account when the member account set is defined; 2) the endorsement strategy is used for determining the integral authentication passing result according to the number or the proportion of the member accounts passing the authentication; 3) and the fixed account strategy is used for determining the integral authentication passing result according to the relation between the associated account of the account operation and the preset fixed account. The preset fixed account can be one or more accounts in a pre-designated member account set; the associated account can be a derivative account or a derived account of a preset fixed account in the member account set; further, the derivative account of the preset fixed account can be understood as a sub-account of the preset fixed account, and inherits at least part of operation authority of the preset fixed account; the derived account of the preset fixed account can be understood as a parent account of the preset fixed account, and the preset fixed account inherits at least part of the operation authority of the derived account.
In this embodiment, in the process of executing the transaction request by applying the intelligent contract, the user account may request another user account to verify the pre-execution result and feed back the signature endorsement, and add the obtained signature to the set field of the transaction request.
For example, according to the authority control policy of the administrative account to which the administrative intelligent contract belongs in the preset block chain, whether the execution verification result generated by the call or the call of the administrative intelligent contract in the execution process of the transaction request conforms to the authority control policy may be: if the authority control strategy is a fixed account strategy, acquiring the name of the signature endorsement account from the pre-execution result of the transaction request; determining whether a fixed account policy is met or not according to the name of the signature endorsement account so as to verify whether the execution verification result generated by the calling or calling of the supervision intelligent contract in the execution process of the transaction request conforms to the authority control policy or not; the signature endorsement account is an account which is requested to verify a pre-execution result in the pre-execution process of the transaction request and then feeds back the signature endorsement.
Specifically, the name of the signature endorsement account may be acquired from a pre-execution result of the transaction request, and the acquired name of each signature endorsement account is matched with the name of a preset fixed account in the member account set; if the matching is successful, determining that the execution verification result generated by the calling or the calling of the supervision intelligent contract in the execution process of the transaction request conforms to the authority control strategy; otherwise, the authority control strategy is not met.
Or the name of the signature endorsement account is obtained from the pre-execution result of the transaction request, and the obtained name of each signature endorsement account is matched with the name of the associated account of the preset fixed account in the member account set; if the matching is successful, determining that the execution verification result generated by the calling or the calling of the supervision intelligent contract in the execution process of the transaction request conforms to the authority control strategy; otherwise, the authority control strategy is not met.
Optionally, according to the authority control policy of the administrative account to which the administrative intelligent contract belongs in the preset block chain, verifying whether the execution verification result generated by the invocation or the invocation of the administrative intelligent contract in the execution process of the transaction request meets the authority control policy may also be: if the authority control strategy is a threshold strategy, acquiring the name of the signature endorsement account from the pre-execution result of the transaction request, and searching and matching the acquired name of each signature endorsement account with the name of a member account in the member account set; determining the sum of the weight values of the signature endorsement accounts which are successfully matched; if the sum of the weight values is larger than a set passing threshold value, determining that the execution verification result generated by calling or calling the supervision intelligent contract in the execution process of the transaction request conforms to the authority control strategy; otherwise, the authority control strategy is not met.
For example, according to the authority control policy of the administrative account to which the administrative intelligent contract belongs in the preset block chain, whether the execution verification result generated by the call or the call of the administrative intelligent contract in the execution process of the transaction request conforms to the authority control policy may also be: if the authority control strategy is an endorsement strategy, acquiring the name of the signature endorsement account from the pre-execution result of the transaction request, and searching and matching the acquired name of each signature endorsement account with the name of the member account in the member account set; determining the number or proportion of each signature endorsement account; if the number of the successfully matched signature endorsement accounts is larger than a set number threshold value or the proportion of the successfully matched signature endorsement accounts is larger than a set proportion threshold value, determining that the execution verification result generated by the calling or calling of the supervision intelligent contract in the execution process of the transaction request conforms to the authority control strategy; otherwise, the authority control strategy is not met.
It should be noted that, for a supervised intelligent contract whose execution condition is a called flag of the supervised intelligent contract or a supervised intelligent contract that executes a verification result, such as a yellow-bar contract without specific execution logic, by forcing the application of the intelligent contract to obtain a signature endorsement of a specific account, that is, by transferring the complex verification process of the transaction request to the specific account, such as a yellow-bar center, the data in the block chain can be effectively supervised, and at the same time, the complicated operation brought by adjusting the code of the supervised intelligent contract can be avoided.
And S360, if the authority control strategy is met, determining that the verification result of the supervision compliance is passed.
And S370, determining the validity of the transaction request pre-execution result according to the verification result of the supervision compliance.
According to the technical scheme provided by the embodiment of the invention, under the condition that the execution condition of the supervision intelligent contract in the pre-execution result is the invoked mark of the supervision intelligent contract or the execution verification result, a mode of verifying supervision compliance on the execution process of the transaction request according to the authority control strategy preset in the supervision account to which the supervision intelligent contract belongs in the block chain is provided, and further, the verification on the validity of the pre-execution result of the transaction request is realized based on the verification result of the supervision compliance. The scheme can effectively monitor the data in the block chain, and simultaneously improves the verification mechanism when the authority control strategy verification is carried out on the transaction request.
EXAMPLE III
Fig. 4 is a flowchart of a block chain data monitoring method according to a third embodiment of the present invention. Based on the above embodiment, in the case that the execution order of the at least one supervisory intelligent contract loaded precedes that of the application intelligent contract loaded, the present embodiment further explains that the transaction request is processed by using the supervisory intelligent contract and the application intelligent contract to determine the pre-execution result of the transaction request. Referring to fig. 4, the method may specifically include:
and S410, acquiring a transaction request initiated based on the application intelligent contract.
S420, loading an application intelligent contract used for executing the transaction request, and loading at least one supervision intelligent contract.
S430, verifying the transaction request and the application intelligent contract called by the transaction request by adopting a supervision intelligent contract; if the verification is not passed, S440 is executed; if the verification is passed, S450 is performed.
It should be noted that, generally, an application intelligent contract is called to execute a transaction request, and resources that need to be occupied are relatively large, so this embodiment may preferentially adopt at least one loaded supervision intelligent contract to perform verification processing on the transaction request, and then adopt the application intelligent contract to process the transaction request according to a verification processing result. Alternatively, the resource may not be wasted performing a pass of the transaction request as long as the validation of any of the at least one supervising intelligent contract fails.
For example, validating the transaction request and the application intelligence contract invoked by the transaction request using the supervisory intelligence contract may include at least one of:
1) verifying whether an initiating account of the transaction request belongs to a preset blacklist or a preset white list by adopting a supervision intelligent contract;
alternatively, a blacklist of user accounts that are prohibited from initiating transaction requests in the blockchain network, or a whitelist of user accounts that are allowed to initiate transaction requests in the blockchain network, may be preset. And then after the application intelligent contract used for executing the transaction request is loaded and at least one supervision intelligent contract is loaded, whether the initiating account of the transaction request belongs to a preset blacklist or a preset white list can be verified by adopting an initiating user identity contract in the supervision intelligent contract. For example, the initiating account of the transaction request may be matched with a preset blacklist of user accounts, and if the matching fails, the verification is determined to pass; if the match is successful, it may be determined that the verification failed.
2) Verifying whether the application intelligent contract called by the transaction request is forbidden by adopting a supervision intelligent contract;
optionally, a blacklist for prohibiting the application intelligent contract from being invoked may be preset, or a whitelist for allowing the application intelligent contract to be invoked may be set; further, the name or identification of the application intelligent contract may be stored in the black list or white list of the application intelligent contract. And after the application intelligent contract used for executing the transaction request is loaded and at least one supervision intelligent contract is loaded, whether the application intelligent contract called by the transaction request is prohibited or not can be verified by adopting an application intelligent contract prohibition contract in the supervision intelligent contract. For example, the query may be performed from a white list of the application intelligent contract according to the name of the application intelligent contract called by the transaction request, and if the query is possible, it is determined that the verification is passed; otherwise, the verification is determined to be failed.
3) And verifying whether the real-name authentication is carried out on the initiating account of the transaction request by adopting a supervision intelligent contract.
Optionally, the embodiment may set a specific identifier for the user account that is authenticated by the real name, so as to distinguish the user account that is not authenticated by the real name.
Specifically, after the application intelligent contract for executing the transaction request is loaded and at least one supervision intelligent contract is loaded, a real-name contract in the supervision intelligent contract may be used to verify whether the real-name authentication is performed on the initiating account of the transaction request. For example, it may be identified whether the originating account of the transaction request has a particular identifier, and if so, it is determined that the authentication passed; otherwise, the verification is determined to be failed.
In addition, the transaction request can be verified by adopting other supervision intelligent contracts, and the like.
S440, forbidding the application intelligent contract to process the transaction request.
In this embodiment, if the verification fails, the execution of the application intelligent contract is prohibited to process the transaction request, and it may be determined that the transaction request is invalid.
S450, executing the transaction request by adopting the application intelligent contract to determine a pre-execution result of the transaction request.
And S460, verifying the supervision compliance of the execution process of the transaction request according to the supervision intelligent contract execution condition in the pre-execution result of the transaction request and the authority control strategy of the supervision account to which the supervision intelligent contract belongs, which is preset in the block chain.
S470, according to the verification result of the supervision compliance, determining the validity of the transaction request pre-execution result.
According to the technical scheme provided by the embodiment of the invention, the transaction request is verified by preferentially adopting the loaded at least one monitoring intelligent contract, and then the transaction request is processed by adopting the application intelligent contract according to the verification processing result, so that unnecessary resource waste can be reduced.
Example four
Fig. 5 is a flowchart of a block chain data monitoring method according to a fourth embodiment of the present invention. The embodiment is further optimized on the basis of the embodiment. Referring to fig. 5, the method may specifically include:
s510, a transaction request initiated based on the application intelligent contract is obtained.
S520, loading an application intelligent contract used for executing the transaction request, and loading at least one supervision intelligent contract.
S530, processing the transaction request by adopting the supervision intelligent contract and the application intelligent contract to determine the pre-execution result of the transaction request.
S540, verifying whether the supervision intelligent contract called in the execution process of the transaction request meets the requirement of the supervision intelligent contract list or not according to the pre-execution result and the supervision intelligent contract list corresponding to the pre-deployed block chain; if yes, executing S550; and if not, determining that the transaction request pre-execution result is invalid.
In this embodiment, the supervision intelligent contract list includes names of all supervision intelligent contracts that need to be loaded when executing one transaction request. Optionally, the regulatory intelligent contract manifest may be established when creating the blockchain and deployed in the founder block.
Optionally, the requirement of the supervision intelligent contract list may be that the number of supervision intelligent contracts to be loaded for executing a transaction request should meet a set number threshold, or the proportion should meet a set proportion threshold. The name of the supervising intelligent contract that handles the transaction request may be included in the pre-execution results. Further, according to the pre-execution result and the supervision intelligent contract list corresponding to the pre-deployed block chain, verifying whether the supervision intelligent contract invoked by the execution process of the transaction request meets the requirement of the supervision intelligent contract list may be: acquiring the name of a supervision intelligent contract for processing the transaction request from the pre-execution result, matching the acquired name of the supervision intelligent contract with the name in the supervision intelligent contract list, and determining the number or proportion of the supervision intelligent contract which is successfully matched; and if the number of the successfully matched supervision intelligent contracts is larger than the set number threshold value or the ratio of the successfully matched supervision intelligent contracts is larger than the set ratio threshold value, determining that the supervision intelligent contracts called in the execution process of the transaction request meet the requirements of the supervision intelligent contract list.
The requirement of the supervision intelligent contract list can also be that all supervision intelligent contracts in the supervision intelligent contract list and the like need to be loaded when one transaction request is executed. Further, according to the pre-execution result and the supervision intelligent contract list corresponding to the pre-deployed block chain, verifying whether the supervision intelligent contract invoked by the execution process of the transaction request meets the requirement of the supervision intelligent contract list may be: and acquiring the name of the supervision intelligent contract for processing the transaction request from the pre-execution result, counting whether the acquired name of the supervision intelligent contract comprises the names of all supervision intelligent contracts in the supervision intelligent contract list, and if so, determining that the supervision intelligent contract called in the execution process of the transaction request meets the requirement of the supervision intelligent contract list.
In order to achieve effective supervision of the blockchain data, the embodiment preferably verifies in the second way that the supervision intelligent contract invoked by the execution process of the transaction request meets the requirement of the supervision intelligent contract list.
And S550, verifying the supervision compliance of the execution process of the transaction request according to the supervision intelligent contract execution condition in the pre-execution result of the transaction request and the authority control strategy of the supervision account to which the supervision intelligent contract belongs, which is preset in the block chain.
It should be noted that, in this embodiment, after the pre-execution result is generated, the pre-execution result is verified by the monitoring intelligent contract; if the verification of the supervision intelligent contract passes, verifying the authority control strategy; then, according to the verification result of the authority control strategy, determining that the pre-execution result of the transaction request is valid; and when the at least one limiting condition is not met, determining that the pre-execution result of the transaction request is invalid.
And S560, determining the validity of the transaction request pre-execution result according to the verification result of the supervision compliance.
According to the technical scheme provided by the embodiment of the invention, the verification of the supervision intelligent contract and the authority control strategy is carried out on the pre-execution result sequence of the transaction request, so that the verification mechanism of supervision compliance in the transaction request execution process is perfected, and further the effective supervision on data in a block chain is realized.
EXAMPLE five
Fig. 6 is a block diagram of a block chain data monitoring apparatus according to a fifth embodiment of the present invention, where the apparatus may be configured in a block chain node, and the apparatus may execute the block chain data monitoring method according to any embodiment of the present invention, and has functional modules and beneficial effects corresponding to the execution method. As shown in fig. 6, the apparatus may include:
a transaction request initiating module 610, configured to obtain a transaction request initiated based on an application intelligent contract;
a contract loading module 620 for loading application intelligence contracts for executing transaction requests and loading at least one supervisory intelligence contract;
a transaction request processing module 630, configured to process the transaction request by using a supervision intelligence contract and an application intelligence contract to determine a pre-execution result of the transaction request;
the supervision compliance verification module 640 is used for verifying supervision compliance in the execution process of the transaction request according to the execution condition of the supervision intelligent contract in the pre-execution result of the transaction request and an authority control strategy of a supervision account to which the supervision intelligent contract belongs, wherein the authority control strategy is preset in a block chain;
and the validity determining module 650 is configured to determine validity of the pre-execution result of the transaction request according to the verification result of the regulatory compliance.
According to the technical scheme provided by the embodiment of the invention, the transaction request initiated based on the application intelligent contract is pre-executed by adopting the application intelligent contract for executing the transaction request and the introduced supervision intelligent contract; and according to the execution condition of the supervision intelligent contract in the pre-execution result and the authority control strategy of the supervision account, carrying out supervision compliance verification on the execution process of the transaction request, thereby realizing the verification on the validity of the pre-execution result of the transaction request. According to the scheme, the supervision intelligent contract is introduced, so that all transaction requests in the block chain network need to be verified through the authority of the supervision account to which the supervision intelligent contract belongs, and therefore effective supervision on data in the block chain is achieved.
For example, in this embodiment, at least one supervision account is deployed by at least one supervision unit in the blockchain network, the supervision account is a contract account deployed based on a basic intelligent contract in the blockchain network, and each supervision account is deployed with corresponding authority control data through the basic intelligent contract; at least one supervisory intelligent contract is deployed in a supervisory account based on the base intelligent contract.
Illustratively, the rights control data includes: a set of member accounts and an entitlement control policy.
Illustratively, the rights control policy includes at least one of:
the threshold strategy is used for determining the overall authentication passing result according to the relationship between the sum of the weight values of the member accounts passing the authentication and the set passing threshold;
the endorsement strategy is used for determining the integral authentication passing result according to the number or the proportion of the member accounts passing the authentication;
and the fixed account strategy is used for determining the integral authentication passing result according to the relation between the associated account of the account operation and the preset fixed account.
For example, the regulatory compliance verification module 640 may include:
the mark/result determining unit is used for obtaining the execution condition of the supervision intelligent contract from the pre-execution result and taking the execution condition as a called mark or an execution verification result of the supervision intelligent contract;
the supervision compliance verification unit is used for verifying whether the execution verification result generated by calling or calling the supervision intelligent contract in the execution process of the transaction request conforms to the authority control strategy or not according to the authority control strategy of the supervision account to which the supervision intelligent contract belongs in the preset block chain;
and the verification result determining unit is used for determining that the verification result of the supervision compliance is passed if the authority control strategy is met.
For example, the regulatory compliance verification unit may be specifically configured to:
if the authority control strategy is a fixed account strategy, acquiring the name of the signature endorsement account from the pre-execution result of the transaction request;
determining whether a fixed account policy is met or not according to the name of the signature endorsement account so as to verify whether the execution verification result generated by the calling or calling of the supervision intelligent contract in the execution process of the transaction request conforms to the authority control policy or not;
the signature endorsement account is an account which is requested to verify a pre-execution result in the pre-execution process of the transaction request and then feeds back the signature endorsement.
Illustratively, the loaded at least one supervisory intelligence contract is executed in an order prior to the loaded application intelligence contract.
Illustratively, the transaction request processing module 630 may include:
the transaction request verification unit is used for verifying the transaction request and the application intelligent contract called by the transaction request by adopting a supervision intelligent contract;
the transaction request execution unit is used for executing the transaction request by adopting an application intelligent contract if the verification is passed so as to determine a pre-execution result of the transaction request;
and the execution forbidding unit is used for forbidding the application intelligent contract to process the transaction request if the verification is not passed.
Illustratively, the transaction request validation unit may be specifically configured to perform at least one of:
verifying whether an initiating account of the transaction request belongs to a preset blacklist or a preset white list by adopting a supervision intelligent contract;
and verifying whether the application intelligent contract called by the transaction request is forbidden by adopting the supervision intelligent contract.
Illustratively, the apparatus may further include:
and the supervision intelligent contract verification module is used for verifying whether the supervision intelligent contract called in the execution process of the transaction request meets the requirement of the supervision intelligent contract list or not according to the pre-execution result and the supervision intelligent contract list corresponding to the pre-deployed block chain after the transaction request is processed by adopting the supervision intelligent contract and the application intelligent contract to determine the pre-execution result of the transaction request.
Illustratively, the curated intelligent contracts include at least one of: real-name contracts, application intelligent contract blocking contracts, sensitive word filtering contracts, and user identity contracts and yellow reflexes are initiated.
Illustratively, the apparatus may further include:
the transmission module is used for packaging the pre-execution result into the transaction request after the validity of the execution result of the transaction request is determined, and transmitting the pre-execution result into the block chain network to request other block chain nodes to verify the transaction request; or
And the storage module is used for storing the transaction request comprising the pre-execution result into the block as transaction data after determining the validity of the execution result of the transaction request.
EXAMPLE six
Fig. 7 is a schematic structural diagram of an apparatus provided in the seventh embodiment of the present invention. Fig. 7 illustrates a block diagram of an exemplary device 12 suitable for use in implementing embodiments of the present invention. The device 12 shown in fig. 7 is only an example and should not bring any limitation to the function and scope of use of the embodiments of the present invention. Device 12 may typically be a computing device that assumes the functionality of a blockchain network node.
As shown in FIG. 7, device 12 is in the form of a general purpose computing device. The components of device 12 may include, but are not limited to: one or more processors or processing units 16, a memory 28, and a bus 18 that couples various system components including the memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Device 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. Device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 7, and commonly referred to as a "hard drive"). Although not shown in FIG. 7, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
Device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with device 12, and/or with any devices (e.g., network card, modem, etc.) that enable device 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the device/terminal/server 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 20. As shown, the network adapter 20 communicates with the other modules of the device 12 via the bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with device 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes programs stored in the memory 28 to execute various functional applications and data processing, for example, to implement the block chain data monitoring method provided by the embodiment of the present invention.
EXAMPLE seven
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program (or referred to as computer-executable instructions) is stored, where the computer program is used for executing a method for monitoring blockchain data when executed by a processor, and the method includes:
acquiring a transaction request initiated based on an application intelligent contract;
loading an application intelligence contract for executing the transaction request and loading at least one supervisory intelligence contract;
processing the transaction request by adopting a supervision intelligent contract and an application intelligent contract to determine a pre-execution result of the transaction request;
verifying the supervision compliance of the execution process of the transaction request according to the execution condition of the supervision intelligent contract in the pre-execution result of the transaction request and a permission control strategy of a supervision account to which the supervision intelligent contract belongs, wherein the permission control strategy is preset in a block chain;
and determining the validity of the transaction request pre-execution result according to the verification result of the supervision compliance.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (14)

1. A method for monitoring blockchain data is applied to blockchain nodes, and the method comprises the following steps:
acquiring a transaction request initiated based on an application intelligent contract;
loading an application intelligence contract for executing the transaction request and loading at least one supervisory intelligence contract;
processing the transaction request by adopting the supervision intelligent contract and the application intelligent contract to determine a pre-execution result of the transaction request;
verifying the supervision compliance of the execution process of the transaction request according to the supervision intelligent contract execution condition in the pre-execution result of the transaction request and a permission control strategy preset in a supervision account to which the supervision intelligent contract belongs in a block chain;
determining the validity of the transaction request pre-execution result according to the verification result of the supervision compliance;
the verifying the supervision compliance of the execution process of the transaction request according to the execution condition of the supervision intelligent contract in the pre-execution result of the transaction request and the authority control strategy of the supervision account to which the supervision intelligent contract belongs, which is preset in a block chain, comprises the following steps:
the execution condition of the supervision intelligent contract obtained from the pre-execution result is a called mark or an execution verification result of the supervision intelligent contract;
verifying whether the execution verification result generated by the calling or the calling of the supervision intelligent contract in the execution process of the transaction request conforms to the authority control strategy or not according to the authority control strategy of the supervision account to which the supervision intelligent contract belongs in a preset block chain;
and if the authority control strategy is met, determining that the verification result of the supervision compliance is passed.
2. The method according to claim 1, wherein at least one administrative account is deployed by at least one administrative unit in a blockchain network, the administrative account is a contract account deployed based on a basic intelligent contract in the blockchain network, and each administrative account is deployed with corresponding authority control data through the basic intelligent contract; at least one governance intelligence contract is deployed in the governance account based on the base intelligence contract.
3. The method of claim 2, wherein the entitlement control data comprises: a set of member accounts and an entitlement control policy.
4. The method of claim 3, wherein the entitlement control policy comprises at least one of:
the threshold strategy is used for determining the overall authentication passing result according to the relationship between the sum of the weight values of the member accounts passing the authentication and the set passing threshold;
the endorsement strategy is used for determining the integral authentication passing result according to the number or the proportion of the member accounts passing the authentication;
and the fixed account strategy is used for determining the integral authentication passing result according to the relation between the associated account of the account operation and the preset fixed account.
5. The method of claim 1, wherein verifying whether an execution verification result generated by calling or invoking the supervising intelligent contract in the execution process of the transaction request conforms to the authority control policy according to the authority control policy of the supervising account to which the supervising intelligent contract belongs in a preset block chain comprises:
if the authority control strategy is a fixed account strategy, acquiring the name of a signature endorsement account from the pre-execution result of the transaction request;
determining whether the fixed account policy is met or not according to the name of the signature endorsement account so as to verify whether the execution verification result generated by the calling or calling of the supervision intelligent contract in the execution process of the transaction request conforms to the authority control policy or not;
the signature endorsement account is an account which is requested to verify a pre-execution result in the pre-execution process of the transaction request and then feeds back the signature endorsement.
6. The method of claim 1, wherein the loaded at least one supervisory intelligence contract is executed in an order prior to the loaded application intelligence contract.
7. The method of claim 6, wherein processing the transaction request using the administration intelligence contract and the application intelligence contract to determine a pre-execution result of the transaction request comprises:
verifying the transaction request and the application intelligent contract called by the transaction request by adopting the supervision intelligent contract;
if the verification is passed, executing the transaction request by using the application intelligent contract to determine a pre-execution result of the transaction request;
and if the verification is not passed, prohibiting the application intelligent contract from executing to process the transaction request.
8. The method of claim 7, wherein validating the transaction request and the application intelligence contract invoked by the transaction request using the governing intelligence contract comprises at least one of:
verifying whether the initiating account of the transaction request belongs to a preset blacklist or a preset white list by adopting the supervision intelligent contract;
and verifying whether the application intelligent contract called by the transaction request is forbidden by adopting the supervision intelligent contract.
9. The method of claim 1, wherein processing the transaction request using the administration intelligence contract and the application intelligence contract to determine a pre-execution result of the transaction request further comprises:
and verifying whether the supervision intelligent contract called by the execution process of the transaction request meets the requirement of the supervision intelligent contract list or not according to the pre-execution result and the supervision intelligent contract list corresponding to the pre-deployed block chain.
10. The method of claim 1, wherein the regulatory intelligence contract comprises at least one of: real-name contracts, application intelligent contract blocking contracts, sensitive word filtering contracts, and user identity contracts and yellow reflexes are initiated.
11. The method of claim 1, after determining validity of the transaction request execution result, further comprising:
encapsulating the pre-execution result into the transaction request, and transmitting the transaction request to a block chain network to request other block chain link points to verify the transaction request; or
And storing the transaction request comprising the pre-execution result into a block as transaction data.
12. An apparatus for monitoring blockchain data, configured at blockchain nodes, the apparatus comprising:
the transaction request initiating module is used for acquiring a transaction request initiated based on an application intelligent contract;
the contract loading module is used for loading an application intelligent contract used for executing the transaction request and loading at least one supervision intelligent contract;
the transaction request processing module is used for processing the transaction request by adopting the supervision intelligent contract and the application intelligent contract so as to determine a pre-execution result of the transaction request;
the supervision compliance verification module is used for verifying supervision compliance in the execution process of the transaction request according to the execution condition of the supervision intelligent contract in the pre-execution result of the transaction request and the authority control strategy of the supervision account to which the supervision intelligent contract belongs, wherein the authority control strategy is preset in a block chain;
the validity determining module is used for determining the validity of the transaction request pre-execution result according to the verification result of the supervision compliance;
the regulatory compliance verification module, comprising:
the mark/result determining unit is used for obtaining the execution condition of the supervision intelligent contract from the pre-execution result and taking the execution condition as a called mark or an execution verification result of the supervision intelligent contract;
the supervision compliance verification unit is used for verifying whether the execution verification result generated by calling or calling the supervision intelligent contract in the execution process of the transaction request conforms to the authority control strategy or not according to the authority control strategy of the supervision account to which the supervision intelligent contract belongs in the preset block chain;
and the verification result determining unit is used for determining that the verification result of the supervision compliance is passed if the authority control strategy is met.
13. A general purpose computing device, the device comprising:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a method of blockchain data monitoring as claimed in any one of claims 1 to 11.
14. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method of block chain data monitoring according to any one of claims 1 to 11.
CN201910580172.3A 2019-06-28 2019-06-28 Block chain data monitoring method, device, equipment and medium Active CN110310205B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910580172.3A CN110310205B (en) 2019-06-28 2019-06-28 Block chain data monitoring method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910580172.3A CN110310205B (en) 2019-06-28 2019-06-28 Block chain data monitoring method, device, equipment and medium

Publications (2)

Publication Number Publication Date
CN110310205A CN110310205A (en) 2019-10-08
CN110310205B true CN110310205B (en) 2022-02-25

Family

ID=68077926

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910580172.3A Active CN110310205B (en) 2019-06-28 2019-06-28 Block chain data monitoring method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN110310205B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111475827A (en) * 2019-11-08 2020-07-31 支付宝(杭州)信息技术有限公司 Private data query method and device based on down-link authorization
CN110866740A (en) * 2019-11-14 2020-03-06 百度在线网络技术(北京)有限公司 Processing method and device for block chain transaction request, electronic equipment and medium
CN111258725B (en) * 2020-01-17 2023-07-25 北京百度网讯科技有限公司 Data processing method, device, equipment and medium based on block chain
CN111311413B (en) * 2020-02-25 2023-08-29 百度在线网络技术(北京)有限公司 Method, device, equipment and medium for monitoring resource circulation of block chain
CN111369246B (en) * 2020-03-02 2023-06-06 万翼科技有限公司 Calling authentication method and device of intelligent contract, electronic equipment and storage medium
CN111338906B (en) * 2020-03-06 2021-09-17 清华大学 Terminal equipment, edge node and block chain-based application supervision method and system
CN111581047B (en) * 2020-03-24 2023-03-24 博雅正链(北京)科技有限公司 Supervision method for intelligent contract behavior
CN112184264A (en) * 2020-09-30 2021-01-05 微医云(杭州)控股有限公司 Block chain-based drug supervision method, device, server and medium
CN112597762B (en) * 2020-12-04 2024-03-08 广东省科学院智能制造研究所 Blockchain system with intelligent contract data supervision function and supervision method
CN113114465B (en) * 2021-03-19 2022-10-11 青岛海尔科技有限公司 Method and device for processing attribution authority, storage medium and electronic device
CN112734410B (en) * 2021-03-30 2021-07-06 支付宝(杭州)信息技术有限公司 Method and device for pre-executing chain code in Fabric Block chain
CN117113425B (en) * 2023-10-25 2023-12-22 东北大学秦皇岛分校 Privacy compliance method for lake and warehouse integrated data analysis

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107103473A (en) * 2017-04-27 2017-08-29 电子科技大学 A kind of intelligent contract implementation method based on block chain
CN108961052A (en) * 2018-06-25 2018-12-07 百度在线网络技术(北京)有限公司 Verification method, storage method, device, equipment and the medium of block chain data
CN109508561A (en) * 2018-10-18 2019-03-22 中钞信用卡产业发展有限公司杭州区块链技术研究院 Block chain network and right management method
CN109639437A (en) * 2019-01-09 2019-04-16 山东浪潮质量链科技有限公司 Monitoring and managing method and device, equipment, medium based on trust data source
CN109685507A (en) * 2018-12-26 2019-04-26 百度在线网络技术(北京)有限公司 The identification of transactions requests validity and initiating method, device, equipment and medium
CN109697670A (en) * 2018-12-29 2019-04-30 杭州趣链科技有限公司 A kind of public chain information screen method not influencing confidence level
CN109710689A (en) * 2018-11-26 2019-05-03 平安科技(深圳)有限公司 Enterprise's monitoring and managing method, system, device, equipment and readable storage medium storing program for executing
KR20190050163A (en) * 2017-11-02 2019-05-10 주식회사 케이티 Mutual Finance Platform and Implement Method thereof based on Block Chain
CN109871263A (en) * 2019-02-25 2019-06-11 百度在线网络技术(北京)有限公司 The operation method of block catenary system, device, equipment and storage medium under line
CN109903164A (en) * 2019-01-03 2019-06-18 广州斯拜若科技有限公司 Private equity funds automation monitoring and managing method and system based on block chain
CN109919764A (en) * 2019-01-31 2019-06-21 中国互联网络信息中心 Domain name transaction monitoring and managing method and device based on block chain
CN109934005A (en) * 2019-03-15 2019-06-25 北京物资学院 A kind of degree confirmation system and authentication method based on block chain

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107103473A (en) * 2017-04-27 2017-08-29 电子科技大学 A kind of intelligent contract implementation method based on block chain
KR20190050163A (en) * 2017-11-02 2019-05-10 주식회사 케이티 Mutual Finance Platform and Implement Method thereof based on Block Chain
CN108961052A (en) * 2018-06-25 2018-12-07 百度在线网络技术(北京)有限公司 Verification method, storage method, device, equipment and the medium of block chain data
CN109508561A (en) * 2018-10-18 2019-03-22 中钞信用卡产业发展有限公司杭州区块链技术研究院 Block chain network and right management method
CN109710689A (en) * 2018-11-26 2019-05-03 平安科技(深圳)有限公司 Enterprise's monitoring and managing method, system, device, equipment and readable storage medium storing program for executing
CN109685507A (en) * 2018-12-26 2019-04-26 百度在线网络技术(北京)有限公司 The identification of transactions requests validity and initiating method, device, equipment and medium
CN109697670A (en) * 2018-12-29 2019-04-30 杭州趣链科技有限公司 A kind of public chain information screen method not influencing confidence level
CN109903164A (en) * 2019-01-03 2019-06-18 广州斯拜若科技有限公司 Private equity funds automation monitoring and managing method and system based on block chain
CN109639437A (en) * 2019-01-09 2019-04-16 山东浪潮质量链科技有限公司 Monitoring and managing method and device, equipment, medium based on trust data source
CN109919764A (en) * 2019-01-31 2019-06-21 中国互联网络信息中心 Domain name transaction monitoring and managing method and device based on block chain
CN109871263A (en) * 2019-02-25 2019-06-11 百度在线网络技术(北京)有限公司 The operation method of block catenary system, device, equipment and storage medium under line
CN109934005A (en) * 2019-03-15 2019-06-25 北京物资学院 A kind of degree confirmation system and authentication method based on block chain

Also Published As

Publication number Publication date
CN110310205A (en) 2019-10-08

Similar Documents

Publication Publication Date Title
CN110310205B (en) Block chain data monitoring method, device, equipment and medium
CN110414268B (en) Access control method, device, equipment and storage medium
CN102667712B (en) System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies
US7877614B2 (en) Process for securing the access to the resources of an information handling system (I.H.S.)
CN111143087B (en) Interface calling method, device, storage medium and server
CN110138767B (en) Transaction request processing method, device, equipment and storage medium
US20120291089A1 (en) Method and system for cross-domain data security
CN110838065A (en) Transaction data processing method and device
US11425127B2 (en) Securing application behavior in serverless computing
JP6438534B2 (en) System and method for performing secure online banking transactions
CN113111359A (en) Big data resource sharing method and resource sharing system based on information security
CN109409552A (en) Reserve access method, system, computer equipment and storage medium
CN110070360B (en) Transaction request processing method, device, equipment and storage medium
Zhang et al. Xscope: Hunting for cross-chain bridge attacks
CN112396427B (en) Cross-chain interchange operation method for general scenes
JP4363214B2 (en) Access policy generation system, access policy generation method, and access policy generation program
CN112581257A (en) Dispute service management method, system, device and medium supporting different card organizations
CN112463266A (en) Execution policy generation method and device, electronic equipment and storage medium
CN105760164B (en) Method for realizing ACL authority in user space file system
CN108052842B (en) Signature data storage and verification method and device
CN111221904A (en) Intelligent contract deployment and execution method and device, electronic equipment and storage medium
EP3718042A1 (en) Computer-implemented systems and methods for enhanced bitcoin wallets
CN116628696A (en) Vulnerability detection method based on proxy client and related equipment
Moebius et al. Modeling security-critical applications with UML in the SecureMDD approach
CN113836529A (en) Process detection method, device, storage medium and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant