CN110334525B - Block chain based multi-layer alliance type account management system and method - Google Patents
Block chain based multi-layer alliance type account management system and method Download PDFInfo
- Publication number
- CN110334525B CN110334525B CN201910434697.6A CN201910434697A CN110334525B CN 110334525 B CN110334525 B CN 110334525B CN 201910434697 A CN201910434697 A CN 201910434697A CN 110334525 B CN110334525 B CN 110334525B
- Authority
- CN
- China
- Prior art keywords
- account
- layer
- organization
- intelligent contract
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The invention discloses a block chain-based multilayer alliance type account management system, which comprises a plurality of hierarchies of architectures, wherein organizations of each layer are established according to the hierarchy of the architectures, each organization has an own account book, and account data of each organization are respectively stored in the respective account book; wherein the hierarchy is from top to bottom: the system comprises a system management layer, a service body layer, a merchant layer and a user layer. The system belongs to a alliance type organization form, and each layer can create a plurality of organizations or allow new organizations to be added; the high-level provides service for the low-level and organizes data, and the account book is limited, shared or modified through an intelligent contract; when a new organization needs to join the alliance, only the organization node of the organization needs to be established and the intelligent contract needs to be installed after the alliance agreement is obtained, and the expansibility of the system is greatly improved.
Description
Technical Field
The invention belongs to the technical field of blockchain, and particularly relates to a blockchain-based multilayer alliance type account management system.
Technical Field
In the business activity and company internal management process, the problem of authority control is inevitably encountered, in order to meet the business requirements of the system in each application scene and improve the safety performance of the system, the authority needs to be distinguished for different organizations and different roles participating in the block chain system, and all point accounts are systematically managed by adopting a multi-layer architecture management mode.
When the blockchain technology is applied to more complex scenes, the participants of the blockchain technology are often enterprises, organizations and the like in the industry, and the authority of the participants in the area chain needs to be managed more carefully due to the factors of security, performance and the like.
The current technology for solving account authority management is that different role control fields are added in a database for different roles, the values of the fields are different and represent different authorities, when a user accesses a method in a system, the system can judge whether the authority is met, and then the user selects to release or send out a warning and prevents a program from being continuously executed, so that the authority management is realized.
However, in the prior art, if the database is attacked, the permission field is modified, which easily causes the loss of control of the permission of the whole system, the method has high requirement on the security of the database, and the improvement of the security of the system also increases the maintenance cost. For example, the existing scoring system mainly depends on a database to store all historical transaction information, when the historical information and account data are attacked, the historical information and the account data are probably modified or cleared, and the security cannot be completely guaranteed; errors in the centralized database can affect the operation of the entire system.
In addition, if the account with the authority to access the database maliciously modifies the information in the database, irreversible influence can be caused, and the previous data cannot be retrieved again; if this problem is to be solved, multiple backups of the database are required, which also increases the maintenance cost of the database.
Disclosure of Invention
Based on the above defects in the prior art, an object of the present invention is to provide a block chain-based multi-layer federation type account management system, so as to solve the problems of poor organizational extensibility and low security of the existing account management system.
In order to solve the above technical problem, in an aspect of the present invention, there is provided a block chain-based multi-layer federation type account management system, where the account management system includes a plurality of hierarchical levels of architecture, and organizations of each level are created according to the hierarchy of the architecture, each organization has its own account book, and account data of each organization is stored in its own account book.
Further, the hierarchy is from top to bottom:
the system management layer is used for managing all organizations and all accounts;
the service body layer is used for managing various customized services to merchants or users;
a merchant layer for using the service of the upper layer and providing the service to the user, that is, the next layer uses the service provided by the upper layer and provides the service to the next layer;
and the user layer is used for inquiring the user account information.
Further, when a new organization needs to be added at a certain level of the alliance type account management system, a new account book is created, and the organization is endowed with an intelligent contract method which is authorized to be called in the account book.
Furthermore, the account usage rights of each organization in the formed four-layer architecture are different, wherein the whole system only has one system management account, has the highest right of the account right management system, can call all methods in the intelligent contract, and the system management account can only issue basic points and realize the control of the total issuing amount of the points in the system by controlling the basic points; the system supports a plurality of service subject accounts and can be horizontally expanded, each service subject account corresponds to an independent commercial service, can receive basic points issued to the service subject account by a system management account, can issue the basic points to merchants through customized rules, and can also issue the points to common users through customized rules, and the service subject accounts have information statistics query functions corresponding to the service subject accounts; the system supports a plurality of merchant accounts, can receive basic points issued by a system management account or a certain service main body account, can issue the points to a common user through a custom rule, has the information statistics query function of the merchant, and uses the points to transfer accounts according to a set rule when transacting with the service main body; the user account can receive points issued by the service agent or the merchant and transfer money with the merchant.
Further, the process of adding an organization in an existing hierarchy includes:
updating an original channel configuration file, adding a new organization into the channel configuration file, starting a new organization node, and adding the node into a channel;
newly adding an intelligent contract, and endowing the intelligent contract with a method authority which can be called by a new organization;
installing a new intelligent contract, initializing the intelligent contract and setting an endorsement policy of the intelligent contract.
Further, the method for managing the credit management of the account by the system comprises the following steps:
creating a basic point account, and creating the basic point by transmitting a basic point number, a basic point balance, an account creating object and an account type class;
basic point issuing, namely issuing points through nine parameter classes, namely a channel name for receiving basic points, an intelligent contract name, an account number for receiving the basic points, a line for issuing the basic points, description information, time for issuing the basic points, a channel, a transaction number and an account transaction type;
the basic point transaction is carried out by transmitting ten parameters of a channel name of an account to be accepted, an intelligent contract name, an account to be transferred, an account to be accepted, transfer accounts, transfer description, transaction time, channels, transaction numbers and account transaction types;
inquiring a basic point account, and inquiring by transmitting a basic point number;
and inquiring transaction history of the basic point account by transmitting a basic point number.
Furthermore, the intelligent contract comprises a service layer, an entry layer and a physical layer, wherein the service layer is specified by all service rules and is a combination of data and logic of the physical layer, and the physical layer provides a structure body and a method for reading and writing a database for the service layer, wherein only one entry layer is added when an organization is added, and if the service is changed, only the corresponding method in the service layer is modified.
According to another aspect of the present invention, there is also provided a method for block chain based multi-layer federation type account management, the method including:
setting different architecture levels, wherein different levels have different management authorities;
establishing organizations of each layer according to the architecture level, wherein each organization has an own account book, and the account data of each organization are respectively stored in the respective account book;
when a new organization needs to be added at a certain level of the alliance type account management system, a new account book is created, and the organization is endowed with an intelligent contract method which is authorized to be called in the account book.
Further, the architecture hierarchy comprises four layers of organization architectures from top to bottom, wherein accounts in the organizations are respectively a system management account, a service subject account, a merchant account and a user account, and the system management account is used for issuing basic points and performing total amount control on the issued basic points; the service agent account is used for purchasing basic points from the system management account, issuing the basic points to the merchant through a customized rule, and has a corresponding information statistics query function; the merchant account is used for receiving the basic points issued to the system management account or a certain service subject account, issuing the basic points to the user account through a self-defined rule, and having the information statistics and query function of a corresponding merchant; the user account is positioned at the bottom layer, receives the basic points issued by the service agent account or the merchant account, and uses the basic points when transacting with the merchant.
Further, the method further comprises: adding one or more new organizations to an existing hierarchy, including:
updating an original channel configuration file, adding a new organization into the channel configuration file, starting a new organization node, and adding the node into a channel;
newly adding an intelligent contract, and endowing the intelligent contract with a method authority which can be called by a new organization;
installing a new intelligent contract, initializing the intelligent contract and setting an endorsement policy of the intelligent contract.
Compared with the prior art, the block chain-based multi-layer alliance type account management system and method disclosed by the invention have the following technical effects:
(1) the block chain-based multi-layer alliance type account authority management system can meet the requirements of more complex business services, can accommodate service agents with different service contents, can meet the authority management requirements of different business services on the scoring system, and can ensure the stability and the safety of an account system.
(2) The intelligent contract of the system adopts a three-layer architecture with low coupling degree, which is respectively an entrance layer, a business layer and a physical layer; the business layer provides all public methods for the entrance layer, the entity layer provides a structure body and a method for reading and writing the database for the business layer, and the business layer and the entity layer are the same for the entrance layer; when there is a change in the service, it is only necessary to modify the corresponding method in the service layer, and it is not necessary to modify the method in the physical layer.
(3) In the system of the invention, when an organization needs to be added, because all public methods provided by the service layer are the same, only one entrance is added, and the public method in the service layer within the authority range is given to the entrance according to the authority of the organization.
(4) In the system of the invention, each organization has a plurality of nodes and a plurality of users, the intelligent contract is divided into a plurality of entry files according to different organizations, different entry files are selected to have different access authorities, an entry file is newly added, the organization is endowed with an intelligent contract method which is called by the authority in the file, and then the entry file is taken as an installation path to install and instantiate the intelligent contract.
Drawings
Fig. 1 is an architecture diagram of a block chain based multi-layer federation account management system according to an embodiment of the present invention.
Fig. 2 is a schematic flowchart of point management of each tier of accounts according to the embodiment of the present invention.
Fig. 3 is a flowchart of a block chain based multi-layer federation account management method according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Referring to fig. 1, an embodiment of the present invention discloses a block chain-based multi-layer federation type account management system, which includes four layers of architectures, namely a system management layer, a service body layer, a merchant layer and a user layer, where each layer of architecture has different permissions, where the permission range of the system management layer is the largest, and the permission range of the user layer is the smallest relatively in the service body layer. It should be understood by those skilled in the art that the account management system according to the embodiment of the present invention includes a four-layer architecture, but it may be an architecture more than four layers or an architecture less than four layers according to the actual requirements and the division of the functions of the layers.
Specifically, the whole system only has one system management account, has the highest authority of the account authority management system, and can call all methods in the intelligent contract, the system management account is the only one which can issue the basic integral, and the control of the total issuing amount of the integral in the system is realized by controlling the basic integral; the system supports a plurality of service subject accounts and can be horizontally expanded, each service subject account corresponds to an independent commercial service, can receive basic points issued to the service subject account by a system management account, can issue the basic points to merchants through customized rules, and can also issue the points to common users through customized rules, and the service subject accounts have information statistics query functions corresponding to the service subject accounts; the system supports a plurality of merchant accounts, can receive basic points issued by a system management account or a certain service main body account, can issue the points to a common user through a user-defined rule, has the information statistics query function of the merchant, and uses the points to deduct the transaction according to a set rule when the transaction is carried out with the service main body; and the user account can receive points issued by the service body or the merchant and is used when the transaction is carried out with the merchant.
Each architecture level is created with organizations of each layer, each organization has an own account book, and account data of each organization are respectively stored in the respective account book.
Specifically, taking a four-layer architecture as an example, accounts in the four-layer architecture hierarchy include from top to bottom:
the system management account corresponds to the system management layer and is used for issuing the basic points and controlling the total amount of the issued basic points;
the service body account corresponds to the service body layer and is used for purchasing basic points from the system management account, issuing the basic points to a merchant or transferring the basic points to the merchant account through a self-defined rule and has a corresponding information statistics query function; for transferring funds to merchant accounts;
the system comprises a system management account, a service agent account and a merchant account, wherein the system management account is used for receiving basic points issued by the system management account or a certain service agent account, the merchant account corresponds to a merchant layer and is used for issuing the basic points to a user account through a customized rule and has the information statistics and query function of a corresponding merchant;
the user account corresponds to the user layer, receives the basic points issued by the account of the service body or the account of the merchant, uses the basic points when transacting with the merchant, and can inquire the account information of the user;
all system management account information is stored in a system management account book, all service main body account information is stored in a service main body account book, all merchant account information is stored in a merchant account book, all user account information is stored in a user account book, and accounts owned by organizations of each level are independent.
When a new organization needs to be added at a certain level of the alliance type account management system, a new account book is created, and the organization is endowed with an intelligent contract method which is authorized to be called in the account book.
Specifically, the intelligent contract of the invention adopts a three-layer architecture with low coupling degree, and comprises a service layer, an entry layer and a physical layer, wherein the service layer provides all public methods for the entry layer, the physical layer provides a structure body and a method for reading and writing a database for the service layer, and the service layer and the physical layer are the same for the entry layer, wherein only one entry layer is added when one organization is added, if the service is changed, only the corresponding method in the service layer is modified, and the method in the physical layer is not required to be modified. The method comprises the steps that an intelligent contract is created for each organization respectively at an entrance layer, a business layer and a physical layer, and in the prior art, all methods are included in one intelligent contract, and when the business is changed, the whole intelligent contract is modified.
The invention is divided into a plurality of entry files according to different organizations, for example, the entry files can be divided into four entry files, namely a user account entry, a merchant account entry, a service subject account entry and a system management account entry, and different entry files have different access rights; selecting different entry files requires the user to have different rights when accessing, and a unique method for managing the rights through the intelligent contract entry is formed. The four entry files correspond to four layers of organizations, four intelligent contracts, namely: the intelligent contracts of the users, the intelligent contracts of the merchants, the intelligent contracts of the service bodies and the intelligent contracts of the system management form a total intelligent contract. Each intelligent contract stores data of corresponding organization, and data query and statistics are facilitated.
Managing a whole set of block chain alliance systems by combining four intelligent contracts corresponding to four organizations into one large intelligent contract; for example: the methods that may be invoked within each smart contract are different. The control account management authority is achieved from more or less than the calling method; such as: the intelligent contract of the user intelligently calls methods for establishing an account and inquiring the account, but the intelligent contract of the merchant not only can establish the account and inquire the account, but also has the authority to call a method for transferring basic points, and the intelligent contract of the merchant has a higher authority range than the intelligent contract of the user; similarly, more, the service agent account has the authority to call the inquiry statistical method, and the system management account has the authority to call the method for issuing the basic point and issuing the total amount of the basic point
In the embodiment of the invention, the process of adding an organization in an existing hierarchy comprises the following steps:
updating an original channel configuration file, adding a new organization into the channel configuration file, starting a new organization node, and adding the node into a channel;
newly adding an intelligent contract, and endowing the intelligent contract with a method authority which can be called by a new organization;
installing a new intelligent contract, initializing the intelligent contract and setting an endorsement policy of the intelligent contract.
In the prior art, each time an organization is added, a new intelligent contract needs to be rewritten, each intelligent contract is completely different, and the expansibility of the organization using a block chain alliance chain is poor. In the system of the invention, when an organization needs to be added, as all public methods provided by the service layer are the same, only one entrance is added, and the public method in the service layer in the authority range is given to the entrance according to the authority of the organization; for example: in the business scenario, there are three organizations, namely, a user, a merchant, and a system management account. The user can call methods of creating an account and inquiring the account through the entrance; the merchant can call account creating, account inquiring and account transferring methods through the entrance; the system management account can call methods of creating an account, inquiring the account and issuing basic points through the entrance; if a new organization is added: the service main body merchant adds a method which is called by the service main body merchant and has authority to call in the entrance as long as a new entrance is created, wherein the method comprises the steps of creating an account, inquiring the account and transferring a money; the method for managing the authority through the entry file has strong expansibility and can be completely suitable for various service scenes.
In the embodiment of the present invention, the intelligent contract needs to specify an endorsement policy at about the time of instantiation, for example, as follows:
user intelligent contracts:
OR ('pfmsp. member', 'smctsms. member', 'mctmsp. member', 'cstmsp. member'), any of the signatures of the 4 organizations may be requested.
The intelligent contract of the merchant:
OR ('pfmsp. member', 'smctmsmsp. member', 'mctmsp. member') may request any of the signatures of the 3 organizations.
Service agent intelligent contracts: OR ('pfmsp. member', 'smctmstmsmsp. member') may request any of the signatures of the 2 organizations.
And (3) system management intelligent contracts: OR ('pfmsp. member') requesting the system to manage the signatures of this organization of accounts.
The method for managing the points by the system management account comprises the following steps:
creating a basic point account, and creating the basic point by transmitting a basic point number, a basic point balance, an account creating object and an account type class; checking the number of the incoming parameters by a CheckArgsLength () method; inquiring whether a system account exists or not through a QueryWallet () method, judging whether the account is created or not, and if so, returning an error existing in the account; judging whether the balance of the incoming basic integral is an integer or not by a strconstv.ParseInt () method; creating an account object type Wallet struct { }, including a basic point number, a basic point balance and an account type attribute, and calling a wave.Save () method to store the account object in a world state database; the account object is returned.
Basic point issuing, namely issuing points through nine parameter classes, namely a channel name for receiving basic points, an intelligent contract name, an account number for receiving the basic points, a line for issuing the basic points, description information, time for issuing the basic points, a channel, a transaction number and an account transaction type; checking the number of the incoming parameters by a CheckArgsLength () method; judging whether the transmitted quota of the issued basic point is a positive integer or not by using a strconv.ParseInt () method; calling a cross-intelligent contract calling method InvokeOtherChaincode (), calling a method CreateIncrement () for receiving the creation increment of the intelligent contract where the account is located, and creating the increment for the receiving account; and meanwhile, calling an increment creating method CreateIncrement () of the system management account to increase the same amount of line for the system account, so that the total amount of basic points is convenient to count and issue.
The basic point transaction is carried out by transmitting ten parameters of a channel name of an account to be accepted, an intelligent contract name, an account to be transferred, an account to be accepted, transfer accounts, transfer description, transaction time, channels, transaction numbers and account transaction types; determine whether the incoming transfer is an integer and is not zero by the strconstv. Calling a cross-intelligent contract calling method InvokeOtherChaincode (), calling a method CreateIncrement () for receiving the creation increment of the intelligent contract where the account is located, and creating the increment for the receiving account; printing a log; calling a method CreateIncrement () for creating an increment of the intelligent contract where the transfer-out account is located to create an increment for the transfer-out account;
inquiring a basic point account, and inquiring by transmitting a basic point number; checking the number of the incoming parameters by a CheckArgsLength () method; counting all incremental sums by a GetWallet () method; inquiring account information through QueryWallet (), judging whether an account exists, and if the account exists, increasing the increment sum of the account balance; marshal () converts the value to an account object and returns the object.
And inquiring transaction history of the basic point account by transmitting a basic point number. Checking the number of the incoming parameters by a CheckArgsLength () method; querying the transaction history in the database corresponding to the basic point number by a GetHistoryForKey () method, traversing the returned transaction history, and compiling the returned value into an account set by a json Marshal () method; the set is returned.
The network of the system is not public, if the user wants to enter the network and must obtain authorization, different organizations are created according to the account level, each organization has a plurality of nodes and a plurality of users, and the users register to obtain corresponding certificate files and key files through the account service module; when a certain user node is used for accessing a block chain network through a middle layer, an intelligent contract inlet of the authority of the node is selected to install and instantiate an intelligent contract, and at the moment, the node can verify whether a certificate has the authority or not when calling the intelligent contract; different access files are selected to limit the user to have different rights when accessing, so that a unique method for managing the rights through an intelligent contract entry is formed; the method makes the newly-added organization very simple, only needs to newly add an entry file, endows the organization with an intelligent contract method which is authorized to be called in the file, and then installs and instantiates an intelligent contract from the entry file path, thereby greatly improving the expansibility of the system.
The following describes the control process of transactions using the blockchain network according to the present invention in detail:
1. the new user uses the account service module to register for Certification Authority (CA); firstly, dividing a multilayer alliance type account authority management system based on a Fabric network into four layers of management architectures, configuring an organization relation corresponding to an account, and according to the characteristics of the system architecture and an alliance chain, (1) configuring a Fabric CA server and a client to realize MSP account authority management of the Fabric system; (2) secondly, secondary management is carried out on account management authority according to different entrances for installing and deploying the intelligent contracts; in the first account authority management method, the Fabric CA is a MemberService component in the super book Fabric, and the management of the identity certificates of each entity in the network is mainly realized as follows: the terminal is responsible for identity management of all entities in the Fabric network, including identity registration, identity logout and the like; responsible for certificate management, including issuing and deregistration of ECert (identity certificates), TCerts (transaction certificates), and the like;
2. the account service module generates a user certificate file and a private key of a user;
3. the client submits a transaction proposal, submits the request to an endorsement module of the organization, and the endorsement module verifies the transaction; in the network verification system, when a client (such as a peer) and a server (such as an orderer) are in order to establish secure connection smoothly, standard TLS handshake flows are used, and each TLS credential provides held identity verification.
4. The endorsement verification module checks an endorsement strategy, determines the correct allocation of the specified peer node, signs the private key signature of the client node user and carries the identity certificate file of the client node user, verifies the identity according to the signature, and simulates a method for executing the intelligent contract called in the request after the verification of the identity is passed; the output of the simulation is the result of the intelligent contract, which is a read set and a write set respectively; after the execution is finished, the transaction result is signed by the private key of the endorsement module and returned to the client;
in the endorsement node verification process, each transaction needs to be verified so as to ensure that no other transaction modifies the data which is read by the transaction; in other words, it is ensured that the data read after the execution approval time is not changed, so the execution result is still valid and can be submitted to the ledger status database; if the read data is altered by another transaction, the same transaction in that block is marked invalid and not applied to the state database of the ledger; the client application is alerted and may handle the error or attempt to submit the request again, if appropriate;
5. after the client receives the transaction information which is sent by one or more endorsement nodes and is signed by the endorsement nodes, judging whether the proposal request passes through, if so, initiating an update application to the ordering service module through sdk, and after the ordering service module receives the request sent by the client, receiving the transaction from all channels on the network without checking the whole content of the transaction, encapsulating the transaction of the same channel, sending the encapsulated transaction to the consensus module, and monitoring the consensus module;
6. after receiving the packaged transaction information, the consensus module sorts the transaction information according to the time sequence and then puts the transaction information into a message queue, and the consensus module ensures that the information sequence seen by all the sorting service modules is the same;
7. the sequencing service module pulls information from the message queue which is sequenced by the consensus module;
8. the sequencing service module creates blocks for one or more transactions in each channel pulled from the message queue of the consensus module, the sequencing service module sends the packed blocks to the communication modules in the organization in the channel, and the communication section module receives new blocks;
9. the set of transactions in the new block will be validated by the communication module; before the peer accounting node submits the block to a local blockchain, all transactions in the block are checked, whether all nodes needing endorsement sign the transaction result is detected according to an endorsement strategy, and the correctness of the signature is verified according to the load of the transaction. The peer then performs a version check on the read set of the transaction to ensure data integrity and risk of secondary consumption. Fabric adds the function of concurrent control of transactions in parallel execution in order to increase the throughput of the whole system, and ensures that all read data is not modified before blocks are formally committed and written into the block chain. The transaction sets in the block are marked as valid or invalid; each channel adds the generated block to the chain to which the channel belongs, and for each valid transaction, the accounting module submits the write set of the transaction to the current state database; if a transaction has been initiated because it was previously, the client application is notified that the transaction has been appended to the chain and whether the transaction is verified or invalidated.
The process of accessing the local blockchain network by a new service agent account is as follows:
updating an original channel configuration file, adding a new organization into the channel configuration file, starting a new organization node, and adding the node into a channel;
newly adding an intelligent contract, and endowing the intelligent contract with a method authority which can be called by a new organization;
installing a new intelligent contract, initializing the intelligent contract and setting an endorsement policy of the intelligent contract.
Referring to fig. 3, another embodiment of the present invention further provides a method for block chain based multi-layer federated account management, where the method includes:
a method for block chain based multi-layer federated account management is provided, the method comprising:
setting different architecture levels, wherein different levels have different management authorities;
establishing organizations of each layer according to the architecture level, wherein each organization has an own account book, and the account data of each organization are respectively stored in the respective account book;
when a new organization needs to be added at a certain level of the alliance type account management system, a new account book is created, and the organization is endowed with an intelligent contract method which is authorized to be called in the account book.
In this embodiment, taking a four-layer organization architecture as an example, accounts in an organization are respectively a system management account, a service agent account, a merchant account and a user account, where the system management account is used for issuing basic points and performing total amount control on the issued basic points; the service agent account is used for purchasing basic points from the system management account, issuing the basic points to the merchant through a customized rule, and has a corresponding information statistics query function; the system comprises a system management account, a service agent account and a merchant account, wherein the system management account or the service agent account is used for receiving basic points issued to the system management account or the service agent account, issuing the basic points to a user account through a customized rule, and having the information statistics and query function of a corresponding merchant; the user account is positioned at the bottom layer, receives the basic points issued by the service agent account or the merchant account, and uses the basic points when transacting with the merchant. Each layer has different rights.
The method further comprises the following steps: adding one or more new organizations to an existing hierarchy, including:
updating an original channel configuration file, adding a new organization into the channel configuration file, starting a new organization node, and adding the node into a channel;
newly adding an intelligent contract, and endowing the intelligent contract with a method authority which can be called by a new organization;
installing a new intelligent contract, initializing the intelligent contract and setting an endorsement policy of the intelligent contract.
The block chain-based multi-layer alliance type account authority management system and method can meet the requirements of more complex business services, can accommodate service subjects with different service contents, can meet the authority management requirements of different business services on the scoring system, and can ensure the stability and the safety of an account system.
The foregoing description shows and describes several preferred embodiments of the invention, but as aforementioned, it is to be understood that the invention is not limited to the forms disclosed herein, but is not to be construed as excluding other embodiments and is capable of use in various other combinations, modifications, and environments and is capable of changes within the scope of the inventive concept as expressed herein, commensurate with the above teachings, or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (3)
1. The block chain based multi-layer alliance type account management system is characterized by comprising the following layers of architectures:
the system management layer is used for managing all organizations and all accounts;
the service body layer is used for managing various customized services to merchants or users;
the merchant layer uses the upper-layer service and provides the service to the lower-layer user;
the user layer is used for inquiring user account information;
each level is provided with a layer of organization, each organization has an own account book, account data of each organization are respectively stored in the respective account book, when a new organization needs to be added to a certain level of the alliance type account management system, a new account book is created, and the new organization is endowed with an intelligent contract method called by the authority in the account book;
the account usage authority of each organization in the formed four-layer architecture is different, wherein the whole system only has one system management account, has the highest authority of the account authority management system, can call all methods in the intelligent contract of all levels, and the system management account is the only issuing basis integral and realizes the control of the issuing total amount of the integral in the system by controlling the basis integral; the system supports a plurality of service subject accounts and can be horizontally expanded, each service subject account corresponds to an independent commercial service, can receive basic points issued to the service subject account by a system management account, can issue the basic points to merchants and also issues the points to common users, and the service subject accounts have information statistics query functions corresponding to the service subject accounts; the system supports a plurality of merchant accounts, can receive basic points issued by a system management account or a certain service main body account, can issue points to common users, has the information statistics query function of merchants, and uses the points to transfer accounts according to established rules when transacting with the service main body; the user account can receive points issued by a service agent or a merchant and transfer transaction with the merchant;
the process of adding an organization in an existing hierarchy comprises the following steps:
updating an original channel configuration file, adding a new organization into the channel configuration file, starting a new organization node, and adding the node into a channel;
newly adding an intelligent contract, and endowing the intelligent contract with a method authority which can be called by a new organization;
installing a new intelligent contract, initializing the intelligent contract, and setting an endorsement strategy of the intelligent contract;
the intelligent contract comprises a business layer, an entry layer and a physical layer, wherein the business layer is specified by all business rules and is a combination of data and logic of the physical layer, the physical layer provides a structure body and a method for reading and writing a database for the business layer, only one entry layer is added when one organization is added, and if the business is changed, only the corresponding method in the business layer is modified.
2. The blockchain-based multi-tier federation account management system of claim 1, wherein the method of managing credit management for accounts by the system comprises:
creating a basic point account, and creating the basic point by transmitting a basic point number, a basic point balance, an account creating object and an account type class;
basic point issuing, namely issuing points through nine parameter classes, namely a channel name for receiving basic points, an intelligent contract name, an account number for receiving the basic points, a line for issuing the basic points, description information, time for issuing the basic points, a channel, a transaction number and an account transaction type;
the method comprises the following steps of basic point transaction, wherein the point transaction is carried out through ten parameters of a channel name, an intelligent contract name, an account transferring-out, an account receiving, a transfer account, a transfer description, transaction time, a channel, a transaction number and an account transaction type, wherein a cross-intelligent contract calling method InvokeOtherChaincode () is called to call a method CreateIncrement () for creating an increment of an intelligent contract where the account is located so as to create the increment for the account receiving; printing a log; calling a method CreateIncrement () for creating an increment of the intelligent contract where the transfer-out account is located to create an increment for the transfer-out account;
inquiring a basic point account, and inquiring by transmitting a basic point number, wherein all increment sums are counted by a GetWallet () method; inquiring account information through QueryWallet (), judging whether an account exists, and if the account exists, increasing the increment sum of the account balance;
and inquiring transaction history of the basic point account by transmitting a basic point number.
3. A method for block chain based multi-tier federated account management, the method comprising:
setting different architecture levels, wherein different levels have different management authorities;
establishing organizations of each layer according to the architecture level, wherein each organization has an own account book, and the account data of each organization are respectively stored in the respective account book;
when a new organization needs to be added at a certain level of the alliance type account management system, a new account book is created, and an intelligent contract method which is called by the organization in a permission mode is given to the account book;
the architecture level comprises four layers of organization architectures, wherein accounts in the organizations are respectively a system management account, a service subject account, a merchant account and a user account, wherein the system management account is used for issuing basic points and controlling the total amount of the issued basic points; the service agent account is used for purchasing basic points from the system management account, issuing the basic points to the merchant and having a corresponding information statistics query function; the merchant account is used for receiving the basic points issued by the system management account or a certain service subject account, issuing the basic points to the user account and having the information statistics query function of the corresponding merchant; the user account is positioned at the bottommost layer, receives the basic points issued by the service agent account or the merchant account, and uses the basic points when transacting with the merchant;
the method further comprises the following steps: adding one or more new organizations to an existing hierarchy, including:
updating an original channel configuration file, adding a new organization into the channel configuration file, starting a new organization node, and adding the node into a channel;
newly adding an intelligent contract, and endowing the intelligent contract with a method authority which can be called by a new organization;
installing a new intelligent contract, initializing the intelligent contract, and setting an endorsement strategy of the intelligent contract;
the intelligent contract comprises a business layer, an entry layer and a physical layer, wherein the business layer is specified by all business rules and is a combination of data and logic of the physical layer, the physical layer provides a structure body and a method for reading and writing a database for the business layer, only one entry layer is added when one organization is added, and if the business is changed, only the corresponding method in the business layer is modified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910434697.6A CN110334525B (en) | 2019-05-23 | 2019-05-23 | Block chain based multi-layer alliance type account management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910434697.6A CN110334525B (en) | 2019-05-23 | 2019-05-23 | Block chain based multi-layer alliance type account management system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110334525A CN110334525A (en) | 2019-10-15 |
| CN110334525B true CN110334525B (en) | 2020-06-12 |
Family
ID=68139800
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910434697.6A Active CN110334525B (en) | 2019-05-23 | 2019-05-23 | Block chain based multi-layer alliance type account management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110334525B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111368311A (en) * | 2020-02-17 | 2020-07-03 | 深圳壹账通智能科技有限公司 | Block chain-based point management method and related device |
| CN112258180A (en) * | 2020-10-19 | 2021-01-22 | 上海卓钢链科技有限公司 | Community system based on alliance chain |
| CN112564913A (en) * | 2020-11-26 | 2021-03-26 | 中国船舶工业系统工程研究院 | Hierarchical management system, method and medium based on alliance chain |
| CN113411383B (en) * | 2021-06-11 | 2022-12-06 | 深圳市好实再科技有限公司 | Commodity information query method and system based on block chain and storage medium |
| CN114172735B (en) * | 2021-12-11 | 2023-07-14 | 中国人民解放军战略支援部队信息工程大学 | Double-chain hybrid block chain data sharing method and system based on intelligent contracts |
| CN114185997B (en) * | 2022-02-17 | 2022-05-13 | 天津眧合数字科技有限公司 | Pet information credible storage system based on block chain |
| CN115309433B (en) * | 2022-10-12 | 2022-12-20 | 江苏移动信息系统集成有限公司 | Intelligent contract upgrading method and system based on block chain for role authority management |
| CN116346500B (en) * | 2023-05-10 | 2023-08-08 | 飞天诚信科技股份有限公司 | Method and system for realizing account control authority management through intelligent contracts |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108173850A (en) * | 2017-12-28 | 2018-06-15 | 杭州趣链科技有限公司 | A kind of identity authorization system and identity identifying method based on block chain intelligence contract |
| CN109523427A (en) * | 2018-10-31 | 2019-03-26 | 广州乐快信息科技有限公司 | A kind of operation system of intelligence gymnasium service management |
| CN109639689A (en) * | 2018-12-18 | 2019-04-16 | 陕西医链区块链集团有限公司 | A kind of more integral management systems of EOS block chain and its implementation |
| CN109743328A (en) * | 2019-01-17 | 2019-05-10 | 杭州趣链科技有限公司 | A kind of open cloud service platform of block chain |
| CN109743406A (en) * | 2019-02-26 | 2019-05-10 | 北京工业大学 | A kind of Internet of Things trust data service model based on block chain |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107239940A (en) * | 2017-05-11 | 2017-10-10 | 北京博晨技术有限公司 | Network trading method and device based on block catenary system |
| CN107147735B (en) * | 2017-05-12 | 2020-08-11 | 北京博晨技术有限公司 | Distributed account book system based on hierarchical structure |
| CN108229943B (en) * | 2018-01-19 | 2020-05-05 | 阿里巴巴集团控股有限公司 | Block chain balance adjusting method and device and electronic equipment |
| CN108629602B (en) * | 2018-05-04 | 2021-09-21 | 武汉大学 | Food quality safety management system and method based on block chain technology |
| CN108764911B (en) * | 2018-06-05 | 2021-08-03 | 北京阿尔山区块链联盟科技有限公司 | Transaction method and system for internet points |
-
2019
- 2019-05-23 CN CN201910434697.6A patent/CN110334525B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108173850A (en) * | 2017-12-28 | 2018-06-15 | 杭州趣链科技有限公司 | A kind of identity authorization system and identity identifying method based on block chain intelligence contract |
| CN109523427A (en) * | 2018-10-31 | 2019-03-26 | 广州乐快信息科技有限公司 | A kind of operation system of intelligence gymnasium service management |
| CN109639689A (en) * | 2018-12-18 | 2019-04-16 | 陕西医链区块链集团有限公司 | A kind of more integral management systems of EOS block chain and its implementation |
| CN109743328A (en) * | 2019-01-17 | 2019-05-10 | 杭州趣链科技有限公司 | A kind of open cloud service platform of block chain |
| CN109743406A (en) * | 2019-02-26 | 2019-05-10 | 北京工业大学 | A kind of Internet of Things trust data service model based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110334525A (en) | 2019-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110334525B (en) | Block chain based multi-layer alliance type account management system and method | |
| Li et al. | Privacy-preserving traffic management: A blockchain and zero-knowledge proof inspired approach | |
| Hanada et al. | Smart contracts for machine-to-machine communication: Possibilities and limitations | |
| Vo et al. | Internet of blockchains: Techniques and challenges ahead | |
| EP3884397A1 (en) | Relational data management and organization using dlt | |
| US11164165B1 (en) | Multi-asset blockchain network platform | |
| CN111919417A (en) | System, method and apparatus for implementing super communities and community sidechains for distributed ledger technology with consensus management in a cloud-based computing environment | |
| CN109522735A (en) | A kind of data permission verification method and device based on intelligent contract | |
| CN111164629A (en) | Methods, apparatus, and computer-readable media for compliance-aware tokenization and control of asset value | |
| WO2022046313A1 (en) | Cryptographic-asset collateral management | |
| CN117829826A (en) | Digital asset modeling | |
| CN114445010B (en) | Block chain-based multi-mode intermodal system and method | |
| US20220156837A1 (en) | Distributed ledger implementation for entity formation and monitoring system | |
| US11954233B2 (en) | Chaining, triggering, and enforcing entitlements | |
| KR20220093198A (en) | Execution of transactions using dedicated and open blockchains | |
| US20170300701A1 (en) | Secure and compliant execution of processes | |
| CN113711218A (en) | Collaborative intelligent constraint query and constraint computation | |
| US11775681B2 (en) | Enforcement flow for pipelines that include entitlements | |
| Ariffin et al. | The design and implementation of trade finance application based on hyperledger fabric permissioned blockchain platform | |
| CN113641759A (en) | Data privacy protection method in supply chain finance based on block chain technology | |
| CN115526553A (en) | Block chain based distributed shared warehousing system and implementation method | |
| US10839387B2 (en) | Blockchain based action and billing | |
| US20220271936A1 (en) | Method and apparatus for decentralized management of trusted data on trustless networks | |
| Bandara et al. | Modeling multi-layer access control policies of a hyperledger-fabric-based agriculture supply chain | |
| CN112350863A (en) | Decentralized access control method and system based on transaction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |