CN110688664A - Authority management method, device and equipment in block chain type account book - Google Patents
Authority management method, device and equipment in block chain type account book Download PDFInfo
- Publication number
- CN110688664A CN110688664A CN201910912954.2A CN201910912954A CN110688664A CN 110688664 A CN110688664 A CN 110688664A CN 201910912954 A CN201910912954 A CN 201910912954A CN 110688664 A CN110688664 A CN 110688664A
- Authority
- CN
- China
- Prior art keywords
- account book
- data block
- authority
- block
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
A method, a device and equipment for managing authority in a block chain type account book are disclosed. Through the scheme provided in the embodiment of the specification, when a user creates a block chain type account book, an authority management account book corresponding to the block chain type account book is created, the user stores all records related to the authority change instruction in the authority management account book, meanwhile, an administrator of the block chain type account book does not have administrator authority in the authority management account book, and the authority change records cannot be deleted, so that more transparent authority management is realized for the block chain type account book.
Description
Technical Field
The embodiment of the specification relates to the technical field of information, in particular to a method, a device and equipment for managing permissions in a block chain type account book.
Background
When a centralized database server side provides services to the outside through a block chain type account book, a user with administrator permission can hide and clear some data blocks in the block chain type account book. In this manner, if the permission change record is written into the block chain ledger, it may be cleared or hidden by the administrator user, resulting in an exception to the permission management later.
Based on this, there is a need for a more transparent rights management scheme in blockchain ledgers.
Disclosure of Invention
The embodiment of the application aims to provide a more transparent authority management scheme in a block chain type account book.
In order to solve the above technical problem, the embodiment of the present application is implemented as follows:
a method for managing authority in a block chain type account book is applied to a centralized database service provider for storing data through the block chain type account book, and comprises the following steps:
receiving an instruction for creating an account book sent by a user, wherein the instruction comprises a user identifier;
creating an initial data block of a block chain type account book, and determining administrator permission of the user identification in the block chain type account book, wherein the initial data block contains the user identification;
and creating an authority management account book for recording authority change records, and determining the non-administrator authority of the user identification in the authority management account book.
Correspondingly, an embodiment of the present specification further provides an authority management apparatus in a block chain type account book, which is applied to a centralized database service provider that stores data through the block chain type account book, where the apparatus includes:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving an instruction for creating an account book sent by a user, and the instruction comprises a user identifier;
the system comprises a first creating module, a second creating module and a third creating module, wherein the first creating module creates an initial data block of a block chain type account book and determines the administrator authority of the user identifier in the block chain type account book, and the initial data block contains the user identifier;
and the second creating module is used for creating an authority management account book for recording the authority change record and determining the non-administrator authority of the user identifier in the authority management account book.
Through the scheme provided in the embodiment of the specification, when a user creates a block chain type account book, an authority management account book corresponding to the block chain type account book is created, the user stores all records related to the authority change instruction in the authority management account book, meanwhile, an administrator of the block chain type account book does not have administrator authority in the authority management account book, and the authority change records cannot be deleted, so that more transparent authority management is realized for the block chain type account book.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of embodiments of the invention.
In addition, any one of the embodiments in the present specification is not required to achieve all of the effects described above.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present specification, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a schematic flowchart of a method for managing permissions in a block-chained ledger according to an embodiment of the present specification;
fig. 2 is a schematic diagram of a block header of a data block provided in an embodiment of the present specification;
FIG. 3 is a schematic diagram of a process for constructing a suppressed data record according to an embodiment of the present description;
fig. 4 is a schematic structural diagram of a rights management apparatus in a block chain ledger provided by an embodiment of the present specification;
fig. 5 is a schematic structural diagram of an apparatus for configuring a method according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present specification, the technical solutions in the embodiments of the present specification will be described in detail below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of protection.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings. As shown in fig. 1, fig. 1 is a schematic flowchart of a method for managing permissions in a block chain type ledger provided in an embodiment of the present specification, and is applied to a centralized database service provider that stores data in the block chain type ledger, where the process specifically includes the following steps:
s101, receiving an instruction for creating an account book sent by a user, wherein the instruction comprises a user identifier.
In the database server, the user may send an instruction to create the ledger. For example, NEW (LGNAME, Admin, UserID), where LGNAME is the name of the account book, "Admin" represents the administrator authority specified by the user, and "UserID" is the user identifier specified by the user as the account book with the administrator authority, including an identity card number, a mobile phone number, or a unique client identifier. In the instruction, the "UserID" may be a set including a plurality of user ids, that is, a plurality of users having administrator rights may be simultaneously specified in one account book.
S103, an initial data block of the block chain type account book is created, and the administrator permission of the user identification in the block chain type account book is determined.
And the database server receives an instruction for creating the account book. I.e. create an ledger named "LGNAME". In the embodiment of the present specification, since the ledger is block-chained (i.e. a plurality of data blocks are chained in sequence), actually, for a newly created ledger, only one initial data block needs to be created at this time. The subsequent data blocks are generated in sequence after a certain blocking condition is reached.
The data block in the block chain type account book can comprise a block head and a block body. The block body can be used for storing plaintext of splicing data, or hash values of the splicing data, and the like; the block header may be used to store metadata about the data block, such as a version number of the ledger, a hash value of a previous data block, a root hash value of a merkel tree composed of the concatenated data in the data block itself, a hash value of the data block itself, a state array for recording an operated state of the concatenated data, and the like. As shown in fig. 2, fig. 2 is a schematic diagram of a block header of a data block according to an embodiment of the present disclosure.
The block height of the data block can be counted by using the natural sequence N, and when N is equal to 1, the data block at this time is the initial data block. In the initial data block, since there is no previous data block, the hash value and the block height of the initial data block may be given based on a preset manner. For example, the initial data block contains no data record, the hash value is any given hash value, and the block height blknum is 0.
Meanwhile, initial configuration information specified by a user may also be written in the initial data block, for example, the user identification in the instruction is written in the block header or the block body of the initial data block. In this manner, the hash value of the data chunk may be a hash value obtained by hashing a chunk header/chunk containing the user identification.
When N >1, since the content and hash value of the previous data block have already been determined, at this time, the hash value of the current data block (nth data block) may be generated based on the hash value of the previous data block (i.e., nth-1 data block), for example, one possible way is to determine the hash value of each data record to be written into the nth data block, generate a mercker tree in the order of arrangement in the blocks, concatenate the root hash value of the mercker tree with the hash value of the previous data block, and generate the hash value of the current block again using the hash algorithm. For example, the hash value of the data block may be generated by concatenating the data records in the order of the data records in the block and hashing the concatenated data records to obtain the hash value of the entire data record, concatenating the hash value of the previous data block and the hash value of the entire data record, and performing a hash operation on the concatenated string.
After the user successfully uploads the data, the hash value of the corresponding data record and the hash value of the located data block can be obtained and stored, and integrity verification can be initiated based on the hash values.
The integrity verification comprises integrity verification of a data block, namely, reconstructing a Mercker tree according to the hash values of data records in the data block, calculating a root hash value of the Mercker tree, recalculating the hash value of the data block according to the root hash value of the Mercker tree and the hash value of the previous data block, and performing consistency comparison with the hash value of the data block saved in advance.
The integrity verification may also include integrity verification for several consecutive data blocks, i.e. the hash value of a data block is recalculated from the root hash value of the merkel tree stored in the block header of the data block and the hash value of the previous data block and compared with the hash values of the previously stored data blocks.
By the above-mentioned manner of generating data blocks, each data block is determined by a hash value, and the hash value of the data block is determined by the content and the sequence of data records in the data block and the hash value of the previous data block. The user can initiate integrity verification based on the hash value of the data block at any time, and modification of any content in the data block (including modification of data record content or sequence in the data block) can cause inconsistency between the hash value of the data block calculated during verification and the hash value generated during data block generation, so that verification failure is caused, and centralized non-tampering is realized.
In this account, the user id included in the command will be used as the originator of the account and assigned the corresponding administrator authority. Specifically, the administrator rights have at least the rights of inquiry, authentication, clearing, and hiding. While the general user only has inquiry and verification rights and does not have clearing and hiding rights.
In the embodiment of the present specification, the clearing operation may be performed as follows:
for example, the user specifies the account book name and the block height, and the database server determines that the data blocks before the block height are all the data blocks that need to be cleared based on the block height, and then clears the data blocks that are determined to need to be cleared, which may be specifically implemented by a clear command PURGE (lgid, d-a, blkbound).
For another example, the user specifies the book ID and the time point, the database server determines the last generated data block before the time point based on the time point, determines all the data blocks generated before the data block as the data blocks that need to be cleared, and then clears the data blocks that are determined to need to be cleared, which may be implemented by a clear command PURGE (i, d-a, 'timestamp').
Before the partial removal is performed, because the hash value of the first data block in the removed account book is generated based on the hash value of the previous data block, at this time, a pseudo initial data block needs to be generated, and the hash value of the pseudo initial data block is equal to the hash value of the determined last data block needing to be removed, so that errors can be avoided when verification is performed later. The hash value of the cleared last data block may be obtained by querying from a pre-established index, or may be obtained by sequentially calculating from the initial data block, or by querying from the data block.
The content of the newly generated pseudo initial data block may be empty, and some corresponding remarks may be recorded, for example, the time of generation, and the like. However, the content of the pseudo-initial data block is independent of the hash value of the pseudo-initial data block. And the server may also sign the pseudo-initial data block.
Meanwhile, in the embodiment of the present specification, the hiding operation may be performed as follows: and replacing the data record in which the information needing to be suppressed is positioned in the data block with the hash value of the data record. In this way, disclosure of the sensitive information can be stopped without disturbing smooth operation of the data block system.
Specifically, the user may directly specify the position of the information to be concealed, or in practical applications, the user may issue a concealed information instruction carrying the position information. The position information here includes the block height of the data block, the offset of the data record in the block height, the offset of the information to be suppressed in the data record, the length of the information to be suppressed, and so on.
For example, an exemplary suppress information instruction may be Occult (blkhight, txoff), under which a data record corresponding to a specified block height blkhight and a specified offset txoff is suppressed;
for another example, another exemplary instruction to hide information may be Occult (blkhight, txoff, offset, length), under which a data record is determined by the block height blkhight and the offset txoff, and information determined by the length of the beginning at the offset specified in the data record is hidden.
The information obtained by replacing or removing the hidden information is no longer used as a data record, and may be called remark information. In the process of hiding information, a feasible way is to determine a hash value of a data record in which the information to be hidden is located, splice a preset front marker character to the head of the hash value, splice a preset rear marker character to the tail of the hash value, splice remark information to the tail of the rear marker character, and then determine data formed by splicing the front marker character, the transaction hash, the rear marker character and the remark information as the hidden data record. As shown in fig. 3, fig. 3 is a schematic diagram of a process for constructing a suppressed data record according to an embodiment of the present specification.
The front marker character and the rear marker character can be specified according to actual needs. For example, the front marker character may be "0E" and the rear marker character may be "0F". The role of the pre-marker character described above is that when the data record needs to be read at a later time for verification, then the pre-marker character reveals information to the node: "the storage location stores not the plaintext content of the data record, but the hash value of the data record". At this time, the hash value can be directly read for verification. When the corresponding remark information needs to be read, the reading can be started from the rear marker character "0F", and after the sensitive information is concealed, the content in the remark information can be basically the same as the content of the data record before the concealment or can be completely empty (namely, the content of the whole data record is completely concealed).
In addition, it should be noted that the hiding of the history data record is a relatively strict operation. It often symbolizes the disclosure of some information that triggers laws and regulations or violates morals, and also often concludes that mandatory processing of information is required after adjustment or trial by multiple parties. Therefore, when performing the above-mentioned clearing operation, one possible way is to: the clear operation requires a certain signature weight. For example, only an administrator or a combination of administrators can initiate a purge operation.
And S105, creating an authority management account book for recording authority change records of the block chain account book, and determining the non-administrator authority of the user identification in the authority management account book.
And when the block chain type account book is created, the database server side creates an authority management account book for recording the authority change record. The form of the authority management ledger may be the above-mentioned blockchain ledger, or may be a conventional relational or non-relational database (for example, the form of key value pair, the primary key is the identifier of the blockchain ledger, and the value is the authority change instruction).
In the authority management account book, the user identifier contained in the creation instruction no longer has the administrator authority, but only has the inquiry or verification authority. If the form of the authority management account book is also a block chain account book, the user corresponding to the user identification does not have the authority of clearing or hiding any more. In other words, the rights management ledger does not have an administrator user at the start of creation, and records in the ledger will exist independently and cannot be deleted.
It should be noted that, the authority management account book and the block chain account book are generally in a one-to-one correspondence relationship, that is, the authority change record in one block chain account book is stored in a separate corresponding authority management account book. Meanwhile, users who have inquiry and verification authorities in the block chain type account book also have inquiry and verification authorities in the authority management account book.
Specifically, in one embodiment, the users in the blockchain ledger may be translated into the authority management ledger, and the process of reducing the authority may be performed for the users having the administrator authority in the blockchain ledger while translating.
For example, assuming that the authority requirements of each group and operation are the same in both accounts, both the authority requirement 100 for deleting or hiding the operation and the inquiry or verification requirement 50 are both required. If the authority of the user A in the block chain type account book is 100 and the authority of the user B is 50, the users A and B can be translated into the authority management account book, the authority of the user A is reduced to 50, and the authority of the user B is maintained at 50, so that the user in the block chain type account book can inquire the authority management account book, but the authority management account book cannot be deleted or hidden.
Through the scheme provided in the embodiment of the specification, when a user creates a block chain type account book, an authority management account book corresponding to the block chain type account book is created, the user stores all records related to the authority change instruction in the authority management account book, meanwhile, an administrator of the block chain type account book does not have administrator authority in the authority management account book, and the authority change records cannot be deleted, so that more transparent authority management is realized for the block chain type account book.
As described above, the authority management book is mainly used for storing the authority change record. Specifically, this can be achieved by:
and the database server receives the permission change instruction sent by the user. For example, an administrator user in a blockchain ledger inputs an authority change instruction:
first, GRANT (userid, & v) gives a user weight value v corresponding to userid; i.e. a certain value of authority assigned to a certain user.
Second, GRANT ('OPRD', & v) & V, a weight value v corresponding to the operation command corresponding to the OPRD. The OPRD is an operation instruction identifier input by the user, which may include, for example, add (apend), clear (PURGE), hide (OCCULT), VERIFY (VERIFY), query (RETRIEVE), and so on. That is, the operation authority value required by each operation of the block chain type account book is changed, and the corresponding operation instruction can be executed only when the user authority value exceeds the operation authority value.
The database server side executes authority value change in the authority configuration file of the block chain type account book, and meanwhile generates an authority change record containing an authority change instruction and a user identifier for sending the authority change instruction, and further the authority change record can also contain a timestamp, a private key signature of a user and the like.
And the database server writes the permission change record into a permission management account book so as to facilitate any user to inquire. For example, other users query the right change record containing the private key signature from the right management account book, and use the public key to decrypt and obtain the corresponding right change instruction and user identifier, so that it can be known which administrator changed the weight of the user or the operation instruction.
Further, if the rights management account book is also in the form of the aforementioned block chain account book, the database server may further determine a hash value of the rights change record, and return the hash value to a sender of the rights change instruction and a user party with changed rights as a deposit certificate, so that the sender of the instruction and/or the user party with changed rights may also perform integrity verification or query on the record in the rights management account book, ensure that the integrity of the rights change instruction is not tampered, and maintain the transparency of the rights change from both the user and the database server.
Correspondingly, an embodiment of the present specification further provides a rights management apparatus in a block chain type account book, as shown in fig. 4, fig. 4 is a schematic structural diagram of the rights management apparatus in the block chain type account book provided in the embodiment of the present specification, and the rights management apparatus includes:
the receiving module 401 receives an instruction for creating an account book sent by a user, where the instruction includes a user identifier;
a first creating module 403, configured to create an initial data block of a block chain type account book, and determine administrator permission of the user identifier in the block chain type account book, where the initial data block includes the user identifier;
and a second creating module 405, configured to create an authority management ledger for recording an authority change record of the block chain ledger, and determine a non-administrator authority of the user identifier in the authority management ledger.
Further, in the apparatus, the apparatus further includes a data block generating module 407: receiving a data record to be stored sent by a user, and determining a hash value of the data record; when a preset blocking condition is reached, determining each data record to be written into the data block, and generating an Nth data block containing the hash value of the data block and the data record:
when N is 1, the hash value and the block height of the initial data block are given based on a preset mode;
and when N is greater than 1, determining the hash value of the Nth data block according to the hash values of the data records to be written in the data block and the (N-1) th data block, and generating the Nth data block comprising the hash value of the Nth data block and the data records, wherein the block height of the data block is monotonically increased based on the sequence of the blocking time.
Further, in the apparatus, the preset blocking condition includes: the number of data records to be stored reaches a number threshold; alternatively, the time interval from the last chunking time reaches a time threshold.
Further, the device further includes a writing module 409 for receiving an authority change instruction sent by a user; and generating an authority change record containing the authority change instruction, and writing the authority change record into the authority management book.
Further, in the apparatus, the apparatus further includes a sending module 411, which determines a hash value of the permission change record; and sending the hash value to a sender of the permission change instruction.
Embodiments of the present specification also provide a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the program to implement the method for managing permissions in the block chain ledger shown in fig. 1.
Fig. 5 is a schematic diagram illustrating a more specific hardware structure of a computing device according to an embodiment of the present disclosure, where the computing device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
Embodiments of the present specification also provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for managing permissions in a block-chain ledger shown in fig. 1.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
From the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present disclosure can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The systems, methods, modules or units described in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the method embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to the partial description of the method embodiment for relevant points. The above-described method embodiments are merely illustrative, wherein the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present specification. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is only a specific embodiment of the embodiments of the present disclosure, and it should be noted that, for those skilled in the art, a plurality of modifications and decorations can be made without departing from the principle of the embodiments of the present disclosure, and these modifications and decorations should also be regarded as the protection scope of the embodiments of the present disclosure.
Claims (11)
1. A method for managing authority in a block chain type account book is applied to a centralized database service provider for storing data through the block chain type account book, and comprises the following steps:
receiving an instruction for creating an account book sent by a user, wherein the instruction comprises a user identifier;
creating an initial data block of a block chain type account book, and determining administrator permission of the user identification in the block chain type account book, wherein the initial data block contains the user identification;
and creating an authority management account book for recording authority change records of the block chain account book, and determining the non-administrator authority of the user identification in the authority management account book.
2. The method of claim 1, wherein in the block-chained ledger, a data block is generated by:
receiving a data record to be stored sent by a user, and determining a hash value of the data record;
when a preset blocking condition is reached, determining each data record to be written into the data block, and generating an Nth data block containing the hash value of the data block and the data record:
when N is 1, the hash value and the block height of the initial data block are given based on a preset mode;
and when N is greater than 1, determining the hash value of the Nth data block according to the hash values of the data records to be written in the data block and the (N-1) th data block, and generating the Nth data block comprising the hash value of the Nth data block and the data records, wherein the block height of the data block is monotonically increased based on the sequence of the blocking time.
3. The method of claim 2, the preset blocking condition comprising:
the number of data records to be stored reaches a number threshold; alternatively, the first and second electrodes may be,
the time interval from the last blocking instant reaches a time threshold.
4. The method of claim 1, further comprising:
receiving an authority change instruction sent by a user;
and generating an authority change record containing the authority change instruction, and writing the authority change record into the authority management book.
5. The method of claim 4, further comprising:
determining a hash value of the permission change record;
and sending the hash value to a sender of the permission change instruction and/or a user side with changed permission.
6. An authority management device in a block chain type account book, which is applied to a centralized database service provider for storing data through the block chain type account book, the device comprises:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving an instruction for creating an account book sent by a user, and the instruction comprises a user identifier;
the system comprises a first creating module, a second creating module and a third creating module, wherein the first creating module creates an initial data block of a block chain type account book and determines the administrator authority of the user identifier in the block chain type account book, and the initial data block contains the user identifier;
and the second creating module is used for creating an authority management account book for recording authority change records of the block chain account book and determining the non-administrator authority of the user identification in the authority management account book.
7. The apparatus of claim 6, further comprising a data block generation module to:
receiving a data record to be stored sent by a user, and determining a hash value of the data record;
when a preset blocking condition is reached, determining each data record to be written into the data block, and generating an Nth data block containing the hash value of the data block and the data record:
when N is 1, the hash value and the block height of the initial data block are given based on a preset mode;
and when N is greater than 1, determining the hash value of the Nth data block according to the hash values of the data records to be written in the data block and the (N-1) th data block, and generating the Nth data block comprising the hash value of the Nth data block and the data records, wherein the block height of the data block is monotonically increased based on the sequence of the blocking time.
8. The apparatus of claim 7, the preset blocking condition comprising:
the number of data records to be stored reaches a number threshold; alternatively, the first and second electrodes may be,
the time interval from the last blocking instant reaches a time threshold.
9. The device of claim 6, further comprising a write module for receiving a permission change instruction sent by a user; and generating an authority change record containing the authority change instruction, and writing the authority change record into the authority management book.
10. The apparatus of claim 9, further comprising a sending module that determines a hash value of the permission change record; and sending the hash value to a sender of the permission change instruction and/or a user side with changed permission.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 5 when executing the program.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910912954.2A CN110688664B (en) | 2019-09-25 | 2019-09-25 | Authority management method, device and equipment in block chain type account book |
| PCT/CN2020/103584 WO2021057220A1 (en) | 2019-09-25 | 2020-07-22 | Permission management method and device for blockchain ledger, and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910912954.2A CN110688664B (en) | 2019-09-25 | 2019-09-25 | Authority management method, device and equipment in block chain type account book |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110688664A true CN110688664A (en) | 2020-01-14 |
| CN110688664B CN110688664B (en) | 2021-03-23 |
Family
ID=69110297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910912954.2A Active CN110688664B (en) | 2019-09-25 | 2019-09-25 | Authority management method, device and equipment in block chain type account book |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110688664B (en) |
| WO (1) | WO2021057220A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021057220A1 (en) * | 2019-09-25 | 2021-04-01 | 蚂蚁区块链科技(上海)有限公司 | Permission management method and device for blockchain ledger, and apparatus |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7984131B1 (en) * | 2007-06-28 | 2011-07-19 | Emc Corporation | Network configuration history tracking |
| CN107104816A (en) * | 2017-03-07 | 2017-08-29 | 阿里巴巴集团控股有限公司 | A kind of information change monitoring method and device |
| CN109063169A (en) * | 2018-08-17 | 2018-12-21 | 福建省农村信用社联合社 | A kind of customer data management system based on block chain |
| CN110022315A (en) * | 2019-03-26 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Weight management method, device and equipment in a kind of piece of chain type account book |
| CN110059087A (en) * | 2019-03-26 | 2019-07-26 | 阿里巴巴集团控股有限公司 | Data attribute identification method, device and equipment in a kind of piece of chain type account book |
| CN110147686A (en) * | 2019-04-18 | 2019-08-20 | 阿里巴巴集团控股有限公司 | A kind of storage method, system, device and the equipment of personal asset change record |
| CN110245518A (en) * | 2019-05-31 | 2019-09-17 | 阿里巴巴集团控股有限公司 | A kind of date storage method, device and equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103400067B (en) * | 2013-03-29 | 2016-08-10 | 青岛海信电器股份有限公司 | Right management method, system and server |
| CN108734029A (en) * | 2018-05-23 | 2018-11-02 | 陈萍 | A kind of approaches to IM and platform based on block chain and interspace file system |
| CN110688664B (en) * | 2019-09-25 | 2021-03-23 | 蚂蚁区块链科技(上海)有限公司 | Authority management method, device and equipment in block chain type account book |
-
2019
- 2019-09-25 CN CN201910912954.2A patent/CN110688664B/en active Active
-
2020
- 2020-07-22 WO PCT/CN2020/103584 patent/WO2021057220A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7984131B1 (en) * | 2007-06-28 | 2011-07-19 | Emc Corporation | Network configuration history tracking |
| CN107104816A (en) * | 2017-03-07 | 2017-08-29 | 阿里巴巴集团控股有限公司 | A kind of information change monitoring method and device |
| CN109063169A (en) * | 2018-08-17 | 2018-12-21 | 福建省农村信用社联合社 | A kind of customer data management system based on block chain |
| CN110022315A (en) * | 2019-03-26 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Weight management method, device and equipment in a kind of piece of chain type account book |
| CN110059087A (en) * | 2019-03-26 | 2019-07-26 | 阿里巴巴集团控股有限公司 | Data attribute identification method, device and equipment in a kind of piece of chain type account book |
| CN110147686A (en) * | 2019-04-18 | 2019-08-20 | 阿里巴巴集团控股有限公司 | A kind of storage method, system, device and the equipment of personal asset change record |
| CN110245518A (en) * | 2019-05-31 | 2019-09-17 | 阿里巴巴集团控股有限公司 | A kind of date storage method, device and equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021057220A1 (en) * | 2019-09-25 | 2021-04-01 | 蚂蚁区块链科技(上海)有限公司 | Permission management method and device for blockchain ledger, and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110688664B (en) | 2021-03-23 |
| WO2021057220A1 (en) | 2021-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109902086B (en) | Index creation method, device and equipment | |
| CN110188096B (en) | Index creating method, device and equipment for data record | |
| CN109902071B (en) | Service log storage method, system, device and equipment | |
| CN109951290B (en) | Time service authentication method, device and equipment for chain type account book | |
| CN110162662B (en) | Verification method, device and equipment for data records in block chain type account book | |
| CN110061843B (en) | Block height creating method, device and equipment in chain type account book | |
| CN110334153B (en) | Authorization method, system, device and equipment in block chain type account book | |
| CN110022315B (en) | Weight management method, device and equipment in block chain type account book | |
| CN110008743B (en) | Data attribute identification method, device and equipment in block chain type account book | |
| CN110837502B (en) | Data storage method, device and equipment in block chain type account book | |
| CN110008203B (en) | Data clearing method, device and equipment | |
| CN110474775B (en) | User creating method, device and equipment in block chain type account book | |
| CN110019278B (en) | Data verification method, device and equipment | |
| CN110347679B (en) | Data storage method, device and equipment based on receipt | |
| CN110879687B (en) | Data reading method, device and equipment based on disk storage | |
| TW202040477A (en) | Personal asset change record storage method, system, device and equipment | |
| CN110008249B (en) | Time-based data query method, device and equipment | |
| CN110046281B (en) | Data adding method, device and equipment | |
| CN111444216A (en) | Data block deleting method based on centralized block chain type account book | |
| CN110059088B (en) | Data attribute identification method, device and equipment in block chain type account book | |
| CN110688664B (en) | Authority management method, device and equipment in block chain type account book | |
| CN110059087B (en) | Data attribute identification method, device and equipment in block chain type account book | |
| CN110727679A (en) | Cooperative tracking method, system, device and equipment for court case | |
| CN111444194B (en) | Method, device and equipment for clearing indexes in block chain type account book | |
| CN110636042B (en) | Method, device and equipment for updating verified block height of server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200706 Address after: Unit 02, 20 / F, block a, building 4, Lane 838, Huangpi South Road, Huangpu District, Shanghai 200025 Applicant after: Ant blockchain Technology (Shanghai) Co., Ltd Address before: 801-11, Section B, 8th floor, No. 556, Xixi Road, Xihu District, Hangzhou City, Zhejiang Province Applicant before: Alipay (Hangzhou) Information Technology Co.,Ltd. |
|
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40024020 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |