CN111369246B - Calling authentication method and device of intelligent contract, electronic equipment and storage medium - Google Patents
Calling authentication method and device of intelligent contract, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111369246B CN111369246B CN202010137898.2A CN202010137898A CN111369246B CN 111369246 B CN111369246 B CN 111369246B CN 202010137898 A CN202010137898 A CN 202010137898A CN 111369246 B CN111369246 B CN 111369246B
- Authority
- CN
- China
- Prior art keywords
- authentication
- target account
- target
- interface
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The application provides a call authentication method, a call authentication device, electronic equipment and a storage medium of an intelligent contract, wherein the method comprises the following steps: acquiring a calling transaction sent by a target account, wherein the calling transaction is used for requesting to call a target interface of an intelligent contract in a blockchain network; responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract; under the condition that the target account passes the first authentication, adopting second authentication information of the intelligent contract to carry out second authentication on the target account; and under the condition that the target account passes the second authentication, determining that the target account has the authority for calling the target interface. The embodiment of the application is beneficial to improving the authentication efficiency when the user invokes the intelligent contract.
Description
Technical Field
The present disclosure relates to the field of blockchain technologies, and in particular, to a method, an apparatus, an electronic device, and a storage medium for authenticating invocation of an intelligent contract.
Background
The rising of the bit coin drives the development of a blockchain technology, and the blockchain is a distributed shared account book and database, and has the characteristics of decentralization, incapability of tampering, whole-course trace, traceability, collective maintenance, openness, transparency and the like. Rights management is core content of a blockchain, calling authentication strategies of intelligent contracts of a plurality of blockchain platforms are coupled with service logic, authentication strategy codes and service logic codes belong to the same intelligent contract, and when the calling of the intelligent contract is authenticated, the authentication strategy codes and the service logic codes are required to be executed, so that the authentication efficiency is lower.
Disclosure of Invention
Aiming at the technical problems, the application provides a calling authentication method, a device, electronic equipment and a storage medium of an intelligent contract, which are beneficial to improving the authentication efficiency when a user calls the intelligent contract.
To achieve the above object, a first aspect of an embodiment of the present application provides a method for authenticating invocation of an intelligent contract, the method including:
acquiring a calling transaction sent by a target account, wherein the calling transaction is used for requesting to call a target interface of an intelligent contract in a blockchain network;
responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract;
Under the condition that the target account passes the first authentication, adopting second authentication information of the intelligent contract to carry out second authentication on the target account;
and under the condition that the target account passes the second authentication, determining that the target account has the authority for calling the target interface.
With reference to the first aspect, in a possible implementation manner, the performing first authentication on the target account with the first authentication information of the smart contract includes:
detecting whether the first authentication information designates an account with the calling authority of the target interface;
if not, determining that the target account does not pass the first authentication, and ending the current processing; if the target account is included in the specified account with the calling authority of the target interface, determining that the target account passes the first authentication;
detecting whether the first authentication information designates an interface of which the target account has calling authority;
if not, determining that the target account does not pass the first authentication, and ending the current processing; and if the designated interface with the calling authority of the target account comprises the target interface, determining that the target account passes the first authentication.
With reference to the first aspect, in a possible implementation manner, the performing the second authentication on the target account with the second authentication information of the smart contract includes:
detecting whether the second authentication information designates an account without the calling authority of the target interface;
if not, determining that the target account passes the second authentication; if the target account is included in the account which is appointed and does not have the calling authority of the target interface, determining that the target account does not pass the second authentication, and ending the current processing;
detecting whether the second authentication information designates an interface of which the target account does not have calling authority;
if not, determining that the target account passes the second authentication; if the target interface is included in the interface which is appointed and does not have the calling authority, determining that the target account does not pass the second authentication, and ending the current processing.
With reference to the first aspect, in a possible implementation manner, after determining that the target account has the right to make a call to the target interface, the method further includes:
sending the calling transaction to an intelligent contract virtual machine for execution;
And packaging the information of the target account passing the authentication in the call transaction, and synchronizing the information in the blockchain network.
With reference to the first aspect, in a possible implementation manner, the call transaction includes a digital certificate of the target account; before first authenticating the target account with the first authentication information of the smart contract, the method further includes:
verifying the digital certificate;
under the condition that the digital certificate fails to verify, a prompt message of verification failure is returned to the target account; and under the condition that the digital certificate is successfully verified, executing the operation of performing first authentication on the target account by adopting the first authentication information of the intelligent contract.
With reference to the first aspect, in a possible implementation manner, each piece of information in the first authentication information and the second authentication information is a doublet, and each doublet is composed of account information and interface information.
A second aspect of the embodiments of the present application provides an apparatus for authenticating invocation of an intelligent contract, the apparatus including:
the system comprises a call acquisition module, a target account acquisition module and a control module, wherein the call acquisition module is used for acquiring a call transaction sent by the target account, and the call transaction is used for requesting to call a target interface of an intelligent contract in a blockchain network;
The first authentication module is used for responding to the calling transaction and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract;
the second authentication module is used for carrying out second authentication on the target account by adopting second authentication information of the intelligent contract under the condition that the target account passes the first authentication;
and the authentication passing module is used for determining that the target account has the right of calling the target interface under the condition that the target account passes the second authentication.
A third aspect of embodiments of the present application provides an electronic device, including an input device, an output device,
a processor adapted to implement one or more instructions; the method comprises the steps of,
a computer storage medium storing one or more instructions adapted to be loaded by the processor and to perform the call authentication method of the smart contract described above.
A fourth aspect of the embodiments provides a computer storage medium storing one or more instructions adapted to be loaded by a processor and to perform the above-described call authentication method of a smart contract.
The scheme of the application at least comprises the following beneficial effects: compared with the prior art, the method and the device have the advantages that the calling transaction sent by the target account is obtained, and the calling transaction is used for requesting to call the target interface of the intelligent contract in the blockchain network; responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract; under the condition that the target account passes the first authentication, adopting second authentication information of the intelligent contract to carry out second authentication on the target account; and under the condition that the target account passes the second authentication, determining that the target account has the authority for calling the target interface. Because the authentication policy of the intelligent contract is decoupled from the service logic, an authentication policy is added for each deployed intelligent contract, and when the user calls the intelligent contract to authenticate, only an authentication policy code is needed to be executed, thereby being beneficial to improving the authentication efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a network system architecture diagram provided in an embodiment of the present application;
FIG. 2 is a schematic flow chart of a method for calling and authenticating an intelligent contract according to an embodiment of the present application;
fig. 3 is an exemplary diagram of decoupling an authentication policy from service logic according to an embodiment of the present application;
fig. 4 is an exemplary diagram of first authentication information and second authentication information provided in an embodiment of the present application;
FIG. 5 is a flowchart illustrating another method for authenticating invocation of an intelligent contract according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an intelligent contract invoking authentication device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
The terms "comprising" and "having" and any variations thereof, as used in the specification, claims and drawings, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus. Furthermore, the terms "first," "second," and "third," etc. are used for distinguishing between different objects and not for describing a particular sequential order.
The network system architecture to which the schemes of embodiments of the present application may be applied is first described by way of example with reference to the accompanying drawings. Referring to fig. 1, fig. 1 is a network system architecture provided in an embodiment of the present application, as shown in fig. 1, a plurality of nodes exist in a network system, including, but not limited to, a user terminal 101, a server 102, and a digital certificate authority 103, each node includes a hardware layer, a middle layer, an operating system layer, and an application layer, and the plurality of nodes form a blockchain network. The server 102 is connected to the user terminal 101 and the digital certificate authority 103 through a network, and the user terminal 101 may be understood as a terminal such as a mobile phone, a computer, a wearable device, or a client installed on the terminal, for example: game clients, video clients, social software clients, rental clients, and the like. The server 102 may be an intelligent contract server or other servers in the blockchain network, and is mainly used for executing authentication operation for the call transaction sent by the user terminal 101 when the user calls the intelligent contract in the application, the digital certificate authentication mechanism 103 may provide digital certificates for all nodes accessing the blockchain network, and the server 102 may verify identities of all nodes in the blockchain network by using the digital certificates provided by the digital certificate authentication mechanism 103, so as to ensure the security of transactions in the blockchain network.
In the blockchain network shown in fig. 1, each node stores a same blockchain, each block in the blockchain is composed of a block header and a block body, the block header of the initial block stores an input information characteristic value, a version number, a time stamp and a difficulty value, the block body stores input information, the next block of the initial block takes the initial block as a father block, and the block header stores a block header characteristic value of the father block in addition to the input information characteristic value, the version number, the time stamp and the difficulty value of the current block, so that it can be known that the block data stored in each block in the blockchain are associated with the block data stored in the father block.
Some terms that may be involved in embodiments of the present application are described below:
digital certificates, issued by the digital certificate authority 103, may be used to prove information legitimacy, and digital certificate content may include version, serial number, signature algorithm type, issuer information, validity period, issuer, issued public key, CA digital signature, and other information.
Intelligent contracts, a computer protocol aimed at propagating, verifying or executing contracts in an informationized manner, triggering automatic execution after meeting set program conditions, are used for completing automated transactions according to actual business demand codes, and are not limited to executing contracts for transactions, but also executing contracts for processing received information.
Based on the above description, please refer to fig. 2, fig. 2 is a flowchart of a method for calling and authenticating an intelligent contract provided in an embodiment of the present application, where the method for calling and authenticating an intelligent contract is executed by the server 102, as shown in fig. 2, and includes steps S21-S24:
s21, acquiring a calling transaction sent by a target account, wherein the calling transaction is used for requesting to call a target interface of an intelligent contract in a blockchain network.
In this embodiment of the present application, the target account refers to an account used on the user terminal 101, the calling transaction may be understood as a calling request, the target interface refers to a certain interface in the smart contracts that the target account needs to call when processing the actual service, and optionally, there may be multiple smart contracts in the blockchain network, where the smart contract refers to a target smart contract that the user needs to call when processing the actual service, for example: an intelligent contract that a user makes with an insurance agency after the insurance agency purchases an insurance, an intelligent contract that a user makes with a factory after the user purchases equipment at a factory, etc., the intelligent contract may include a plurality of interfaces, such as: interface a, interface B, interface C, the user can send a call transaction for a certain interface to the server 102 using the target account through the user terminal 101.
S22, responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract.
In a specific embodiment of the present application, as shown in fig. 3, an authentication policy is added for each deployed intelligent contract in the blockchain network, where the authentication policy may be dynamically set by an intelligent contract deployer, and a separate authentication executing operation is further added before the intelligent contract virtual machine to implement decoupling of the authentication policy and service logic, so that when the authentication policy changes, there is no need to redeploy the intelligent contract, and the application layer does not need to perform operations such as data migration between new and old contracts, or simultaneously manage both new and old contracts, so as to reduce development and maintenance difficulty of an application program to a certain extent, and effectively avoid the occurrence of service vulnerabilities, where in fig. 3, the intelligent contract bytecode refers to a binary bytecode compiled from an intelligent contract code. As shown in fig. 4, the authentication policy of each smart contract includes first authentication information and second authentication information, each of which is stored in the form of a binary group, each binary group consisting of account information and interface information of the smart contract, for example: account 2-interface C, account 1-interface a, interface B (no account information or null is specified), etc. The first authentication information may be understood as one of the authentication policies, for example: the rejecting strategy, because the priority of the first authentication information is higher than that of the second authentication information, when the server 102 receives the calling transaction, the authentication executing operation is started, the first authentication information is firstly adopted to execute the first authentication on the target account, whether the first authentication information designates the account with the calling authority of the target interface is detected, if not, the target interface is indicated to reject to be called by any account, the target account is determined not to pass through the first authentication, the prompt of authentication failure is returned, and the authentication flow is ended; if the first authentication information has accounts with the calling authority of the target interface, and the accounts comprise target accounts, the target interface can be called by the target accounts, and the target accounts are determined to pass the first authentication. Detecting whether the first authentication information designates an interface of the target account with calling authority, if not, then rejecting the target account to call any interface of the intelligent contract, determining that the target account does not pass the first authentication, returning a prompt of authentication failure, and ending the authentication flow; if the first authentication information has an interface with the designated target account having the calling authority, and the interface with the calling authority of the target account comprises the target interface, the target account can call the target interface, and the target account is determined to pass the first authentication. As shown in fig. 4, the interface B does not designate an account with the calling authority in the first authentication information, so the target account cannot call the interface B, the interface a has an account with the calling authority designated, and includes a target account, namely an account 1, the target account can call the interface a, and the same is true for the target account, which is detected to have the calling authority.
S23, under the condition that the target account passes the first authentication, second authentication is conducted on the target account by adopting second authentication information of the intelligent contract.
In a specific embodiment of the present application, the second authentication information may be understood as another one of the authentication policies, for example: the permission strategy, after the server 102 determines that the target account passes the first authentication, the second authentication information is adopted to execute the second authentication, whether the second authentication information designates the account without the calling authority of the target interface is detected, if not, the permission strategy indicates that the target interface is allowed to be called by any account, and the target account is determined to pass the second authentication; if the second authentication information has an account which is appointed to have no calling authority of the target interface, and the account which has no calling authority of the target interface comprises the target account, the target interface is indicated not to be called by the target interface, the target account is determined not to pass through the second authentication, a prompt of authentication failure is returned, and the authentication flow is ended; detecting whether the second authentication information designates an interface of which the target account does not have calling authority, if not, indicating that the target account can call any interface of the intelligent contract, and determining that the target account passes the second authentication; if the second authentication information has an interface which designates that the target account does not have the calling authority, and the interface which does not have the calling authority comprises the target interface, the target account is indicated to be incapable of calling the target interface, the target account is determined not to pass through the second authentication, a prompt of authentication failure is returned, and the authentication flow is ended. As shown in fig. 4, in the second authentication information, an account that the interface C does not have the calling authority is designated, and includes a target account, account 2, the target account cannot call the interface C, and if the interface D does not designate an account that does not have the calling authority, the target account may call the interface D, and the same is true for the target account, the interface that is detected to have no calling authority.
And S24, determining that the target account has the right to call the target interface under the condition that the target account passes the second authentication.
In a specific embodiment of the present application, under the condition that the target account passes the second authentication information, it can be finally determined that the target account has the call authority to the target interface, the received call transaction is submitted to the intelligent contract virtual machine for execution, in addition, the information of the target account passing the authentication is encapsulated in the call transaction, synchronized in the blockchain network, and the blockchain nodes are commonly identified and then broadcasted in the whole network.
It should be noted that, the above-mentioned intelligent contract virtual machine may be an ethernet virtual machine, and the network adopted by the server 102 to communicate with other nodes in the blockchain network, such as the user terminal 101, the digital certificate authority 103, etc., includes, but is not limited to, a wide area network, a local area network, and a metropolitan area network.
It can be seen that, in the embodiment of the present application, by acquiring a call transaction sent by a target account, where the call transaction is used to request to call a target interface of an intelligent contract in a blockchain network; responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract; under the condition that the target account passes the first authentication, adopting second authentication information of the intelligent contract to carry out second authentication on the target account; and under the condition that the target account passes the second authentication, determining that the target account has the authority for calling the target interface. Because the authentication policy of the intelligent contract is decoupled from the service logic, an authentication policy is added for each deployed intelligent contract, and when the user calls the intelligent contract to authenticate, only an authentication policy code is needed to be executed, thereby being beneficial to improving the authentication efficiency.
Referring to fig. 5, fig. 5 is a flowchart of another smart contract invoking authentication method according to an embodiment of the present application, as shown in fig. 5, including steps S51-S53:
s51, acquiring a calling transaction sent by a target account, wherein the calling transaction is used for requesting to call a target interface of an intelligent contract in a blockchain network;
s52, responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract;
wherein, step S52 includes:
s5201, detecting whether the first authentication information designates an account with the calling authority of the target interface;
s5202, if not specified, determining that the target account does not pass the first authentication, and ending the current process; if the target account is included in the specified account with the calling authority of the target interface, determining that the target account passes the first authentication;
s5203, detecting whether the first authentication information designates an interface with calling authority of the target account;
s5204, if not specified, determining that the target account does not pass the first authentication, and ending the current processing; if the target interface is designated and the interface with the calling authority of the target account comprises the target interface, determining that the target account passes the first authentication;
S53, under the condition that the target account passes the first authentication, adopting second authentication information of the intelligent contract to carry out second authentication on the target account;
and S54, determining that the target account has the right to call the target interface under the condition that the target account passes the second authentication.
In one possible implementation, before detecting whether the first authentication information specifies an account with the invocation authority of the target interface, the method further includes:
detecting whether an authentication switch is turned on;
if the authentication switch is turned on, executing the operation of detecting whether the first authentication information designates an account with the calling authority of the target interface; and if the authentication switch is not started, the calling transaction is sent to the intelligent contract virtual machine for execution.
In one possible implementation, the invocation transaction includes a digital certificate of the target account; before first authenticating the target account with the first authentication information of the smart contract, the method further includes:
verifying the digital certificate;
under the condition that the digital certificate fails to verify, a prompt message of verification failure is returned to the target account; and under the condition that the digital certificate is successfully verified, executing the operation of performing first authentication on the target account by adopting the first authentication information of the intelligent contract.
In the embodiment of the present application, the digital certificate of the target account is issued by the digital certificate certification authority 103, when the user terminal 101 sends a call transaction, the digital certificate can be used for signing the call transaction, the server 102 verifies whether the digital certificate of the target account is illegal or expired, and verifies whether the digital signature is consistent with the stored digital certificate, if both the digital certificates pass, the digital certificate verification is determined to be successful, otherwise, the digital certificate verification is determined to fail, prompt information of the verification failure is returned, the current process is ended, and the security of the blockchain network is improved.
It should be noted that, the embodiment shown in fig. 5 is also implemented based on the network system architecture shown in fig. 1, in which the steps are executed in no strict sequence, and the steps are described in the embodiments shown in fig. 2-4, so that repetition is avoided.
Based on the description of the embodiments of the methods of fig. 2 and fig. 5, please refer to fig. 6, fig. 6 is a schematic structural diagram of an intelligent contract invoking authentication apparatus provided in the embodiment of the present application, as shown in fig. 6, where the apparatus includes:
the call acquisition module 61 is configured to acquire a call transaction sent by a target account, where the call transaction is used to request to call a target interface of an intelligent contract in a blockchain network;
A first authentication module 62, configured to respond to the call transaction, and perform first authentication on the target account with first authentication information of the smart contract;
a second authentication module 63, configured to perform a second authentication on the target account using second authentication information of the smart contract if the target account passes the first authentication;
the authentication passing module 64 is configured to determine that the target account has a right to invoke the target interface if the target account passes the second authentication.
In one possible implementation, in terms of first authenticating the target account with the first authentication information of the smart contract, the first authentication module 62 is specifically configured to:
detecting whether the first authentication information designates an account with the calling authority of the target interface;
if not, determining that the target account does not pass the first authentication, and ending the current processing; if the target account is included in the specified account with the calling authority of the target interface, determining that the target account passes the first authentication;
detecting whether the first authentication information designates an interface of which the target account has calling authority;
If not, determining that the target account does not pass the first authentication, and ending the current processing; and if the designated interface with the calling authority of the target account comprises the target interface, determining that the target account passes the first authentication.
In one possible implementation, the second authentication module 63 is specifically configured to:
detecting whether the second authentication information designates an account without the calling authority of the target interface;
if not, determining that the target account passes the second authentication; if the target account is included in the account which is appointed and does not have the calling authority of the target interface, determining that the target account does not pass the second authentication, and ending the current processing;
detecting whether the second authentication information designates an interface of which the target account does not have calling authority;
if not, determining that the target account passes the second authentication; if the target interface is included in the interface which is appointed and does not have the calling authority, determining that the target account does not pass the second authentication, and ending the current processing.
In one possible implementation, the authentication pass module 64 is specifically further configured to:
sending the calling transaction to an intelligent contract virtual machine for execution;
and packaging the information of the target account passing the authentication in the call transaction, and synchronizing the information in the blockchain network.
In one possible implementation, the invocation transaction includes a digital certificate of the target account; the first authentication module 62 is specifically further configured to:
verifying the digital certificate;
under the condition that the digital certificate fails to verify, a prompt message of verification failure is returned to the target account; and under the condition that the digital certificate is successfully verified, executing the operation of performing first authentication on the target account by adopting the first authentication information of the intelligent contract.
In a possible implementation manner, each piece of information in the first authentication information and the second authentication information is a binary group, and each binary group is composed of account information and interface information.
It can be seen that the call authentication device of the intelligent contract provided by the embodiment of the application obtains a call transaction sent by a target account, wherein the call transaction is used for requesting to call a target interface of the intelligent contract in a blockchain network; responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract; under the condition that the target account passes the first authentication, adopting second authentication information of the intelligent contract to carry out second authentication on the target account; and under the condition that the target account passes the second authentication, determining that the target account has the authority for calling the target interface. Because the authentication policy of the intelligent contract is decoupled from the service logic, an authentication policy is added for each deployed intelligent contract, and when the user calls the intelligent contract to authenticate, only an authentication policy code is needed to be executed, thereby being beneficial to improving the authentication efficiency.
According to one embodiment of the present application, each unit in the call authentication device of the smart contract shown in fig. 6 may be separately or completely combined into one or several other units to form the call authentication device, or some (some) units may be further split into a plurality of units with smaller functions to form the call authentication device, which may achieve the same operation without affecting the implementation of the technical effects of the embodiments of the present invention. The above units are divided based on logic functions, and in practical applications, the functions of one unit may be implemented by a plurality of units, or the functions of a plurality of units may be implemented by one unit. In other embodiments of the present invention, the call authentication device of the smart contract may also include other units, and in practical applications, these functions may also be implemented with assistance of other units, and may be implemented by cooperation of multiple units.
According to another embodiment of the present application, the call authentication apparatus device of the smart contract as shown in fig. 6 may be constructed by running a computer program (including program code) capable of executing the steps involved in the respective methods as shown in fig. 2 or 5 on a general-purpose computing device such as a computer including a processing element such as a Central Processing Unit (CPU), a random access storage medium (RAM), a read-only storage medium (ROM), and the like, and the call authentication method of the smart contract of the embodiment of the present invention is implemented. The computer program may be recorded on, for example, a computer-readable recording medium, and loaded into and executed by the above-described computing device via the computer-readable recording medium.
Based on the description of the method embodiment and the device embodiment, the embodiment of the invention also provides electronic equipment. Referring to fig. 7, the electronic device includes at least a processor 71, an input device 72, an output device 73, and a computer storage medium 74. Wherein the processor 71, input device 72, output device 73, and computer storage medium 74 within the electronic device may be coupled by a bus or other means.
The computer storage medium 74 may be stored in a memory of an electronic device, the computer storage medium 74 being for storing a computer program comprising program instructions, the processor 71 being for executing the program instructions stored by the computer storage medium 74. The processor 71, or CPU (Central Processing Unit ), is a computing core as well as a control core of the electronic device, which is adapted to implement one or more instructions, in particular to load and execute one or more instructions to implement a corresponding method flow or a corresponding function.
In one embodiment, the processor 71 of the electronic device provided in the embodiments of the present application may be configured to perform a series of smart contract call authentication processes, including:
acquiring a calling transaction sent by a target account, wherein the calling transaction is used for requesting to call a target interface of an intelligent contract in a blockchain network;
Responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract;
under the condition that the target account passes the first authentication, adopting second authentication information of the intelligent contract to carry out second authentication on the target account;
and under the condition that the target account passes the second authentication, determining that the target account has the authority for calling the target interface.
In one possible example, the processor 71 executing the first authentication of the target account with the first authentication information of the smart contract includes:
detecting whether the first authentication information designates an account with the calling authority of the target interface;
if not, determining that the target account does not pass the first authentication, and ending the current processing; if the target account is included in the specified account with the calling authority of the target interface, determining that the target account passes the first authentication;
detecting whether the first authentication information designates an interface of which the target account has calling authority;
if not, determining that the target account does not pass the first authentication, and ending the current processing; and if the designated interface with the calling authority of the target account comprises the target interface, determining that the target account passes the first authentication.
In one possible example, the processor 71 executing the second authentication of the target account with the second authentication information of the smart contract includes:
detecting whether the second authentication information designates an account without the calling authority of the target interface;
if not, determining that the target account passes the second authentication; if the target account is included in the account which is appointed and does not have the calling authority of the target interface, determining that the target account does not pass the second authentication, and ending the current processing;
detecting whether the second authentication information designates an interface of which the target account does not have calling authority;
if not, determining that the target account passes the second authentication; if the target interface is included in the interface which is appointed and does not have the calling authority, determining that the target account does not pass the second authentication, and ending the current processing.
In one possible example, after determining that the target account has the right to make a call to the target interface, the processor 71 is further configured to perform:
sending the calling transaction to an intelligent contract virtual machine for execution;
And packaging the information of the target account passing the authentication in the call transaction, and synchronizing the information in the blockchain network.
In one possible example, the invocation transaction includes a digital certificate of the target account; the processor 71 is further configured to, prior to first authenticating the target account with the first authentication information of the smart contract, perform:
verifying the digital certificate;
under the condition that the digital certificate fails to verify, a prompt message of verification failure is returned to the target account; and under the condition that the digital certificate is successfully verified, executing the operation of performing first authentication on the target account by adopting the first authentication information of the intelligent contract.
In one possible example, each piece of information in the first authentication information and the second authentication information is a doublet, each doublet consisting of account information and interface information.
The electronic device may be a computer, a server, a cloud server, an edge server, or the like. The electronic devices may include, but are not limited to, a processor 71, an input device 72, an output device 73, and a computer storage medium 74. It will be appreciated by those skilled in the art that the schematic diagram is merely an example of an electronic device and is not limiting of an electronic device, and may include more or fewer components than shown, or certain components may be combined, or different components.
It should be noted that, since the steps in the above-mentioned authentication method for invoking the smart contract are implemented when the processor 71 of the electronic device executes the computer program, the embodiments or implementations of the above-mentioned authentication method for invoking the smart contract are applicable to the electronic device, and the same or similar beneficial effects can be achieved.
The embodiment of the application also provides a computer storage medium (Memory), which is a Memory device in the electronic device and is used for storing programs and data. It will be appreciated that the computer storage medium herein may include both a built-in storage medium in the terminal and an extended storage medium supported by the terminal. The computer storage medium provides a storage space that stores an operating system of the terminal. Also stored in this memory space are one or more instructions, which may be one or more computer programs (including program code), adapted to be loaded and executed by the processor 71. The computer storage medium herein may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory; alternatively, it may be at least one computer storage medium located remotely from the aforementioned processor 71. In one embodiment, one or more instructions stored in a computer storage medium may be loaded and executed by processor 71 to implement the respective steps of the call authentication method described above in connection with the smart contract; in particular implementations, one or more instructions in a computer storage medium are loaded by processor 71 and perform the steps of:
Acquiring a calling transaction sent by a target account, wherein the calling transaction is used for requesting to call a target interface of an intelligent contract in a blockchain network;
responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract;
under the condition that the target account passes the first authentication, adopting second authentication information of the intelligent contract to carry out second authentication on the target account;
and under the condition that the target account passes the second authentication, determining that the target account has the authority for calling the target interface.
In one embodiment, one or more instructions in the computer storage medium, when loaded by the processor 71, are further configured to implement the steps of:
detecting whether the first authentication information designates an account with the calling authority of the target interface;
if not, determining that the target account does not pass the first authentication, and ending the current processing; if the target account is included in the specified account with the calling authority of the target interface, determining that the target account passes the first authentication;
detecting whether the first authentication information designates an interface of which the target account has calling authority;
If not, determining that the target account does not pass the first authentication, and ending the current processing; and if the designated interface with the calling authority of the target account comprises the target interface, determining that the target account passes the first authentication.
In one embodiment, one or more instructions in the computer storage medium, when loaded by the processor 71, are further configured to implement the steps of:
detecting whether the second authentication information designates an account without the calling authority of the target interface;
if not, determining that the target account passes the second authentication; if the target account is included in the account which is appointed and does not have the calling authority of the target interface, determining that the target account does not pass the second authentication, and ending the current processing;
detecting whether the second authentication information designates an interface of which the target account does not have calling authority;
if not, determining that the target account passes the second authentication; if the target interface is included in the interface which is appointed and does not have the calling authority, determining that the target account does not pass the second authentication, and ending the current processing.
In one embodiment, one or more instructions in the computer storage medium, when loaded by the processor 71, are further configured to implement the steps of:
sending the calling transaction to an intelligent contract virtual machine for execution;
and packaging the information of the target account passing the authentication in the call transaction, and synchronizing the information in the blockchain network.
In one embodiment, one or more instructions in the computer storage medium, when loaded by the processor 71, are further configured to implement the steps of:
verifying the digital certificate;
under the condition that the digital certificate fails to verify, a prompt message of verification failure is returned to the target account; and under the condition that the digital certificate is successfully verified, executing the operation of performing first authentication on the target account by adopting the first authentication information of the intelligent contract.
In one embodiment, each piece of information in the first authentication information and the second authentication information is a doublet, and each doublet is composed of account information and interface information.
By way of example, the computer storage medium may comprise: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth.
It should be noted that, since the steps in the above-mentioned authentication method for invoking the smart contract are implemented when the computer program of the computer storage medium is executed by the processor, all embodiments or implementations of the authentication method for invoking the smart contract are applicable to the computer storage medium, and the same or similar beneficial effects can be achieved.
The foregoing has outlined rather broadly the more detailed description of embodiments of the present application, wherein specific examples are provided herein to illustrate the principles and embodiments of the present application, the above examples being provided solely to assist in the understanding of the methods of the present application and the core ideas thereof; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
Claims (7)
1. A method for call authentication of an intelligent contract, the method comprising:
acquiring a calling transaction sent by a target account, wherein the calling transaction is used for requesting to call a target interface of an intelligent contract in a blockchain network; each intelligent contract deployed in the blockchain network is added with an authentication strategy, and the authentication strategy is decoupled from service logic;
Responding to the calling transaction, and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract;
under the condition that the target account passes the first authentication, adopting second authentication information of the intelligent contract to carry out second authentication on the target account;
under the condition that the target account passes the second authentication, determining that the target account has the authority for calling the target interface;
the first authentication of the target account by using the first authentication information of the intelligent contract comprises the following steps:
detecting whether the first authentication information designates an account with the calling authority of the target interface;
if not, determining that the target account does not pass the first authentication, and ending the current processing; if the target account is included in the specified account with the calling authority of the target interface, determining that the target account passes the first authentication;
detecting whether the first authentication information designates an interface of which the target account has calling authority;
if not, determining that the target account does not pass the first authentication, and ending the current processing; if the target interface is designated and the interface with the calling authority of the target account comprises the target interface, determining that the target account passes the first authentication;
The second authentication of the target account by adopting the second authentication information of the intelligent contract comprises the following steps:
detecting whether the second authentication information designates an account without the calling authority of the target interface;
if not, determining that the target account passes the second authentication; if the target account is included in the account which is appointed and does not have the calling authority of the target interface, determining that the target account does not pass the second authentication, and ending the current processing;
detecting whether the second authentication information designates an interface of which the target account does not have calling authority;
if not, determining that the target account passes the second authentication; if the target interface is included in the interface which is appointed and does not have the calling authority, determining that the target account does not pass the second authentication, and ending the current processing.
2. The method of claim 1, wherein after determining that the target account has the right to invoke the target interface, the method further comprises:
sending the calling transaction to an intelligent contract virtual machine for execution;
and packaging the information of the target account passing the authentication in the call transaction, and synchronizing the information in the blockchain network.
3. The method of claim 1 or 2, wherein the call transaction includes a digital certificate of the target account; before first authenticating the target account with the first authentication information of the smart contract, the method further includes:
verifying the digital certificate;
under the condition that the digital certificate fails to verify, a prompt message of verification failure is returned to the target account; and under the condition that the digital certificate is successfully verified, executing the operation of performing first authentication on the target account by adopting the first authentication information of the intelligent contract.
4. The method of claim 1, wherein each of the first authentication information and the second authentication information is a doublet, each doublet consisting of account information and interface information.
5. A call authentication apparatus for an intelligent contract, the apparatus comprising:
the system comprises a call acquisition module, a target account acquisition module and a control module, wherein the call acquisition module is used for acquiring a call transaction sent by the target account, and the call transaction is used for requesting to call a target interface of an intelligent contract in a blockchain network; each intelligent contract deployed in the blockchain network is added with an authentication strategy, and the authentication strategy is decoupled from service logic;
The first authentication module is used for responding to the calling transaction and carrying out first authentication on the target account by adopting first authentication information of the intelligent contract;
the second authentication module is used for carrying out second authentication on the target account by adopting second authentication information of the intelligent contract under the condition that the target account passes the first authentication;
an authentication passing module, configured to determine that the target account has a right to invoke the target interface when the target account passes the second authentication;
in a first authentication aspect of the target account by adopting first authentication information of the intelligent contract, the first authentication module is specifically configured to:
detecting whether the first authentication information designates an account with the calling authority of the target interface;
if not, determining that the target account does not pass the first authentication, and ending the current processing; if the target account is included in the specified account with the calling authority of the target interface, determining that the target account passes the first authentication;
detecting whether the first authentication information designates an interface of which the target account has calling authority;
If not, determining that the target account does not pass the first authentication, and ending the current processing; if the target interface is designated and the interface with the calling authority of the target account comprises the target interface, determining that the target account passes the first authentication;
in a second authentication aspect of the target account using second authentication information of the smart contract, the second authentication module is specifically configured to:
detecting whether the second authentication information designates an account without the calling authority of the target interface;
if not, determining that the target account passes the second authentication; if the target account is included in the account which is appointed and does not have the calling authority of the target interface, determining that the target account does not pass the second authentication, and ending the current processing;
detecting whether the second authentication information designates an interface of which the target account does not have calling authority;
if not, determining that the target account passes the second authentication; if the target interface is included in the interface which is appointed and does not have the calling authority, determining that the target account does not pass the second authentication, and ending the current processing.
6. An electronic device comprising an input device and an output device, further comprising:
a processor adapted to implement one or more instructions; the method comprises the steps of,
a computer storage medium storing one or more instructions adapted to be loaded by the processor and to perform the call authentication method of the smart contract of any one of claims 1-4.
7. A computer storage medium storing one or more instructions adapted to be loaded by a processor and to perform the call authentication method of the smart contract of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010137898.2A CN111369246B (en) | 2020-03-02 | 2020-03-02 | Calling authentication method and device of intelligent contract, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010137898.2A CN111369246B (en) | 2020-03-02 | 2020-03-02 | Calling authentication method and device of intelligent contract, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111369246A CN111369246A (en) | 2020-07-03 |
| CN111369246B true CN111369246B (en) | 2023-06-06 |
Family
ID=71210280
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010137898.2A Active CN111369246B (en) | 2020-03-02 | 2020-03-02 | Calling authentication method and device of intelligent contract, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111369246B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116346500B (en) * | 2023-05-10 | 2023-08-08 | 飞天诚信科技股份有限公司 | Method and system for realizing account control authority management through intelligent contracts |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110138767B (en) * | 2019-05-07 | 2021-11-30 | 百度在线网络技术(北京)有限公司 | Transaction request processing method, device, equipment and storage medium |
| CN110096857B (en) * | 2019-05-07 | 2021-03-19 | 百度在线网络技术(北京)有限公司 | Authority management method, device, equipment and medium for block chain system |
| CN110310205B (en) * | 2019-06-28 | 2022-02-25 | 百度在线网络技术(北京)有限公司 | Block chain data monitoring method, device, equipment and medium |
| CN110597918A (en) * | 2019-09-23 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Account management method and device and computer readable storage medium |
-
2020
- 2020-03-02 CN CN202010137898.2A patent/CN111369246B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111369246A (en) | 2020-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| CN109981679B (en) | Method and apparatus for performing transactions in a blockchain network | |
| CN112527912B (en) | Data processing method and device based on block chain network and computer equipment | |
| CN111885050B (en) | Data storage method and device based on block chain network, related equipment and medium | |
| CN110908786A (en) | Intelligent contract calling method, device and medium | |
| CN110611647A (en) | Node joining method and device on block chain system | |
| CN110992035A (en) | Block chain link point management method, device and system | |
| CN110677453A (en) | ZooKeeper-based distributed lock service implementation method, device, equipment and storage medium | |
| CN112448946A (en) | Log auditing method and device based on block chain | |
| CN112950201A (en) | Node management method and related device applied to block chain system | |
| CN114117551B (en) | Access verification method and device | |
| CN111369246B (en) | Calling authentication method and device of intelligent contract, electronic equipment and storage medium | |
| CN112037055B (en) | Transaction processing method, device, electronic equipment and readable storage medium | |
| CN103559430B (en) | application account management method and device based on Android system | |
| CN112037062B (en) | Transaction consensus method, device, electronic equipment and readable storage medium | |
| CN114978677A (en) | Asset access control method, device, electronic equipment and computer readable medium | |
| CN113225191B (en) | Generation method and device of consensus node, storage medium and processor | |
| CN113890751A (en) | Method, apparatus and readable storage medium for controlling voting of alliance link authority | |
| CN117118640A (en) | Data processing method, device, computer equipment and readable storage medium | |
| CN114372280A (en) | Block chain service execution method and device based on multi-sign intelligent contract | |
| CN111222991A (en) | Method and system for crossing chains between block chains | |
| CN108462713B (en) | Method and system for client to perform credibility verification | |
| CN112926956A (en) | Block chain financial payment management method and system | |
| CN116760632B (en) | Data processing method, device, equipment and readable storage medium | |
| CN116566710B (en) | Block chain data management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |