CN111988313B - Data processing method, device, system and medium for block chain - Google Patents

Data processing method, device, system and medium for block chain Download PDF

Info

Publication number
CN111988313B
CN111988313B CN202010836637.XA CN202010836637A CN111988313B CN 111988313 B CN111988313 B CN 111988313B CN 202010836637 A CN202010836637 A CN 202010836637A CN 111988313 B CN111988313 B CN 111988313B
Authority
CN
China
Prior art keywords
information
authorization information
user
terminal
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010836637.XA
Other languages
Chinese (zh)
Other versions
CN111988313A (en
Inventor
杨毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
ICBC Technology Co Ltd
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
ICBC Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC, ICBC Technology Co Ltd filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010836637.XA priority Critical patent/CN111988313B/en
Publication of CN111988313A publication Critical patent/CN111988313A/en
Application granted granted Critical
Publication of CN111988313B publication Critical patent/CN111988313B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure provides a data processing method for a block chain, including: receiving a first access request from a terminal, wherein the first access request comprises identity information of a user; determining whether registration information of a user is stored in a block chain according to the identity information of the user, wherein the block chain comprises the registration information of a plurality of users, and the registration information of each user comprises the identity information and the contact way of the user; if the block chain stores the registration information of the user, first authorization information is sent to the terminal according to the identity information and the contact way of the user; receiving a second access request from the terminal, wherein the second access request comprises first authorization information; and sending data responding to the second access request to the terminal according to the first authorization information. The present disclosure provides a data processing apparatus, a computer system, and a medium for a blockchain.

Description

Data processing method, device, system and medium for block chain
Technical Field
The present disclosure relates to the field of blockchain technologies, and in particular, to a data processing method, apparatus, system, and medium for a blockchain.
Background
With the rapid development of computers and blockchain technology, blockchains are increasingly used in many areas of daily life. For example, to prevent the user private information from being forged, the user private information may be saved in a blockchain to prevent the private information from being tampered with.
By using the decentralized encrypted data storage technology and the consensus mechanism of the block chain, the stored data can be guaranteed not to be tampered, but if the access to the block chain is not limited, the disclosure of the user secret information can be caused.
Disclosure of Invention
In view of the above, the present disclosure provides a data processing method, apparatus, system, and medium for a blockchain.
One aspect of the present disclosure provides a data processing method for a blockchain, including: receiving a first access request from a terminal, wherein the first access request comprises identity information of a user; determining whether registration information of the user is stored in a block chain according to the identity information of the user, wherein the block chain comprises the registration information of a plurality of users, and the registration information of each user comprises the identity information and the contact information of the user; if the registration information of the user is stored in the block chain, first authorization information is sent to the terminal according to the identity information and the contact way of the user; receiving a second access request from the terminal, wherein the second access request comprises the first authorization information; and sending data responding to the second access request to the terminal according to the first authorization information.
According to the embodiment of the disclosure, sending the first authorization information to the terminal according to the identity information and the contact information of the user comprises: generating the first authorization information according to the identity information of the user; and sending the first authorization information to the terminal through the contact way of the user.
According to the embodiment of the present disclosure, after generating the first authorization information according to the identity information of the user, the method further includes: setting a validity period of the first authorization information; the sending the first authorization information to the terminal through the contact way of the user comprises: and sending the first authorization information and the validity period of the first authorization information to the terminal through the contact way of the user.
According to an embodiment of the present disclosure, sending data responding to the second access request to the terminal according to the first authorization information includes: verifying whether the first authorization information is legal or not; if the first authorization information is legal, verifying whether the time for receiving the first authorization information is within the validity period of the first authorization information; and if the time for receiving the first authorization information is within the validity period of the first authorization information, sending data responding to the second access request to the terminal.
According to an embodiment of the present disclosure, the method further comprises: receiving a first registration request from the terminal, wherein the first registration request comprises identity information and contact information of a user; sending second authorization information to the terminal according to the identity information and the contact way of the user; receiving a second registration request from the terminal, wherein the second registration request comprises the second authorization information; and sending a message of successful registration to the terminal according to the second authorization information.
According to the embodiment of the present disclosure, sending the second authorization information to the terminal according to the identity information and the contact information of the user includes: generating the second authorization information according to the identity information of the user; setting the validity period of the second authorization information; and sending the second authorization information and the validity period of the second authorization information to the terminal through the contact way of the user.
According to the embodiment of the present disclosure, sending the message that the registration is successful to the terminal according to the second authorization information includes: verifying whether the second authorization information is legal; if the second authorization information is legal, verifying whether the time for receiving the second authorization information is within the validity period of the second authorization information; and if the time for receiving the second authorization information is within the validity period of the second authorization information, sending a message of successful registration to the terminal.
According to an embodiment of the present disclosure, the method further comprises: and if the time for receiving the second authorization information is within the validity period of the second authorization information, storing the identity information and the contact information of the user in the block chain to finish registration.
Another aspect of the present disclosure provides a data processing apparatus for a blockchain, including: the terminal comprises a first receiving module, a first access module and a second receiving module, wherein the first access request is received from the terminal and comprises identity information of a user; the determining module is used for determining whether registration information of the user is stored in a block chain according to the identity information of the user, wherein the block chain comprises the registration information of a plurality of users, and the registration information of each user comprises the identity information and the contact information of the user; a first sending module, configured to send first authorization information to the terminal according to the identity information and the contact information of the user if the block chain stores the registration information of the user; a second receiving module, configured to receive a second access request from the terminal, where the second access request includes the first authorization information; and the second sending module is used for sending data responding to the second access request to the terminal according to the first authorization information.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
Another aspect of the present disclosure provides a computer system comprising: one or more processors; storage means for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture of a data processing method and apparatus for blockchains to which embodiments of the present disclosure may be applied;
fig. 2 schematically shows a flow chart of a data processing method for a blockchain according to an embodiment of the present disclosure;
fig. 3 schematically shows a flowchart of a method of sending first authorization information to a terminal according to identity information and contact information of a user according to an embodiment of the present disclosure;
fig. 4 schematically shows a flowchart of a method of sending authorization information to a terminal according to identity information and contact information of a user according to another embodiment of the present disclosure;
fig. 5 schematically shows a flowchart of a method of sending data responding to a second access request to a terminal according to first authorization information according to an embodiment of the present disclosure;
fig. 6 schematically shows a flow chart of a registration method for a blockchain according to an embodiment of the present disclosure;
fig. 7 schematically shows a flowchart of a method for sending second authorization information to a terminal according to identity information and contact information of a user according to an embodiment of the present disclosure;
fig. 8 is a flowchart schematically illustrating a method of transmitting a registration success message to a terminal according to second authorization information according to an embodiment of the present disclosure;
FIG. 9 schematically shows a flow chart of a data processing method for a blockchain according to another embodiment of the present disclosure;
FIG. 10 schematically shows a block diagram of a data processing apparatus for a blockchain according to an embodiment of the present disclosure; and
FIG. 11 schematically shows a block diagram of a computer system according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B, and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B, and C" would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). In those instances where a convention analogous to "at least one of A, B, or C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B, or C" would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.).
In the process of implementing the disclosure, an account can be created for a blockchain user, a pair of public and private keys bound with the account is generated at the same time, the private key is handed to the user, and each access of the user needs to be performed through the private key. Although access to the blockchain is limited in this way, the user must always keep the private key information, and if the user creates an account on multiple blockchain platforms, the user will have more keys to be kept, which is not easy to maintain. There is a risk of the keys being lost, possibly resulting in the user suffering a loss due to the loss of data on the blockchain.
Based on this, embodiments of the present disclosure provide a data processing method and apparatus for a blockchain. The method comprises the steps of receiving a first access request from a terminal, wherein the first access request comprises an identity of a user; determining whether registration information of a user is stored in a block chain or not according to the identity of the user, wherein the block chain comprises the registration information of a plurality of users, and the registration information of each user comprises the identity information and the contact way of the user; if the block chain stores the registration information of the user, authorization information is sent to the terminal according to the identity information and the contact way of the user; receiving a second access request from the terminal, wherein the second access request comprises authorization information; and sending data responding to the second access request to the terminal according to the authorization information.
Fig. 1 schematically illustrates an exemplary system architecture 100 for a data processing method and apparatus for a blockchain to which embodiments of the present disclosure may be applied. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104 and a blockchain 105. The blockchain 105 may include a plurality of storage nodes deployed in a distributed manner, and each storage node may store private data of a plurality of users, such as medical data of electronic medical records, electronic prescriptions, medical images, and the like, and electronic files such as household registers, students, calendars, work histories, and the like. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired and/or wireless communication links, and so forth.
The terminal devices 101, 102, 103 may be used by different users, and the users may use the terminal devices 101, 102, 103 to interact with various storage nodes in the blockchain 105 through the network 104 to receive or send messages, etc. For example, the user may use the terminal devices 101, 102, 103 to interact with the storage nodes in the blockchain 105, and upload private information such as their own archive data and medical data to the storage nodes in the blockchain 105. Users such as enterprises and hospitals can also use the terminal devices 101, 102, and 103 to interact with storage nodes in the blockchain 105 to query the user's profile data or medical data after obtaining authorization of individual users.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
It should be noted that the data processing method for the blockchain provided by the embodiment of the present disclosure may be generally performed by each storage node in the blockchain 105. Accordingly, the data processing apparatus for the block chain provided by the embodiment of the present disclosure may be generally disposed in each storage node in the block chain 105.
It should be understood that the number of terminal devices, networks and block chains in fig. 1 is merely illustrative. There may be any number of end devices, networks, and blockchains, as desired for an implementation.
Fig. 2 schematically shows a flow chart of a data processing method for a blockchain according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S201 to S205.
In operation S201, a first access request is received from a terminal, wherein the first access request includes identity information of a user.
According to the embodiment of the disclosure, a user sends an access request to an intelligent contract run by a storage node in a blockchain through a terminal, the intelligent contract may be an application program running on the storage node in the blockchain, and the access request may include an identity of the user, which may be used as a unique account ID registered by the user on the blockchain. The identity information can be a user identity card number or a hash value obtained by combining a user name and an identity card, and the like, so that the user can log in by directly using the identity card.
In operation S202, it is determined whether registration information of a user is stored in a blockchain according to identity information of the user, where the blockchain includes registration information of multiple users, and the registration information of each user includes identity information and a contact address of the user.
According to the embodiment of the disclosure, whether the registration information of the account is stored in the intelligent contract retrieval block chain or not is judged. The block chain stores registration information of a plurality of users, the registration information of each user comprises identity information and a contact mode of the user, and the contact mode can be a mobile phone number and a mailbox of the user, an account number of the user on each service platform such as an APP (application), an applet (small program) and a public number.
According to an embodiment of the present disclosure, the access request may be denied if no registration information for the account is stored in the blockchain.
In operation S203, if the block chain stores the registration information of the user, first authorization information is sent to the terminal according to the identity information and the contact information of the user.
Fig. 3 schematically shows a flowchart of a method for sending first authorization information to a terminal according to identity information and contact information of a user according to an embodiment of the present disclosure.
As shown in fig. 3, operation S203 may include operations S301 to S302.
In operation S301, first authorization information is generated according to identity information of a user.
In operation S302, first authorization information is transmitted to a terminal through a contact of a user.
According to the embodiment of the present disclosure, if the registration information of the user is queried, the intelligent contract of the storage node in the block chain may generate a random verification code according to the user identity information, where the generated random verification code may be generated by processing and encrypting the user identity information using algorithms such as MD5 (Message Digest Algorithm), SHA256 (Secure Hash Algorithm, SHA256 is a SHA Algorithm with a Hash length of 256 bits).
According to the embodiment of the disclosure, the generated random verification code can be sent to the user terminal as an authorization code, specifically, services such as a short message and a mailbox with data receiving capability can be called, and sent to the user mobile phone or the user mailbox through the user mobile phone number, or sent to the account of the user on each platform by calling various platform services.
In operation S204, a second access request is received from the terminal, wherein the second access request includes the first authorization information.
According to the embodiment of the disclosure, after receiving the authorization code, if the user terminal confirms that the user terminal is operated by the user, the user terminal may send a second access request to the intelligent contract according to the authorization code, where the second access request includes the authorization code, so that the intelligent contract performs authorization information verification.
In operation S205, data responding to the second access request is transmitted to the terminal according to the first authorization information.
According to the embodiment of the disclosure, after the authorization information is verified, the intelligent contract may return the requested data to the user terminal if the verification is passed.
According to the embodiment of the disclosure, a first access request sent by a terminal is received, whether registration information of a user is stored in a block chain is inquired, if the registration information of the user is inquired, authorization information is returned to the terminal, a second access request sent by the terminal is received, the second access request comprises authorization information, and response data is returned to the terminal according to the authorization information. When the user data stored in the block chain is accessed, the authorization information needs to be sent to the terminal to obtain user authorization, so that the safety of the user information can be ensured, and compared with a mode that the user obtains authorization through a secret key, a verification mode that the authorization information is sent to the terminal can avoid the risk caused by the fact that the user loses the secret key, further, the inconvenience caused by the fact that the user maintains a plurality of secret keys can be avoided, and convenience is improved.
Fig. 4 schematically shows a flowchart of a method for sending authorization information to a terminal according to identity information and contact information of a user according to another embodiment of the present disclosure.
As shown in fig. 4, operation S203 may include operations S401 to S403.
In operation S401, first authorization information is generated according to the identity information of the user.
In operation S402, a validity period of the first authorization information is set.
In operation S403, the first authorization information and the validity period of the first authorization information are transmitted to the terminal through the contact means of the user.
According to the embodiment of the disclosure, after the first authorization information is generated, the validity period for verifying the authorization information can be set, and then the authorization information and the validity period are sent to the user terminal together, so that the terminal returns the authorization information in the validity period. If the authorization information is verified within the limited time limit, the subsequent access flow can be continued, and if the authorization information is not verified within the limited time limit, the subsequent access request is rejected, so that the access security can be further improved.
Fig. 5 schematically shows a flowchart of a method for transmitting data responding to a second access request to a terminal according to first authorization information according to an embodiment of the present disclosure.
As shown in fig. 5, operation S205 includes operations S501 to S503.
In operation S501, it is verified whether the first authorization information is legitimate.
In operation S502, if the first authorization information is legal, it is verified whether the time when the first authorization information is received is within the validity period of the first authorization information.
In operation S503, if the time when the first authorization information is received is within the validity period of the first authorization information, data in response to the second access request is transmitted to the terminal.
According to the embodiment of the disclosure, the sequence of verifying whether the first authorization information is legal and verifying whether the time for receiving the first authorization information is within the validity period of the first authorization information can be interchanged, and response data can be returned to the terminal under the condition that the validity and validity of the authorization information are verified.
The verifying whether the first authorization information is legal or not may include comparing whether the first authorization information sent by the first terminal is consistent with the authorization information generated by the first terminal, and if so, determining that the first authorization information is legal.
Fig. 6 schematically shows a flow chart of a registration method for a blockchain according to an embodiment of the present disclosure.
As shown in fig. 6, operations S601 to S604 are included.
In operation S601, a first registration request is received from a terminal, where the first registration request includes identity information of a user and a contact address.
According to the embodiment of the disclosure, when a user stores personal privacy information by using a blockchain, an account needs to be registered in the blockchain at first, and the registered account information needs to carry a unique identity ID provided by the user, a mobile phone number or a mailbox and other contact ways. It should be noted that it is necessary to provide a contact means so as to perform short message or mailbox verification to obtain user authorization.
In operation S602, second authorization information is sent to the terminal according to the identity information and the contact information of the user.
According to the embodiment of the disclosure, after receiving a registration request submitted by a user, an intelligent contract operated by a storage node in a block chain can send a random verification code to a user terminal according to identity information submitted by the user, and specifically, the verification code can be sent through a short message, a mailbox, a service platform account bound with a mobile phone number, and the like.
In operation S603, a second registration request is received from the terminal, wherein the second registration request includes second authorization information.
According to the embodiment of the disclosure, the user submits the registration request again according to the verification code returned by the blockchain and carries the verification code.
In operation S604, a message that the registration is successful is transmitted to the terminal according to the second authorization information.
According to the embodiment of the disclosure, after receiving a registration request submitted again by a user, the intelligent contract verifies whether the user is authorized according to the verification code in the request, and if the verification is passed, the identity information and the contact mode of the user can be stored in the block chain to complete registration. A message that the registration was successful may then be sent to the user terminal.
Fig. 7 schematically shows a flowchart of a method for sending second authorization information to a terminal according to identity information and contact information of a user according to an embodiment of the present disclosure.
As shown in fig. 7, operations S701 to S703 are included.
In operation S701, second authorization information is generated according to the identity information of the user.
In operation S702, a validity period of the second authorization information is set.
In operation S703, the second authorization information and the validity period of the second authorization information are sent to the terminal through the contact means of the user.
According to the embodiment of the disclosure, after the verification information is generated according to the identity information submitted by the user, the validity period for verifying the authorization information can be set, and then the verification information and the validity period are sent to the user terminal together, so that the terminal returns the authorization information in the validity period. If the authorization information is verified within the limited period, subsequent registration procedures may be continued, and if not, the registration request may be denied.
Fig. 8 schematically shows a flowchart of a method for sending a message of successful registration to a terminal according to second authorization information according to an embodiment of the present disclosure.
As shown in fig. 8, operations S801 to S803 are included.
In operation S801, it is verified whether the second authorization information is legitimate.
In operation S802, if the second authorization information is legal, it is verified whether the time when the second authorization information is received is within the validity period of the second authorization information.
In operation S803, if the time of receiving the second authorization information is within the validity period of the second authorization information, a message that the registration is successful is transmitted to the terminal.
According to the embodiment of the disclosure, the sequence of verifying whether the second authorization information is legal and verifying whether the time for receiving the second authorization information is in the validity period can be exchanged, and response data can be returned to the terminal under the condition that the validity and validity of the authorization information are both verified.
Fig. 9 schematically shows a flow chart of a data processing method for a blockchain according to another embodiment of the present disclosure.
As shown in fig. 9, operations S901 to S911 are included.
In operation S901, a user sends a registration request to a blockchain through a terminal, where the registration request includes registration information, and the registration information includes user identity information and a contact address.
In operation S902, the blockchain saves the registration information of the user.
In operation S903, the blockchain returns a registration success message to the terminal.
In operation S904, the user sends a first access request to the blockchain through the terminal, the first access request including user identity information.
In operation S905, the blockchain checks whether the registration information of the user is stored, and if so, performs S906, and if not, denies the access request.
In operation S906, the blockchain sends an authorization code to the user terminal through the contact in the registration information, where the authorization code is generated according to the identity information in the registration information.
In operation S907, the terminal receives the authorization code, and if it is not a self request, it does not process it. And if the request is the self request, sending a second access request to the blockchain, wherein the second access request comprises the user information and the authorization code.
In operation S908, after the block link receives the second access request, it is queried whether the user information exists, and if so, operation S909 is executed, otherwise, the current access is denied.
And operation S909, verifying whether the authorization code is legal, if so, executing operation S910, otherwise, rejecting the access.
Operation S910, verify whether the authorization code is within the validity period, if so, execute operation S911, otherwise, deny the access.
And operation S911, returning the response data to the terminal.
Fig. 10 schematically shows a block diagram of a data processing apparatus for a blockchain according to an embodiment of the present disclosure.
As shown in fig. 10, the data processing apparatus 1000 for a block chain includes a first receiving module 1001, a determining module 1002, a first transmitting module 1003, a second receiving module 1004, and a second transmitting module 1005.
The first receiving module 1001 is configured to receive a first access request from a terminal, where the first access request includes identity information of a user;
the determining module 1002 is configured to determine whether registration information of a user is stored in a blockchain according to identity information of the user, where the blockchain includes registration information of multiple users, and the registration information of each user includes identity information and a contact address of the user;
the first sending module 1003 is configured to send first authorization information to the terminal according to the identity information and the contact manner of the user if the block chain stores the registration information of the user;
the second receiving module 1004 is configured to receive a second access request from the terminal, where the second access request includes the first authorization information;
the second sending module 1005 is configured to send data responding to the second access request to the terminal according to the first authorization information.
According to the embodiment of the present disclosure, the first transmitting module 1003 includes a first generating unit and a first transmitting unit.
The first generating unit is used for generating first authorization information according to the identity information of the user.
The first sending unit is used for sending first authorization information to the terminal through the contact way of the user.
According to the embodiment of the present disclosure, the first transmitting module 1003 further includes a first setting unit.
The first setting unit is used for setting the validity period of the first authorization information.
According to an embodiment of the present disclosure, the first sending unit includes a first authentication subunit, a second authentication subunit, and a sending subunit.
The first authentication subunit is used for authenticating whether the first authorization information is legal or not.
The second verification subunit is used for verifying whether the time of receiving the first authorization information is within the validity period of the first authorization information if the first authorization information is legal.
The sending subunit is configured to send, to the terminal, data in response to the second access request if the time at which the first authorization information is received is within the validity period of the first authorization information.
According to the embodiment of the present disclosure, the data processing apparatus 1000 for a block chain further includes a third receiving module, a third sending module, a fourth receiving module, and a fourth sending module.
The third receiving module is used for receiving a first registration request from the terminal, wherein the first registration request comprises the identity information and the contact information of the user.
And the third sending module is used for sending second authorization information to the terminal according to the identity information and the contact way of the user.
The fourth receiving module is configured to receive a second registration request from the terminal, where the second registration request includes second authorization information.
And the fourth sending module is used for sending a message of successful registration to the terminal according to the second authorization information.
According to an embodiment of the present disclosure, the third transmitting module includes a second generating unit, a second setting unit, and a second transmitting unit.
The second generating unit is used for generating second authorization information according to the identity information of the user.
The second setting unit is used for setting the validity period of the second authorization information.
The second sending unit is used for sending the second authorization information and the validity period of the second authorization information to the terminal through the contact way of the user.
According to an embodiment of the present disclosure, the fourth transmission module includes a first authentication unit, a second authentication unit, and a third transmission unit.
The first verification unit is used for verifying whether the second authorization information is legal or not;
the second verification unit is used for verifying whether the time for receiving the second authorization information is within the validity period of the second authorization information if the second authorization information is legal;
the third sending unit is used for sending a message of successful registration to the terminal if the time of receiving the second authorization information is within the validity period of the second authorization information.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be implemented at least partly as a computer program module, which when executed, may perform a corresponding function.
For example, any plurality of the first receiving module 1001, the determining module 1002, the first transmitting module 1003, the second receiving module 1004 and the second transmitting module 1005 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to an embodiment of the present disclosure, at least one of the first receiving module 1001, the determining module 1002, the first transmitting module 1003, the second receiving module 1004 and the second transmitting module 1005 may be at least partially implemented as a hardware circuit, for example, a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware and firmware, or by a suitable combination of any several of them. Alternatively, at least one of the first receiving module 1001, the determining module 1002, the first transmitting module 1003, the second receiving module 1004 and the second transmitting module 1005 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
It should be noted that the data processing apparatus part for the blockchain in the embodiment of the present disclosure corresponds to the data processing method part for the blockchain in the embodiment of the present disclosure, and the description of the data processing apparatus part for the blockchain specifically refers to the data processing method part for the blockchain, and is not described herein again.
FIG. 11 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method, according to an embodiment of the present disclosure. The computer system illustrated in FIG. 11 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 11, a computer system 1100 according to an embodiment of the present disclosure includes a processor 1101 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. The processor 1101 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1101 may also include on-board memory for caching purposes. The processor 1101 may include a single processing unit or multiple processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 1103, various programs and data necessary for the operation of the system 1100 are stored. The processor 1101, the ROM 1102, and the RAM 1103 are connected to each other by a bus 1104. The processor 1101 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 1102 and/or RAM 1103. It is noted that the programs may also be stored in one or more memories other than the ROM 1102 and RAM 1103. The processor 1101 may also perform various operations of the method flows according to the embodiments of the present disclosure by executing programs stored in the one or more memories.
System 1100 may also include an input/output (I/O) interface 1105, which input/output (I/O) interface 1105 is also connected to bus 1104, according to an embodiment of the present disclosure. The system 1100 may also include one or more of the following components connected to the I/O interface 1105: an input portion 1106 including a keyboard, mouse, and the like; an output portion 1107 including a signal output unit such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 1108 including a hard disk and the like; and a communication section 1109 including a network interface card such as a LAN card, a modem, or the like. The communication section 1109 performs communication processing via a network such as the internet. A driver 1110 is also connected to the I/O interface 1105 as necessary. A removable medium 1111 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1110 as necessary, so that a computer program read out therefrom is mounted into the storage section 1108 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer-readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 1109 and/or installed from the removable medium 1111. The computer program, when executed by the processor 1101, performs the above-described functions defined in the system of the embodiments of the present disclosure. The above described systems, devices, apparatuses, modules, units, etc. may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be embodied in the device/apparatus/system described in the above embodiments; or may exist alone without being assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement a method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 1102 and/or the RAM 1103 and/or one or more memories other than the ROM 1102 and the RAM 1103 described above.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (11)

1. A data processing method for a blockchain, comprising:
receiving a first access request from a terminal through a block chain, wherein the first access request comprises identity information of a user, and the first access request is sent by the user to an intelligent contract operated by a storage node in the block chain through the terminal;
determining whether registration information of the user is stored in a block chain according to the identity information of the user, wherein the block chain comprises the registration information of a plurality of users, and the registration information of each user comprises the identity information and the contact information of the user;
if the registration information of the user is stored in the block chain, the intelligent contract of the storage node in the block chain generates first authorization information according to the identity information of the user, and sends the first authorization information to the terminal according to the identity information of the user and the contact way, wherein the first authorization information is a random verification code used as an authorization code;
receiving a second access request from the terminal, wherein the second access request comprises the first authorization information;
verifying the first authorization information based on the second access request through the intelligent contract comprises verifying whether the first authorization information is legal or not, and verifying whether the first authorization information is legal or not comprises comparing whether the first authorization information sent by the first terminal is consistent with authorization information generated by the intelligent contract; and
after the first authorization information is verified through the intelligent contract, if the time of receiving the first authorization information is within the validity period of the first authorization information and if the first authorization information is verified within the validity period, sending data responding to the second access request to the terminal, wherein the data responding to the second access request is private information of the user.
2. The method of claim 1, wherein sending first authorization information to the terminal according to the identity information and the contact information of the user comprises:
generating the first authorization information according to the identity information of the user; and
and sending the first authorization information to the terminal through the contact way of the user.
3. The method of claim 2, after generating the first authorization information from the identity information of the user, further comprising:
setting the validity period of the first authorization information;
the sending the first authorization information to the terminal through the contact way of the user comprises:
and sending the first authorization information and the validity period of the first authorization information to the terminal through the contact way of the user.
4. The method of claim 3, wherein transmitting data to the terminal in response to the second access request in accordance with the first authorization information comprises:
verifying whether the first authorization information is legal or not;
and if the first authorization information is legal, verifying whether the time for receiving the first authorization information is within the validity period of the first authorization information.
5. The method of claim 1, further comprising:
receiving a first registration request from the terminal, wherein the first registration request comprises identity information and contact information of a user;
sending second authorization information to the terminal according to the identity information and the contact way of the user;
receiving a second registration request from the terminal, wherein the second registration request comprises the second authorization information; and
and sending a message of successful registration to the terminal according to the second authorization information.
6. The method of claim 5, wherein sending second authorization information to the terminal according to the identity information and the contact information of the user comprises:
generating the second authorization information according to the identity information of the user;
setting the validity period of the second authorization information; and
and sending the second authorization information and the validity period of the second authorization information to the terminal through the contact way of the user.
7. The method of claim 6, wherein sending a registration success message to the terminal according to the second authorization information comprises:
verifying whether the second authorization information is legal;
if the second authorization information is legal, verifying whether the time for receiving the second authorization information is within the validity period of the second authorization information; and
and if the time for receiving the second authorization information is within the validity period of the second authorization information, sending a message of successful registration to the terminal.
8. The method of claim 7, further comprising:
and if the time of receiving the second authorization information is within the validity period of the second authorization information, storing the identity information and the contact information of the user in the block chain to finish registration.
9. A data processing apparatus for a blockchain, comprising: the system comprises a first receiving module, a first access module and a second receiving module, wherein the first access module is used for receiving a first access request from a terminal through a block chain, the first access request comprises identity information of a user, and the first access request is sent by the user to an intelligent contract operated by a storage node in the block chain through the terminal;
the determining module is used for determining whether registration information of the user is stored in a block chain according to the identity information of the user, wherein the block chain comprises the registration information of a plurality of users, and the registration information of each user comprises the identity information and the contact information of the user;
a first sending module, configured to, if the blockchain stores the registration information of the user, generate first authorization information according to user identity information by an intelligent contract of a storage node in the blockchain, and send the first authorization information to the terminal according to the user identity information and a contact manner, where the first authorization information is a random verification code used as an authorization code;
a second receiving module, configured to receive a second access request from the terminal, where the second access request includes the first authorization information; and
a second sending module, configured to send, to the terminal according to the first authorization information, data that responds to the second access request; the second sending module comprises a first verification subunit and a sending subunit, wherein the first verification subunit is used for verifying whether the first authorization information is legal or not, the first verification subunit comprises a step of comparing whether the first authorization information sent by the first terminal is consistent with the authorization information generated by the intelligent contract, and the sending subunit is used for sending data responding to the second access request to the terminal if the time for receiving the first authorization information is within the validity period of the first authorization information and if the first authorization information is verified within the validity period.
10. A computer system, comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-8.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 8.
CN202010836637.XA 2020-08-19 2020-08-19 Data processing method, device, system and medium for block chain Active CN111988313B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010836637.XA CN111988313B (en) 2020-08-19 2020-08-19 Data processing method, device, system and medium for block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010836637.XA CN111988313B (en) 2020-08-19 2020-08-19 Data processing method, device, system and medium for block chain

Publications (2)

Publication Number Publication Date
CN111988313A CN111988313A (en) 2020-11-24
CN111988313B true CN111988313B (en) 2023-04-07

Family

ID=73434178

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010836637.XA Active CN111988313B (en) 2020-08-19 2020-08-19 Data processing method, device, system and medium for block chain

Country Status (1)

Country Link
CN (1) CN111988313B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112866250A (en) * 2021-01-19 2021-05-28 中国工商银行股份有限公司 Vehicle data processing method and device based on block chain
CN117579245A (en) * 2023-10-17 2024-02-20 中移互联网有限公司 Security authentication method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
CN110602088A (en) * 2019-09-11 2019-12-20 北京京东振世信息技术有限公司 Block chain-based right management method, block chain-based right management device, block chain-based right management equipment and block chain-based right management medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10798094B2 (en) * 2019-07-24 2020-10-06 Alibaba Group Holding Limited Blockchain-based account management

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533696A (en) * 2016-11-18 2017-03-22 江苏通付盾科技有限公司 Block chain-based identity authentication methods, authentication server and user terminal
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
CN110602088A (en) * 2019-09-11 2019-12-20 北京京东振世信息技术有限公司 Block chain-based right management method, block chain-based right management device, block chain-based right management equipment and block chain-based right management medium

Also Published As

Publication number Publication date
CN111988313A (en) 2020-11-24

Similar Documents

Publication Publication Date Title
US11558381B2 (en) Out-of-band authentication based on secure channel to trusted execution environment on client device
CN101064604B (en) Remote access process, system and equipment
CN111383021B (en) Node management method, device, equipment and medium based on block chain network
CN111914034B (en) Processing method, device, system and medium for electronic file of block chain
US9294479B1 (en) Client-side authentication
CN111027099B (en) Identity verification method, device, system and computer readable storage medium
CN108234442B (en) Method, system and readable storage medium for acquiring contract
US8661519B2 (en) Redirection using token and value
CN109274652A (en) Identity information verifies system, method and device and computer storage medium
US20200184467A1 (en) System and method for providing a secure transaction network
CN111988313B (en) Data processing method, device, system and medium for block chain
KR102157453B1 (en) Cryptographic chip using identity verification
CN111292174A (en) Tax payment information processing method and device and computer readable storage medium
CN111968714B (en) Processing method, device, system and medium for electronic medical record of block chain
CN110708162A (en) Resource acquisition method and device, computer readable medium and electronic equipment
CN113434882A (en) Communication protection method and device of application program, computer equipment and storage medium
CN109818965B (en) Personal identity verification device and method
WO2022088710A1 (en) Mirror image management method and apparatus
CN110399706B (en) Authorization authentication method, device and computer system
CN112529537A (en) Patent licensing method, device, equipment and storage medium based on block chain
CN114139121A (en) Identity verification method and device, electronic equipment and computer readable storage medium
CN115865445A (en) DID certificate data-based secure transfer method, DID certificate data system and storage medium
CN111125734B (en) Data processing method and system
CN114090996A (en) Multi-party system mutual trust authentication method and device
US9787658B2 (en) Login system based on server, login server, and verification method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20210121

Address after: 100140, 55, Fuxing Avenue, Xicheng District, Beijing

Applicant after: INDUSTRIAL AND COMMERCIAL BANK OF CHINA

Applicant after: ICBC Technology Co.,Ltd.

Address before: 071700 unit 111, 1st floor, building C, enterprise office area, xiong'an Civic Service Center, Rongcheng County, xiong'an District, China (Hebei) pilot Free Trade Zone, Hebei Province

Applicant before: ICBC Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant