CN112231755B

CN112231755B - Data authorization method, device and system based on blockchain

Info

Publication number: CN112231755B
Application number: CN202011165802.XA
Authority: CN
Inventors: 王兆创; 郭懿心; 韦德志; 郑伟涛; 刘友为
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2020-10-27
Filing date: 2020-10-27
Publication date: 2024-06-14
Anticipated expiration: 2040-10-27
Also published as: CN112231755A

Abstract

The application discloses a data authorization method, device and system based on a block chain, belonging to the technical field of block chains, wherein the method comprises the following steps: the first blockchain obtaining authorization contract information generated by an authorizer based on associated authorization information of a second private key signed target service; the authorization contract information carries first appointed synchronous information; the first blockchain sends authorization contract information to an authorization data providing node based on first appointed synchronous information, the authorization data providing node calls a first intelligent contract to conduct authorization verification on the authorization contract information, and the authorization data providing node sends authorization data corresponding to the authorization contract information to the first blockchain under the condition that the authorization verification is passed, wherein the authorization data carries second appointed synchronous information; the first blockchain transmits authorization data to the serving node based on the second specified synchronization information. By utilizing the technical scheme provided by the application, the data authorization can be traced and cannot be tampered, and the safety of the user data is greatly improved.

Description

Data authorization method, device and system based on blockchain

Technical Field

The present application relates to the field of blockchain technologies, and in particular, to a blockchain-based data authorization method, device, and system.

Background

In some internet application scenarios, a user often handles related services on some service platforms, and in the service handling process, the user often needs to authorize the service platform to obtain related data of the user by a third party.

In the related art, when verifying user authorization, a user only needs to click and agree on a page provided by a service platform, and a service side performs identity verification on the user, and the user authorization is determined to be effective after the identity verification. In the related technology, only the service party can perform authorization verification, other participators cannot verify the user authorization, and the problems of fake authorization, unsafe user data and the like exist.

Disclosure of Invention

The application provides a data authorization method, device and system based on a blockchain, which can ensure that the data authorization can be traced and cannot be tampered, and greatly improve the safety of user data.

In one aspect, the present application provides a blockchain-based data authorization method, the method comprising:

Acquiring authorization contract information, wherein the authorization contract information is generated by an authorized party based on associated authorization information of signing a target service by a second private key; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party; the authorization contract information carries first appointed synchronous information, and the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node;

Transmitting the authorization contract information to the authorization data providing node based on the first appointed synchronous information, so that the authorization data providing node calls a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information;

Receiving authorization data corresponding to the authorization contract information sent by the authorization data providing node under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node;

And transmitting the authorization data to the service node based on the second designated synchronization information.

In another aspect, a method for authorizing data based on a blockchain is provided, the method comprising:

acquiring authorization contract information from a first blockchain, wherein the authorization contract information is generated by an authorizer based on associated authorization information of a target service signed by a second private key; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party;

invoking a first intelligent contract on the first blockchain to perform authorization verification on the authorization contract information;

Transmitting authorization data corresponding to the authorization contract information to the first blockchain under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node; such that the first blockchain sends the authorization data to the serving node based on the second specified synchronization information.

Another aspect provides a blockchain-based data authorization system, the system comprising:

a first blockchain, a service node, an authorization data providing node;

the first blockchain is used for acquiring authorization contract information, the authorization contract information carries first appointed synchronous information, and the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node; for transmitting the authorization contract information to the authorization data providing node based on the first specified synchronization information; and transmitting authorization data to the service node based on the second designated synchronization information;

The authorization data providing node is used for calling a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information; and sending authorization data corresponding to the authorization contract information to the first blockchain when authorization verification is passed, wherein the authorization data carries second designated synchronization information, and the second designated synchronization information is used for designating that the authorization data is synchronized to the service node;

The service node is configured to obtain the authorization data from the first blockchain.

Another aspect provides a blockchain-based data authorization apparatus, the apparatus comprising:

The first authorization contract information acquisition module is used for acquiring authorization contract information, wherein the authorization contract information is generated by an authorized party based on the associated authorization information of the second private key signing target service; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party; the authorization contract information carries first appointed synchronous information, and the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node;

The first authorization contract information sending module is used for sending the authorization contract information to the authorization data providing node based on the first appointed synchronous information so that the authorization data providing node calls a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information;

the first authorization data receiving module is used for receiving authorization data corresponding to the authorization contract information sent by the authorization data providing node under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node;

And the first authorization data sending module is used for sending the authorization data to the service node based on the second designated synchronous information.

The second authorization contract information acquisition module is used for acquiring authorization contract information from the first blockchain, wherein the authorization contract information is generated by an authorizer based on the associated authorization information of the second private key signing target service; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party;

the authorization verification module is used for calling a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information;

The second authorization data sending module is used for sending authorization data corresponding to the authorization contract information to the first blockchain under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node; such that the first blockchain sends the authorization data to the serving node based on the second specified synchronization information.

In another aspect, a blockchain-based data authorization device is provided, the device including a processor and a memory, the memory storing at least one instruction or at least one program, the at least one instruction or the at least one program loaded and executed by the processor to implement a blockchain-based data authorization method as described above.

Another aspect provides a computer readable storage medium having stored therein at least one instruction or at least one program that is loaded and executed by at least one program processor to implement a blockchain-based data authorization method as described above.

According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from the computer-readable storage medium by a processor of a computer device, and executed by the processor, cause the computer device to perform the methods provided in the various alternative implementations described above.

The data authorization method, device and system based on the block chain provided by the application have the following technical effects:

The application links the authorization contract information signed based on the private key of the authorizer, can ensure the anti-counterfeiting and open verification of the authorization process, and verifies the authorization contract information by utilizing the first intelligent contract deployed on the blockchain, can realize the verification of the authorization of the user by other participating nodes on the blockchain, ensures that the user is authorized when the authorization data providing node provides the authorization data, realizes that the server obtains the data according to the authorization, and the whole data authorization flow is linked to the blockchain through the blockchain, each operation of each participating node can be traced back and cannot be tampered, and greatly improves the safety of the user data.

Drawings

In order to more clearly illustrate the embodiments of the application or the technical solutions and advantages of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the application, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic diagram of an application environment for blockchain-based data authorization according to an embodiment of the present application;

FIG. 2 is a flowchart of a block chain based data authorization method according to an embodiment of the present application;

FIG. 3 is a schematic diagram of a process for linking demand contract information and determining associated authorization information according to an embodiment of the present application;

FIG. 4 is a flowchart illustrating an authorization data providing node invoking a first intelligent contract on a first blockchain to perform authorization verification on authorization contract information according to an embodiment of the present application;

FIG. 5 is a flowchart of another block chain based data authorization method according to an embodiment of the present application;

FIG. 6 is a flowchart of another block chain based data authorization method according to an embodiment of the present application;

FIG. 7 is a flowchart of another block chain based data authorization method according to an embodiment of the present application;

FIG. 8 is a flowchart of another block chain based data authorization method according to an embodiment of the present application;

FIG. 9 is a schematic diagram of a block chain based data authorization device according to an embodiment of the present application;

FIG. 10 is a schematic diagram of another block chain based data authorization device according to an embodiment of the present application;

FIG. 11 is a schematic diagram of another block chain based data authorization device according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of a server according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

Blockchains are novel application modes of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, and the like. The blockchain (Blockchain), essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeit) of its information and generating the next block. The blockchain may include an underlying platform, a platform product services layer, and an application services layer.

The underlying platform may include processing modules such as user management, basic services, intelligent contracts, operation monitoring, and the like. The user management module is responsible for identity information management of all blockchain participants, including maintenance of public and private key generation (account management), key management, maintenance of corresponding relation between the real identity of the user and the blockchain address (authority management) and the like, and under the condition of authorization, supervision and audit of transaction conditions of certain real identities, and provision of rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node devices, is used for verifying the validity of a service request, recording the service request on a storage after the effective request is identified, for a new service request, the basic service firstly analyzes interface adaptation and authenticates the interface adaptation, encrypts service information (identification management) through an identification algorithm, and transmits the encrypted service information to a shared account book (network communication) in a complete and consistent manner, and records and stores the service information; the intelligent contract module is responsible for registering and issuing contracts, triggering contracts and executing contracts, a developer can define contract logic through a certain programming language, issue the contract logic to a blockchain (contract registering), invoke keys or other event triggering execution according to the logic of contract clauses to complete the contract logic, and simultaneously provide a function of registering contract upgrading; the operation monitoring module is mainly responsible for deployment in the product release process, modification of configuration, contract setting, cloud adaptation and visual output of real-time states in product operation, for example: alarms, monitoring network conditions, monitoring node device health status, etc.

The platform product service layer provides basic capabilities and implementation frameworks of typical applications, and developers can complete the blockchain implementation of business logic based on the basic capabilities and the characteristics of the superposition business. The application service layer provides the application service based on the block chain scheme to the business participants for use.

Referring to fig. 1, fig. 1 is a schematic diagram of an application environment for data authorization based on a blockchain according to an embodiment of the present application, and as shown in fig. 1, the application environment may include a first blockchain 100 and a second blockchain 200.

In the present embodiment, the first blockchain 100 may be an underlying platform in a blockchain system, and optionally, the first blockchain 100 may include a plurality (at least two) of indifferent blockchain nodes 101. The second blockchain 200 may be an upper layer blockchain (i.e., platform product service layer) of the first blockchain; optionally, the second blockchain may include an authorizing node 201, a serving node 202, an authorizing data providing node 203, and a policing node 204.

In the present embodiment, the authorizing node 201 may be a blockchain node of the authorizer in the blockchain. The authorizer may provide the service party with an object (user) of the service. Service node 202 may be a blockchain node in a blockchain of a service party that provides services to an authorized party; the authorization data providing node 203 may be a blockchain node in a blockchain that authorizes a data provider that may provide the data provider involved in the service process to the authorizer that requires data provided by a third party; the policing node 204 may be a blockchain node of a policer in a blockchain that is used to police a process of a server obtaining authorization data from an authorization data provider.

In practical applications, the authorizing node 201, the service node 202, the authorizing data providing node 203 and the supervising node 204 may register in the first blockchain, that is, apply public and private keys to the first blockchain, and the public and private keys respectively applied by the authorizing node 201, the service node 202, the authorizing data providing node 203 and the supervising node 204 may identify identities of an authorizing party, a service party, an authorizing data providing party and a supervising party, respectively. In the embodiment of the specification, the private keys of the authorizing party, the service party, the authorizing data provider and the supervising party are kept and used respectively, and the public keys of the authorizing party, the service party, the authorizing data provider and the supervising party can be shared.

In an alternative embodiment, the authority may be an enterprise, the service may be a financial institution, the authority data provider may be a credit bureau, and the supervisor may be a supervisor.

In the embodiment of the present disclosure, the blockchain node may be a client or a server; in particular, clients may include, but are not limited to, smart phones, desktop computers, tablet computers, notebook computers, smart speakers, digital assistants, augmented Reality (AR)/Virtual Reality (VR) devices, smart wearable devices, and other types of electronic devices. Or software running on the electronic device, such as an application, applet, etc. Specifically, the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs (Content Delivery Network, content delivery networks), basic cloud computing services such as big data and artificial intelligence platforms, and the like.

In the embodiment of the present disclosure, the client and the server may be directly or indirectly connected through a wired or wireless communication manner, which is not limited herein.

In the following, a block chain based data authorization method of the present application is described, and fig. 2 is a schematic flow chart of a block chain based data authorization method according to an embodiment of the present application, and the present specification provides the method operation steps described in the examples or the flow chart, but may include more or less operation steps based on conventional or non-creative labor. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. In actual system or product execution, the methods illustrated in the embodiments or figures may be performed sequentially or in parallel (e.g., in a parallel processor or multi-threaded processing environment). As shown in fig. 2, the method may include:

s201: the first blockchain obtains authorization contract information.

In practical applications, the authorization contract information may be obtained from any blockchain link point on the first blockchain. In the embodiment of the present specification, the authorization contract information may be generated by the authorizer based on the associated authorization information of the second private key signing the target service. The authorization contract information may carry first designation synchronization information that may be used to designate synchronization of the authorization contract information to the authorization data providing node.

In this embodiment of the present disclosure, the second private key may be a private key that identifies an identity of an authorized party applied by the authorized node in the first blockchain. The target service may be a service provided by the service party to the authorizing party; the associated authorization information of the target service may include associated requirement information of the target service, a signature of the service party, and authorization attribute information of the authorization party.

In the embodiment of the present specification, the associated requirement information of the service party may represent the requirement of the service party and the information related to the requirement. In an alternative embodiment, the associated requirement information of the service party may include related data (i.e. authorization data) of the authorization party related to the target service, which needs to be provided by a third party (i.e. authorization data provider), service identification information of the service party (coded identification of the service party at the first blockchain), a first public key of the service party (a public key of the service node applied at the first blockchain for identifying the identity of the service party), identification information of the service provided by the service party to the authorization party, and data transmission frequency (i.e. period of the authorization data, such as dividing the transmitted authorization data by month); optionally, in practical application, the same service provided to the authorizer by the server may have different authorization ranges, and accordingly, in order to distinguish the authorization contract information corresponding to the different authorization ranges of the same service, the associated requirement information may further include a version number (version of the authorization contract information). In a specific embodiment, if the target service is a loan service, that is, the authorizing party needs to apply for a loan to the service party, the authorization data related to the target service and provided by the third party (that is, the authorization data provider) may be a credit report of the authorizing party provided by the credit bureau (third party).

In the embodiment of the specification, the signature of the service party can represent the signature information of the associated requirement information of the service party on the target service. In practical application, the service side can combine with the practical service requirement in the target service processing process to link the requirement contract information in advance so that the authorization side can collect the requirement of the service side to generate the authorization association information. Accordingly, as shown in fig. 3, the method may further include:

S301: the service node obtains the associated demand information of the target business signed by the service side based on the first private key, and generates demand contract information.

In this embodiment of the present disclosure, the first private key is a private key applied by the service node in the first blockchain to identify a service side identity corresponding to the service node. The demand contract information may include associated demand information for the target service and a service party signature corresponding to the associated demand information.

In practical application, an application service layer of a service party can provide a corresponding signing page for the service party to sign the associated demand information of a target service based on a first private key, and generate demand contract information; accordingly, a server (specifically, may be a server of the server) applying the service layer may transmit the demand contract information to the service node.

In a specific embodiment, signing the associated demand information for the target service based on the first private key may include: and encrypting the associated demand information of the target service by using the second private key and a preset encryption algorithm to obtain encrypted associated demand information, wherein the encrypted associated demand information can be used as a server signature, and then the server signature and the associated demand information of the target service are used as demand contract information.

In an alternative embodiment, the preset encryption algorithm may include, but is not limited to, an asymmetric encryption algorithm such as the national encryption SM1 (SM 1cryptographic algorithm).

S303: the service node sends demand contract information to the first blockchain, the demand contract information carrying fourth specified synchronization information.

In the embodiment of the present specification, the fourth specification synchronization information is used to specify that the demand contract information is synchronized to the authorization node. Optionally, the fourth designated synchronization information may refer to the authorization node by using identification information of the authorization node, and in a specific embodiment, when the authorized party corresponding to the authorization node is an enterprise, the identification information of the authorization node may be an enterprise tax identifier.

S305: the first blockchain sends the demand contract information to the authorizing node based on the fourth specified synchronization information.

S307: the authorizing node invokes a second intelligent contract on the first blockchain to authorize verification of the demand contract information.

In practical applications, the second intelligent contract may be deployed on the chain by any blockchain node on the first blockchain in advance, and in this embodiment of the present disclosure, the second intelligent contract may be a computer protocol that is intended to verify, in an informationized manner, that the demand contract information is signed by the service party, and in particular, the second intelligent contract may be a verification code that is used to verify, based on the public key (the first public key) of the service party on the chain, that the demand contract information is signed by the service party. In a particular embodiment, invoking the second smart contract on the first blockchain to authorize verification of the demand contract information may include: obtaining a first public key and service identification information of a service node from a first blockchain; performing identity verification of the service node based on the first public key and the service identification information of the service node obtained from the first blockchain and the first public key and the service identification information of the service node in the authorization contract information; and under the condition that the identity verification of the service node is passed, verifying a signature of the service party in the demand contract information by using a first public key of the service node, wherein the signature of the service party represents signature information of the associated demand information of the service party on the target service.

In a specific embodiment, verifying the server signature in the demand contract information by using the first public key of the service node may include decrypting the server signature by using the first public key and an algorithm (a preset encryption algorithm) corresponding to the algorithm identification in the demand contract information, comparing the decrypted data with the associated demand information in the demand contract information, and if the decrypted data is consistent with the associated demand information in the demand contract information, determining that the server signature passes the verification; otherwise, if the decrypted data is inconsistent with the associated demand information in the demand contract information, the signature of the server fails to be checked.

Correspondingly, under the condition that the signature of the server passes verification, the authorization verification of the demand contract information is determined to pass, and the demand contract information can be determined to be signed by the server in an authorization way.

S309: and under the condition that the authorization verification is passed, the authorization node determines the associated authorization information of the target service based on the demand contract information.

In a specific embodiment, the authorization node determines the associated authorization information of the target service based on the requirement contract information, and takes the authorization attribute information of the authorizer, the service side signature in the requirement contract information and the associated requirement information of the target service as the associated authorization information of the target service.

In the embodiment of the present disclosure, the authorization attribute information of the authorizer may represent authorization information related to data required by the authorizing service party to obtain the service party; in an alternative embodiment, the authorization attribute information of the authorizer may include identification information of the authorizer, an algorithm identification (identification information of a preset encryption algorithm), a first public key of the authorizer, a contract authorization time (i.e., a contract validation start time), and a contract validity period. Optionally, in order to facilitate subsequent expansion of more authorization information, the authorization attribute information may further include expandable information.

In an alternative embodiment, the uplink of the authorization contract information may be accomplished by the authorizing node, i.e., the authorizing contract information may be sent by the authorizing node to any blockchain node on the first blockchain. Correspondingly, the authorizing party corresponding to the authorizing node provides an authorizing signing interface for signing the associated authorizing information related to the target service initiated by the authorizing party at the application service layer, and correspondingly, the authorizing party can sign the associated authorizing information of the target service based on the second private key in the authorizing signing interface to generate the authorizing contract information. Accordingly, an authorizing party (which may be, in particular, a server of the authorizing party) of the application service layer may transmit authorization contract information to the authorizing node.

In an alternative embodiment, the uplink of the authorization contract information may be accomplished by the serving node, i.e., the serving node may send the authorization contract information to any blockchain node on the first blockchain. Correspondingly, a service party corresponding to the service node provides a service platform for an authorized party to initiate a service request at an application service layer; after the authorizing party initiates the service request, the service party provides an authorization signing interface for signing the associated authorization information related to the target service initiated by the authorizing party at the application service layer, and correspondingly, the authorizing party can sign the associated authorization information of the target service based on the second private key in the authorization signing interface to generate authorization contract information. Accordingly, a server (specifically, may be a server of the server) applying the service layer may transmit authorization contract information to the service node.

In a specific embodiment, generating the authorization contract information based on the associated authorization information for signing the target service with the second private key may include: encrypting the associated authorization information of the target service by using a second private key and a preset encryption algorithm to obtain encrypted associated authorization information, wherein the encrypted associated authorization information can be used as an authorizer signature; then, the associated authorization information of the authorization party signature and the target service is taken as authorization contract information.

In a specific embodiment, as shown in the representation 1, table 1 is an example of one type of authorization contract information (included fields) and corresponding description provided by the embodiments of the present specification.

TABLE 1

Fields	Description of the invention
		Version number	Contract version number
Service side ID	ID of server at first blockchain
		Service side service ID	Service ID provided by service side
Service side public key	Public key applied by server in first block chain
		Data range	Data range for an authorized party to synchronize to a service party
Data transmission frequency	Period of authorisation data
		Service side signature	The server signs the fields by using the private key of the server to obtain
Authorizer ID	Tax payment identification number
		Algorithm identification	Presetting identification of encryption algorithm
Public key of authorized party	Public key applied by authorized party in first block chain
		Time of authorization	Contract validation time
Contract expiration date	Data range for authorized parties to synchronize to financial institutions
		Authorizer signature	The authorized party signs the fields by using the private key of the authorized party to obtain

In the embodiment of the present disclosure, the authorization contract information signed based on the second private key of the authorizer is linked, so that anti-counterfeiting and open verification of the subsequent authorization process can be ensured, and the tamper-proof and traceable authorization process can be ensured by using the blockchain.

S203: the first blockchain transmits authorization contract information to the authorization data providing node based on the first specified synchronization information.

In the embodiment of the present disclosure, the first blockchain may send the authorization contract information on the chain to the data synchronizer (the authorization data providing node) to which the first specified synchronization information points in conjunction with the first specified synchronization information.

S205: the authorization data providing node invokes a first smart contract on the first blockchain to authorize verification of the authorization contract information.

In practical applications, the first smart contract may be deployed on the chain by any blockchain node on the first blockchain in advance, and in this embodiment of the present disclosure, the first smart contract may be a computer protocol that is intended to verify, in an informationized manner, that authorization contract information is signed for an authorizer, and in particular, the first smart contract may be a verification code for verifying, based on an authorizer public key (second public key) on the chain, that authorization contract information is signed for the authorizer.

In a specific embodiment, as shown in fig. 4, the authorizing data providing node invoking the first smart contract on the first blockchain to authorize verification of the authorization contract information may include:

S401: the authorization data providing node obtains a first public key and service identification information of the service node from the first blockchain;

S403: the authorization data providing node performs identity verification of the service node based on the first public key and the service identification information of the service node obtained from the first blockchain and the first public key and the service identification information of the service node in the authorization contract information;

Specifically, if the first public key and the service identification information of the service node obtained from the first blockchain are respectively consistent with the first public key and the service identification information of the service node in the authorization contract information, the identity verification of the service node can be determined to pass. Otherwise, if the first public key of the service node obtained from the first blockchain is inconsistent with the first public key of the service node in the authorization contract information, or any one of the service identification information of the service node obtained from the first blockchain and the service identification information of the service node in the authorization contract information is inconsistent, it can be determined that the identity verification of the service node is not passed.

S405: under the condition that the identity verification of the service node passes, the authorization data providing node utilizes a first public key of the service node to verify a signature of the service party in the authorization contract information, and the signature of the service party represents signature information of the associated demand information of the service party to the target service;

S407: under the condition that the signature of the service side passes the verification, the authorized data providing node acquires a second public key and service identification information of the authorized node from the first blockchain;

S409: the authorization data providing node performs identity verification of the authorization node based on the second public key and the service identification information of the authorization node obtained from the first blockchain and the second public key and the service identification information of the authorization node in the authorization contract information;

specifically, if the second public key and the service identification information of the authorization node obtained from the first blockchain are respectively consistent with the second public key and the service identification information of the authorization node in the authorization contract information, the identity verification of the authorization node can be determined to pass. Otherwise, if the second public key of the authorization node obtained from the first blockchain is inconsistent with the second public key of the authorization node in the authorization contract information, or any one of the service identification information of the authorization node obtained from the first blockchain and the service identification information of the authorization node in the authorization contract information, it can be determined that the identity verification of the authorization node is not passed.

S411: under the condition that the identity verification of the authorization node passes, the authorization data providing node utilizes a second public key of the authorization node to verify an authorization party signature in authorization contract information, and the authorization party signature represents signature information of the associated authorization information by the authorization party;

In the embodiment of the present disclosure, the specific step of verifying the signature of the authorizer in the authorization contract information by using the second public key of the authorizing node may refer to the specific step of verifying the signature of the server, which is not described herein.

S413: under the condition that the signature of the authorized party passes the verification, the authorized data providing node performs contract validity verification based on the contract validity period in the authorized contract information;

Wherein, in case the contract validity check passes, it is determined that the authorization verification passes.

In the embodiment of the specification, authorization verification is performed by combining the blockchain, so that verification of user authorization by other participants except the service side can be realized, the non-falsification and traceability of the authorization process are effectively ensured, and the security of user data of the authorization side is improved.

S207: in the case that the authorization verification is passed, the authorization data providing node transmits authorization data corresponding to the authorization contract information to the first blockchain.

In the embodiment of the present disclosure, the authorization data may carry second specifying synchronization information, where the second specifying synchronization information is used to specify that the authorization data is synchronized to the service node.

In an alternative embodiment, to ensure privacy and security of the authorization, the data that may be disclosed to other participants on the chain (the second blockchain) may be directly linked, and the data that may be disclosed to other participants on the chain (the second blockchain) other than the service node may be encrypted in combination with digital envelope techniques to ensure that only the service node may unwrap the authorization data, e.g., the authorization data may be encrypted using the first public key corresponding to the service node, and accordingly, only the service node with the first private key may decrypt, resulting in authorization data.

S209: the first blockchain transmits authorization data to the serving node based on the second specified synchronization information.

In the embodiment of the present disclosure, the first blockchain may send the authorization data on the chain to the data synchronizer (service node) pointed to by the second specified synchronization information in combination with the second specified synchronization information.

In other embodiments, as shown in fig. 5, the method may further include:

s211: the service node processes the target traffic based on the authorization data.

In some embodiments, the above-mentioned authorization contract information may further carry third specified synchronization information, which may be used to specify synchronization of the authorization contract information to the supervising node; correspondingly, the method can further comprise the steps of:

The first blockchain synchronizes the authorization contract information to the supervising node based on the third specified synchronization information;

After the first blockchain synchronizes the authorization data to the serving node, the method further includes:

The supervision node calls a first intelligent contract to conduct authorization verification on the authorization contract information.

In the embodiment of the present disclosure, the specific step of invoking the first intelligent contract to perform authorization verification on the authorization contract information by the supervisory node may refer to the specific step of invoking the first intelligent contract to perform authorization verification on the authorization contract information by the authorization data provider, which is not described herein.

In the embodiment of the present disclosure, after the first blockchain synchronizes the authorization data to the service node, the supervision node invokes the first intelligent contract to check whether the service party is authorized by the user (the authorizer) in the process of acquiring the authorization data. By deploying the first intelligent contract on the chain, the user authorization can be verified at a plurality of block chain nodes of the second block chain, the non-falsification and traceability of the authorization process are better ensured, and the security of user data of an authorizer is improved.

According to the technical scheme provided by the embodiment of the specification, the specification can ensure the anti-counterfeiting and open verification of the authorization process by linking the authorization contract information obtained by signing based on the private key of the authorizer, and verify the authorization contract information by using the first intelligent contract deployed on the blockchain, so that the verification of other participating nodes on the blockchain on the authorization of the user can be realized, the user is authorized when the authorized data providing node provides the authorized data, the service side obtains the data according to the authorization, the whole data authorization flow is realized through the blockchain, each operation of each participating node can be linked to the blockchain, the whole process of obtaining the data by the authorization can be traced back and cannot be tampered, and the safety of the user data is greatly improved.

A blockchain-based data authorization method of the present application is described below in terms of a first blockchain (specifically, any blockchain node that may access the first blockchain), as shown in fig. 6, and may include:

s601: acquiring authorization contract information, wherein the authorization contract information is generated by an authorized party based on associated authorization information of signing a target service by a second private key; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party; the authorization contract information carries first appointed synchronous information, and the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node;

S603: transmitting the authorization contract information to the authorization data providing node based on the first appointed synchronous information, so that the authorization data providing node calls a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information;

S605: receiving authorization data corresponding to the authorization contract information sent by the authorization data providing node under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node;

S607: and transmitting the authorization data to the service node based on the second designated synchronization information.

Optionally, the authorization contract information further carries third designated synchronization information, where the third designated synchronization information is used to designate synchronization of the authorization contract information to a supervision node; the method further comprises the steps of:

and transmitting the authorization contract information to the supervision node based on the third specified synchronous information, so that the supervision node invokes the first intelligent contract to perform authorization verification on the authorization contract information after transmitting the authorization data to the service node based on the second specified synchronous information.

Optionally, the method further comprises:

Receiving demand contract information generated by a service party corresponding to the service node based on the associated demand information of the first private key signing the target service, wherein the service party is transmitted by the service node; the requirement contract information carries fourth appointed synchronous information, and the fourth appointed synchronous information is used for appointing to synchronize the requirement contract information to the authorization node; the first private key is a private key applied by the service node in a first blockchain for identifying the identity of a service party corresponding to the service node;

Transmitting the demand contract information to the authorization node based on the fourth appointed synchronous information so that the authorization node invokes a second intelligent contract on the first blockchain to conduct authorization verification on the demand contract information; and determining associated authorization information of the target service by the authorization node based on the demand contract information under the condition that authorization verification is passed.

Optionally, the acquiring the authorization contract information includes:

receiving authorization contract information sent by the service node;

Or alternatively, the first and second heat exchangers may be,

And receiving the authorization contract information sent by the authorizing party.

The following describes a blockchain-based data authorization method of the present application from the perspective of an authorization data providing node, as shown in fig. 7, which may include:

s701: acquiring authorization contract information from a first blockchain, wherein the authorization contract information is generated by an authorizer based on associated authorization information of a target service signed by a second private key; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party;

S703: invoking a first intelligent contract on the first blockchain to perform authorization verification on the authorization contract information;

S705: transmitting authorization data corresponding to the authorization contract information to the first blockchain under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node; such that the first blockchain sends the authorization data to the serving node based on the second specified synchronization information.

Optionally, the invoking the first smart contract on the first blockchain to perform authorization verification on the authorization contract information includes:

Obtaining a first public key and service identification information of the service node from the first blockchain;

Performing identity verification of a service node based on the first public key and service identification information of the service node acquired from the first blockchain and the first public key and service identification information of the service node in the authorization contract information;

Under the condition that the identity verification of the service node passes, verifying a service side signature in the authorization contract information by using a first public key of the service node, wherein the service side signature represents signature information of the service side on associated demand information of the target service;

acquiring a second public key and service identification information of the authorized node from the first blockchain under the condition that the service side signature passes verification;

Performing identity verification of the authorization node based on the second public key and service identification information of the authorization node obtained from the first blockchain and the second public key and service identification information of the authorization node in the authorization contract information;

Under the condition that the identity verification of the authorization node passes, verifying an authorization party signature in the authorization contract information by using a second public key of the authorization node, wherein the authorization party signature represents signature information of the authorization party on the associated authorization information;

under the condition that the signature of the authorized party passes the verification, carrying out contract validity verification based on the contract validity period in the authorized contract information;

The following describes a blockchain-based data authorization method from the perspective of a service node, as shown in fig. 8, and the method may include:

S801: acquiring authorization contract information, wherein the authorization contract information is generated by an authorized party based on associated authorization information of signing a target service by a second private key; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party;

S803: transmitting the authorization contract information to the first blockchain, wherein the authorization contract information carries first appointed synchronous information, and the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node; causing the first blockchain to send the authorization contract information to the authorization data providing node based on the first specified synchronization information; the authorization data providing node calls a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information, and sends authorization data corresponding to the authorization contract information to the first blockchain when the authorization verification is passed, wherein the authorization data carries second appointed synchronous information which is used for appointing to synchronize the authorization data to the service node;

s805: the authorization data sent by the first blockchain based on the second designated synchronization information is received.

The method in the method embodiment written from a single side and the interaction method embodiment are based on the same application conception, and specific details can be found in the interaction method embodiment.

The application also provides a data authorization system based on the block chain, which comprises: a first blockchain, a service node, an authorization data providing node;

Optionally, the system further comprises: monitoring nodes; the authorization contract information also carries third appointed synchronous information, and the third appointed synchronous information is used for appointing to synchronize the authorization contract information to the supervision node;

The first blockchain is further configured to send the authorization contract information to the supervising node based on the third specified synchronization information;

and the supervision node is used for calling the first intelligent contract to carry out authorization verification on the authorization contract information after the authorization data providing node sends the authorization data to the service node based on the second designated synchronous information.

The embodiment of the application also provides a data authorization device based on the blockchain, as shown in fig. 9, which comprises:

A first authorization contract information acquisition module 910, configured to acquire authorization contract information, where the authorization contract information is generated by an authorized party based on associated authorization information of signing the target service with the second private key; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party; the authorization contract information carries first appointed synchronous information, and the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node;

A first authorization contract information sending module 920, configured to send the authorization contract information to the authorization data providing node based on the first specified synchronization information, so that the authorization data providing node invokes a first intelligent contract on the first blockchain to perform authorization verification on the authorization contract information;

A first authorization data receiving module 930, configured to receive authorization data corresponding to the authorization contract information sent by the authorization data providing node when authorization verification passes, where the authorization data carries second instruction synchronization information, where the second instruction synchronization information is used to specify that the authorization data is synchronized to the service node;

A first authorization data sending module 940, configured to send the authorization data to the service node based on the second specified synchronization information.

Optionally, the authorization contract information further carries third designated synchronization information, where the third designated synchronization information is used to designate synchronization of the authorization contract information to a supervision node; the apparatus further comprises:

and the second authorization contract information sending module is used for sending the authorization contract information to the supervision node based on the third appointed synchronous information, so that after the authorization data is sent to the service node based on the second appointed synchronous information, the supervision node invokes the first intelligent contract to carry out authorization verification on the authorization contract information.

Optionally, the apparatus further includes:

The demand contract information receiving module is used for receiving demand contract information generated by a service party corresponding to the service node based on the associated demand information of the first private key signing the target service, wherein the demand contract information is sent by the service node; the requirement contract information carries fourth appointed synchronous information, and the fourth appointed synchronous information is used for appointing to synchronize the requirement contract information to the authorization node; the first private key is a private key applied by the service node in a first blockchain for identifying the identity of a service party corresponding to the service node;

The first demand contract information sending module is used for sending the demand contract information to the authorization node based on the fourth appointed synchronous information so that the authorization node calls a second intelligent contract on the first blockchain to conduct authorization verification on the demand contract information; and determining associated authorization information of the target service by the authorization node based on the demand contract information under the condition that authorization verification is passed.

Optionally, the first authorization contract information acquisition module includes:

a first authorization contract information receiving unit, configured to receive authorization contract information sent by the service node;

Or alternatively, the first and second heat exchangers may be,

And the second authorization contract information receiving unit is used for receiving the authorization contract information sent by the authorizing party.

The embodiment of the application also provides a data authorization device based on the blockchain, as shown in fig. 10, which comprises:

A second authorization contract information acquisition module 1010 configured to acquire authorization contract information from the first blockchain, the authorization contract information being generated by an authorizer based on associated authorization information for signing the target service with the second private key; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party;

An authorization verification module 1020, configured to invoke a first intelligent contract on the first blockchain to perform authorization verification on the authorization contract information;

A second authorization data sending module 1030, configured to send authorization data corresponding to the authorization contract information to the first blockchain if authorization verification passes, where the authorization data carries second specified synchronization information, where the second specified synchronization information is used to specify that the authorization data is synchronized to the service node; such that the first blockchain sends the authorization data to the serving node based on the second specified synchronization information.

Optionally, the authorization verification module includes:

a first information acquisition unit configured to acquire a first public key and service identification information of the service node from the first blockchain;

a first identity verification unit, configured to perform identity verification of a service node based on a first public key and service identification information of the service node obtained from the first blockchain, and the first public key and service identification information of the service node in the authorization contract information;

A server signature verification unit, configured to verify, with a first public key of the service node, a server signature in the authorization contract information, where the server signature represents signature information of the server on associated requirement information of the target service, where the identity verification of the service node is passed;

a second information obtaining unit, configured to obtain, from the first blockchain, a second public key of the authorization node and service identification information if the server signature passes verification;

The second identity verification unit is used for verifying the identity of the authorization node based on the second public key and service identification information of the authorization node, which are acquired from the first blockchain, and the second public key and service identification information of the authorization node in the authorization contract information;

An authorizer signature checking unit, configured to check an authorizer signature in the authorization contract information by using a second public key of an authorization node, where the authorizer signature characterizes signature information of the authorizer on the associated authorization information, when identity check of the authorization node passes;

A contract validity verification unit, configured to perform contract validity verification based on a contract validity period in the authorization contract information when the authorization party signature passes verification;

The embodiment of the application also provides a data authorization device based on the blockchain, as shown in fig. 11, which comprises:

A second authorization contract information acquisition module 1110, configured to acquire authorization contract information, where the authorization contract information is generated by an authorized party based on associated authorization information of signing the target service with the second private key; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party;

A third authorization contract information sending module 1120, configured to send the authorization contract information to the first blockchain, where the authorization contract information carries first specified synchronization information, where the first specified synchronization information is used to specify that the authorization contract information is synchronized to an authorization data providing node; causing the first blockchain to send the authorization contract information to the authorization data providing node based on the first specified synchronization information; the authorization data providing node calls a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information, and sends authorization data corresponding to the authorization contract information to the first blockchain when the authorization verification is passed, wherein the authorization data carries second appointed synchronous information which is used for appointing to synchronize the authorization data to the service node;

A second authorization data receiving module 1130, configured to receive the authorization data sent by the first blockchain based on the second specified synchronization information.

The device and method embodiments in the device embodiments described above are based on the same application conception, and specific details can be found in the method embodiments described above.

The embodiment of the application provides a data authorization device based on a block chain, which comprises a processor and a memory, wherein at least one instruction or at least one section of program is stored in the memory, and the processor loads and executes the at least one instruction or the at least one section of program to realize the data authorization method based on the block chain, which is provided by the embodiment of the method.

The memory may be used to store software programs and modules that the processor executes to perform various functional applications and data processing by executing the software programs and modules stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for functions, and the like; the storage data area may store data created according to the use of the device, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory may also include a memory controller to provide access to the memory by the processor.

Embodiments of the present application also provide a computer readable storage medium that may be disposed in a device to store at least one instruction, or at least one program, for implementing a blockchain-based data authorization method in a method embodiment, where the at least one instruction, or the at least one program, is loaded and executed by the processor to implement the blockchain-based data authorization method provided by the method embodiment.

Alternatively, in this embodiment, the storage medium may be located in at least one network server among a plurality of network servers of the computer network. Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, randomAccess Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The method embodiments provided by the embodiments of the present application may be performed in a mobile terminal, a computer terminal, a server, or similar computing device. Taking the operation on a server as an example, fig. 12 is a block diagram of a hardware structure of a server for implementing a blockchain-based data authorization method according to an embodiment of the present application. As shown in fig. 12, the server 1200 may vary considerably in configuration or performance and may include one or more central processing units (Central Processing Units, CPU) 1210 (the processor 1210 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA), memory 1230 for storing data, one or more storage mediums 1220 (e.g., one or more mass storage devices) for storing applications 1223 or data 1222. Wherein memory 1230 and storage medium 1220 can be transitory or persistent. The program stored on the storage medium 1220 may include one or more modules, each of which may include a series of instruction operations on a server. Still further, the central processor 1210 may be configured to communicate with a storage medium 1220 and execute a series of instruction operations in the storage medium 1220 on the server 1200. The Server 1200 may also include one or more power supplies 1260, one or more wired or wireless network interfaces 1250, one or more input/output interfaces 1240, and/or one or more operating systems 1221, such as a Windows Server ^TM,Mac OS X^TM,Unix^TM,Linux^TM,FreeBSD^TM, and the like.

The input-output interface 1240 may be used to receive or transmit data via a network. The specific example of the network described above may include a wireless network provided by a communication provider of the server 1200. In one example, the input/output interface 1240 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the input/output interface 1240 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.

It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 12 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, the server 1200 may also include more or fewer components than shown in fig. 12, or have a different configuration than shown in fig. 12.

The embodiment of the data authorization method, the device, the system, the equipment, the server or the storage medium based on the blockchain can be seen that the authorization contract information is obtained by signing the private key of the authorizing party, so that the anti-counterfeiting and open verification of the authorization process can be ensured, the authorization contract information is verified by utilizing the first intelligent contract deployed on the blockchain, the verification of the authorization of the user by other participating nodes on the blockchain can be realized, the user is authorized when the authorization data providing node provides the authorization data, the service party can obtain the data according to the authorization, the whole data authorization process is carried out by the blockchain, each operation of each participating node can be up-linked to the blockchain, the whole process of data obtained by each authorization can be traced back and cannot be tampered, and the safety of the user data is greatly improved.

It should be noted that: the sequence of the embodiments of the present application is only for description, and does not represent the advantages and disadvantages of the embodiments. And the foregoing description has been directed to specific embodiments of this specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for device and server embodiments, which are substantially similar to method embodiments, the description is relatively simple, and reference should be made to the description of method embodiments for relevant points.

Those of ordinary skill in the art will appreciate that all or a portion of the steps implementing the above embodiments may be implemented by hardware, or may be implemented by a program indicating that the relevant hardware is implemented, where the program may be stored on a computer readable storage medium, where the storage medium may be a read only memory, a magnetic disk or optical disk, etc.

The foregoing description of the preferred embodiments of the application is not intended to limit the application to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the application are intended to be included within the scope of the application.

Claims

1. A blockchain-based data authorization method applied to a first blockchain, the method comprising:

Acquiring authorization contract information, wherein the authorization contract information is generated by an authorized party based on associated authorization information of signing a target service by a second private key; the target business is a service provided by a service party to the authorized party; the second private key is a private key applied by an authorized node corresponding to the authorized party in the first blockchain for identifying the identity of the authorized party; the authorization contract information carries first appointed synchronous information, the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node corresponding to an authorization data provider, the authorization data provider is a data provider which is related to the process of providing service for the authorization party by the service and needs data provided by a third party, the authorization data providing node is a blockchain node of the authorization data provider in a second blockchain, and the second blockchain is an upper layer blockchain of the first blockchain;

Transmitting the authorization contract information to the authorization data providing node based on the first specified synchronization information, so that the authorization data providing node calls a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information, and the calling the first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information comprises the following steps: acquiring a first public key and service identification information of a service node corresponding to the service party from the first blockchain; performing identity verification of a service node based on the first public key and service identification information of the service node acquired from the first blockchain and the first public key and service identification information of the service node in the authorization contract information; under the condition that the identity verification of the service node passes, verifying a service side signature in the authorization contract information by using a first public key of the service node, wherein the service side signature represents signature information of the service side on associated demand information of the target service; acquiring a second public key and service identification information of the authorized node from the first blockchain under the condition that the service side signature passes verification; performing identity verification of the authorization node based on the second public key and service identification information of the authorization node obtained from the first blockchain and the second public key and service identification information of the authorization node in the authorization contract information; under the condition that the identity verification of the authorization node passes, verifying an authorization party signature in the authorization contract information by using a second public key of the authorization node, wherein the authorization party signature represents signature information of the authorization party on the associated authorization information; under the condition that the signature of the authorized party passes the verification, carrying out contract validity verification based on the contract validity period in the authorized contract information; under the condition that the contract validity check passes, determining that the authorization verification passes;

Receiving authorization data corresponding to the authorization contract information sent by the authorization data providing node under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node in the second blockchain;

2. The method of claim 1, wherein the authorization contract information further carries third designation synchronization information for designating synchronization of the authorization contract information to a supervising node; the method further comprises the steps of:

3. The method according to claim 1, wherein the method further comprises:

4. A method according to any one of claims 1 to 3, wherein said obtaining authorization contract information comprises:

receiving authorization contract information sent by the service node;

Or alternatively, the first and second heat exchangers may be,

5. A blockchain-based data authorization method, the method being applied to an authorization data providing node, the method comprising:

Acquiring authorization contract information from a first blockchain, wherein the authorization contract information is generated by an authorizer based on associated authorization information of a target service signed by a second private key; the target business is a service provided by a service party to the authorized party; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party; the authorization contract information carries first appointed synchronous information, the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node corresponding to an authorization data providing party, the authorization data providing party is a data providing party which is involved in the process of providing service for the authorization party by the service and needs data provided by a third party, the authorization data providing node is a blockchain node of the authorization data providing party in a second blockchain, and the second blockchain is an upper layer blockchain of the first blockchain;

Invoking a first intelligent contract on the first blockchain to perform authorization verification on the authorization contract information; the invoking the first smart contract on the first blockchain to authorize verification of the authorization contract information includes: acquiring a first public key and service identification information of a service node corresponding to the service party from the first blockchain; performing identity verification of a service node based on the first public key and service identification information of the service node acquired from the first blockchain and the first public key and service identification information of the service node in the authorization contract information; under the condition that the identity verification of the service node passes, verifying a service side signature in the authorization contract information by using a first public key of the service node, wherein the service side signature represents signature information of the service side on associated demand information of the target service; acquiring a second public key and service identification information of the authorized node from the first blockchain under the condition that the service side signature passes verification; performing identity verification of the authorization node based on the second public key and service identification information of the authorization node obtained from the first blockchain and the second public key and service identification information of the authorization node in the authorization contract information; under the condition that the identity verification of the authorization node passes, verifying an authorization party signature in the authorization contract information by using a second public key of the authorization node, wherein the authorization party signature represents signature information of the authorization party on the associated authorization information; under the condition that the signature of the authorized party passes the verification, carrying out contract validity verification based on the contract validity period in the authorized contract information; under the condition that the contract validity check passes, determining that the authorization verification passes;

Transmitting authorization data corresponding to the authorization contract information to the first blockchain under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node in the second blockchain; such that the first blockchain sends the authorization data to the serving node based on the second specified synchronization information.

6. A blockchain-based data authorization method, the method comprising:

acquiring authorization contract information, wherein the authorization contract information is generated by an authorized party based on associated authorization information of signing a target service by a second private key; the target business is a service provided by a service party to the authorized party; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party;

Transmitting the authorization contract information to the first blockchain, wherein the authorization contract information carries first appointed synchronous information, the first appointed synchronous information is used for appointing an authorization data providing node corresponding to an authorization data provider for synchronizing the authorization contract information, the authorization data provider is a data provider which is related to the process of providing services for the authorization provider by the service and needs data provided by a third party, the authorization data providing node is a blockchain node of the authorization data provider in a second blockchain, and the second blockchain is an upper layer blockchain of the first blockchain; causing the first blockchain to send the authorization contract information to the authorization data providing node based on the first specified synchronization information; the authorization data providing node calls a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information, and sends authorization data corresponding to the authorization contract information to the first blockchain when the authorization verification is passed, wherein the authorization data carries second appointed synchronous information which is used for appointing to synchronize the authorization data to a service node in the second blockchain; the invoking the first smart contract on the first blockchain to authorize verification of the authorization contract information includes: acquiring a first public key and service identification information of the service node corresponding to the service party from the first blockchain; performing identity verification of a service node based on the first public key and service identification information of the service node acquired from the first blockchain and the first public key and service identification information of the service node in the authorization contract information; under the condition that the identity verification of the service node passes, verifying a service side signature in the authorization contract information by using a first public key of the service node, wherein the service side signature represents signature information of the service side on associated demand information of the target service; acquiring a second public key and service identification information of the authorized node from the first blockchain under the condition that the service side signature passes verification; performing identity verification of the authorization node based on the second public key and service identification information of the authorization node obtained from the first blockchain and the second public key and service identification information of the authorization node in the authorization contract information; under the condition that the identity verification of the authorization node passes, verifying an authorization party signature in the authorization contract information by using a second public key of the authorization node, wherein the authorization party signature represents signature information of the authorization party on the associated authorization information; under the condition that the signature of the authorized party passes the verification, carrying out contract validity verification based on the contract validity period in the authorized contract information; under the condition that the contract validity check passes, determining that the authorization verification passes;

The authorization data sent by the first blockchain based on the second designated synchronization information is received.

7. A blockchain-based data authorization system, the system comprising: a first blockchain, a service node, an authorization data providing node;

The first blockchain is used for acquiring authorization contract information, wherein the authorization contract information is generated by an authorized party based on associated authorization information of signing a target service by a second private key; the target business is a service provided by a service party to the authorized party; the authorization contract information carries first appointed synchronous information, the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node corresponding to an authorization data provider, the authorization data provider is a data provider which is related to the process of providing service for the authorization party by the service and needs data provided by a third party, the authorization data providing node is a blockchain node of the authorization data provider in a second blockchain, and the second blockchain is an upper layer blockchain of the first blockchain; the first blockchain is used for sending the authorization contract information to the authorization data providing node based on the first appointed synchronous information; transmitting authorization data to the service node corresponding to the service party based on second designated synchronization information;

The authorization data providing node is used for calling a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information; and sending authorization data corresponding to the authorization contract information to the first blockchain when authorization verification is passed, wherein the authorization data carries second designated synchronization information, and the second designated synchronization information is used for designating that the authorization data is synchronized to the service node in the second blockchain; the invoking the first smart contract on the first blockchain to authorize verification of the authorization contract information includes: obtaining a first public key and service identification information of the service node from the first blockchain; and performing identity verification of a service node based on the first public key and service identification information of the service node corresponding to the service party obtained from the first blockchain and the first public key and service identification information of the service node in the authorization contract information; and verifying a service side signature in the authorization contract information by using a first public key of the service node under the condition that the identity verification of the service node is passed, wherein the service side signature represents signature information of the service side on associated demand information of the target service; and the second public key and the service identification information of the authorization node are obtained from the first blockchain under the condition that the signature of the service party passes verification; and performing identity verification of the authorizing node based on the second public key and service identification information of the authorizing node obtained from the first blockchain and the second public key and service identification information of the authorizing node in the authorizing contract information; and verifying an authorizer signature in the authorization contract information by using a second public key of the authorizing node under the condition that the identity verification of the authorizing node is passed, wherein the authorizer signature represents signature information of the authorizer on the associated authorization information; and the method is used for checking the validity of the contract based on the contract validity period in the authorization contract information under the condition that the signature of the authorized party passes the check; under the condition that the contract validity check passes, determining that the authorization verification passes;

8. The system of claim 7, wherein the system further comprises: monitoring nodes; the authorization contract information also carries third appointed synchronous information, and the third appointed synchronous information is used for appointing to synchronize the authorization contract information to the supervision node;

9. A blockchain-based data authorization device, the device disposed in a first blockchain, the device comprising:

The first authorization contract information acquisition module is used for acquiring authorization contract information, wherein the authorization contract information is generated by an authorized party based on the associated authorization information of the second private key signing target service; the target business is a service provided by a service party to the authorized party; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party; the authorization contract information carries first appointed synchronous information, the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node corresponding to an authorization data provider, the authorization data provider is a data provider which is related to the process of providing service for the authorization party by the service and needs data provided by a third party, the authorization data providing node is a blockchain node of the authorization data provider in a second blockchain, and the second blockchain is an upper layer blockchain of the first blockchain;

A first authorization contract information sending module, configured to send the authorization contract information to the authorization data providing node based on the first specified synchronization information, so that the authorization data providing node invokes a first intelligent contract on the first blockchain to perform authorization verification on the authorization contract information, where invoking the first intelligent contract on the first blockchain to perform authorization verification on the authorization contract information includes: acquiring a first public key and service identification information of a service node corresponding to the service party from the first blockchain; performing identity verification of a service node based on the first public key and service identification information of the service node acquired from the first blockchain and the first public key and service identification information of the service node in the authorization contract information; under the condition that the identity verification of the service node passes, verifying a service side signature in the authorization contract information by using a first public key of the service node, wherein the service side signature represents signature information of the service side on associated demand information of the target service; acquiring a second public key and service identification information of the authorized node from the first blockchain under the condition that the service side signature passes verification; performing identity verification of the authorization node based on the second public key and service identification information of the authorization node obtained from the first blockchain and the second public key and service identification information of the authorization node in the authorization contract information; under the condition that the identity verification of the authorization node passes, verifying an authorization party signature in the authorization contract information by using a second public key of the authorization node, wherein the authorization party signature represents signature information of the authorization party on the associated authorization information; under the condition that the signature of the authorized party passes the verification, carrying out contract validity verification based on the contract validity period in the authorized contract information; under the condition that the contract validity check passes, determining that the authorization verification passes;

The first authorization data receiving module is used for receiving authorization data corresponding to the authorization contract information sent by the authorization data providing node under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node in the second blockchain;

10. The apparatus of claim 9, wherein the authorization contract information further carries third designation synchronization information for designating synchronization of the authorization contract information to a supervising node; the apparatus further comprises:

11. The apparatus of claim 9, wherein the apparatus further comprises:

12. The apparatus according to any one of claims 9 to 11, wherein the first authorization contract information acquisition module includes:

Or alternatively, the first and second heat exchangers may be,

13. A blockchain-based data authorization device, the device being disposed at an authorization data providing node, the device comprising:

The second authorization contract information acquisition module is used for acquiring authorization contract information from the first blockchain, wherein the authorization contract information is generated by an authorizer based on the associated authorization information of the second private key signing target service; the target business is a service provided by a service party to the authorized party; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party; the authorization contract information carries first appointed synchronous information, the first appointed synchronous information is used for appointing to synchronize the authorization contract information to an authorization data providing node corresponding to an authorization data provider, the authorization data provider is a data provider which is related to the process of providing service for the authorization party by the service and needs data provided by a third party, the authorization data providing node is a blockchain node of the authorization data provider in a second blockchain, and the second blockchain is an upper layer blockchain of the first blockchain;

The authorization verification module is used for calling a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information; the authorization verification module comprises: a first information obtaining unit, configured to obtain, from the first blockchain, a first public key and service identification information of a service node corresponding to the service party; a first identity verification unit, configured to perform identity verification of a service node based on a first public key and service identification information of the service node obtained from the first blockchain, and the first public key and service identification information of the service node in the authorization contract information; a server signature verification unit, configured to verify, with a first public key of the service node, a server signature in the authorization contract information, where the server signature represents signature information of the server on associated requirement information of the target service, where the identity verification of the service node is passed; a second information obtaining unit, configured to obtain, from the first blockchain, a second public key of the authorization node and service identification information if the server signature passes verification; the second identity verification unit is used for verifying the identity of the authorization node based on the second public key and service identification information of the authorization node, which are acquired from the first blockchain, and the second public key and service identification information of the authorization node in the authorization contract information; an authorizer signature checking unit, configured to check an authorizer signature in the authorization contract information by using a second public key of the authorizing node, where the authorizer signature characterizes signature information of the authorizer on the associated authorization information, when the identity check of the authorizing node passes; a contract validity verification unit, configured to perform contract validity verification based on a contract validity period in the authorization contract information when the authorization party signature passes verification; under the condition that the contract validity check is passed, determining that the authorization verification is passed;

The second authorization data sending module is used for sending authorization data corresponding to the authorization contract information to the first blockchain under the condition that authorization verification is passed, wherein the authorization data carries second appointed synchronous information, and the second appointed synchronous information is used for appointing to synchronize the authorization data to the service node in the second blockchain; such that the first blockchain sends the authorization data to the serving node based on the second specified synchronization information.

14. A blockchain-based data authorization device, the device comprising:

the second authorization contract information acquisition module is used for acquiring authorization contract information, wherein the authorization contract information is generated by an authorized party based on the associated authorization information of the second private key signing target service; the target business is a service provided by a service party to the authorized party; the second private key is a private key applied by an authorized node corresponding to the authorized party in a first blockchain for identifying the identity of the authorized party;

A third authorization contract information sending module, configured to send the authorization contract information to the first blockchain, where the authorization contract information carries first specified synchronization information, where the first specified synchronization information is used to specify an authorization data providing node corresponding to an authorization data provider for synchronizing the authorization contract information with the authorization data provider, where the authorization data provider is a data provider that needs data provided by a third party and is involved in a process of providing services to the authorization provider, and the authorization data providing node is a blockchain node of the authorization data provider in a second blockchain, and the second blockchain is an upper layer blockchain of the first blockchain; causing the first blockchain to send the authorization contract information to the authorization data providing node based on the first specified synchronization information; the authorization data providing node calls a first intelligent contract on the first blockchain to conduct authorization verification on the authorization contract information, and sends authorization data corresponding to the authorization contract information to the first blockchain when the authorization verification is passed, wherein the authorization data carries second appointed synchronous information which is used for appointing to synchronize the authorization data to a service node in the second blockchain; the invoking the first smart contract on the first blockchain to authorize verification of the authorization contract information includes: acquiring a first public key and service identification information of the service node corresponding to the service party from the first blockchain; performing identity verification of a service node based on the first public key and service identification information of the service node acquired from the first blockchain and the first public key and service identification information of the service node in the authorization contract information; under the condition that the identity verification of the service node passes, verifying a service side signature in the authorization contract information by using a first public key of the service node, wherein the service side signature represents signature information of the service side on associated demand information of the target service; acquiring a second public key and service identification information of the authorized node from the first blockchain under the condition that the service side signature passes verification; performing identity verification of the authorization node based on the second public key and service identification information of the authorization node obtained from the first blockchain and the second public key and service identification information of the authorization node in the authorization contract information; under the condition that the identity verification of the authorization node passes, verifying an authorization party signature in the authorization contract information by using a second public key of the authorization node, wherein the authorization party signature represents signature information of the authorization party on the associated authorization information; under the condition that the signature of the authorized party passes the verification, carrying out contract validity verification based on the contract validity period in the authorized contract information; under the condition that the contract validity check passes, determining that the authorization verification passes;

and the second authorization data receiving module is used for receiving the authorization data sent by the first blockchain based on the second specified synchronization information.

15. A blockchain-based data authorization device, characterized in that the device comprises a processor and a memory, in which at least one instruction or at least one program is stored, which is loaded and executed by the processor to implement the blockchain-based data authorization method according to any of claims 1 to 6.

16. A computer readable storage medium having stored therein at least one instruction or at least one program, the at least one instruction or the at least one program loaded and executed by a processor to implement the blockchain-based data authorization method of any of claims 1 to 6.

17. A computer program product, characterized in that it comprises computer instructions stored in a computer readable storage medium, from which computer instructions a processor of a computer device reads, the processor executing the computer instructions, causing the computer device to perform the blockchain-based data authorization method according to any of claims 1 to 6.