CN112329065A - Dynamic authority management method, device, terminal and storage medium for block chain nodes - Google Patents
Dynamic authority management method, device, terminal and storage medium for block chain nodes Download PDFInfo
- Publication number
- CN112329065A CN112329065A CN202011280616.0A CN202011280616A CN112329065A CN 112329065 A CN112329065 A CN 112329065A CN 202011280616 A CN202011280616 A CN 202011280616A CN 112329065 A CN112329065 A CN 112329065A
- Authority
- CN
- China
- Prior art keywords
- authority
- node
- nodes
- target node
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a dynamic authority management method, a device, a terminal and a storage medium for block link points, wherein the method comprises the following steps: configuring the authority for a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node. Therefore, by adopting the embodiment of the application, the authority is configured for the nodes in the block chain network through the preset authority configuration rule, so that the authority information is uniformly managed, the use operation of a user is simplified, and the development and maintenance cost caused by repeatedly developing the authority management module is further reduced.
Description
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to a method, an apparatus, a terminal, and a storage medium for managing dynamic permissions of block link points.
Background
Before accessing different application systems, a user needs to acquire the access authority of each application system, and after acquiring the access authority of a certain application system, the user accesses the application system.
Currently, each existing application system generally adopts a respective independent authority module, and each system distributes different access certificates for users; moreover, each system adopts an independent encryption system, and the authority module of each system needs to be repeatedly developed and regularly maintained and upgraded. In addition, the authority module of the existing system stores the authority information in media such as independent databases, and each authority system needs to pay extra cost for the reliability of data.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a method, an apparatus, a terminal and a storage medium for managing dynamic rights of block link nodes in order to overcome the drawbacks of the prior art.
A dynamic authority management method for a block chain node comprises the following steps: configuring the authority for a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node.
In one embodiment, the obtaining of the priorities corresponding to the plurality of nodes of the configuration right includes: calculating respective contribution degrees of the configured plurality of nodes in the current block chain network; and determining the priorities corresponding to the plurality of nodes based on the contribution degrees.
In one embodiment, the attribute information carries a history identifier and/or a new identifier.
In one embodiment, the preset authority configuration rule includes a first level authority, a second level authority and a third level authority, wherein the first level authority is greater than the second level authority and is greater than the third level authority; the executing the authority operation corresponding to the target node based on the attribute information of the target node comprises: when the attribute information of the target node carries the history identification, determining the target node as a history node and loading the operation authority of the history node; executing the operation authority of the historical node; when the attribute information of the target node carries the newly added identification, determining the target node as a newly added node and loading the operation authority of the newly added node; when the operation authority of the newly added node belongs to the first level authority, starting user identity verification and authority verification corresponding to the newly added node; and when the user identity authentication and the authority authentication pass, starting the operation authority of the newly added node.
In one embodiment, after the performing the authority operation corresponding to the target node based on the attribute information of the target node, the method further includes: and when the node without the operation authority started exists in the front block chain network, determining the node without the operation authority started, and continuously executing the step of acquiring the target node based on the priority order.
In one embodiment, the operation authority of the newly added node comprises an adding authority, a modifying authority and a querying authority; the starting of the user identity verification and the authority verification corresponding to the newly added node comprises the following steps: configuring a preset first verification strategy aiming at the adding authority, and loading a first verification flow corresponding to the first verification strategy; configuring a preset second verification strategy aiming at the modification authority, and loading a second verification process corresponding to the second verification strategy; configuring a preset third verification strategy aiming at the inquiry authority, and loading a third verification process corresponding to the third verification strategy; and starting user identity verification and authority verification corresponding to the newly added node based on the verification process.
In one embodiment, the starting of the user identity verification and the authority verification corresponding to the newly added node based on the verification process includes: decoding a request message carried by the newly added node and then acquiring operation information in the request, wherein the operation information at least comprises a user address initiated by the request, an authority level, an adding authority and a timestamp; verifying whether the user address is legal or not, and determining whether the permission levels are matched or not when the user address is a legal user; and when the authority levels are matched, packaging the adding authority and the user address and writing the packaged adding authority and the user address into a node at a preset position in the current block chain network.
A device for dynamic rights management of block link points, the device comprising: the authority configuration module is used for configuring the authorities of a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule; the target node acquisition module is used for acquiring priorities corresponding to the plurality of nodes of the configuration authority and acquiring target nodes based on the priority order; and the authority operation executing module is used for acquiring the attribute information of the target node and executing the authority operation corresponding to the target node based on the attribute information of the target node.
A terminal comprising a memory and a processor, the memory having stored therein computer readable instructions which, when executed by the processor, cause the processor to perform the steps of the above-described method of dynamic rights management of blockchain nodes.
A storage medium having stored thereon computer-readable instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of the above-described method of dynamic rights management for blockchain nodes.
According to the dynamic authority management method, device, terminal and storage medium for the blockchain nodes, the dynamic authority management device for the blockchain nodes firstly configures authority for a plurality of nodes in a current blockchain network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node. Because the authority is configured for the nodes in the block chain network through the preset authority configuration rule, the authority information is uniformly managed, the use operation of a user is simplified, and the development and maintenance cost caused by repeatedly developing the authority management module is further reduced.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
Fig. 1 is an implementation environment diagram of a dynamic rights management method for a blockchain node according to an embodiment of the present application;
fig. 2 is a schematic diagram of an internal structure of a terminal according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating a method for dynamic rights management of block link points according to an embodiment of the present application;
fig. 4 is a schematic diagram of another method for dynamic rights management of blockchain nodes according to an embodiment of the present application;
fig. 5 is a schematic diagram of another method for dynamic rights management of blockchain nodes according to an embodiment of the present application;
FIG. 6 is a schematic diagram of an apparatus for dynamic rights management of block link points according to an embodiment of the present disclosure;
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It will be understood that, as used herein, the terms "first," "second," and the like may be used herein to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish one element from another.
Fig. 1 is a diagram illustrating an implementation environment of a block link point dynamic rights management method according to an embodiment, as shown in fig. 1, in the implementation environment, including a server 110 and a block chain 120.
The server 110 is a server device, for example, a server device for dynamic rights management of block link nodes, and a dynamic rights management tool for the block link nodes is installed on the server 110. The block chain 120 is provided with a plurality of nodes formed by peer-to-peer network connection, and is used for respectively storing blocks including recorded data and linking the blocks to form a block chain, when dynamic authority management of the block chain nodes is required, the server 110 firstly configures authority for a plurality of nodes in the current block chain 120 network one by one according to a preset authority configuration rule, the server 110 then acquires priorities corresponding to the plurality of nodes configured with authority and acquires target nodes based on the priority level and the low order, and the server 110 finally acquires attribute information of the target nodes and executes authority operation corresponding to the target nodes based on the attribute information of the target nodes.
It should be noted that the server 110 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, etc., but is not limited thereto. The server 110 and the blockchain 120 may be connected through bluetooth, USB (Universal Serial Bus), or other communication connection methods, which is not limited herein.
Fig. 2 is a schematic diagram of an internal structure of the terminal in one embodiment. As shown in fig. 2, the terminal includes a processor, a nonvolatile storage medium, a memory, and a network interface connected through a system bus. The nonvolatile storage medium of the terminal stores an operating system, a database and computer readable instructions, the database can store control information sequences, and the computer readable instructions can enable the processor to realize a dynamic authority management method of block link points when being executed by the processor. The processor of the terminal is used to provide computing and control capabilities to support the operation of the entire terminal. The memory of the terminal may have stored therein computer readable instructions that, when executed by the processor, cause the processor to perform a method for dynamic rights management for block-linked nodes. The network interface of the terminal is used for connecting and communicating with the terminal. Those skilled in the art will appreciate that the configuration shown in fig. 2 is a block diagram of only a portion of the configuration associated with the present application and does not constitute a limitation on the terminal to which the present application is applied, and that a particular terminal may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
The following describes in detail a dynamic rights management method for a blockchain node according to an embodiment of the present application with reference to fig. 3 to 5. The method may be implemented in dependence on a computer program, operable on a dynamic rights management device based on a blockchain node of the von neumann architecture. The computer program may be integrated into the application or may run as a separate tool-like application.
Referring to fig. 3, a flowchart of a dynamic rights management method for block link points is provided according to an embodiment of the present application. As shown in fig. 3, the method of the embodiment of the present application may include the following steps:
s101, configuring the authority for a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule;
the block chain is a shared database, and the data or information stored in the shared database has the characteristics of unforgeability, whole-course trace, traceability, public transparency, collective maintenance and the like.
In the embodiment of the application, when updating is performed through a dynamic authority management device of a block chain node, the device firstly determines a node to be voted from each node in a current block chain network, then sends a voting invitation to other nodes except the node to be voted in the current block chain network for voting, generates a voting result of the node to be voted, then judges whether each node in the current block chain network has a respective voting result, and generates the voting result of each node when each node has the respective voting result.
It should be noted that the higher the voting result is, the higher the authority configured for the node in the current block chain network is.
In a possible implementation manner, after the voting results of each node are obtained, a preset authority configuration rule is loaded, the preset authority configuration rule includes a first-level authority, a second-level authority and a third-level authority, the voting results smaller than a first preset threshold are obtained from the voting results of each node, then the voting results larger than a second preset threshold are obtained, finally, the first-level authority is configured for the nodes in the voting results larger than the second preset threshold, then the second-level authority is configured for the nodes in the voting results larger than or equal to the first preset threshold and smaller than or equal to the second preset threshold, and then the third-level authority is configured for the nodes in the voting results smaller than the first preset threshold. And the second preset threshold is greater than the first preset threshold.
Specifically, the preset authority configuration rule can configure the authority into three levels, the authority function of the node at the first level is to add, delete and search user authority information and transmit commands and data to other nodes, the authority function of the node at the second level is to inquire the authority information and send the commands and data to other nodes, and the authority function of the node at the third level is to store system data and view partial operation results. Wherein the first level is greater than the second level is greater than the third level.
For example, when nodes in the front blockchain network are a, b, c, d, e and f, a, b, c, d, e and f are voted respectively, when a is voted, b, c, d, e and f are invited to vote for a, and the votes are circularly voted in sequence, so that a, b, c, d, e and f respectively have own voting data, for example, the vote of a is 2 votes, the vote of b is 5 votes, the vote of c is 3 votes, the vote of d is 3 votes, the vote of e is 4 votes, and the vote of f is 1 vote. After voting is finished, loading preset authority configuration rules into a first-level authority, a second-level authority and a third-level authority, selecting nodes larger than 3 votes as b and e, selecting nodes smaller than 3 votes as a and f, and selecting nodes equal to 3 votes as c and d. Thus, nodes b and e are configured with a first level of authority, nodes c and d are configured with a second level of authority, and nodes a and f are configured with a first level of authority. Therefore, the authority operations of the nodes b and e are to add, delete and search user authority information and transmit commands and data to other nodes, the authority operations of the nodes c and d are to inquire the authority information and send the commands and data to other nodes, and the authority operations of the nodes a and f are to store system data and view partial operation results.
S102, acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order;
generally, when determining the priorities corresponding to the plurality of nodes, the respective contribution degrees of the plurality of nodes in the current blockchain network are first calculated, and then the priorities corresponding to the plurality of nodes are determined based on the contribution degrees. The contribution degree represents the contribution, the assumed task, the performance of the node itself and the like of each node in the block chain network.
Specifically, when the respective contribution degrees of the plurality of nodes in the current blockchain network are calculated. In a possible implementation manner, when calculating the contribution degree based on the contribution condition data, first obtaining multiple types of contribution condition data information of each node in the current block chain network, then performing scaling-down processing on the multiple types of contribution condition data of each node, performing scaling-up processing on a numerical value of the representation condition data, outputting a processed result after the numerical value of the representation condition data is used as an input of a set function (for example, the numerical value may be scaled-down after multi-root calculation), and using the output processed result as the contribution degree of each node. In another possible implementation manner, when the contribution degree is calculated according to a voting manner, broadcast is first performed to each node in the current block chain to send out an invitation for voting by other nodes except the node of the node, so that each node starts to vote for other nodes in the block chain respectively to obtain a voting result corresponding to each block in the current block chain network, and the voting result is generated and then used as the contribution degree of each node.
When it needs to be explained, the rules of voting include, but are not limited to, the transaction times of the node to be voted, which are obtained by the current node, the time for joining the network, the transaction amount of the node, the number of times for obtaining the accounting right, and the like, for example, the transaction times reaches 10 times plus one minute, and the current block chain is joined plus one minute in a whole year; of course, some embodiments of the present application may also perform a deduction according to the voting rules as above, for example, a deduction of one for no transport block within a year.
Further, after the contribution degrees of the nodes are calculated, the contribution degrees of the nodes are arranged in a descending order, the priority order of the nodes is marked according to the sequence of the arrangement after the arrangement is finished, the node arranged at the first position is obtained as a target node after the marking is finished, and the priority of the node is the highest.
For example, the contribution degrees of the nodes a, b, c, d, e, and f are 36, 24, 75, 62, 12, and 44, respectively, after the nodes a, b, c, d, e, and f in the current block chain network are ranked in order of priority according to the contribution degree, if the priority of the node c is higher than the priority of the node d, the priority of the node f is higher than the priority of the node a, the priority of the node b is higher than the priority of the node e, the finally obtained target node is the node c.
According to the method and the device, contribution degree calculation, rating and judgment are carried out on each node from the time of adding in through a contribution degree mode, and the authority of each node member changing along with time is determined according to the rating and judgment results, so that the authority of each node is dynamic and can be adjusted in different application scenes.
S103, acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node.
Wherein, the attribute information of the target node carries the parameter of the node. For example, the attribute information carries a history identifier and/or a new identifier.
In a possible implementation manner, when the attribute information of the target node carries the history identifier, the target node is determined to be the history node, the operation authority of the history node is loaded, and finally the operation authority of the history node is executed.
For example, if the target node is any existing node in the blockchain network, the authority configured for the target node in advance is directly acquired, and in a specific application scenario, the authority configured for the target node in advance may be a first-level authority, and at this time, the node has the functions of: adding, deleting and searching user authority information, and transmitting commands and data to other nodes; or, the preset authority for the target node is the authority of the second level, at this time, the node has the functions of: inquiring authority information, and sending commands and data to other nodes; or, the authority preconfigured for the target node is the authority of the third level, at this time, the node has the functions of: and system data is saved, and partial operation results can be viewed.
In another possible implementation manner, when the attribute information of the target node carries a new identifier, determining that the target node is a new node and loading the operation authority of the new node, then judging that the target node belongs to the authority operation of the level in the preset configuration authority rule, when the operation authority of the new node belongs to the first level authority, starting user identity authentication and authority authentication corresponding to the new node, and when the user identity authentication and authority authentication pass, starting the operation authority of the new node, wherein the operation authority of the new node comprises an addition authority, a modification authority and a query authority; .
Further, when user identity authentication and permission authentication corresponding to the newly added node are started, a first authentication strategy is preset for the added permission configuration, a first authentication flow corresponding to the first authentication strategy is loaded, a second authentication strategy is preset for the modified permission configuration, a second authentication flow corresponding to the second authentication strategy is loaded, a third authentication strategy is preset for the inquiry permission configuration, a third authentication flow corresponding to the third authentication strategy is loaded, and user identity authentication and permission authentication corresponding to the newly added node are started based on the authentication flows.
Further, when user identity authentication and permission authentication corresponding to the newly added node are started based on an authentication process, firstly, decoding a request message carried by the newly added node and then acquiring operation information in the request, wherein the operation information at least comprises a user address, a permission level, an addition permission and a timestamp initiated by the request, then, verifying whether the user address is legal, determining whether the permission levels are matched when the user address is a legal user, finally, judging whether the permission levels are matched, and when the permission levels are matched, packaging the addition permission and the user address and then writing the packaged addition permission and user address into a node at a preset position in a front area block chain network.
Specifically, when performing the verification, step a 1: decoding the information of the application message, and acquiring operation information in the request, wherein variables related to the operation information can be an address of an initiating user of the request, authority level, newly-added authority information, a timestamp and the like; step a 2: verifying the identity information of the initiating user, namely judging whether the provided initiating user address is legal or not; if the user is a legal user, performing step a 3; step a 3: judging whether the permission levels of the initiating users are matched, namely: whether the current user grade has the operation authority of the newly-added authority information, if so, entering a 4; step a 4: packaging the newly-added authority information carried in the message and the identity information of the initiating user, and preparing to write the newly-added authority information and the identity information of the initiating user into a node at a preset position of a block chain after the packaging is finished; step a 5: synchronously storing the newly added authority information in the node at the preset position; in an actual application scenario, the nodes, the corresponding new permission information, the positions of the nodes in the block chain, and other information may be written into the block chain in a one-to-one correspondence manner for storage, so as to ensure non-tampering property.
For example, if the current application scenario is a signed application scenario, the requirement on data security is high, the highest authority configured for the user is the query authority, and the user only has a query function, so that the process of verifying the query authority information can be carried out; if the current application scenario is an application scenario of transmitting a large amount of data, the requirement on data security is not high, but the efficiency of transmitting data needs to be considered, the right that can be configured for the user at this time may be: adding new authority information, so that a user can consider the newly added block to be accessed into a block chain according to the total amount of data stored in each block, and the verification process of the newly added authority information needs to be carried out at this time; therefore, the authority of each node can be dynamically configured according to the requirements of different application scenes, and the authority of each node can be dynamically managed.
Further, when a node without the operation authority started exists in the front block chain network, the node without the operation authority started is determined, the step of obtaining the target node based on the priority level sequence is continuously executed, and a new target node is continuously obtained for authority management.
In the embodiment of the application, a dynamic authority management device firstly configures authorities for a plurality of nodes in a current block link network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node. Because the authority is configured for the nodes in the block chain network through the preset authority configuration rule, the authority information is uniformly managed, the use operation of a user is simplified, and the development and maintenance cost caused by repeatedly developing the authority management module is further reduced.
Referring to fig. 5, fig. 5 is a schematic flowchart illustrating another dynamic rights management method for a blockchain node according to an embodiment of the present disclosure. As shown in fig. 5, the method of the embodiment of the present application may include the following steps:
s201, configuring the authority to a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule;
s202, calculating respective contribution degrees of the plurality of nodes in the current block chain network;
s203, determining the priorities corresponding to the plurality of nodes based on the contribution degrees;
s204, acquiring target nodes based on the priority order;
s205, when the attribute information of the target node carries the history identifier, determining the target node as a history node and loading the operation authority of the history node;
s206, executing the operation authority of the history node;
s207, when the node without the operation authority started exists in the front block chain network, the node without the operation authority started is determined, and the step of obtaining the target node based on the priority order is continuously executed.
In the embodiment of the application, a dynamic authority management device firstly configures authorities for a plurality of nodes in a current block link network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node. Because the authority is configured for the nodes in the block chain network through the preset authority configuration rule, the authority information is uniformly managed, the use operation of a user is simplified, and the development and maintenance cost caused by repeatedly developing the authority management module is further reduced.
Referring to fig. 6, fig. 6 is a schematic flowchart of another dynamic rights management method for a blockchain node according to an embodiment of the present application. As shown in fig. 6, the method of the embodiment of the present application may include the following steps:
s301, configuring the authority to a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule;
s302, calculating respective contribution degrees of the plurality of nodes in the current block chain network;
s303, determining priorities corresponding to the plurality of nodes based on the contribution degrees;
s304, acquiring target nodes based on the priority order;
s305, when the attribute information of the target node carries the new identifier, determining the target node as a new node and loading the operation authority of the new node;
s306, the operation authority of the newly added node comprises an adding authority, a modifying authority and a query authority, a preset first verification strategy is configured aiming at the adding authority, and a first verification flow corresponding to the first verification strategy is loaded;
the verification strategy is a strategy parameter which is defined by a user in advance according to a verification process, and after the verification parameter is configured for a node in the current block chain network, the verification process corresponding to the verification parameter can be automatically loaded according to the verification parameter.
S307, configuring a preset second verification strategy aiming at the modification authority, and loading a second verification process corresponding to the second verification strategy;
s308, configuring a preset third verification strategy aiming at the inquiry authority, and loading a third verification process corresponding to the third verification strategy;
s309, decoding the request message carried by the newly added node and then acquiring operation information in the request, wherein the operation information at least comprises a user address initiated by the request, an authority level, an adding authority and a timestamp;
s310, verifying whether the user address is legal or not, and determining whether the permission levels are matched or not when the user address is a legal user;
s311, when the authority levels are matched, the adding authority and the user address are packaged and written into a node at a preset position in a current block chain network;
s312, when the node without the operation authority started exists in the front block chain network, the node without the operation authority started is determined, and the step of obtaining the target node based on the priority order is continuously executed.
In the embodiment of the application, a dynamic authority management device firstly configures authorities for a plurality of nodes in a current block link network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node. Because the authority is configured for the nodes in the block chain network through the preset authority configuration rule, the authority information is uniformly managed, the use operation of a user is simplified, and the development and maintenance cost caused by repeatedly developing the authority management module is further reduced.
The following are embodiments of the apparatus of the present invention that may be used to perform embodiments of the method of the present invention. For details which are not disclosed in the embodiments of the apparatus of the present invention, reference is made to the embodiments of the method of the present invention.
Fig. 6 is a schematic structural diagram of a dynamic rights management apparatus for a blockchain node according to an exemplary embodiment of the present invention, which is applied to a server. The dynamic rights management system of the blockchain node may be implemented as all or part of the terminal in software, hardware, or a combination of both. The device 1 comprises an authority configuration module 10, a target node acquisition module 20 and an authority operation execution module 30.
The authority configuration module 10 is configured to configure authorities for a plurality of nodes in the current block link network one by one according to a preset authority configuration rule;
a target node obtaining module 20, configured to obtain priorities corresponding to the multiple nodes of the configuration authority, and obtain a target node based on the priority order;
and the permission operation executing module 30 is configured to acquire the attribute information of the target node, and execute a permission operation corresponding to the target node based on the attribute information of the target node.
It should be noted that, when the dynamic right management system of a block chain node provided in the foregoing embodiment executes the dynamic right management method of a block chain node, only the division of each functional module is illustrated, and in practical applications, the function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the embodiment of the dynamic permission management system for the block link node and the embodiment of the dynamic permission management method for the block link node provided in the above embodiments belong to the same concept, and details of implementation processes thereof are referred to in the embodiment of the method, and are not described herein again.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
In the embodiment of the application, a dynamic authority management device firstly configures authorities for a plurality of nodes in a current block link network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node. Because the authority is configured for the nodes in the block chain network through the preset authority configuration rule, the authority information is uniformly managed, the use operation of a user is simplified, and the development and maintenance cost caused by repeatedly developing the authority management module is further reduced.
In one embodiment, a terminal is provided, the terminal comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program: configuring the authority for a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node.
In one embodiment, when the processor executes the priorities corresponding to the plurality of nodes that acquire the configuration permission, the following steps are specifically executed: calculating respective contribution degrees of the configured plurality of nodes in the current block chain network; and determining the priorities corresponding to the plurality of nodes based on the contribution degrees.
In one embodiment, when executing the authority operation corresponding to the target node based on the attribute information of the target node, the processor specifically executes the following steps: when the attribute information of the target node carries the history identification, determining the target node as a history node and loading the operation authority of the history node; executing the operation authority of the historical node; when the attribute information of the target node carries the newly added identification, determining the target node as a newly added node and loading the operation authority of the newly added node; when the operation authority of the newly added node belongs to the first level authority, starting user identity verification and authority verification corresponding to the newly added node; and when the user identity authentication and the authority authentication pass, starting the operation authority of the newly added node.
In one embodiment, after executing the authority operation corresponding to the target node based on the attribute information of the target node, the processor further executes the following steps: and when the node without the operation authority started exists in the front block chain network, determining the node without the operation authority started, and continuously executing the step of acquiring the target node based on the priority order.
In an embodiment, when the processor performs the user identity authentication and the authority authentication corresponding to the new node, the processor specifically performs the following steps: configuring a preset first verification strategy aiming at the adding authority, and loading a first verification flow corresponding to the first verification strategy; configuring a preset second verification strategy aiming at the modification authority, and loading a second verification process corresponding to the second verification strategy; configuring a preset third verification strategy aiming at the inquiry authority, and loading a third verification process corresponding to the third verification strategy; and starting user identity verification and authority verification corresponding to the newly added node based on the verification process.
In one embodiment, when the processor performs the user identity authentication and the authority authentication corresponding to the new node started based on the authentication process, the following steps are specifically performed: decoding a request message carried by the newly added node and then acquiring operation information in the request, wherein the operation information at least comprises a user address initiated by the request, an authority level, an adding authority and a timestamp; verifying whether the user address is legal or not, and determining whether the permission levels are matched or not when the user address is a legal user; and when the authority levels are matched, packaging the adding authority and the user address and writing the packaged adding authority and the user address into a node at a preset position in the current block chain network. In one embodiment, a storage medium is provided that stores computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform the steps of: configuring the authority for a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node.
In one embodiment, when the processor executes the priorities corresponding to the plurality of nodes that acquire the configuration permission, the following steps are specifically executed: calculating respective contribution degrees of the configured plurality of nodes in the current block chain network; and determining the priorities corresponding to the plurality of nodes based on the contribution degrees.
In one embodiment, when executing the authority operation corresponding to the target node based on the attribute information of the target node, the processor specifically executes the following steps: when the attribute information of the target node carries the history identification, determining the target node as a history node and loading the operation authority of the history node; executing the operation authority of the historical node; when the attribute information of the target node carries the newly added identification, determining the target node as a newly added node and loading the operation authority of the newly added node; when the operation authority of the newly added node belongs to the first level authority, starting user identity verification and authority verification corresponding to the newly added node; and when the user identity authentication and the authority authentication pass, starting the operation authority of the newly added node.
In one embodiment, after executing the authority operation corresponding to the target node based on the attribute information of the target node, the processor further executes the following steps: and when the node without the operation authority started exists in the front block chain network, determining the node without the operation authority started, and continuously executing the step of acquiring the target node based on the priority order.
In an embodiment, when the processor performs the user identity authentication and the authority authentication corresponding to the new node, the processor specifically performs the following steps: configuring a preset first verification strategy aiming at the adding authority, and loading a first verification flow corresponding to the first verification strategy; configuring a preset second verification strategy aiming at the modification authority, and loading a second verification process corresponding to the second verification strategy; configuring a preset third verification strategy aiming at the inquiry authority, and loading a third verification process corresponding to the third verification strategy; and starting user identity verification and authority verification corresponding to the newly added node based on the verification process.
In one embodiment, when the processor performs the user identity authentication and the authority authentication corresponding to the new node started based on the authentication process, the following steps are specifically performed: decoding a request message carried by the newly added node and then acquiring operation information in the request, wherein the operation information at least comprises a user address initiated by the request, an authority level, an adding authority and a timestamp; verifying whether the user address is legal or not, and determining whether the permission levels are matched or not when the user address is a legal user; and when the authority levels are matched, packaging the adding authority and the user address and writing the packaged adding authority and the user address into a node at a preset position in the current block chain network.
In the embodiment of the application, a dynamic authority management device firstly configures authorities for a plurality of nodes in a current block link network one by one according to a preset authority configuration rule; acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order; and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node. Because the authority is configured for the nodes in the block chain network through the preset authority configuration rule, the authority information is uniformly managed, the use operation of a user is simplified, and the development and maintenance cost caused by repeatedly developing the authority management module is further reduced.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method for dynamic rights management of block link points, the method comprising:
configuring the authority for a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule;
acquiring priorities corresponding to the plurality of nodes of the configuration authority, and acquiring a target node based on the priority order;
and acquiring the attribute information of the target node, and executing the authority operation corresponding to the target node based on the attribute information of the target node.
2. The method of claim 1, wherein obtaining priorities corresponding to the plurality of nodes of the configuration right comprises:
calculating respective contribution degrees of the configured plurality of nodes in the current block chain network;
and determining the priorities corresponding to the plurality of nodes based on the contribution degrees.
3. The method according to claim 1, wherein the attribute information carries a history identifier and/or a new identifier.
4. The method according to claim 1 or 3, wherein the preset authority configuration rule comprises a first level authority, a second level authority and a third level authority, wherein the first level authority is greater than the second level authority and is greater than the third level authority;
the executing the authority operation corresponding to the target node based on the attribute information of the target node comprises:
when the attribute information of the target node carries the history identification, determining the target node as a history node and loading the operation authority of the history node;
executing the operation authority of the historical node; and
when the attribute information of the target node carries the newly added identification, determining the target node as a newly added node and loading the operation authority of the newly added node;
when the operation authority of the newly added node belongs to the first level authority, starting user identity verification and authority verification corresponding to the newly added node;
and when the user identity authentication and the authority authentication pass, starting the operation authority of the newly added node.
5. The method of claim 1, wherein after the performing the permission operation corresponding to the target node based on the attribute information of the target node, further comprises:
and when the node without the operation authority started exists in the front block chain network, determining the node without the operation authority started, and continuously executing the step of acquiring the target node based on the priority order.
6. The method of claim 4, wherein the operation rights of the newly added node include an addition right, a modification right and a query right;
the starting of the user identity verification and the authority verification corresponding to the newly added node comprises the following steps:
configuring a preset first verification strategy aiming at the adding authority, and loading a first verification flow corresponding to the first verification strategy;
configuring a preset second verification strategy aiming at the modification authority, and loading a second verification process corresponding to the second verification strategy;
configuring a preset third verification strategy aiming at the inquiry authority, and loading a third verification process corresponding to the third verification strategy;
and starting user identity verification and authority verification corresponding to the newly added node based on the verification process.
7. The method according to claim 6, wherein the initiating user identity verification and permission verification corresponding to the newly added node based on the verification process comprises:
decoding a request message carried by the newly added node and then acquiring operation information in the request, wherein the operation information at least comprises a user address initiated by the request, an authority level, an adding authority and a timestamp;
verifying whether the user address is legal or not, and determining whether the permission levels are matched or not when the user address is a legal user;
and when the authority levels are matched, packaging the adding authority and the user address and writing the packaged adding authority and the user address into a node at a preset position in the current block chain network.
8. An apparatus for dynamic rights management of block link points, the apparatus comprising:
the authority configuration module is used for configuring the authorities of a plurality of nodes in the current block chain network one by one according to a preset authority configuration rule;
the target node acquisition module is used for acquiring priorities corresponding to the plurality of nodes of the configuration authority and acquiring target nodes based on the priority order;
and the authority operation executing module is used for acquiring the attribute information of the target node and executing the authority operation corresponding to the target node based on the attribute information of the target node.
9. A terminal comprising a memory and a processor, the memory having stored therein computer readable instructions which, when executed by the processor, cause the processor to perform the steps of the method of dynamic rights management of blockchain nodes according to any one of claims 1 to 7.
10. A storage medium storing computer readable instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of the method for dynamic rights management of blockchain nodes according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011280616.0A CN112329065A (en) | 2020-11-16 | 2020-11-16 | Dynamic authority management method, device, terminal and storage medium for block chain nodes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011280616.0A CN112329065A (en) | 2020-11-16 | 2020-11-16 | Dynamic authority management method, device, terminal and storage medium for block chain nodes |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112329065A true CN112329065A (en) | 2021-02-05 |
Family
ID=74319208
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011280616.0A Pending CN112329065A (en) | 2020-11-16 | 2020-11-16 | Dynamic authority management method, device, terminal and storage medium for block chain nodes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112329065A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259352A (en) * | 2021-05-13 | 2021-08-13 | 深圳壹账通智能科技有限公司 | Block chain node safety monitoring method and device, computer equipment and storage medium |
| CN113626531A (en) * | 2021-09-03 | 2021-11-09 | 杭州复杂美科技有限公司 | Transaction packaging method, computer device and storage medium |
| CN117874733A (en) * | 2024-03-12 | 2024-04-12 | 北京营加品牌管理有限公司 | Transaction execution method and system |
-
2020
- 2020-11-16 CN CN202011280616.0A patent/CN112329065A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259352A (en) * | 2021-05-13 | 2021-08-13 | 深圳壹账通智能科技有限公司 | Block chain node safety monitoring method and device, computer equipment and storage medium |
| CN113626531A (en) * | 2021-09-03 | 2021-11-09 | 杭州复杂美科技有限公司 | Transaction packaging method, computer device and storage medium |
| CN117874733A (en) * | 2024-03-12 | 2024-04-12 | 北京营加品牌管理有限公司 | Transaction execution method and system |
| CN117874733B (en) * | 2024-03-12 | 2024-05-24 | 北京营加品牌管理有限公司 | Transaction execution method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040029B (en) | Method and apparatus for executing transactions in a blockchain | |
| CN112329065A (en) | Dynamic authority management method, device, terminal and storage medium for block chain nodes | |
| CN108280367B (en) | Data operation authority management method and device, computing equipment and storage medium | |
| CN108595157B (en) | Block chain data processing method, device, equipment and storage medium | |
| CN111343142B (en) | Data processing method and device based on block chain network and storage medium | |
| CN110661658B (en) | Node management method and device of block chain network and computer storage medium | |
| CN108710681B (en) | File acquisition method, device, equipment and storage medium | |
| CN111971943B (en) | Trusted platform module based prepaid access token for commercial IoT online services | |
| CN110866289B (en) | Block chain-based data processing method, device, server and storage medium | |
| CN110138767B (en) | Transaction request processing method, device, equipment and storage medium | |
| CN111124917B (en) | Method, device, equipment and storage medium for managing and controlling public test cases | |
| CN112837157A (en) | Method, device and system for registering and executing timing intelligent contract in block chain | |
| CN112837154A (en) | Method and device for registering and executing timing intelligent contract in block chain | |
| CN105119886A (en) | Account ownership determination method and device | |
| CN111709860A (en) | Homote advice processing method, device, equipment and storage medium | |
| CN111177703A (en) | Method and device for determining data integrity of operating system | |
| CN102314425B (en) | Data searching method and system | |
| KR20200115730A (en) | System and method for generating software whistlist using machine run | |
| CN113468276A (en) | Trusted data acquisition method and device of on-chain prediction machine and electronic equipment | |
| CN113094048A (en) | Data display rule determining method, display method, device, equipment and medium | |
| CN110457332B (en) | Information processing method and related equipment | |
| CN112948866A (en) | Data processing method, device and equipment and readable storage medium | |
| CN112487487A (en) | Authority management method, device, equipment and storage medium for member of block chain node | |
| CN117216758A (en) | Application security detection system and method | |
| CN112181599A (en) | Model training method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |