CN112468497B - Block chain terminal equipment authorization authentication method, device, equipment and storage medium - Google Patents

Block chain terminal equipment authorization authentication method, device, equipment and storage medium Download PDF

Info

Publication number
CN112468497B
CN112468497B CN202011351641.3A CN202011351641A CN112468497B CN 112468497 B CN112468497 B CN 112468497B CN 202011351641 A CN202011351641 A CN 202011351641A CN 112468497 B CN112468497 B CN 112468497B
Authority
CN
China
Prior art keywords
node
authorization
target terminal
terminal node
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011351641.3A
Other languages
Chinese (zh)
Other versions
CN112468497A (en
Inventor
秦丽霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202011351641.3A priority Critical patent/CN112468497B/en
Publication of CN112468497A publication Critical patent/CN112468497A/en
Application granted granted Critical
Publication of CN112468497B publication Critical patent/CN112468497B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Abstract

The application provides a block chain terminal device authorization authentication method, a block chain terminal device authorization authentication device and a block chain terminal device authorization authentication storage medium, and relates to the technical field of information security. The method comprises the following steps: the method comprises the steps that an authorization node receives an authorization authentication request sent by a target terminal node to be authenticated, wherein the authorization authentication request comprises a current feature code of the target terminal node, the target terminal node is a management node or a managed node, and the authorization node is a management node or a service node; the authorization node carries out authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of all the terminal nodes stored in the block chain system to obtain an authorization authentication result; and if the authorization authentication result is that the authorization authentication is passed, the authorization node allows the target terminal node to access the service data of the blockchain system. The method can effectively reduce the pressure of the service node for authorization and authentication and improve the efficiency of the authorization and authentication.

Description

Block chain terminal equipment authorization authentication method, device, equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for authorization authentication of a block chain terminal device.
Background
The blockchain is widely applied in various fields by means of characteristics of main body peer-to-peer, public transparency, secure communication, difficult tampering, multi-party consensus and the like. After the terminal equipment accesses the block chain, the operation of data in the block chain can be realized through authorized authentication. For example: the data transmission and the device parameter change are carried out.
In the prior art, when performing authorization authentication on an accessed terminal device, a blockchain system performs authorization authentication on each terminal device through a server cluster responsible for data processing of the whole blockchain system.
However, since the number of the terminal devices is large, the authorization authentication is performed through the service node, which causes a large load on the server, and thus causes a low authorization authentication efficiency of the terminal devices.
Disclosure of Invention
An object of the present application is to provide a method, an apparatus, a device, and a storage medium for authorization and authentication of a terminal device of a blockchain, so as to solve the problems of a larger authorization and authentication load and a lower authorization efficiency of a service node in a blockchain system in the prior art.
In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a method for authenticating terminal device authorization of a blockchain, which is applied to a blockchain system, where the blockchain system includes a service node and at least one terminal node group, each terminal node group includes at least one management node and at least one managed node, and each management node is used to manage at least one managed node; the method comprises the following steps:
an authorization node receives an authorization authentication request sent by a target terminal node to be authenticated, wherein the authorization authentication request comprises a current feature code of the target terminal node, the target terminal node is the management node or the managed node, and the authorization node is the management node or the service node;
the authorization node performs authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the block chain system to obtain an authorization authentication result;
and if the authorization authentication result is that the authorization authentication is passed, the authorization node allows the target terminal node to access the service data of the block chain system.
Optionally, if the authorized node is the serving node, the target terminal node is any terminal node in the at least one terminal node group.
Optionally, if the authorized node is the management node, the target end node is any managed node managed in an end node group to which the management node belongs.
Optionally, the authorizing node performs authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the blockchain system to obtain an authorization authentication result, including:
determining a target feature code of the target terminal node from each terminal node of the block chain system according to the identifier of the target terminal node;
comparing the current feature code of the target terminal node with the target feature code of the target terminal node;
and if the comparison result is consistent, determining that the authorization authentication result is that the authorization authentication is passed.
Optionally, after the authorization node allows the target terminal node to access the service data of the blockchain system, the method further includes:
the authorization node performs data operation processing on the target terminal node, wherein the data operation processing comprises the following steps: data transmission, operation parameter modification.
Optionally, the feature code is generated according to a feature parameter of the target terminal node, where the feature parameter includes at least one of the following information: the device parameter information of the target terminal node, and the characteristic information of the user associated with the target terminal node.
Optionally, the device parameter information of the target terminal node includes at least one of: hardware parameter information of the equipment, software environment parameter information of the equipment and use information of the equipment;
the characteristic information of the user associated with the target terminal node comprises at least one of the following information: biometric information of the user, behavioral characteristic information of the user.
Optionally, the method further comprises:
and the authorization node cancels the authorization of the target terminal node and forbids the target terminal node to access the service data of the block chain system.
In a second aspect, an embodiment of the present application further provides an apparatus for authorizing and authenticating a terminal device in a blockchain, which is applied to a blockchain system, where the blockchain system includes a serving node and at least one terminal node group, each terminal node group includes at least one management node and at least one managed node, and each management node is used to manage at least one managed node; the device comprises: the device comprises a receiving module, an authorization module and a data access module;
the receiving module is configured to receive, by an authorization node, an authorization authentication request sent by a target terminal node to be authenticated, where the authorization authentication request includes a current feature code of the target terminal node, the target terminal node is the management node or the managed node, and the authorization node is the management node or the service node;
the authorization module is used for the authorization node to perform authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the block chain system to obtain an authorization authentication result;
and the data access module is used for allowing the target terminal node to access the service data of the block chain system by the authorization node if the authorization authentication result is that the authorization authentication is passed.
Optionally, if the authorized node is the serving node, the target terminal node is any terminal node in the at least one terminal node group.
Optionally, if the authorized node is the management node, the target end node is any managed node managed in an end node group to which the management node belongs.
Optionally, the authorization module is specifically configured to determine, according to the identifier of the target terminal node, a target feature code of the target terminal node from each terminal node of the blockchain system; comparing the current feature code of the target terminal node with the target feature code of the target terminal node; and if the comparison result is consistent, determining that the authorization authentication result is that the authorization authentication is passed.
Optionally, the apparatus further comprises: a processing module;
the processing module is configured to perform data operation processing on the target terminal node by the authorization node, where the data operation processing includes: data transmission and operation parameter change.
Optionally, the feature code is generated according to a feature parameter of the target terminal node, where the feature parameter includes at least one of the following information: the device parameter information of the target terminal node, and the characteristic information of the user associated with the target terminal node.
Optionally, the device parameter information of the target terminal node includes at least one of: hardware parameter information of the equipment, software environment parameter information of the equipment and use information of the equipment;
the characteristic information of the user associated with the target terminal node comprises at least one of the following information: biometric information of the user, behavioral characteristic information of the user.
Optionally, the apparatus further comprises: an authorization cancellation module; the authorization canceling module is configured to cancel the authorization of the target terminal node by the authorization node, and prohibit the target terminal node from accessing the service data of the blockchain system.
In a third aspect, an embodiment of the present application provides an electronic device, including: a processor, a storage medium and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor and the storage medium communicating via the bus when the electronic device is operating, the processor executing the machine-readable instructions to perform the steps of the method for terminal device authorization authentication of a blockchain as provided in the first aspect.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps of the method for authenticating a terminal device in a blockchain as provided in the first aspect are performed.
The beneficial effect of this application is:
the application provides a method, a device, equipment and a storage medium for authorizing and authenticating a terminal device of a block chain, wherein the method comprises the following steps: an authorization node receives an authorization authentication request sent by a target terminal node to be authenticated, wherein the authorization authentication request comprises a current feature code of the target terminal node, the target terminal node is a management node or a managed node, and the authorization node is a management node or a service node; the authorization node performs authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the block chain system to obtain an authorization authentication result; and if the authorization authentication result is that the authorization authentication is passed, the authorization node allows the target terminal node to access the service data of the blockchain system. In the scheme, when the terminal node is authorized and authenticated, the authorization node can be a service node and also can be a management node authorized by the service node, so that the management node can bear the load of the authorization and authentication in the process of authorizing and authenticating each terminal node, the pressure of the authorization and authentication performed by the service node is effectively reduced, and the efficiency of the authorization and authentication is improved. In addition, the target feature code of the target terminal node is stored in the blockchain system, and the reliability of the target feature code of the target terminal node stored in the blockchain system is higher based on the characteristic that data on the blockchain is not changeable, so that the reliability of the authorization and authentication result is higher when authorization and authentication are performed according to the target feature code of the target terminal node stored in the blockchain system and the current feature code of the target terminal node.
Secondly, when the feature code of the terminal node is generated by using the feature parameters adopted in the embodiment, when any parameter changes, the generated current feature code of the terminal node is inconsistent with the target feature code of the terminal node stored in the blockchain system, so that when authorization authentication is performed, the authentication is unsuccessful, the tampered or illegally used terminal node is accurately identified, and the access to the service data in the blockchain system is not allowed. Therefore, the data security and reliability of the block chain system are improved to a certain extent.
In addition, the authorization node can also cancel the authorization of the target terminal node so as to avoid illegally accessing the service data in the blockchain system under the condition that the target terminal node is tampered, thereby improving the reliability and the safety of the blockchain system.
Drawings
To more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a block chain system according to an embodiment of the present disclosure;
fig. 2 is a first flowchart of a method for authenticating authorization of a terminal device in a block chain according to an embodiment of the present application;
fig. 3 is a second flowchart illustrating a method for authenticating authorization of a terminal device in a block chain according to an embodiment of the present application;
fig. 4 is a first schematic diagram of a terminal device authorization and authentication apparatus of a block chain according to an embodiment of the present application;
fig. 5 is a second schematic diagram of a terminal device authorization and authentication apparatus of a block chain according to an embodiment of the present application;
fig. 6 is a third schematic diagram of a terminal device authorization and authentication apparatus of a block chain according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it should be understood that the drawings in the present application are for illustrative and descriptive purposes only and are not used to limit the scope of protection of the present application. Additionally, it should be understood that the schematic drawings are not necessarily drawn to scale. The flowcharts used in this application illustrate operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be performed out of order, and steps without logical context may be performed in reverse order or simultaneously. One skilled in the art, under the guidance of this application, may add one or more other operations to, or remove one or more operations from, the flowchart.
In addition, the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
In order to enable a person skilled in the art to use the present disclosure, the following embodiments are given in connection with a specific application scenario "medical management". It will be apparent to those skilled in the art that the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the application. Although the present application is described primarily in the context of medical management, it should be understood that this is merely one exemplary embodiment. The present application may be applied to any other scenario. For example, the method and the device can be applied to the scenes of terminal internet access management in enterprises and the like.
It should be noted that in the embodiments of the present application, the term "comprising" is used to indicate the presence of the features stated hereinafter, but does not exclude the addition of further features.
Fig. 1 is a block chain system according to an embodiment of the present disclosure; the method for authenticating the authorization of the terminal device of the block chain provided by the present application can be implemented based on the block chain system shown in fig. 1. As shown in fig. 1, the blockchain system may include: as shown in fig. 1, the service node may be a server cluster (server a, server B, server C, server D) composed of a plurality of servers or cloud servers. At least one terminal node group may be a terminal node group 1, a terminal node group 2, etc. as in fig. 1; each end node group may include at least one management node and at least one managed node, and only one management node included in each end node group (e.g., X1 in end node group 1, X2 in end node group 2) and at least one managed node managed by the management node (e.g., managed nodes managed by management node X1 including: a1, B1, C1, and D1) are illustrated in fig. 1 as examples. In practical applications, the end node group 1 may include a plurality of management nodes and managed node corresponding structures, such as those composed of X1, a1, B1, C1, and D1. Likewise, the terminal node group may not be limited to the 6 shown in the figure, but may be more.
In the blockchain system, the service node is used as the main power of the blockchain system operation, and can manage the authorization authentication of all terminal node groups, wherein the authorization authentication of the management node and the authorization authentication of the managed node are included. And the management node which is successfully authorized can also be responsible for the authorization and authentication of the managed node which is managed by the management node. And the authorization pressure is relieved for the service node, and the overall authorization efficiency of the system is improved. The terminal node after passing the authorization authentication may access service data of the blockchain system, where the method may include: data uploading, equipment operation parameter change of the terminal node and the like.
The method and the device can be applied to a scene that the terminal node accesses the service data in the blockchain system after being authorized and authenticated. Take application to medical management scenarios as an example. The hospital S can use the block chain system architecture to realize the management of main authorities at all levels and equipment operated in each ward (including uploading operation parameters of the equipment to the block chain system, or changing the operation parameters of the equipment in real time and the like). In an implementation manner, the service node in the blockchain system may perform authorization authentication on the terminal node (management node) used by each level of master and the device (managed node) operated in the ward, and perform data operation management on the terminal device used by each level of master and the device operated in each ward after the authorization is successful. In another implementation manner, the service node may perform authorization authentication on the terminal nodes used by the master nodes at each level, and perform authorization authentication on the devices operating in the ward in the management authority through the terminal nodes used by the master nodes at each level after the authorization authentication is successful, so as to implement hierarchical authorization management on each terminal node, reduce authorization pressure of the service node, and improve authorization efficiency of the block chain system.
Fig. 2 is a first flowchart illustrating a method for authenticating authorization of a terminal device in a block chain according to an embodiment of the present application; the execution subject of the method may be an electronic device, and the electronic device may be the service node or the management node. As shown in fig. 2, the method of the present application may comprise:
s201, an authorization node receives an authorization authentication request sent by a target terminal node to be authenticated, wherein the authorization authentication request comprises a current feature code of the target terminal node, the target terminal node is a management node or a managed node, and the authorization node is a management node or a service node.
Optionally, taking a medical management scenario as an example, the service node may be a server cluster in a medical system, and the terminal node may be various medical devices or a terminal device used by a medical staff, for example: the vital sign detection instrument can be various vital sign detection instruments installed in a ward, and can also be terminal equipment used by a master-level doctor with management authority.
Optionally, each terminal node may be added to the blockchain system after passing the network access verification of the blockchain, and may further achieve the operation on the data in the blockchain system after passing the authorization authentication. For any target terminal node, before data operation is realized between the target terminal node and the blockchain system, an authorization authentication request can be sent to the blockchain system to request an authorization node in the blockchain system to authenticate the security of the blockchain system, and data operation is performed after the authorization is successful.
The authorization authentication request sent by the target terminal node may include the current feature code of the target terminal node. Since the parameters for generating the feature code of the target terminal node may be tampered, authorization and authentication need to be performed according to the current feature code of the target terminal node to ensure the accuracy of the authentication result.
Based on the above description of the blockchain system architecture applied in the present application, in this embodiment, the target terminal node may be a management node or a managed node, and the authorization node may be a service node or a management node, so as to implement hierarchical authorization authentication, which subtracts the pressure when authorization authentication is performed on all terminal nodes only by the service node.
S202, the authorization node performs authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the block chain system to obtain an authorization authentication result.
In some embodiments, the authorizing node may perform authorization authentication on the target end node according to the received current feature code of the target end node and the target feature codes of the terminal nodes (including all the management nodes and the managed nodes) stored in the blockchain system in advance. The target feature code of each terminal node may be used to indicate a standard feature code of each terminal node, that is, when the feature code of the terminal node is the target feature code, the terminal node may be considered to be legitimate.
S203, if the authorization authentication result is that the authorization authentication is passed, the authorization node allows the target terminal node to access the service data of the block chain system.
Optionally, when the target terminal node is authenticated by the authentication method and the authorized authentication result is that the authentication is passed, the target terminal node is considered to be a legal terminal node, and the target terminal node is allowed to access the service data of the blockchain system.
Taking the application to a medical management scenario as an example, the service data of the blockchain system may be medical related data, such as: operating parameters of medical equipment operating in the patient room, and the like. The specific service data type may vary according to the scenario in which the blockchain system is applied.
In summary, the method for authenticating the terminal device authorization of the block chain provided in this embodiment includes: an authorization node receives an authorization authentication request sent by a target terminal node to be authenticated, wherein the authorization authentication request comprises a current feature code of the target terminal node, the target terminal node is a management node or a managed node, and the authorization node is a management node or a service node; the authorization node carries out authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of all the terminal nodes stored in the block chain system to obtain an authorization authentication result; and if the authorization authentication result is that the authorization authentication is passed, the authorization node allows the target terminal node to access the service data of the blockchain system. In the scheme, when the terminal nodes are authorized and authenticated, the authorization nodes can be service nodes and management nodes authorized by the service nodes, so that the management nodes can bear the load of the authorization and authentication in the process of authorizing and authenticating each terminal node, the pressure of the authorization and authentication performed by the service nodes is effectively reduced, and the efficiency of the authorization and authentication is improved. In addition, the target feature code of the target terminal node is stored in the blockchain system, and the reliability of the target feature code of the target terminal node stored in the blockchain system is higher based on the characteristic that data on the blockchain is not changeable, so that the reliability of the authorization and authentication result is higher when authorization and authentication are performed according to the target feature code of the target terminal node stored in the blockchain system and the current feature code of the target terminal node.
Optionally, if the authorized node is a service node, the target terminal node is any terminal node in at least one terminal node group.
In one implementable manner, the service node may manage authorization authentication for all end nodes, including all management nodes and all managed nodes. When the authorized node is a service node, the target terminal node may be any terminal node in the aforementioned any terminal node group, that is, the terminal node may be a management node in the terminal node group or a managed node. The process of carrying out authorization and authentication on all terminal nodes through the service node is realized.
Optionally, if the authorized node is a management node, the target end node is any managed node managed in an end node group to which the management node belongs.
In another implementable manner, the managing node may manage authorization authentication for a portion of the managed nodes, where the portion of the managed nodes may manage one or more managed nodes within a scope of authority for the managing node. For example: the managed nodes in the management authority range of the management node X1 may include a1, B1, C1 and D1, then the management node X1 may perform authorization authentication on the managed nodes a1, B1, C1 and D1, and when other managed nodes exist, for example, E1 and F1, then the management node X1 cannot manage authorization authentication of the end nodes E1 and F1.
Generally, different terminal node groups can correspond to different hospitals, and each management node can only manage the managed nodes in the hospital where the management node is located, and cannot realize cross-hospital management. That is, the management node and the managed nodes managed by it belong to the same end node group, for example, the management node X1 and the managed nodes managed by it, a1, B1, C1, and D1 all belong to the end node group 1.
Fig. 3 is a second flowchart illustrating a method for authenticating authorization of a terminal device in a block chain according to an embodiment of the present application; as shown in fig. 3, in the step S202, the authorizing node performs authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the blockchain system to obtain an authorization authentication result, which may include:
s301, determining a target feature code of the target terminal node from each terminal node of the block chain system according to the identification of the target terminal node.
In some alternative ways, each target terminal node may have an identity that is uniquely different from other terminal nodes, and like the identity information of the terminal node, the number, serial number or assigned identity code of the terminal node may be used as the identity of the target terminal node.
The target feature codes of the terminal nodes stored in the blockchain system can be stored in the form of key value (terminal node identification: target feature code) pairs or lists, so as to search the target feature codes of any terminal nodes from the blockchain system.
S302, comparing the current feature code of the target terminal node with the target feature code of the target terminal node.
Optionally, the current feature code of the target terminal node included in the received authorization authentication request of the target terminal node may be compared with the target feature code of the target terminal node found and determined from the block chain system, so as to verify the authorization authentication of the target terminal node.
S303, if the comparison result is consistent, determining that the authorization authentication result is that the authorization authentication is passed.
Optionally, in this embodiment, the feature code of the terminal node may be a string composed of a character string or a pure number string, and the string is capable of uniquely representing the identity of the terminal node.
In some embodiments, the target end node may be maliciously tampered with or used illegally during use to achieve illegal access to the blockchain system. Therefore, the current feature code of the target terminal node and the target feature code can be compared, and when the comparison result is consistent, the target terminal node is considered to be a legal terminal node without being changed, so that the authorization authentication of the target terminal node is determined to pass, and the target terminal node is allowed to access the service data in the block chain system.
Optionally, in step S203, after the authorization node allows the target terminal node to access the service data of the blockchain system, the method of the present application may further include: the authorization node performs data operation processing on the target terminal node, wherein the data operation processing comprises the following steps: data transmission and operation parameter change.
In some embodiments, after the target terminal node is successfully authorized and authenticated, the authorization node may perform data operation management on the target terminal node. For example: and uploading the equipment operation parameters of the target terminal node to the block chain system so as to realize the unified management and query of the equipment operation parameters. Meanwhile, the device operating parameters of the target terminal node may also be changed, for example: the target terminal node is an infusion pump in the ward, so that when the operation parameter of the infusion pump is found to be fast through the operation parameter of the target terminal node uploaded to the block chain system, the operation parameter of the infusion pump can be controlled and adjusted to slow down the infusion speed, and pain of a patient is avoided.
Optionally, similar to the process of authorization and authentication, for the data operation management of the terminal node, the service node may perform data operation management on each management node, and may also perform data operation management on each managed node. And the management node authorized and authenticated by the service node can perform data operation management on the managed node in the management authority range, so as to realize hierarchical management.
Optionally, the feature code involved in the above steps may be generated according to a feature parameter of the target terminal node, and the feature parameter may include at least one of the following information: device parameter information of the target terminal node, and characteristic information of a user associated with the target terminal node.
The current feature code of the target terminal node can be generated in real time according to the current feature parameters of the target terminal node, and the target feature code of the target terminal node stored in the block chain system can be generated according to the factory feature parameters of the target terminal node. The characteristic parameters may include device parameter information of the target end node and/or characteristic information of a user associated with the target end node.
For a target terminal node as a management node, for example: and the terminal equipment of the master doctor is correspondingly associated with a specific using doctor. Then, the current feature code of the target terminal node may be generated according to the device parameter information of the target terminal node and the feature information of the user associated with the target terminal node.
For the target terminal device as the managed node, for example: medical devices installed in a patient room are not associated with a specific user because different patients may use the same device in turn. Then, the current feature code of the target terminal node may be generated according to the device parameter information of the target terminal node.
Optionally, the device parameter information of the target terminal node may include at least one of: hardware parameter information of the device, software environment parameter information of the device, and usage information of the device.
The hardware parameter information of the device may include: the chip model used by the device, physical parameters (such as CPU (Central Processing Unit) model parameters), Media Access Control (MAC) address of the network card, model version number of Printed Circuit Board (PCB) Board, interface characteristics, and the like. The software environment parameter information of the device may include: an operating system of the device, a kind/version number/update time of a drive function of the device, and the like. The usage information of the device may include: the login place and time of the device, the user name and password of the login user, the access service type and the like. In addition, a serial number of the device may also be included, such as: an International Mobile Equipment Identity (IMEI) of the device (tablet and the like without SIM (Subscriber Identity Module) card Equipment), an IMSI (International Mobile Subscriber Identity) (Mobile phone) (with SIM card), a WIFI (Wireless local area network) router and other gateway IDs (Identity) of the device.
The characteristic information of the user associated with the target terminal node comprises at least one of the following information: biometric information of the user, behavioral characteristic information of the user.
The biometric information of the user may include: facial features of the user, fingerprints, irises, etc. The behavior feature information of the user may include: the usage habit, login time, login place and the like of the user on the terminal equipment. For example: when a user inputs a login password, the user is habitually and continuously input, or one character is input at intervals of several seconds, and the user logs in at almost the same time and place every day.
When the feature code of the terminal node is generated by using the feature parameters adopted in this embodiment, when any parameter changes, the generated current feature code of the terminal node is inconsistent with the target feature code of the terminal node stored in the blockchain system, so that when authorization authentication is performed, the authentication is unsuccessful, so that the tampered or illegally used terminal node is accurately identified, and the access to the service data in the blockchain system is not allowed. Therefore, the data security and reliability of the block chain system are improved to a certain extent.
Optionally, the method of the present application may further include: and the authorization node cancels the authorization of the target terminal node and forbids the target terminal node to access the service data of the block chain system.
In some embodiments, after the authorization authentication of the target end node is passed, the authorization node may also release the authorization of the target end node under some trigger conditions.
In the running process of the target terminal node, when the authorization node detects that the data of the target terminal node is abnormal, the current feature code of the target terminal node can be obtained again to carry out network access verification again, when the network access verification is unsuccessful, the target terminal node is considered to be maliciously tampered or illegally used, at the moment, the authorization of the target terminal node can be removed from the block chain system to prevent the target terminal node from continuously accessing the service data of the block chain system, and therefore the safety and the reliability of the block chain system are guaranteed.
Optionally, when the authorization authentication of the target terminal node is successful, the authorization authentication of the target terminal node may be identified to be successful by setting a flag bit. For example: and setting the flag bit to be 1, which represents that the current state of the target terminal equipment is successful in authorization and authentication. When the authorization is removed, the corresponding flag may be changed to 0, which represents that the current state of the target terminal device is the authorization removal. Of course, this is only one possible representation, and in practical applications, there are no specific limitations, and other different representations are possible.
In summary, the method for authenticating the authorization of the terminal device in the block chain according to the embodiment includes: an authorization node receives an authorization authentication request sent by a target terminal node to be authenticated, wherein the authorization authentication request comprises a current feature code of the target terminal node, the target terminal node is a management node or a managed node, and the authorization node is a management node or a service node; the authorization node performs authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the block chain system to obtain an authorization authentication result; and if the authorization authentication result is that the authorization authentication is passed, the authorization node allows the target terminal node to access the service data of the block chain system. In the scheme, when the terminal nodes are authorized and authenticated, the authorization nodes can be service nodes and management nodes authorized by the service nodes, so that the management nodes can bear the load of the authorization and authentication in the process of authorizing and authenticating each terminal node, the pressure of the authorization and authentication performed by the service nodes is effectively reduced, and the efficiency of the authorization and authentication is improved. In addition, the target feature code of the target terminal node is stored in the blockchain system, and the reliability of the target feature code of the target terminal node stored in the blockchain system is higher based on the characteristic that data on the blockchain is not changeable, so that the reliability of the authorization and authentication result is higher when authorization and authentication are performed according to the target feature code of the target terminal node stored in the blockchain system and the current feature code of the target terminal node.
Secondly, when the feature code of the terminal node is generated by using the feature parameters adopted in the embodiment, when any parameter changes, the generated current feature code of the terminal node is inconsistent with the target feature code of the terminal node stored in the blockchain system, so that when authorization authentication is performed, the authentication is unsuccessful, the tampered or illegally used terminal node is accurately identified, and the access to the service data in the blockchain system is not allowed. Therefore, the data security and reliability of the block chain system are improved to a certain extent.
In addition, the authorization node can also cancel the authorization of the target terminal node so as to avoid illegally accessing the service data in the blockchain system under the condition that the target terminal node is tampered, thereby improving the reliability and the safety of the blockchain system.
The following describes an apparatus, a device, a storage medium, and the like for executing the method for authenticating a terminal device authorization of a block chain provided in the present application, and specific implementation processes and technical effects thereof are referred to above, and are not described again below.
Fig. 4 is a first schematic diagram of a terminal device authorization and authentication apparatus of a block chain according to an embodiment of the present application, where functions implemented by the terminal device authorization and authentication apparatus of the block chain correspond to steps executed by the foregoing method. The apparatus may be understood as an authorizing node as described above. The terminal equipment authorization and authentication device of the block chain is applied to a block chain system, the block chain system comprises a service node and at least one terminal node group, each terminal node group comprises at least one management node and at least one managed node, and each management node is used for managing at least one managed node; as shown in fig. 4, the apparatus includes: a receiving module 410, an authorization module 420, a data access module 430;
a receiving module 410, configured to receive, by an authorization node, an authorization and authentication request sent by a target terminal node to be authenticated, where the authorization and authentication request includes a current feature code of the target terminal node, the target terminal node is a management node or a managed node, and the authorization node is a management node or a service node;
the authorization module 420 is configured to authorize and authenticate the target terminal node by the authorization node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the blockchain system, so as to obtain an authorization and authentication result;
and a data access module 430, configured to allow the target terminal node to access the service data of the blockchain system if the authorization and authentication result is that the authorization and authentication pass.
Optionally, if the authorized node is a service node, the target terminal node is any terminal node in at least one terminal node group.
Optionally, if the authorized node is a management node, the target end node is any managed node managed in an end node group to which the management node belongs.
Optionally, the authorization module 420 is specifically configured to determine, according to the identifier of the target terminal node, a target feature code of the target terminal node from each terminal node of the blockchain system; comparing the current feature code of the target terminal node with the target feature code of the target terminal node; and if the comparison result is consistent, determining that the authorization authentication result is that the authorization authentication is passed.
Optionally, as shown in fig. 5, the apparatus further includes: a processing module 440;
the processing module 440 is configured to authorize the node to perform data operation processing on the target terminal node, where the data operation processing includes: data transmission, operation parameter modification.
Optionally, the feature code is generated according to a feature parameter of the target terminal node, where the feature parameter includes at least one of the following information: the device parameter information of the target terminal node and the characteristic information of the user associated with the target terminal node.
Optionally, the device parameter information of the target terminal node includes at least one of: hardware parameter information of the equipment, software environment parameter information of the equipment and use information of the equipment;
the characteristic information of the user associated with the target terminal node comprises at least one of the following information: biometric information of the user, behavioral characteristic information of the user.
Optionally, as shown in fig. 6, the apparatus further includes: an authorization cancellation module 450;
the authorization canceling module 450 is configured to cancel the authorization of the target terminal node by the authorization node, and prohibit the target terminal node from accessing the service data of the blockchain system.
The above-mentioned apparatus is used for executing the method provided by the foregoing embodiment, and the implementation principle and technical effect are similar, which are not described herein again.
These above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
The modules may be connected or in communication with each other via a wired or wireless connection. The wired connection may include a metal cable, an optical cable, a hybrid cable, etc., or any combination thereof. The wireless connection may comprise a connection over a LAN, WAN, bluetooth, ZigBee, NFC, or the like, or any combination thereof. Two or more modules may be combined into a single module, and any one module may be divided into two or more units. It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working process of the system and the apparatus described above may refer to the corresponding process in the method embodiment, and is not described in detail in this application.
It should be noted that the above modules may be one or more integrated circuits configured to implement the above methods, for example: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, the modules may be integrated together and implemented in the form of a System-on-a-chip (SOC).
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application, where the electronic device may be a computing device with a data processing function.
The apparatus comprises: a processor 801 and a memory 802.
The memory 802 is used for storing programs, and the processor 801 calls the programs stored in the memory 802 to execute the above-mentioned method embodiments. The specific implementation and technical effects are similar, and are not described herein again.
The memory 802 stores therein program code that, when executed by the processor 801, causes the processor 801 to perform various steps in a terminal device authorization authentication method of a blockchain according to various exemplary embodiments of the present application described in the above section "exemplary methods" of the present specification.
The Processor 801 may be a general-purpose Processor, such as a Central Processing Unit (CPU), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware components, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present Application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor.
Memory 802, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory may include at least one type of storage medium, and may include, for example, a flash Memory, a hard disk, a multimedia card, a card-type Memory, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a charged Erasable Programmable Read Only Memory (EEPROM), a magnetic Memory, a magnetic disk, an optical disk, and so on. The memory is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 802 in the embodiments of the present application may also be circuitry or any other device capable of performing a storage function for storing program instructions and/or data.
Optionally, the present application also provides a program product, such as a computer readable storage medium, comprising a program which, when being executed by a processor, is adapted to carry out the above-mentioned method embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or in the form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer-readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (in english: processor) to execute some steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a portable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other media capable of storing program codes.

Claims (11)

1. A terminal device authorization authentication method of a block chain is characterized in that the method is applied to a block chain system, the block chain system comprises a service node and at least one terminal node group, each terminal node group comprises at least one management node and at least one managed node, and each management node is used for managing at least one managed node; the method comprises the following steps:
an authorization node receives an authorization authentication request sent by a target terminal node to be authenticated, wherein the authorization authentication request comprises a current feature code of the target terminal node, the target terminal node is the management node or the managed node, and the authorization node is the management node or the service node;
the authorization node performs authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the block chain system to obtain an authorization authentication result;
and if the authorization authentication result is that the authorization authentication is passed, the authorization node allows the target terminal node to access the service data of the block chain system.
2. The method of claim 1, wherein the target end node is any end node in the at least one end node group if the authorized node is the serving node.
3. The method according to claim 1, wherein if the authorized node is the management node, the target end node is any managed node managed in an end node group to which the management node belongs.
4. The method according to any one of claims 1 to 3, wherein the authorizing node performs authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the blockchain system to obtain an authorization authentication result, and the method comprises:
determining a target feature code of the target terminal node from each terminal node of the block chain system according to the identifier of the target terminal node;
comparing the current feature code of the target terminal node with the target feature code of the target terminal node;
and if the comparison result is consistent, determining that the authorization authentication result is that the authorization authentication is passed.
5. A method according to any of claims 1-3, wherein after the granting node allows the target end node to access traffic data of the blockchain system, the method further comprises:
the authorization node performs data operation processing on the target terminal node, wherein the data operation processing comprises the following steps: data transmission, operation parameter modification.
6. The method of claim 1, wherein the feature code is generated according to a feature parameter of the target terminal node, and the feature parameter includes at least one of the following information: the device parameter information of the target terminal node, and the characteristic information of the user associated with the target terminal node.
7. The method of claim 6, wherein the device parameter information of the target terminal node comprises at least one of: hardware parameter information of the equipment, software environment parameter information of the equipment and use information of the equipment;
the characteristic information of the user associated with the target terminal node comprises at least one of the following information: biometric information of the user, behavioral characteristic information of the user.
8. The method according to any one of claims 1-3, further comprising:
and the authorization node cancels the authorization of the target terminal node and forbids the target terminal node to access the service data of the block chain system.
9. The device is characterized in that the device is applied to a blockchain system, the blockchain system comprises a service node and at least one terminal node group, each terminal node group comprises at least one management node and at least one managed node, and each management node is used for managing at least one managed node; the device comprises: the device comprises a receiving module, an authorization module and a data access module;
the receiving module is configured to receive, by an authorization node, an authorization authentication request sent by a target terminal node to be authenticated, where the authorization authentication request includes a current feature code of the target terminal node, the target terminal node is the management node or the managed node, and the authorization node is the management node or the service node;
the authorization module is used for the authorization node to perform authorization authentication on the target terminal node according to the current feature code of the target terminal node and the target feature codes of the terminal nodes stored in the block chain system to obtain an authorization authentication result;
and the data access module is used for allowing the target terminal node to access the service data of the block chain system by the authorization node if the authorization authentication result is that the authorization authentication is passed.
10. An electronic device, comprising: a processor, a storage medium and a bus, the storage medium storing program instructions executable by the processor, the processor and the storage medium communicating via the bus when the electronic device is running, the processor executing the program instructions to perform the steps of the terminal device authorization authentication method of the block chain according to any one of claims 1 to 8.
11. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of a method for terminal device authorization authentication of a blockchain according to one of claims 1 to 8.
CN202011351641.3A 2020-11-26 2020-11-26 Block chain terminal equipment authorization authentication method, device, equipment and storage medium Active CN112468497B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011351641.3A CN112468497B (en) 2020-11-26 2020-11-26 Block chain terminal equipment authorization authentication method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011351641.3A CN112468497B (en) 2020-11-26 2020-11-26 Block chain terminal equipment authorization authentication method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112468497A CN112468497A (en) 2021-03-09
CN112468497B true CN112468497B (en) 2022-09-23

Family

ID=74808924

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011351641.3A Active CN112468497B (en) 2020-11-26 2020-11-26 Block chain terminal equipment authorization authentication method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112468497B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114679264B (en) * 2022-03-16 2023-12-08 亚信科技(成都)有限公司 Password generation method, device and storage medium
CN114928552B (en) * 2022-05-23 2023-07-18 中国联合网络通信集团有限公司 Communication equipment management method and device, electronic equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107257340B (en) * 2017-06-19 2019-10-01 阿里巴巴集团控股有限公司 A kind of authentication method, authentication data processing method and equipment based on block chain
CN108418795B (en) * 2018-01-30 2019-05-28 百度在线网络技术(北京)有限公司 Data access method, device, system and the computer-readable medium of transregional piece of chain
CN111213147B (en) * 2019-07-02 2023-10-13 创新先进技术有限公司 Systems and methods for blockchain-based cross-entity authentication
CN111010372A (en) * 2019-11-20 2020-04-14 国家信息中心 Block chain network identity authentication system, data processing method and gateway equipment

Also Published As

Publication number Publication date
CN112468497A (en) 2021-03-09

Similar Documents

Publication Publication Date Title
CN110915183B (en) Block chain authentication via hard/soft token validation
US10700861B2 (en) System and method for generating a recovery key and managing credentials using a smart blockchain contract
US20190141048A1 (en) Blockchain identification system
CN110177124B (en) Identity authentication method based on block chain and related equipment
US20200145421A1 (en) Method for authentication and authorization and authentication server using the same
JP2013505497A (en) Method and apparatus for verification of identification information
US20200092283A1 (en) Authenticating Devices Via Tokens and Verification Computing Devices
US20170118211A1 (en) Native enrollment of mobile devices
CN112468497B (en) Block chain terminal equipment authorization authentication method, device, equipment and storage medium
CN104363207A (en) Multi-factor security enhancement authorization and authentication method
CN101588352A (en) Method and system for ensuring security of operating environment
WO2019056971A1 (en) Authentication method and device
EP3704622B1 (en) Remote locking a multi-user device to a set of users
CN112712372A (en) Alliance chain cross-chain system and information calling method
WO2018010480A1 (en) Network locking method for esim card, terminal, and network locking authentication server
CN106341379B (en) Information processing method, device and system
CN109699030A (en) Unmanned plane authentication method, device, equipment and computer readable storage medium
KR102332004B1 (en) Method, system and non-transitory computer-readable recording medium for managing an account on blockchain network
CN112491893B (en) Block chain terminal equipment network access method, device, server and storage medium
Wang Internet of things device identification algorithm considering user privacy
CN114299636B (en) Method and apparatus for processing device offline passwords
CN115438353A (en) User data management method and related equipment
CN108449753B (en) Method for reading data in trusted computing environment by mobile phone device
CN111984951A (en) Page configurable management method and device, computer equipment and storage medium
CN109948360B (en) Multi-control-domain security kernel construction method and system for complex scene

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant