CN113055190B - Access control method for client - Google Patents
Access control method for client Download PDFInfo
- Publication number
- CN113055190B CN113055190B CN202110611515.5A CN202110611515A CN113055190B CN 113055190 B CN113055190 B CN 113055190B CN 202110611515 A CN202110611515 A CN 202110611515A CN 113055190 B CN113055190 B CN 113055190B
- Authority
- CN
- China
- Prior art keywords
- network
- blockchain
- client
- transaction
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 105
- 238000003860 storage Methods 0.000 claims abstract description 31
- 230000008569 process Effects 0.000 claims description 30
- 238000012545 processing Methods 0.000 claims description 24
- 238000013475 authorization Methods 0.000 claims description 11
- 238000012795 verification Methods 0.000 abstract description 5
- 230000006855 networking Effects 0.000 description 28
- 230000007246 mechanism Effects 0.000 description 20
- 238000012544 monitoring process Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 11
- 238000004590 computer program Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 5
- 230000008520 organization Effects 0.000 description 5
- 230000014759 maintenance of location Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 239000003999 initiator Substances 0.000 description 3
- 230000002829 reductive effect Effects 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000005304 joining Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000036961 partial effect Effects 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000008034 disappearance Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
One or more embodiments of the present specification provide an access control method for a client. For one blockchain network in the multi-level blockchain system, permission configuration information is recorded in an intelligent contract deployed on the blockchain network, and the permission configuration information specifies an association relationship between a client certificate provided for a client to use and at least one blockchain network. After each node of the block chain network is started, the permission configuration information can be acquired to the outside of the chain for local storage based on an intelligent contract on the chain. Each node of the blockchain network can subsequently perform permission verification on the transaction submitted by the client according to permission configuration information locally stored outside the chain, so as to realize permission control on the client to access the system.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of terminal technologies, and in particular, to an access control method for a client.
Background
The blockchain technique is built on top of a transport network, such as a point-to-point network. Nodes in the blockchain network utilize a chained data structure to validate and store data and employ a distributed node consensus algorithm to generate and update data. In some blockchain networks, there is sometimes a need for some nodes to implement small-scale transactions to avoid other nodes from obtaining these transactions and their associated data.
In the related art, assuming that the existing blockchain network is a blockchain master network, subnet nodes other than the master network node may be deployed on node devices participating in part of members of the blockchain master network to form a multi-level blockchain system, so that the above-mentioned small-scale transaction can be implemented on the blockchain subnet.
If a client in a multi-level blockchain system is allowed to access a blockchain network in the system, how to control the behavior of the client accessing the blockchain network is an urgent technical problem to be solved.
Disclosure of Invention
In view of the above, one or more embodiments of the present specification provide an access control method for a client.
To achieve the above object, one or more embodiments of the present disclosure provide the following technical solutions:
according to a first aspect of one or more embodiments of the present specification, an access control method for a client is provided, which is applied to a node of a blockchain network in a multi-level blockchain system, where the blockchain network deploys an intelligent contract, and right configuration information is recorded in the intelligent contract; the permission configuration information specifies: an association between a client certificate provided for use by a client and at least one blockchain network accessible to the client;
each node of the block chain network acquires the authority configuration information based on the authority control contract on the chain and performs local storage outside the chain; the method comprises the following steps:
acquiring a transaction submitted by a client, and determining a client certificate used by the client for submitting the transaction;
judging whether a determined client certificate and a block chain network of the transaction to be processed, which is specified by the transaction, have an association relation or not based on the permission configuration information locally stored outside the chain;
and if so, sending the transaction to the block chain network appointed by the transaction.
According to a second aspect of one or more embodiments of the present specification, a multi-level blockchain system is provided, in which a blockchain network deploys an intelligent contract, and the intelligent contract records authority configuration information; the permission configuration information specifies: an association between a client certificate provided for use by a client and at least one blockchain network accessible to the client;
each node of the block chain network acquires the authority configuration information based on the authority control contract on the chain and performs local storage outside the chain; acquiring a transaction submitted by a client, and determining a client certificate used by the client for submitting the transaction; judging whether a determined client certificate and a block chain network of the transaction to be processed, which is specified by the transaction, have an association relation or not based on the permission configuration information locally stored outside the chain; and if so, sending the transaction to the block chain network appointed by the transaction.
In the above technical solution, for a blockchain network in a multi-level blockchain system, an intelligent contract deployed on the blockchain network is used to determine permission configuration information, and the permission configuration information specifies an association relationship between a client certificate provided for a client to use and at least one blockchain network. After each node of the block chain network is started, the permission configuration information can be acquired to the outside of the chain for local storage based on an intelligent contract on the chain. Each node of the blockchain network can subsequently perform permission verification on the transaction submitted by the client according to permission configuration information locally stored outside the chain, so as to realize permission control on the client to access the system.
Through the technical scheme, the permission configuration of the control client side accessing the system outside the chain is carried out on each node of the block chain network by using the intelligent contract on the chain, and the mode is efficient and convenient.
Drawings
FIG. 1 is a schematic diagram of creating an intelligent contract, provided by an exemplary embodiment.
FIG. 2 is a schematic diagram of a calling smart contract provided by an exemplary embodiment.
FIG. 3 is a schematic diagram of creating and invoking an intelligent contract according to an exemplary embodiment.
Fig. 4 is a flowchart of a method for building a blockchain subnet according to an exemplary embodiment.
Fig. 5 is a schematic diagram of building a blockchain subnet based on a blockchain master network according to an exemplary embodiment.
Fig. 6 is a flowchart of another method for building a blockchain subnet provided by an example embodiment.
Fig. 7 is a flowchart of an access control method for a client provided in this specification.
Fig. 8 is a flowchart illustrating another control method for a client accessing a blockchain network provided in the present specification.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
Blockchains are generally divided into three types: public chain (Public Blockchain), Private chain (Private Blockchain) and alliance chain (Consortium Blockchain). In addition, there are various types of combinations, such as private chain + federation chain, federation chain + public chain, and other different combinations. The most decentralized of these is the public chain. The public chain is represented by bitcoin and ether house, and the participators joining the public chain can read the data record on the chain, participate in transaction, compete for accounting right of new blocks, and the like. Furthermore, each participant (i.e., node) is free to join and leave the network and perform related operations. Private chains are the opposite, with the network's write rights controlled by an organization or organization and the data read rights specified by the organization. Briefly, a private chain can be a weakly centralized system with strictly limited and few participating nodes. This type of blockchain is more suitable for use within a particular establishment. A federation chain is a block chain between a public chain and a private chain, and "partial decentralization" can be achieved. Each node in a federation chain typically has a physical organization or organization corresponding to it; participants jointly maintain blockchain operation by authorizing to join the network and forming a benefit-related alliance.
Whether public, private, or alliance, may provide the functionality of an intelligent contract. An intelligent contract on a blockchain is a contract that can be executed on a blockchain system triggered by a transaction. An intelligent contract may be defined in the form of code.
Taking the ethernet as an example, the support user creates and invokes some complex logic in the ethernet network, which is the biggest challenge of ethernet to distinguish from bitcoin blockchain technology. The core of the ethernet plant as a programmable blockchain is the ethernet plant virtual machine (EVM), each ethernet plant node can run the EVM. The EVM is a well-behaved virtual machine, which means that a variety of complex logic can be implemented through it. The user issuing and invoking smart contracts in the etherhouse is running on the EVM. In fact, what the virtual machine directly runs is virtual machine code (virtual machine bytecode, hereinafter referred to as "bytecode"). The intelligent contracts deployed on the blockchain may be in the form of bytecodes.
For example, as shown in fig. 1, after Bob sends a transaction containing information to create an intelligent contract to the ethernet network, the EVM of node 1 may execute the transaction and generate a corresponding contract instance. The "0 x6f8ae93 …" in fig. 1 represents the address of the contract, the data field of the transaction holds the byte code, and the to field of the transaction is empty. After agreement is reached between the nodes through the consensus mechanism, this contract is successfully created and can be invoked in subsequent procedures. After the contract is created, a contract account corresponding to the intelligent contract appears on the blockchain and has a specific address, and the contract code is stored in the contract account. The behavior of the intelligent contract is controlled by the contract code. In other words, an intelligent contract causes a virtual account to be generated on a blockchain that contains a contract code and an account store (Storage).
As shown in fig. 2, still taking an ethernet house as an example, after Bob sends a transaction for invoking an intelligent contract to the ethernet house network, the EVM of a certain node may execute the transaction and generate a corresponding contract instance. The from field of the transaction in FIG. 2 is the address of the account of the initiator of the transaction (i.e., Bob), the "0 x6f8ae93 …" in the to field represents the address of the smart contract being invoked, and the value field is the value in EtherFang that is kept in the data field of the transaction as the method and parameters for invoking the smart contract. After invoking the smart contract, the value of balance may change. Subsequently, a client can view the current value of balance through a blockchain node (e.g., node 6 in fig. 2). The intelligent contract is independently executed at each node in the blockchain network in a specified mode, and all execution records and data are stored on the blockchain, so that after the transaction is completed, transaction certificates which cannot be tampered and cannot be lost are stored on the blockchain.
A schematic diagram of creating an intelligent contract and invoking the intelligent contract is shown in fig. 3. To create an intelligent contract in an ethernet workshop, the intelligent contract needs to be compiled, compiled into byte codes, deployed to a block chain and the like. The intelligent contract is called in the Ethernet workshop, a transaction pointing to the intelligent contract address is initiated, and the intelligent contract codes are distributed and run in the virtual machine of each node in the Ethernet workshop network.
It should be noted that, in addition to the creation of the smart contracts by the users, the smart contracts may also be set by the system in the creation block. Such contracts are generally referred to as foundational contracts. In general, the data structure, parameters, attributes and methods of some blockchain networks may be set in the startup contract. Further, an account with system administrator privileges may create a contract at the system level, or modify a contract at the system level (simply referred to as a system contract). In addition to EVM in the ethernet, different blockchain networks may employ various virtual machines, which is not limited herein.
After executing a transaction that invokes a smart contract, a node in the blockchain network generates a corresponding receipt (receipt) for recording information related to executing the smart contract. In this way, information about the contract execution results may be obtained by querying the receipt of the transaction. The contract execution result may be represented as an event (event) in the receipt. The message mechanism can realize message passing through an event in a receipt so as to trigger the blockchain node or a node device deploying the blockchain node to execute corresponding processing. The structure of the event may be, for example:
Event:
[topic][data]
[topic][data]
......
in the above example, the number of events may be one or more; wherein, each event respectively comprises fields of a subject (topic) and data (data). The blockchain node or the node device deploying the blockchain node may perform the preset processing by monitoring the topic of the event, in case that the predefined topic is monitored, or read the related content from the data field of the corresponding event, and may perform the preset processing based on the read content.
In the event mechanism, it is equivalent to that there is a client with a monitoring function at a monitoring party (e.g. a user with a monitoring requirement), for example, an SDK or the like for implementing the monitoring function is run on the client, and the client monitors events generated by the blockchain node, and the blockchain node only needs to generate a receipt normally. The passage of transaction information may be accomplished in other ways than through the event mechanism described above. For example, the monitoring code can be embedded in a blockchain platform code running at blockchain nodes, so that the monitoring code can monitor one or more data of transaction content of blockchain transactions, contract states of intelligent contracts, receipts generated by contracts and the like, and send the monitored data to a predefined monitoring party. Since the snoop code is deployed in the blockchain platform code, rather than at the snooper's client, this implementation based on snoop code is relatively more proactive than the event mechanism. The above monitoring code may be added by a developer of the blockchain platform in the development process, or may be embedded by the monitoring party based on the own requirement, which is not limited in this specification.
The blockchain technology is different from the traditional technology in one of decentralization characteristics, namely accounting is performed on each node, or distributed accounting is performed, and the traditional centralized accounting is not performed. To be a difficult-to-defeat, open, non-falsifiable data record decentralized honest and trusted system, the blockchain system needs to be secure, unambiguous, and irreversible in the shortest possible time for distributed data records. In different types of blockchain networks, in order to keep the ledger consistent among the nodes recording the ledger, a consensus algorithm is generally adopted to ensure that the consensus mechanism is the aforementioned mechanism. For example, a common mechanism of block granularity can be implemented between block nodes, such as after a node (e.g., a unique node) generates a block, if the generated block is recognized by other nodes, other nodes record the same block. For another example, a common mechanism of transaction granularity may be implemented between the blockchain nodes, such as after a node (e.g., a unique node) acquires a blockchain transaction, if the blockchain transaction is approved by other nodes, each node that approves the blockchain transaction may add the blockchain transaction to the latest block maintained by itself, and finally, each node may be ensured to generate the same latest block. The consensus mechanism is a mechanism for the blockchain node to achieve a global consensus on the block information (or called blockdata), which can ensure that the latest block is accurately added to the blockchain. The current mainstream consensus mechanisms include: proof of Work (POW), Proof of stock (POS), Proof of commission rights (DPOS), Practical Byzantine Fault Tolerance (PBFT) algorithm, HoneyBadgerBFT algorithm, etc.
A hardware-level blockchain network is generally composed of a plurality of member node devices. The node equipment of each member is provided with nodes, and the nodes arranged on the node equipment of each member form a software-level block chain network.
It is to be understood that different members are different individuals or entities and actually correspond to different interested parties. There may be multiple node devices (i.e., device clusters) for a member, and the member may flexibly (e.g., considering the performance of a single device) deploy in the device cluster several nodes belonging to different blockchain networks through which transactions in the different blockchain networks are engaged.
A node is a concept of a software layer, and one node can be understood as one instance (one process or one thread) of code for realizing the functions of the node, so that a plurality of instances for realizing the functions of the node can be deployed on a node device corresponding to the same member. In the case of a federated link network, the controller of a node is a federation member (enterprise) and the controller of a client is a user to which the enterprise interfaces, so that the multiple nodes can communicate with the client through different ports (or the same default port) of the node device to receive transactions submitted by the client.
In the case of a public link network, the node is included in the client, and the controller of the node is the controller of the client, i.e., the user.
Herein, for convenience of description, the "node receives a transaction submitted by a client" may refer to both the case of a federation chain network and the case of a public chain network.
Due to the decentralized characteristic of the blockchain network, all blockchain nodes in the blockchain network can maintain the same blockchain data, and the special requirements of part of nodes cannot be met. Taking an existing alliance chain network as an example, nodes of the alliance chain network are deployed on node devices of all alliance members (i.e., node members in an alliance), a blockchain network can be formed, that is, all alliance members respectively have corresponding blockchain nodes in the blockchain network, and all transactions and related data occurring on the blockchain network can be obtained through the corresponding blockchain nodes. In some cases, however, there may be some federations who wish to perform some transactions with privacy requirements within a small range, and who wish to be able to both verify such transactions on the blockchain or to take advantage of other advantages of blockchain technology, and to avoid other federations viewing such transactions and associated data.
To this end, the embodiments of the present specification provide a blockchain system participated by a plurality of members, the system includes, on a hardware level, a node device of each member, at least one node is deployed on the node device of each member, and different nodes deployed on the node device of the same member belong to different blockchain networks. Meanwhile, the system has a tree structure in a software layer, wherein the tree structure takes the block chain main network as a root node and each block chain sub network as other nodes.
It should be noted that the nodes and nodes described herein are different concepts. A node is a concept in the sense of a blockchain, and refers to a node in a blockchain network; and a node is a concept in a tree structure, and refers herein to a blockchain network in the tree structure.
The blockchain master network can be regarded as the blockchain network at the uppermost level in the system, and generally consists of master network nodes deployed on node devices of all members of the system. It should be noted that in some embodiments, a member may be assigned a score of an initial member (a member participating in initializing the system) and a subsequent member (a member joining after system initialization). All initial members construct a blockchain system, a blockchain main network in the system is composed of main network nodes deployed on node devices of all initial members, and then more subsequent members can join the blockchain system, and main network nodes can be deployed on the node devices of the subsequent members so as to join the main network, or only one or more sub-network nodes can be deployed without deploying the main network nodes.
The blockchain subnet in the system may have multiple levels. The block chain sub-network at the top level is a sub-node of the block chain main network in the tree structure. The blockchain sub-network can also have sub-nodes of the next-level blockchain sub-network. It should be noted that, in general, a master network node of a block chain master network is also deployed on a node device corresponding to a node of a block chain sub-network. In the embodiment where there is a difference between the initial member and the subsequent member in the system, the node device corresponding to the node of one blockchain subnet may be the node device of the subsequent member, and the node device of the subsequent member may not deploy the main network node.
By means of the blockchain system, individual members can self-establish a blockchain sub-network to conduct small-range transactions, and the blockchain networks (whether main networks or sub-networks) in the system are mutually isolated in data.
In some embodiments, the blockchain network may be created by manually deploying on its own node device by each member, and if 3 nodes of different blockchain networks (one main network and two subnets) need to be deployed on the node device of one member, the member needs to perform a process of manually deploying the blockchain network on the node device three times. However, for the member, each time a node of a new blockchain network needs to be additionally deployed on its own node device, the member needs to perform the manual deployment procedure again, which is troublesome. Moreover, the small-scale transaction requirements among some members are often temporary or have certain timeliness, so that the manually deployed new blockchain subnet can lose significance quickly due to the disappearance of the requirements, and the cancellation of the blockchain subnet requires the members to manually operate the node equipment, which further increases the trouble.
To this end, in some embodiments, another method of creating a blockchain network in a system is presented. And taking the block chain main network initially established in the system as a base, and establishing a block chain sub-network on the basis of the block chain main network.
Specifically, a blockchain main network accepts a subnet creation transaction, processes the subnet creation transaction based on a deployed contract, triggers a subnet creation event, and creates an instance as a node of a created subnet according to configuration information carried by the subnet creation transaction if each main network node determines that a member of a node device corresponding to the main network node participates in the subnet after monitoring the subnet creation event. Each blockchain subnet can also further accept subnet creation transactions and process the subnet creation transactions based on deployed contracts, and trigger subnet creation events, after each subnet node in the blockchain subnet monitors the subnet creation events from the subnet node, if it is determined that members of the node device corresponding to the blockchain subnet node participate in the next-level subnet, an instance is created according to configuration information carried by the subnet creation transactions, and the instance is used as a node of the further-created next-level subnet.
In this context, for any blockchain subnet, if the blockchain network responsible for processing the subnet creation transaction used to create the blockchain subnet, i.e., the blockchain network referred to as creating the blockchain subnet, is the parent node of the blockchain subnet in the tree structure. In the tree structure, the blockchain subnet of the child node of the parent node is not necessarily created by the parent node, but may still be managed by the parent node (i.e., the network identifier and address information of the blockchain subnet of the child node are recorded in the blockchain network of the parent node).
In these embodiments, any blockchain subnet is created and managed by the blockchain network corresponding to its parent node. In this way, the member usually only needs to complete one manual deployment of the master network node on its own node device, and the master network node on the node devices of the subsequent members can create a new instance as the next-level sub-network node. The node of a block chain sub-network on the node devices of some members can further create a new instance as a sub-network node of a lower level. Through the hierarchical network deployment mode, the trouble of manual deployment of members can be reduced.
In addition, in these embodiments, node devices of some subsequent members may still be added to the system after the blockchain sub-network is deployed, which means that the blockchain sub-network is not created by any original blockchain network in the system, but is directly added to the blockchain sub-network in the system from the outside, and such blockchain sub-network may still be added to the tree structure to become a node, except that the blockchain sub-network of the node is managed (not created) by the blockchain network corresponding to its parent node.
Through the above subnet creating and managing manner, any blockchain subnet is either created and managed by the blockchain network of the parent node, or is directly added into the tree structure from the outside and managed by the blockchain network of the parent node. In either case, the address information of any blockchain subnet (i.e. the address information of each node contained therein, such as IP address and port number) can be exposed only to the blockchain network of its parent node, and recorded by each node in the blockchain network of its parent node. Therefore, the privacy of the subnet can be ensured to the maximum extent, and the risk of network attack is reduced.
The building scheme of the block chain sub-network in this specification is described below with reference to fig. 4. It should be noted that, the node member in the following description specifically refers to a member; the node equipment refers to equipment controlled by members and is a concept of a hardware level; a node refers to a node instance (a process or a thread running on a node device), is deployed on the node device, and is a concept of a software layer.
Referring to fig. 4, fig. 4 is a flowchart of a method for building a blockchain subnet according to an exemplary embodiment. As shown in fig. 4, the method may include the steps of:
The transaction for establishing the blockchain sub-network can be initiated by an administrator of the blockchain main network, that is, the administrator is only allowed to establish the blockchain sub-network on the basis of the blockchain main network, and the establishment permission of the blockchain sub-network is prevented from being opened to a common user, so that the security problem caused by the establishment permission can be prevented. In some cases, a common user of the blockchain main network may also be allowed to initiate a transaction for building the blockchain sub-network, so as to meet networking requirements of the common user, and the common user can still quickly build the blockchain sub-network under the condition that an administrator is not convenient to initiate the transaction.
For example, as shown in fig. 5, the main network of the blockchain is subnet0, and the subnet0 includes blockchain link points nodeA, nodeB, nodeC, nodeD, and nodeE. Suppose that the node members respectively corresponding to nodeA, nodeB, nodeC and nodeD wish to construct a blockchain subnet: if nodeA is an administrator and only allows the administrator to initiate a transaction to build a blockchain subnet, the transaction to build the blockchain subnet can be initiated by nodeA to subnet 0; if the nodeb is an administrator and only the administrator is allowed to initiate a transaction for building the blockchain subnet, nodeb a to nodeb d need to make a request to nodeb, so that nodeb initiates the transaction for building the blockchain subnet to subnet 0; if the node E is an administrator but allows a common user to initiate the transaction of building the blockchain sub-network, the node A-node E can initiate the transaction of building the blockchain sub-network to the subnet 0. Of course, no matter an administrator or an ordinary user, the node members corresponding to the blockchain link points initiating the transaction for building the blockchain subnet do not necessarily participate in the built blockchain subnet, for example, although the blockchain subnet is finally built by the node members respectively corresponding to nodeA, nodeB, nodeC and nodeD, the transaction for building the blockchain subnet may be initiated to subnet0 by nodeE, but the transaction for building the blockchain subnet is not necessarily initiated by nodeA to nodeD.
When the blockchain sub-network is constructed on the basis of the blockchain main network, it is easy to understand that a logical hierarchical relationship exists between the blockchain sub-network and the blockchain main network. For example, when a blockchain subnet1 is constructed on subnet0 shown in fig. 5, subnet0 may be considered to be at the first level and subnet1 may be considered to be at the second level. In one case, the blockchain main network in this specification may be an underlying blockchain network, that is, the blockchain main network is not a blockchain sub-network constructed on the basis of other blockchain networks, for example, the subnet0 in fig. 5 may be regarded as a blockchain main network belonging to the underlying blockchain network type. In another case, the blockchain master network in this specification may be a sub-network of another blockchain network, for example, another blockchain sub-network may be further configured on the basis of the subnet1 in fig. 5, and at this time, the subnet1 may be considered as the blockchain master network corresponding to the blockchain sub-network, and this does not affect that the subnet1 belongs to the blockchain sub-network created on the subnet0 at the same time. It can be seen that the blockchain main network and the blockchain sub-network are actually relative concepts, and the same blockchain network may be the blockchain main network in some cases and the blockchain sub-network in other cases.
In step 404, each block link node in the block chain master network performs the transaction to reveal the configuration information.
Step 406, when the configuration information includes identity information of a node member corresponding to the first block link point, the node device deploying the first block link node starts a second block link node belonging to the block link subnet based on the creation block including the configuration information.
After the transaction for establishing the blockchain sub-network is sent to the blockchain main network, the consensus nodes in the blockchain main network perform consensus, and after the consensus is passed, the transaction is executed by each blockchain link point, so that the establishment of the blockchain sub-network is completed. The consensus process depends on the consensus mechanism employed, such as any of the consensus mechanisms described above, and is not limited by the present specification.
The configuration information is included in the transaction of the block chain sub-network, and the configuration information can be used for configuring the block chain sub-network, so that the block chain sub-network meets networking requirements. For example, by including identity information of the node members participating in the building of the blockchain subnet in the configuration information, it can be specified to which node members the built blockchain subnet corresponds.
The identity information of the node member may include a public key, or other information capable of representing the identity of the node member, such as a node ID, which is not limited in this specification. Taking a public key as an example, each block chain node has one or more corresponding public and private key pairs, and the block chain node holds the private key and the public key is public and uniquely corresponds to the private key, so that the identity of the corresponding block chain node can be represented by the public key, and the identity of a node member corresponding to the block chain node can also be represented by the public key. Therefore, for the node members who wish to participate in building the blockchain sub-network, the public keys of the blockchain nodes corresponding to the node members on the blockchain main network can be added to the transaction of building the blockchain sub-network to serve as the identity information of the node members. The public and private key pair described above may be used in the process of signature verification. For example, in a signed consensus algorithm, such as the sub net1, the above-mentioned nodeA1 signs a message with its own private key, and broadcasts the signed message in the sub net1, while nodeB1, nodeC1 and nodeD1 can verify that the received message is signed with the public key of nodeA1 to confirm that the received message is indeed from nodeA1 and has not been tampered with.
The first block link point may be a block link point on the block chain backbone corresponding to a node member indicated by the configuration information. When building the block chain sub-network, the first block chain link point does not directly participate in building the block chain sub-network, but the node device for deploying the first block chain node needs to generate a second block chain node, and the second block chain link point participates in building the block chain sub-network. The first block chain node and the second block chain node correspond to the same node member, for example, correspond to the same alliance chain member in an alliance chain scene, but the first block chain node belongs to a block chain main network, and the second block chain node belongs to a block chain sub-network, so that the node member can participate in the transactions of the block chain main network and the block chain sub-network respectively; moreover, because the blockchain main network and the blockchain sub-network belong to two mutually independent blockchain networks, the block generated by the first blockchain link point and the block generated by the second blockchain link point are respectively stored in different storages (the adopted storages can be databases, for example) on the node device, so that mutual isolation between the storages used by the first blockchain link point and the second blockchain link point is realized, data generated by the blockchain sub-network can only be synchronized among the blockchain nodes in the blockchain sub-network, so that the node members only participating in the blockchain main network can not obtain the data generated on the blockchain sub-network, data isolation between the blockchain main network and the blockchain sub-network is realized, and the transaction requirements between partial node members (namely, the node members participating in the blockchain sub-network) are met.
The first blockchain node and the second blockchain node are logically divided blockchain link points, and from the perspective of physical devices, the node device which is equivalent to the first blockchain node and the second blockchain node is deployed to participate in both the blockchain main network and the blockchain sub-network. Since the identity systems of the two blockchain networks are independent from each other due to the independence between the blockchain main network and the blockchain sub-network, even though the first blockchain node and the second blockchain node may use the same public key, they should be regarded as different blockchain nodes. For example, in fig. 5, the nodeA in subnet0 corresponds to a first blockchain node, and the node device deploying the nodeA generates nodeA1 belonging to subnet1, and the nodeA1 corresponds to a second blockchain node. It can be seen that, because the identity systems are independent of each other, even if the public key adopted by the second blockchain node is different from the first blockchain node, the implementation of the scheme in this specification is not affected.
Of course, the node members participating in the blockchain sub-network are not necessarily only a part of the node members participating in the blockchain main network. In some cases, the node members participating in the blockchain subnet may be completely consistent with the node members participating in the blockchain main network, and at this time, all the node members may obtain data on the blockchain main network and the blockchain subnet, but data generated by the blockchain main network and the blockchain subnet may still be isolated from each other, for example, one type of service may be implemented on the blockchain main network, and another type of service may be implemented on the blockchain subnet, so that service data generated by the two types of services may be isolated from each other.
In addition to the identity information of the node members described above, the configuration information may include at least one of: the network identifier of the blockchain subnet, the identity information of an administrator of the blockchain subnet, the attribute configuration for the blockchain platform code, and the like, which are not limited in this specification. The network identifier is used to uniquely characterize the blockchain subnet, and thus the network identifier of the blockchain subnet should be distinguished from the blockchain main network and other blockchain subnets established on the blockchain main network. Identity information of an administrator of the blockchain subnet, such as a public key of a node member as the administrator; the administrators of the blockchain main network and the blockchain sub-network may be the same or different.
One of the advantages of building the block chain sub-network by the block chain main network is that since the first block chain node is already deployed on the node device generating the second block chain node, the block chain platform code used by the first block chain node can be multiplexed on the second block chain node, so that repeated deployment of the block chain platform code is avoided, and the building efficiency of the block chain sub-network is greatly improved. Then, if the configuration information does not include the attribute configuration for the blockchain platform code, the second blockchain link point may reuse the attribute configuration adopted on the first blockchain node; if the configuration information includes the attribute configuration for the blockchain platform code, the second blockchain link point may adopt the attribute configuration, so that the attribute configuration adopted by the second blockchain node is not limited to the attribute configuration of the first blockchain node and is independent of the first blockchain link point. The attribute configuration for blockchain platform code may include at least one of: code version number, whether consensus is required, type of consensus algorithm, block size, etc., which is not limited in this specification.
The transactions that make up the blockchain subnet include transactions that invoke contracts. The address of the invoked smart contract, the method invoked and the incoming parameters may be specified in the transaction. For example, the contract invoked may be the aforementioned startup contract or system contract, the method invoked may be a method that builds a blockchain subnet, and the incoming parameters may include the configuration information described above. In one embodiment, the transaction may contain the following information:
from:Administrator
to:Subnet
method:AddSubnet(string)
string:genesis
the from field is information of the initiator of the transaction, such as administeror indicating that the initiator is an Administrator; the to field is the address of the intelligent contract being called, for example, the intelligent contract may be a Subnet contract, and the to field is specifically the address of the Subnet contract; the method field is a called method, for example, the method used in the Subnet contract to build the blockchain Subnet may be AddSubnet (string), and string is a parameter in the AddSubnet () method, and the value of the parameter is represented by the aforementioned example, which is specifically the aforementioned configuration information.
Take the example that nodes nodeA-nodeS on Subnet0 execute a transaction that invokes the AddSubnet () method in the Subnet contract. After the transaction passes the consensus, nodeA-nodeE respectively execute the AddSubnet () method and transmit configuration information to obtain corresponding execution results.
The execution result of the contract may include the configuration information, and the execution result may be in the receipt as described above, and the receipt may contain the event related to the execution of the adsubnet () method, i.e., the networking event. The topoc of a networking event may contain a predefined networking event identification to distinguish it from other events. For example, in an event related to the execution of the AddSubnet () method, the content of topic is a keyword subnet, and the keyword is distinguished from topic in the event generated by other methods. Then, the nodeA-nodeE or the node devices 1-5 deploying the nodeA-nodeE can determine to monitor the event related to the execution of the AddSubnet () method, namely the networking event, by monitoring topic contained in each event in the generated receipt and under the condition of monitoring topic containing the keyword subnet. For example, the events in the receipt are as follows:
Event:
[topic:other][data]
[topic:subnet][data]
......
then, when the 1 st event is monitored, the event is determined to be irrelevant to the AddSubnet () method because the contained content of topic is other; and when the 2 nd event is monitored, determining that the event is related to an AddSubnet () method because the contained topic content is subnet, and further reading a data field corresponding to the event, wherein the data field contains the configuration information. Taking the example that the configuration information includes the public key of the node member of the blockchain subnet, the content of the data field may include, for example:
{subnet1;
the public key of nodeA, the IP of nodeA, port number … of nodeA;
public key of nodeB, IP of nodeB, port number … of nodeB;
public key of nodeC, IP of nodeC, port number … of nodeC;
the public key of nodeD, the IP of nodeD, port number … of nodeD;
}
where subnet1 is the network identification of the blockchain subnet that one wishes to create. Each blockchain link point in the blockchain master network may record network identifiers of all blockchain subnets that have been created on the blockchain master network, or other information related to the blockchain subnets, which may be maintained in the Subnet contract, for example, and may specifically correspond to values of one or more contract states included in the Subnet contract. Then, it may be determined whether the subnet1 already exists according to the recorded network identifications of all blockchain subnets that have been created; if not, subnet1 is the new blockchain subnet that needs to be created currently, and if so, subnet1 is already present.
In addition to the network identifier of the new blockchain subnet that is desired to be created, a predefined new network identifier may be used, which indicates that the corresponding networking event is used to create the new blockchain subnet. For example, the subnet1 may be replaced by newsbnet, where newsbnet is a predefined new network identifier, and when the nodeA to nodeE recognize that the data field includes newsbnet, it may be determined that an event including newsbnet is a networking event and a new blockchain subnet needs to be created.
Besides the network identification subnet1, the data field also contains the identity information of each node member participating in building the blockchain subnet. The node device deploying the first blockchain node may monitor the generated receipt, and acquire, by the node device deploying the first blockchain node, configuration information or a creation block included in the networking event when the networking event is monitored and the content of the networking event includes identity information of a node member corresponding to the first blockchain node. Or the first block link point may monitor the generated receipt, and trigger the node device deploying the first block link node to acquire the configuration information or the created block included in the networking event when the networking event is monitored and the content of the networking event indicates that the first block link point belongs to the node member.
As previously described, the node device may listen for receipts directly. Assuming that nodeA to nodeE are respectively deployed on the node devices 1 to 5, and the node devices 1 to 5 can monitor receipts respectively generated by the nodeA to nodeE, the node devices 1 to 5 further identify the identity information of the node members included in the data field to determine their own processing modes when it is monitored that the subnet1 is a block chain subnet that needs to be newly built. Take nodeA and node device 1 as an example: if node device 1 finds that the data field contains identity information such as a public key, an IP address, and a port number of nodeA, node device 1 generates a created block containing configuration information when obtaining the configuration information from the data field based on the above-mentioned message mechanism, and node device 1 deploys nodeA1 locally, and nodeA1 loads the generated created block, thereby becoming a subnet node of subnet 1; similarly, node device 2 may generate nodeB1, node device 3 may generate nodeB c1, and node device 4 may generate nodeB 1. And if the node device 5 finds that the identity information included in the data field does not match with itself, the node device 5 does not generate a creation block according to the configuration information in the data field, and does not generate a block link point in subnet 1.
As mentioned above, the blockchain link point in the blockchain master network can listen for the receipt and trigger the node device to perform the relevant processing according to the listening result. For example, when determining that subnet1 is a blockchain subnet that needs to be newly built, nodeA to nodeE further identify the identity information of the node members included in the data field to determine their own processing methods. For example, the nodeA to nodeD may find that the data field includes identity information such as their own public key, IP address, and port number, and assume that nodeA to nodeD are respectively deployed on node devices 1 to 4, taking nodeA and node device 1 as an example: the nodeA triggers the node device 1, so that the node device 1 generates a created block containing the configuration information when obtaining the configuration information from the data field based on the above message mechanism, and the node device 1 deploys the nodeA1 locally, and the nodeA1 loads the generated created block, thereby becoming a subnet node of the subnet 1; similarly, nodeB will trigger NodeB1 to be generated by node device 2, nodeC will trigger NodeC1 to be generated by node device 3, and nodeD will trigger NodeD1 to be generated by node device 4. And the nodeE finds that the identity information contained in the data field is not matched with the nodeE, and if the nodeE is deployed on the node device 5, the node device 5 does not generate a creation block according to the configuration information in the data field, and does not generate a block link point in the subnet 1.
As mentioned above, the first block link point and the second block link point do not necessarily use the same identity information. Therefore, in the above embodiment, the data field may include the identity information previously generated for nodeA 1-nodeD 1, and is different from the identity information of nodeA-nodeD. Taking nodeA and node device 1 as an example: if identity information of nodeA1 is found in the data field, node device 1 may generate a founding block, deploy nodeA1, and load the founding block by nodeA 1; alternatively, nodeA, if identity information of nodeA1 is found in the data field, will trigger node device 1 to generate a foundational block, deploy nodeA1, and load the foundational block by nodeA 1. The processing modes of other blockchain nodes or node devices are similar, and are not described in detail herein.
In addition to configuration information, the execution results of the contract may include a foundational block. In other words, in addition to the configuration information contained in the data field, the created block containing the configuration information may be directly generated in the process of executing the contract call, so that the created block is contained in the data field, and for the nodeA to nodeD described above, the corresponding node devices 1 to 4 may directly obtain the created block from the data field through a message mechanism without self-generation, so that the deployment efficiency of nodeA1 to nodeD1 may be improved.
In this specification, the transaction for creating the blockchain subnet may not be a transaction for calling an intelligent contract, so that the blockchain network that does not support the intelligent contract may also implement the technical solution of this specification, thereby quickly creating the blockchain subnet on the basis of the blockchain main network. For example, a group network transaction type identifier may be predefined, and when a transaction includes the group network transaction type identifier, it indicates that the transaction is used for building a new blockchain subnet, that is, the transaction is a transaction for building a blockchain subnet. The blockchain platform code may include related processing logic for building a blockchain subnet, so that when a first blockchain node running the blockchain platform code executes a transaction, if the transaction is found to include the above networking transaction type identifier and the identity information of a node member corresponding to the first blockchain node is included in the configuration information in the transaction, a node device deploying the first blockchain node may be triggered to generate an innovation block including the configuration information and start a second blockchain node based on the processing logic, and the innovation block is loaded by the second blockchain node to form a blockchain node in the blockchain subnet.
The node equipment realizes the deployment of a blockchain node on the node equipment by creating an instance of a running blockchain platform code in a process. For the first blockchain node, it is formed by the node device creating a first instance of the running blockchain platform code in the above-described process. Similarly, for the second blockchain node, it is formed by the node device creating a second instance of the run blockchain platform code in the above-described process. For example, the node device may first create a first instance in a process to form a first blockchain node in a blockchain master network; when the node member corresponding to the node device wishes to participate in building the blockchain subnet, a second instance may be created in the process, where the second instance is different from the first instance, and forms a second blockchain node in the blockchain subnet. When the first instance and the second instance are located in the same process, the deployment difficulty of the second block chain node can be reduced and the deployment efficiency can be improved because cross-process interaction is not involved. Of course, the second instance may also be in a different process on the node device than the first instance, and this specification does not limit this; for example, the node device may create a first instance in a first process to form a first blockchain node in a blockchain master network; when the node member corresponding to the node device wishes to participate in building the blockchain subnet, a second process different from the first process may be started, and a second instance different from the first instance may be created in the second process, so that the second blockchain node in the blockchain subnet is formed by the second instance.
By the method, the block chain sub-network can be created on the block chain main network. Taking fig. 5 as an example, the subnet0 originally includes nodeA to nodeE, and can construct subnet1 on the basis of subnet0, where subnet1 includes nodeA1 to nodeD1, and nodeA1, nodeB and nodeB1, nodeC and nodeC1, and nodeD1 are respectively disposed on the same node device. Similarly, a subnet2 or more block chain subnets can be constructed on subnet0, where subnet2 includes nodeA2, nodeB2, nodeC2 and nodeE2, and nodeA1, nodeA2, nodeB and nodeB1, nodeB2, nodeC and nodeC1, nodeC2, nodeD and nodeD1, and nodeE2 are respectively deployed on the same node device. And, subnet1, subnet2, etc. may be used as new blockchain main networks, and a blockchain subnet is further constructed on the basis, which is similar to the construction of subnet1 or subnet2, and is not described herein again.
In the above embodiment as shown in fig. 4, the process of building a blockchain subnet in the present specification is actually described from the perspective of the whole blockchain system, and in this process, not all node members participate in the blockchain subnet, and next, in conjunction with fig. 6, the technical solution of the present specification will be described from the perspective of the master node participating in the blockchain subnet and the node device located in the master node. It will be readily appreciated that the embodiment shown in fig. 6 is not substantially different from the embodiment shown in fig. 4, and the foregoing description of the embodiment shown in fig. 4 applies to the embodiment shown in fig. 6.
Fig. 6 is a flowchart of another method for building a blockchain subnet provided by an example embodiment. As shown in fig. 6, the method may include the steps of:
In step 604, the first block node performs the transaction to reveal the configuration information.
As previously described, the transactions that make up the blockchain subnet include transactions that invoke contracts.
As previously mentioned, the contracts include either a startup contract or a system contract.
As has been described in the foregoing, the present invention,
the execution result of the contract comprises the configuration information, the node equipment deploying the first block chain node obtains the configuration information through a message mechanism, and the created block is generated according to the obtained configuration information; or,
and the execution result of the contract comprises the creation block, and the node equipment for deploying the first block chain node obtains the creation block through a message mechanism.
As mentioned above, the receipt generated after the contract is executed contains networking events related to the establishment of a new blockchain subnet; the node device deploying the first block chain node obtains the configuration information or the creation block through a message mechanism, and the method includes:
monitoring a generated receipt by a first block chain link point, and triggering node equipment for deploying a first block chain node to acquire the configuration information or the created block contained in the networking event under the condition that the networking event is monitored and the content of the networking event indicates that the first block chain link point belongs to the node member; or,
and the node equipment deploying the first block chain node monitors the generated receipt, and acquires the configuration information or the created block contained in the networking event under the condition that the networking event is monitored and the content of the networking event indicates that the first block chain link point belongs to the node member.
As previously mentioned, the networking events include: the subject name in the receipt contains the event identified by the predefined networking event.
As mentioned above, when the content of the networking event contains the following identification, it indicates that the networking event is related to the establishment of a new blockchain subnet:
the network identification of the block chain sub-network which is expected to be established is different from the existing block chain sub-network; or,
and a predefined new network identifier, wherein the new network identifier indicates that the networking event is used for establishing a new block chain subnet.
As mentioned above, the transaction includes a networking transaction type identifier, which indicates that the transaction is used to construct a new blockchain subnet.
As has been described in the foregoing, the present invention,
the transaction of the building blockchain sub-network is initiated by an administrator of the blockchain main network; or,
and the transaction for establishing the blockchain sub-network is initiated by a common user of the blockchain main network.
As mentioned above, the configuration information further includes at least one of: the network identification of the blockchain subnet, the identity information of an administrator of the blockchain subnet, and the attribute configuration aiming at the blockchain platform code.
As previously described, the blockchain master network may be the same or different from the administrator of the blockchain sub-network.
As previously mentioned, the attribute configuration for blockchain platform code includes at least one of: code version number, whether consensus is required, consensus algorithm type, block size.
As previously described, the node device initiating a second block link point comprises: the node device creates a second instance of a run blockchain platform code distinct from the first instance of the first blockchain node on which the blockchain platform code is run.
As described above, the block generated by the first block link point and the block generated by the second block link point are stored in different storages on the node device.
As previously described, the storage used by the first block link point and the second block link point, respectively, are isolated from each other.
As previously mentioned, the storage is a database.
As described above, the block chain master network is a bottom layer block chain network; or, the block chain master network is a subnet of other block chain networks.
In addition, in practical applications, the client typically uses an access authorization client certificate to access the multi-level blockchain system. The client certificate is issued to the client by the certificate issuing platform based on the CA certificate and is used for proving the authentication identity of the client. Because the multi-level blockchain system comprises a plurality of networks, according to actual service requirements, different clients may have different access to blockchain networks (the access to the blockchain networks may be a commit transaction), and the clients also do not necessarily have access to all blockchain networks in the system.
This means that if a client in the multi-level blockchain system is allowed to access the blockchain network in the system, how to control the behavior of the client accessing the blockchain network is an urgent technical problem to be solved.
To this end, the present specification provides an access control method for a client. Specifically, for one blockchain network in a multi-level blockchain system, an intelligent contract deployed on the blockchain network is used to determine entitlement configuration information that specifies an association between a client certificate provided for use by a client and at least one blockchain network. After each node of the block chain network is started, the permission configuration information can be acquired to the outside of the chain for local storage based on an intelligent contract on the chain. The node of the blockchain network can subsequently perform authority verification on the transaction and the query request (such as a Local Call) submitted by the client according to the authority configuration information locally stored outside the chain, so as to realize the authority control on the client to access the system.
Through the technical scheme, the permission configuration of the control client side access system outside the chain is carried out on each node of the block chain network by using the intelligent contract on the chain, the mode is efficient and convenient, and technical personnel do not need to configure each node one by one.
It should be noted that, the following description will use the authorization verification for the transaction submitted by the client as an example, but the principle is the same for the case where the client submits the query request, and no specific description is made.
Fig. 7 is a schematic flowchart of a cross-network query control method provided in this specification, including the following steps:
s700: the method comprises the steps of obtaining a transaction submitted by a client, and determining a client certificate used by the client for submitting the transaction.
S702: and judging whether a determined client certificate and a block chain network specified by the transaction and used for processing the transaction have an association relation or not based on the permission configuration information locally stored outside the chain, if so, executing a step S704, and if not, executing a step S706.
S704: and sending the transaction to the blockchain network specified by the transaction.
S706: denying the transaction from being sent to the blockchain network specified by the transaction.
The method shown in fig. 7 may be applied to a blockchain network in a multi-level blockchain network, and particularly, may be applied to a node of the blockchain network.
The blockchain network may be any blockchain network in the system, or may be a certain blockchain network specified in the system. The blockchain network may be a blockchain main network in the system or a blockchain sub-network in the system.
An intelligent contract can be deployed on the blockchain network and used for determining the authority configuration information. The intelligent contract may be an intelligent contract that is dedicated to making a permission configuration for the client to access the system, or may be an intelligent contract that is not dedicated to making a permission configuration for the client to access the system.
The above-mentioned authority configuration information is used to specify: an association between an access authorization client credential provided for use by a client and at least one blockchain network accessible to the client.
The manner in which the client certificate is used is described herein. In the case that a client needs to submit a transaction (or query request) to the blockchain network, a communication session is established with a node of the blockchain network by using a client certificate, and then the transaction (or query request) is submitted through the communication session bound by the client certificate. It is to be understood that, in step S700, the client certificate used by the client to submit the transaction is determined, which may actually be the client certificate bound to the session to which the client submits the transaction.
In various embodiments, each node of the blockchain network may obtain the privilege configuration information based on the intelligent contract on the chain and perform off-chain local storage.
It should be noted that, if the local storage of the node is cache, the node generally needs to acquire the authority configuration information based on the intelligent contract on the chain and perform off-chain caching after each startup.
In some embodiments, the permission configuration information may be written into the intelligent contract in advance, so that each node of the blockchain network can read the permission configuration information from the deployed intelligent contract to the out-of-chain local storage after being started.
In other embodiments, after the node is started, the administrator client may input the authority configuration information carried by the authority configuration transaction to the intelligent contract by submitting the authority configuration transaction calling the intelligent contract to the blockchain network, so that the intelligent contract triggers an off-chain notification message containing the authority configuration information when determining that the authority configuration information meets a legal condition. In this way, each node of the blockchain network initializes or updates the locally stored authorization configuration information according to the monitored out-of-chain notification message.
Further, the legal conditions include: the block chain network which is specified by the permission configuration information and can be accessed by the client belongs to the block chain network in the system.
The reason why each node of the blockchain network needs to store the authorization configuration information locally outside the chain is that the access authorization control of the client is actually completed before the transaction submitted by the client is accepted. Before the blockchain network accepts no transaction, the transaction is actually broadcasted, agreed and processed on the chain, in other words, the access right control is performed on the client, and the transaction is actually an off-chain operation.
In some embodiments of the present description, an upper blockchain network in the system may be configured to control access of clients to lower blockchain networks. That is, the authority configuration information may specify an association between a client certificate provided for use by the client and at least one lower blockchain subnet of the blockchain network. The lower blockchain subnet may be a blockchain subnet of a next level, or may be a blockchain subnet of a lower M (greater than 1) level.
It should be noted that the blockchain network implementing the method shown in fig. 7 may be a blockchain main network or a blockchain sub-network in the system.
Additionally, in some embodiments, the client certificate issued for use by the client may include an identification character. It will be appreciated that the identification characters in the client certificates issued for use by different clients vary. As such, the privilege configuration information may specify: and providing the association relationship between the identification character in the client certificate used by the client and at least one blockchain network.
Correspondingly, when judging whether the acquired client certificate and the transaction-specified blockchain network to which the transaction is to be processed have an association relationship, the identification character can be extracted from the acquired client certificate, and whether the extracted identification character and the transaction-specified blockchain network to which the transaction is to be processed have an association relationship is judged.
The above way of characterizing the association relationship by using the identifier character has the advantage that other blockchain networks accessible to the client can be adjusted without issuing a client certificate to the client again.
The above-described step S704 will be described. In step S704, if the blockchain network is the blockchain network responsible for processing the transaction, the node in the blockchain network that receives the transaction from the client may broadcast the transaction to other nodes in the blockchain network. If the blockchain network is not the blockchain network responsible for processing the transaction, the node in the blockchain network that receives the transaction from the client may forward the transaction to the blockchain network responsible for processing the transaction.
Fig. 8 is a flowchart of another control method for a client accessing a blockchain network, which is provided in this specification, and includes:
s800: the method comprises the steps of obtaining a transaction submitted by a client, and determining a client certificate used by the client for submitting the transaction.
The method shown in fig. 8 may be applied to a blockchain network in a multi-level blockchain network, and particularly, may be applied to a node of the blockchain network.
In the method shown in fig. 8, the client certificate provided to the client includes: a network identification of at least one blockchain network accessible using the client certificate. If the blockchain network accessible to the client needs to be updated, the client needs to be re-issued with a client certificate.
S802: extracting a network identification of the at least one blockchain network accessible from the determined client certificate.
S804: and judging whether the extracted network identifier contains the network identifier of the blockchain network to be processed, which is specified by the transaction, if so, executing the step 806, and if not, executing the step 808.
S806: and sending the transaction to the blockchain network specified by the transaction.
S808: denying the transaction from being sent to the blockchain network specified by the transaction.
The present specification also provides a multi-level blockchain system, where a blockchain network in the system deploys an intelligent contract, and the intelligent contract is used to determine authority configuration information; the permission configuration information specifies: an association between an access authorization client credential provided for use by a client and at least one blockchain network accessible to the client;
each node of the block chain network acquires the authority configuration information based on the intelligent contract on the chain and performs local storage outside the chain; acquiring a transaction submitted by a client, and acquiring a client certificate used by the client for submitting the transaction; judging whether the acquired client certificate and a block chain network of the transaction to be processed, which is specified by the transaction, have an association relation or not based on the permission configuration information locally stored outside the chain; and if so, sending the transaction to the block chain network appointed by the transaction.
The present specification also provides another multi-level blockchain system, in which a client certificate provided for a client includes: network identification of at least one blockchain network accessible using the client certificate;
each node of a block chain network in the system acquires a transaction submitted by a client and acquires a client certificate used by the client for submitting the transaction;
extracting a network identifier of at least one accessible blockchain network from the acquired client certificate, and judging whether the extracted network identifier contains the network identifier of the blockchain network to be processed, which is specified by the transaction;
and if so, sending the transaction to the block chain network appointed by the transaction.
The present specification also provides a multi-level blockchain system, where a blockchain network in the system deploys an intelligent contract, and the intelligent contract is used to determine authority configuration information; the permission configuration information specifies: an association between an access authorization client credential provided for use by a client and at least one blockchain network accessible to the client;
each node of the block chain network acquires the authority configuration information based on the intelligent contract on the chain and performs local storage outside the chain; acquiring a query request submitted by a client, and determining a client certificate used by the client for submitting the query request; judging whether a determined client certificate and a blockchain network which is specified by the query request and is to process the query request have an association relation or not based on the permission configuration information locally stored outside the chain; and if so, sending the query request to a block chain network specified by the query request.
The present specification also provides a multi-level blockchain system, in which a client certificate provided for a client includes: network identification of at least one blockchain network accessible using the client certificate;
each node of a block chain network in the system determines a query request submitted by a client and acquires a client certificate used by the client for submitting the query request; extracting a network identifier of at least one accessible blockchain network from the determined client certificate, and judging whether the extracted network identifier contains the network identifier of the blockchain network to be used for processing the query request, which is specified by the query request; and if so, sending the query request to a block chain network appointed by the transaction.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.
Claims (17)
1. An access control method for a client is applied to a node of a blockchain network in a multi-level blockchain system, the blockchain network is deployed with an intelligent contract, and the intelligent contract is used for determining authority configuration information; the permission configuration information specifies: an association between a client certificate provided for use by a client and at least one blockchain network accessible to the client;
each node of the block chain network acquires the authority configuration information based on the intelligent contract on the chain and performs out-of-chain local storage; the method comprises the following steps:
acquiring a transaction submitted by a client, and determining a client certificate used by the client for submitting the transaction;
judging whether a determined client certificate and a block chain network of the transaction to be processed, which is specified by the transaction, have an association relation or not based on the permission configuration information locally stored outside the chain;
and if so, sending the transaction to the block chain network appointed by the transaction.
2. The method of claim 1, wherein the association between the client certificate provided to the client for use and the at least one blockchain network comprises:
and providing the association relationship between the identification character in the client certificate used by the client and at least one blockchain network.
3. The method of claim 2, determining whether the obtained client certificate has an association relationship with a blockchain network specified by the transaction and on which the transaction is to be processed, comprising:
and extracting identification characters from the acquired client certificate, and judging whether the extracted identification characters have an association relation with a block chain network which is specified by the transaction and is used for processing the transaction.
4. The method of claim 1, wherein the permission configuration information specifies: an association between an access authorization client certificate provided for use by the client and at least one lower blockchain subnet of the blockchain network.
5. The method of claim 1 wherein the blockchain network is a blockchain master network or a blockchain slave network in the system.
6. The method of claim 1, wherein the authority configuration information carried by the authority configuration transaction is input to the intelligent contract by submitting the authority configuration transaction for calling the intelligent contract to the blockchain network, so that the intelligent contract triggers an off-chain notification message containing the authority configuration information under the condition that the authority configuration information is determined to meet legal conditions;
and each node of the block chain network initializes or updates the authority configuration information locally stored outside the chain according to the monitored out-of-chain notification message.
7. The method of claim 6, the legal conditions comprising: the block chain network which is specified by the permission configuration information and can be accessed by the client belongs to the block chain network in the system.
8. The method of claim 1, further comprising:
if not, the transaction is refused to be sent to the block chain network appointed by the transaction.
9. The method of claim 1, wherein the blockchain network in the system is a federation chain network or a public chain network.
10. A control method for accessing a block chain network by a client is applied to a node of a block chain network in a multi-stage block chain system; the client certificate provided to the client includes: network identification of at least one blockchain network accessible using the client certificate; the method comprises the following steps:
acquiring a transaction submitted by a client, and determining a client certificate used by the client for submitting the transaction;
extracting network identification of at least one accessible blockchain network from the determined client certificate, and judging whether the extracted network identification contains the network identification of the blockchain network to be used for processing the transaction specified by the transaction;
and if so, sending the transaction to the block chain network appointed by the transaction.
11. The method as recited in claim 10, further comprising:
if not, the transaction is refused to be sent to the block chain network appointed by the transaction.
12. An access control method for a client is applied to a node of a blockchain network in a multi-level blockchain system, the blockchain network is deployed with an intelligent contract, and the intelligent contract is used for determining authority configuration information; the permission configuration information specifies: an association between an access authorization client credential provided for use by a client and at least one blockchain network accessible to the client;
each node of the block chain network acquires the authority configuration information based on the intelligent contract on the chain and performs out-of-chain local storage; the method comprises the following steps:
acquiring a query request submitted by a client, and determining a client certificate used by the client for submitting the query request;
judging whether a determined client certificate and a blockchain network which is specified by the query request and is to process the query request have an association relation or not based on the permission configuration information locally stored outside the chain;
and if so, sending the query request to a block chain network specified by the query request.
13. A control method for accessing a block chain network by a client is applied to a node of a block chain network in a multi-stage block chain system; the client certificate provided to the client includes: network identification of at least one blockchain network accessible using the client certificate; the method comprises the following steps:
acquiring a query request submitted by a client, and determining a client certificate used by the client for submitting the query request;
extracting a network identifier of at least one accessible blockchain network from the determined client certificate, and judging whether the extracted network identifier contains the network identifier of the blockchain network to be used for processing the query request, which is specified by the query request;
and if so, sending the query request to a block chain network specified by the query request.
14. A multi-level blockchain system, wherein a blockchain network in the system is provided with an intelligent contract, and the intelligent contract is used for determining authority configuration information; the permission configuration information specifies: an association between a client certificate provided for use by a client and at least one blockchain network accessible to the client;
each node of the block chain network acquires the authority configuration information based on the intelligent contract on the chain and performs local storage outside the chain; acquiring a transaction submitted by a client, and acquiring a client certificate used by the client for submitting the transaction; judging whether the acquired client certificate and a block chain network of the transaction to be processed, which is specified by the transaction, have an association relation or not based on the permission configuration information locally stored outside the chain; and if so, sending the transaction to the block chain network appointed by the transaction.
15. A multi-level blockchain system, wherein a client certificate provided for a client is recorded with: network identification of at least one blockchain network accessible using the client certificate;
each node of a block chain network in the system acquires a transaction submitted by a client and determines a client certificate used by the client for submitting the transaction;
extracting a network identifier of at least one accessible blockchain network from the acquired client certificate, and judging whether the extracted network identifier contains the network identifier of the blockchain network to be processed, which is specified by the transaction;
and if so, sending the transaction to the block chain network appointed by the transaction.
16. A multi-level blockchain system, wherein a blockchain network in the system is provided with an intelligent contract, and the intelligent contract is used for determining authority configuration information; the permission configuration information specifies: an association between an access authorization client credential provided for use by a client and at least one blockchain network accessible to the client;
each node of the block chain network acquires the authority configuration information based on the intelligent contract on the chain and performs local storage outside the chain; determining a query request submitted by a client, and determining a client certificate used by the client for submitting the query request; judging whether a determined client certificate and a blockchain network which is specified by the query request and is to process the query request have an association relation or not based on the permission configuration information locally stored outside the chain; and if so, sending the query request to a block chain network specified by the query request.
17. A multi-level blockchain system, wherein a client certificate provided for a client is recorded with: network identification of at least one blockchain network accessible using the client certificate;
each node of a block chain network in the system acquires a query request submitted by a client and determines a client certificate used by the client for submitting the query request; extracting a network identifier of at least one accessible blockchain network from the determined client certificate, and judging whether the extracted network identifier contains the network identifier of the blockchain network to be used for processing the query request, which is specified by the query request; and if so, sending the query request to a block chain network specified by the query request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110611515.5A CN113055190B (en) | 2021-06-02 | 2021-06-02 | Access control method for client |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110611515.5A CN113055190B (en) | 2021-06-02 | 2021-06-02 | Access control method for client |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113055190A CN113055190A (en) | 2021-06-29 |
CN113055190B true CN113055190B (en) | 2021-07-30 |
Family
ID=76518683
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110611515.5A Active CN113055190B (en) | 2021-06-02 | 2021-06-02 | Access control method for client |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113055190B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113761581A (en) * | 2021-09-24 | 2021-12-07 | 支付宝(杭州)信息技术有限公司 | Authority control method and device in block chain and electronic equipment |
CN114157671B (en) * | 2021-11-26 | 2024-06-18 | 支付宝(杭州)信息技术有限公司 | Method for distributing information carried by block chain network to multiple client nodes |
CN115174088A (en) * | 2022-03-11 | 2022-10-11 | 达闼机器人股份有限公司 | Block chain system, data processing method and medium for block chain system |
CN116015929B (en) * | 2022-12-30 | 2024-05-17 | 中国银联股份有限公司 | Alliance chain access management method and device |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107395343A (en) * | 2017-07-10 | 2017-11-24 | 腾讯科技(深圳)有限公司 | Certificate management method and system |
CN108256864A (en) * | 2018-02-13 | 2018-07-06 | 中链科技有限公司 | Between a kind of block chain across the foundation of chain alliance and communication means, system |
CN109903043A (en) * | 2019-01-17 | 2019-06-18 | 平安科技(深圳)有限公司 | Method for secure transactions, device, equipment and storage medium based on block chain |
CN110569281A (en) * | 2019-08-30 | 2019-12-13 | 阿里巴巴集团控股有限公司 | Block chain transaction query method and system |
CN110708170A (en) * | 2019-12-13 | 2020-01-17 | 腾讯科技(深圳)有限公司 | Data processing method and device and computer readable storage medium |
CN111047327A (en) * | 2019-11-22 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Intelligent contract execution method, device and equipment |
CN111934996A (en) * | 2020-09-25 | 2020-11-13 | 支付宝(杭州)信息技术有限公司 | Message transmission method and device |
CN112789596A (en) * | 2020-12-23 | 2021-05-11 | 杭州趣链科技有限公司 | Processing method and device for task processing request and block chain node equipment |
CN112804679A (en) * | 2020-12-29 | 2021-05-14 | 中兴通讯股份有限公司 | Network slice connection method and device, storage medium and electronic device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107392623B (en) * | 2017-05-22 | 2020-09-11 | 创新先进技术有限公司 | Service execution method and device |
-
2021
- 2021-06-02 CN CN202110611515.5A patent/CN113055190B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107395343A (en) * | 2017-07-10 | 2017-11-24 | 腾讯科技(深圳)有限公司 | Certificate management method and system |
CN108256864A (en) * | 2018-02-13 | 2018-07-06 | 中链科技有限公司 | Between a kind of block chain across the foundation of chain alliance and communication means, system |
CN109903043A (en) * | 2019-01-17 | 2019-06-18 | 平安科技(深圳)有限公司 | Method for secure transactions, device, equipment and storage medium based on block chain |
CN110569281A (en) * | 2019-08-30 | 2019-12-13 | 阿里巴巴集团控股有限公司 | Block chain transaction query method and system |
CN111047327A (en) * | 2019-11-22 | 2020-04-21 | 支付宝(杭州)信息技术有限公司 | Intelligent contract execution method, device and equipment |
CN110708170A (en) * | 2019-12-13 | 2020-01-17 | 腾讯科技(深圳)有限公司 | Data processing method and device and computer readable storage medium |
CN111934996A (en) * | 2020-09-25 | 2020-11-13 | 支付宝(杭州)信息技术有限公司 | Message transmission method and device |
CN112789596A (en) * | 2020-12-23 | 2021-05-11 | 杭州趣链科技有限公司 | Processing method and device for task processing request and block chain node equipment |
CN112804679A (en) * | 2020-12-29 | 2021-05-14 | 中兴通讯股份有限公司 | Network slice connection method and device, storage medium and electronic device |
Non-Patent Citations (1)
Title |
---|
基于区块链的身份管理认证研究;董贵山 等;《计算机科学》;20181130;第45卷(第11期);正文第44-52页 * |
Also Published As
Publication number | Publication date |
---|---|
CN113055190A (en) | 2021-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113055190B (en) | Access control method for client | |
CN113067904B (en) | Method for building block chain sub-network and block chain system | |
CN113067894B (en) | Method for node to exit block chain sub-network | |
CN113067902B (en) | Block chain message transmission method and device | |
CN113067895B (en) | Method for building block chain sub-network and block chain system | |
CN113067901B (en) | Method for creating block chain subnet | |
CN113098982B (en) | Block chain message transmission method and device | |
CN113326290B (en) | Cross-network query control method | |
WO2022252996A1 (en) | Method for scheduling computing service for service flow contract | |
CN113259117B (en) | Method for synchronizing node information lists | |
CN113259120B (en) | Method for synchronizing node information lists | |
CN113067896B (en) | Method for adding node in block chain sub-network and block chain system | |
CN113259118B (en) | Method for synchronizing node information lists | |
CN113259464B (en) | Method for building block chain sub-network and block chain system | |
CN114363162A (en) | Block chain log generation method and device, electronic equipment and storage medium | |
CN113259236B (en) | Transaction forwarding method between block chain networks | |
CN113067774B (en) | Transaction forwarding method between block chain networks | |
CN113259237B (en) | Transaction forwarding method between block chain networks | |
CN113067772B (en) | Transaction forwarding method between block chain networks | |
CN113259465B (en) | Business execution method based on off-chain computing service | |
CN113259459B (en) | Block chain subnet operation state control method and block chain system | |
CN113259466B (en) | Block chain subnet operation state control method and block chain system | |
CN115086338A (en) | Block chain subnet building method and device | |
CN113098984B (en) | Method for forming multi-layer block chain system based on registration mechanism and block chain system | |
CN114363349A (en) | Starting method and device of block chain subnet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20240926 Address after: Room 803, floor 8, No. 618 Wai Road, Huangpu District, Shanghai 200010 Patentee after: Ant blockchain Technology (Shanghai) Co.,Ltd. Country or region after: China Address before: 310000 801-11 section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province Patentee before: Alipay (Hangzhou) Information Technology Co.,Ltd. Country or region before: China |