CN113971174A

CN113971174A - Key value storage method, device and medium based on block chain

Info

Publication number: CN113971174A
Application number: CN202010711416.XA
Authority: CN
Inventors: 孙长杰; 李照川; 王伟兵; 肖守明; 申传旺
Original assignee: Shandong ICity Information Technology Co., Ltd.
Current assignee: Shandong ICity Information Technology Co., Ltd.
Priority date: 2020-07-22
Filing date: 2020-07-22
Publication date: 2022-01-25

Abstract

The application discloses a method, a device and a medium for storing key values based on a block chain, wherein the method comprises the following steps: managing user information of other users in the blockchain system through a super manager and/or an administrator in the blockchain system; verifying administrator authority in the management process of user information through a user authority control intelligent contract, and storing formed user management data into a block chain after the verification is passed; verifying the user authority in the process of issuing information by the user through a user authority control intelligent contract, and forming user issuing data after the verification is passed; and verifying the user issued data through the key value storage database management intelligent contract, and writing the user issued data into the block chain after the verification is passed. The embodiment of the invention ensures the authenticity and the non-tampering property of the shared data by utilizing the non-tampering, non-repudiation, openness and transparency of the block chain information and ensures the non-repudiation property of the data sharing behavior.

Description

Key value storage method, device and medium based on block chain

Technical Field

The present application relates to the field of information-oriented software systems, internet and blockchain technologies, and in particular, to a method, device and medium for storing key values based on blockchains.

Background

Governments, enterprises, social groups, individuals, and the like in the information society need to publicly distribute information to the society. The conventional information distribution system has various risks of information tampering, counterfeiting and the like. For example, someone deliberately releases false information to confuse the masses; someone intercepts the web site and provides a false web page or document. Especially in the news media field, the information has publicity, and the media refer to the reference information and forward each other, among which, the information is not easy to be tampered, in the complex information network, the common people can hardly distinguish the true and false information, which brings great trouble to the lives of people.

There is also a need to share information between various organizations in society. The information sharing among organizations generally adopts a point-to-point transmission mode, and the traditional information sharing mode also has various risks of stealing, tampering, forging, replaying and the like of the information. For example, when data is shared between organizations, one party tampers with all relevant data including operation logs, so that the other party suffers economic loss, and the two parties mutually blame and derelict responsibility, but cannot finally blame because no third party participant exists.

Disclosure of Invention

An embodiment of the present specification provides a method, device, and medium for storing a key value based on a block chain, which are used to solve the following technical problems in the prior art:

the information system is controlled by a single organization, and the risk of data tampering exists;

in the information sharing process, if a third party participant is lacked, the responsibility cannot be clarified when the data is tampered;

the information system has few deployment nodes, and single-point faults are easy to occur, so that the system cannot be accessed.

The embodiment of the specification adopts the following technical scheme:

a first aspect of an embodiment of the present invention provides a key value storage method based on a block chain, including:

managing user information of other users in the blockchain system through a super manager and/or an administrator in the blockchain system, wherein the super manager has all the permissions of the blockchain system, and the administrator has partial permissions of the blockchain system;

verifying the administrator authority in the user information management process through a user authority control intelligent contract, and storing a key value corresponding to formed user management data into a block chain after the verification is passed;

verifying the user authority in the process of issuing information by the user through a user authority control intelligent contract, and forming user issuing data after the verification is passed;

and verifying the user issued data through a key value storage database management intelligent contract, and writing the key value corresponding to the user issued data into the block chain after the verification is passed.

The embodiment of the invention is used for releasing and sharing the trusted information. The authenticity and the tamperproof property of the shared data are ensured by utilizing the non-tamperproof, non-repudiation, openness and transparency of the block chain information, the non-repudiation of the data sharing behavior is ensured, and a safe, reliable and credible data sharing platform is established.

In one example, the user information includes at least one of: user ID, user name, validity or not, role list, creation time and updating time;

the management of the user information includes at least one of: the management comprises the following steps: creating users, modifying users, inquiring users, verifying user validity, configuring roles, checking user existence and handing over system default super administrators.

The embodiment of the invention has safe and flexible authority control. And user, role and authority management is supported. Any role can be created, any plurality of authorities can be distributed to each role, any plurality of roles can be configured for each user, and the authority control is very flexible.

The flexible authority control mechanism supports the establishment of multi-level administrators, and can also establish administrator users with the same authority as the default super administrators of the system, so that the effect of co-management and co-management of multiple persons is achieved, and the management efficiency is improved.

In the example of the invention, the management of the user information is realized and controlled through a block chain intelligent contract, the data is recorded in a block chain bottom account book, and the storage and reading of the data content can be completed without the assistance of any under-link service program, so that the safety, the non-tamper property and the credibility of content publishing are greatly enhanced.

In one example, the managing of user information for other users in the blockchain system by a super administrator and/or administrator in the blockchain system includes:

and managing the user information by the super administrator and/or the administrator in the blockchain system to other super administrators and/or administrators in the blockchain.

In one example, the managing, by a hypervisor and/or administrator in the blockchain system, user information for other hypervisors and/or administrators in the blockchain includes:

the role of the hypervisor is transferred from the original hypervisor to the new hypervisor by joint signatures of the original hypervisor, the new hypervisor, and at least one other authentication hypervisor, wherein a specific number of the authentication hypervisors is specified upon initialization of the blockchain system.

In the present example, the public key of the system default super administrator can be replaced, i.e. the authority of the system default super administrator can be handed over. To ensure that the system is always controllable, three administrators are required to reach agreement and combine signatures to change the default hypervisor of the system.

In one example, the rights the hypervisor has include: creating user authority, modifying user authority, adding user role authority, deleting user role authority, creating role authority, modifying role authority, adding role authority and deleting role authority, wherein the authority of the super manager is permanent and effective and can not be modified.

In one example, the writing, after the verification passes, a key value corresponding to the user release data into a block chain, and after the verification passes, a key value corresponding to the user management data into a block chain, includes:

writing two fields of a data main key and a data value corresponding to the data issued by the user into a data table, and writing two fields of the data main key and the data value corresponding to the data issued by the user into the data table;

the block chain is provided with a plurality of databases, each database is provided with a plurality of data tables, and the databases and the data tables in the block chain are dynamically generated according to the user release data.

In the example of the invention, a plurality of databases are supported, meanwhile, a plurality of data tables are supported to be established in the same database, a plurality of different databases and data tables can be established according to different services, and the classification management and storage are beneficial to the performance optimization.

In one example, the verifying the administrator authority in the management process of the user information through the user authority control intelligent contract comprises:

and determining the administrator authority by verifying the digital signature of the administrator, wherein the digital signature comprises one or more security factors.

In the present example, a security factor, such as a timestamp, is included in the digital signature. To prevent parameters from being tampered with, protected parameters need to be placed in a signature.

In the example of the invention, the management of the user information can be carried out after the user digital signature is needed so as to ensure the non-repudiation and credibility of the behaviors.

and verifying the digital signature of the administrator through a user public key in a block chain digital real-name identity system, and determining the administrator authority, wherein the digital signature of the administrator is generated through a user private key of the administrator.

In the embodiment of the invention, the block chain digital real-name identity system is combined, and the user ID of the block chain digital real-name identity system is used as the user ID of the scheme, so that the real identity of the user can be locked, the user behavior can be unreliated and traced, and the data credibility is enhanced.

A second aspect of the embodiments of the present invention provides a key value storage device based on a block chain, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to:

verifying the administrator authority in the user information management process through a user authority control intelligent contract, and forming user management data after the verification is passed;

and verifying the user management data through a key value storage database management intelligent contract, and writing the key value corresponding to the user management data into the block chain after the verification is passed.

A third aspect of the embodiments of the present invention provides a block chain-based key value storage nonvolatile computer storage medium, in which a computer-executable instruction is stored, where the computer-executable instruction is set as:

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

FIG. 1 is a schematic flow chart of a method provided by an embodiment of the present invention;

FIG. 2 is a block chain system according to an embodiment of the present invention;

fig. 3 is a schematic diagram of an apparatus framework provided in an embodiment of the present specification.

Detailed Description

In order to make the objects, technical solutions and advantages of the present disclosure more apparent, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person skilled in the art without making any inventive step based on the embodiments in the description belong to the protection scope of the present application.

The block chain realizes the non-falsification, non-repudiation and credibility of the information through a decentralized consensus mechanism. The invention provides a key value storage method based on a block chain and a corresponding scheme aiming at false information, data tampering and repudiation behaviors in the field of information publishing and sharing by combining the technical characteristics of the block chain, and the key value storage method and the corresponding scheme are used for publishing and sharing credible information. The authenticity and the tamperproof property of the shared data are ensured by utilizing the non-tamperproof, non-repudiation, openness and transparency of the block chain information, the non-repudiation of the data sharing behavior is ensured, and a safe, reliable and credible data sharing platform is established.

The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.

Fig. 1 is a schematic flow chart of a method according to an embodiment of the present invention. As shown, the method comprises:

s101, managing user information of other users in the blockchain system through a super manager and/or an administrator in the blockchain system, wherein the super manager has all permissions of the blockchain system, and the administrator has partial permissions of the blockchain system;

s102, verifying administrator authority in the user information management process through a user authority control intelligent contract, and storing a key value corresponding to formed user management data into a block chain after the verification is passed;

s103, verifying the user authority in the information issuing process of the user through a user authority control intelligent contract, and forming user issuing data after the verification is passed;

s104, verifying the user issued data through a key value storage database management intelligent contract, and writing the key value corresponding to the user issued data into the block chain after the verification is passed.

Fig. 2 is a schematic diagram of a frame structure of a blockchain system according to an embodiment of the present invention, and as shown in fig. 2, a database system (blockchain system) for storing trusted key values based on a blockchain platform includes: the trusted key store database system and the client 2 are mostly. Wherein, the credible key value storage database system comprises: the system comprises 3 main components of a user authority control intelligent contract, a key value storage database management intelligent contract and a block chain platform. The user authority control intelligent contract comprises: user management, role management, user authority verification 3 main functions. Key-value storage database management intelligent contracts include: database management, data saving/updating, data query 3 main functions.

According to a specific embodiment of the present invention, the functions of user management (management of user information) include: creating users, modifying users, inquiring users, verifying user validity, configuring roles, checking user existence, handing over system default super administrators and the like. The user information includes: user ID, user name, validity or not, role list, system default hypervisor or not, creation time, update time, etc. A default super manager user is arranged in the block chain system, has a super manager role and has all the authorities of user management and role management. The default hypervisor user may not be deleted, may not be set to invalid, may not change the role list, but may hand over to the system default hypervisor. The handover system default super administrator needs the joint signature of the original system default super administrator, the new system default super administrator and 1 or more other authentication administrators to successfully handover. The specific number of authentication administrators is specified at system initialization. And the user information is stored in the block chain account book through the block chain platform. The user can not configure roles for the user, and only the user with the role configuration authority can configure roles for others. All users cannot be deleted, and can only be set as invalid for users other than the system default super administrator.

According to the specific embodiment of the invention, users with the same ID cannot be repeatedly created by taking the user ID as a unique primary key. The steps of creating a user are as follows:

and (6) checking parameters. The parameters that must be entered are: administrator user ID, timestamp, digital signature. And verifying whether the parameters are lacked or not, and if the parameters are lacked, returning an error. The parameter "timestamp" should be within a predetermined time range, i.e. the absolute value of the current system timestamp minus the parameter "timestamp" is less than a predetermined value, such as 30 seconds. The time stamp is used to prevent digital signature theft, data replay attacks, and the like.

And checking the validity of the user. And (3) taking the 'administrator user ID' as a parameter, judging whether the user is valid or not by using a 'user validity verification' function of the user authority control intelligent contract, and if the user belongs to an invalid user, returning an error.

And (5) checking the user authority. And (3) taking the 'administrator user ID' and 'creating user authority' as parameters, judging whether the user has the authority of 'creating user authority' or not by using a 'user authority verification' function of the user authority control intelligent contract, and if the user does not have the authority, returning an error.

The signature is verified. And taking the 'administrator user ID' as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a 'user public key' of the user identity information to obtain a new user ID, a user name and a timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

User presence verification. And taking the 'new user ID' decrypted from the digital signature as a parameter, controlling a 'user existence check' function of the intelligent contract through the user authority to check whether the user exists, if so, indicating the user who has created the same 'user ID', and returning an error.

The user is saved. The fixed prefix "bcbase _ KV _ DB _ U _" and the "new user ID" decrypted from the digital signature are concatenated together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ U _ { new user ID }". The "user name" decrypted from the digital signature, and the current system time stamp are structured as a "user information record" of the form: { userName: { user name }, isperperadmin: false, enabled: true, createTime: { current system timestamp }, updateTime: { current system timestamp } }. And finally, writing the combined KEY and the user information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and finishing the operation of creating the user.

According to the embodiment of the invention, the modifying user can only modify the user name, whether the user name is valid or not and update the time. The user can not modify the state of the user and can only modify the information of other users. And after the user is set to be invalid, the user account is invalid, and all the permissions owned by the user are invalid. The steps for modifying the user are as follows:

And (5) checking the user authority. And (3) taking the 'administrator user ID' and 'modified user authority' as parameters, judging whether the user has the authority of 'modified user authority' or not by using a 'user authority verification' function of the user authority control intelligent contract, and returning an error if the user does not have the authority.

The signature is verified. And taking the 'administrator user ID' as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a 'user public key' of the user identity information to obtain the user ID, the user name, the validity of the user name and the timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

Self-modifying restriction checks. And comparing the parameter 'administrator user ID' with the 'user ID' decrypted from the digital signature, if the parameter 'administrator user ID' is the same as the parameter 'user ID', judging that the modification is illegal, and returning an error.

And checking the existence of the target user. And (3) taking the 'user ID' decrypted from the digital signature as a parameter, controlling a 'user existence check' function of the intelligent contract through the user authority to check whether the user exists or not, and returning an error if the user does not exist.

And updating the user information record. The fixed prefix "bcbase _ KV _ DB _ U _" and the "user ID" decrypted from the digital signature are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ U _ { user ID }". And then, searching target data user information records from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform.

If the 'ispupperadmin' of the 'user information record' is 'true', the system default super administrator is judged to be modified, the principle that the system default super administrator cannot be modified is violated, and an error is returned.

Replacing the user name in the user information record with the user name if the user name item exists in the parameter decrypted from the digital signature; replacing "valid or not" in "user information record" with "valid or not" if there is an "valid or not" item in the parameter decrypted from the digital signature; the current system timestamp is used to replace the "update time" in the "user information record".

And finally, writing the combined KEY and the latest user information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and covering the old user information record, thereby finishing the modification operation of the user information record.

According to the specific embodiment of the present invention, the specific implementation manner of querying the user includes:

the fixed prefix "bcbase _ KV _ DB _ U _" and the parameter "user ID" are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ U _ { user ID }". And then, searching target data user information records from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform. And finally, returning query result data.

According to the specific embodiment of the present invention, the specific implementation manner of checking the validity of the user includes:

the fixed prefix "bcbase _ KV _ DB _ U _" and the parameter "user ID" are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ U _ { user ID }". And then, searching target data user information records from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform. If the corresponding user information record cannot be found, the user is judged to be an invalid user, and the error of the invalid user is returned.

Then, judging whether the user is valid or not through a 'valid or not' field of the user information record, and if the user is invalid, returning an error of the invalid user; if the result is valid, the result of the valid user is returned.

According to a specific embodiment of the present invention, the role configuration function includes: and adding user roles and deleting the user roles. The user role information is stored in the "role list" field of the "user information record". The user can not configure roles for the user, and only the user with the role configuration authority can configure roles for others. And the user role information is stored in the block chain account book through the block chain platform.

According to the specific embodiment of the invention, the steps for adding roles to the user are as follows:

And (5) checking the user authority. And (3) taking the 'administrator user ID' and 'user role authority increasing' as parameters, judging whether the user has the authority of 'user role authority increasing' through a 'user authority verification' function of the user authority control intelligent contract, and if the user does not have the authority, returning an error.

The signature is verified. And taking the 'administrator user ID' as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a 'user public key' of the user identity information to obtain the user ID, the role ID and the timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

Self-configuring role limit checks. And comparing the parameter 'administrator user ID' with the 'user ID' decrypted from the digital signature, and if the parameter 'administrator user ID' and the user ID are the same, judging that the role is configured illegally, and returning an error.

User role presence check. And using the 'user ID' and the 'role ID' decrypted from the digital signature as parameters, controlling a 'user role existence check' function of the intelligent contract through the user authority to check whether the user role exists, if so, indicating that the same role is added for the user, and returning an error.

Decrypting the 'role ID' parameter item from the digital signature, and adding the 'role ID' parameter item into a 'role list' field of a 'user information record'; the current system timestamp is used to replace the "update time" in the "user information record". And finally, writing the combined KEY and the latest user information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and covering the old user information record, thereby finishing the operation of increasing the user roles.

According to the specific embodiment of the invention, the step of deleting roles for the user is as follows:

And (5) checking the user authority. And (3) taking the 'administrator user ID' and 'delete user role authority' as parameters, judging whether the user has the authority of 'delete user role authority' by using a 'user authority verification' function of the user authority control intelligent contract, and returning an error if the user does not have the authority.

User role presence check. And taking the 'user ID' and the 'role ID' decrypted from the digital signature as parameters, controlling a 'user role existence checking' function of the intelligent contract through the user authority, checking whether the user role exists, if not, indicating that the target user does not own the role, and returning an error.

Secondly, decrypting a parameter item 'role ID' from the digital signature, and then searching the 'role ID' from a 'role list' field of 'user information record' and deleting the 'role ID'; the current system timestamp is used to replace the "update time" in the "user information record". And finally, writing the combined KEY and the latest user information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and covering the old user information record, thereby finishing the operation of deleting the user role.

According to the embodiment of the invention, the specific implementation steps of the role existence check of the user comprise: the fixed prefix "bcbase _ KV _ DB _ U _" and the parameter "user ID" are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ U _ { user ID }". And then, searching target data user information records from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform. The parameter "role ID" is searched from the "role list" field of the "user information record", and if the "role ID" is found, it is determined that the designated user role exists, and if the "role ID" is not found, it is determined that the designated user role does not exist.

According to a specific embodiment of the present invention, the presence check of the user comprises: the fixed prefix "bcbase _ KV _ DB _ U _" and the parameter "user ID" are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ U _ { user ID }". And then, searching target data user information records from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform. And if the corresponding user information record can be found, judging that the target user exists, otherwise, judging that the target user does not exist.

According to an embodiment of the present invention, the handover system default hypervisor needs the joint signature of the original system default hypervisor, the new system default hypervisor, and 1 or more other authentication administrators to successfully handover. The specific number of authentication administrators is specified at system initialization. The specific handover steps are as follows:

and (6) checking parameters. The parameter is an array list whose size is equal to or greater than (2 + number of authenticators). Each array entry must contain: the administrator user ID, the timestamp, and the digital signature. If the agreement is not met, the parameter is judged to be illegal, and an error is returned.

And traversing the array list, and verifying the consistency of the parameters, the administrator, the signature and the handover target. In the traversal process, the only original system default super administrator and the only new system default super administrator are found out, and if the conditions are not met, an error is returned. If the new system default super administrator ID obtained from the digital signature of all signature administrators is consistent, otherwise, the administrator is judged not to be consistent with the handover object of the system default super administrator, no change is made, and an error is returned.

And (5) checking the timeliness. The parameter "timestamp" should be within a predetermined time range, i.e. the absolute value of the current system timestamp minus the parameter "timestamp" is less than a predetermined value, such as 10 minutes. The time stamp is used to prevent digital signature theft, data replay attacks, and the like.

The signature is verified. And taking the administrator user ID as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a user public key of the user identity information to obtain an administrator type, a new system default super administrator ID and a timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

And verifying the default of the original system by a super administrator. And if the value of the administrator type decrypted from the digital signature is 'original system default super administrator', verifying whether the original system default super administrator. The fixed prefixes "bcbase _ KV _ DB _ U _" and "administrator user ID" are linked together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ U _ { administrator user ID }". And then, searching a target data user information record from an account book at the bottom layer of the block chain platform according to the combined KEY through an inquiry interface of the block chain platform, judging whether a system defaults to a super administrator or not through an ispupeAdmin field in the user information record, if not, judging that the operation is illegal, and returning an error.

The new system default hypervisor is verified. If the value of the administrator type decrypted from the digital signature is 'new system default super administrator', the parameter 'administrator user ID' and 'new system default super administrator ID' decrypted from the digital signature should be equal, otherwise, the signature is judged to be illegal, and an error is returned.

And updating the user information record.

The fixed prefixes "bcbase _ KV _ DB _ U _" and the "administrator type" with the value "administrator user ID" of the "original system default super administrator" are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ U _ { administrator user ID }". Then, through an inquiry interface of the block chain platform, searching a target data user information record from an account book at the bottom layer of the block chain platform according to the combined KEY, and then setting the ispuperadmin in the user information record as false; the current system timestamp is used to replace the "update time" in the "user information record". And finally, writing the combined KEY and the latest user information record into an account book at the bottom layer of the block chain platform through an accounting interface of the block chain platform, covering the old user information record, and finishing the logout operation of the default super administrator of the original system.

The fixed prefixes "BCBASED _ KV _ DB _ U _" and the "administrator type" value "administrator user ID" of the "New System Default super Administrator" are linked together by a connector, e.g., "_", to construct a combined KEY in the form of "BCBASED _ KV _ DB _ U _ { administrator user ID }". Then, through an inquiry interface of the block chain platform, searching a target data user information record from an account book at the bottom layer of the block chain platform according to the combined KEY, and then setting the ispuperadmin in the user information record to be true; adding the role of 'DefaultSuperAdminisRole' into the 'role list' field of 'user information record'; the current system timestamp is used to replace the "update time" in the "user information record". And finally, writing the combined KEY and the latest user information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and covering the old user information record, thereby completing the operation of the default super administrator of the transfer system.

According to an embodiment of the present invention, the role management includes: creating roles, modifying roles, configuring permissions, and the like. The role information includes: role ID, role name, validity or not, authority list, creation time, update time and other information. After the role is set to be invalid, the user who owns the role loses all the permissions corresponding to the role. The system is internally provided with a default super manager role and has all the authorities of user management and role management. Modifying a role can only modify the role name, whether it is valid, update time.

The default super administrator role (DefaultSuperAdminRole) built in the system cannot be deleted, cannot change the name, cannot be set to be invalid, and cannot change the permission list. And the role information is stored in the blockchain account book through the blockchain platform.

In some embodiments of the invention, roles with identical IDs cannot be created repeatedly, using role IDs as the unique primary keys. The steps of creating roles are as follows:

And (5) checking the user authority. And (3) taking the 'administrator user ID' and 'creating role authority' as parameters, judging whether the user has the authority of 'creating role authority' or not by using a 'user authority verification' function of the user authority control intelligent contract, and returning an error if the user does not have the authority.

The signature is verified. And taking the 'administrator user ID' as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a 'user public key' of the user identity information to obtain the role ID, the role name and the timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

And checking the existence of the role. And taking the 'role ID' decrypted from the digital signature as a parameter, controlling a 'role existence checking' function of the intelligent contract through the user authority to check whether the role exists, if so, indicating that the role with the same 'role ID' is created, and returning an error.

And saving the roles. The fixed prefix "bcbase _ KV _ DB _ R _" and the "role ID" decrypted from the digital signature are concatenated together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ R _ { role ID }". The "role name" decrypted from the digital signature, and the current system time stamp are structured as a "role information record" of the form: { roleName: { role name }, enabled: true, createTime: { current system timestamp }, updateTime: { current system timestamp } }. And finally, writing the combined KEY and the role information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and finishing the operation of creating the role.

In some embodiments of the invention, modifying a role can only modify the role name, whether it is valid, update time. After the role is set to be invalid, the user who owns the role loses all the permissions corresponding to the role. The default hypervisor role of the system cannot be modified. The steps for modifying roles are as follows:

And (5) checking the user authority. And (3) taking the 'administrator user ID' and 'modification role authority' as parameters, judging whether the user has the authority of 'modification role authority' or not by using a 'user authority verification' function of the user authority control intelligent contract, and returning an error if the user does not have the authority.

The signature is verified. And taking the 'administrator user ID' as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a 'user public key' of the user identity information to obtain the role ID, the role name, the validity of the role name and a timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

And checking the role of the super administrator. If the decrypted role ID from the digital signature is equal to DefaultSuperAdminRole, an error is returned in violation of the principle that the default hypervisor role of the system cannot be modified.

And checking the existence of the role. And using the 'role ID' decrypted from the digital signature as a parameter, controlling a 'role existence checking' function of the intelligent contract through the user authority to check whether the role exists, and returning an error if the role does not exist.

And updating the role information record. The fixed prefix "bcbase _ KV _ DB _ R _" and the "role ID" decrypted from the digital signature are concatenated together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ R _ { role ID }". And then, searching target data 'role information record' from an account book at the bottom layer of the block chain platform according to 'combined KEY' through a query interface of the block chain platform. If there is a "role name" item in the parameter decrypted from the digital signature, the "role name" is used to replace the "role name" in the "role information record"; if there is an item "valid or not" in the parameter decrypted from the digital signature, "valid or not" in the "role information record" is replaced with the "valid or not"; the "update time" in the "role information record" is replaced with the current system time stamp. And finally, writing the combined KEY and the latest role information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and covering the original old role information record, thereby finishing the modification operation of the role information record.

According to the specific embodiment of the present invention, the role authority configuration management function includes: and adding role authority and deleting role authority. The following 14 permissions are in the system: creating user authority, modifying user authority, adding user role authority, deleting user role authority, creating role authority, modifying role authority, adding role authority, deleting role authority, creating database authority, modifying database authority, creating data table authority, modifying data table authority, data updating authority and data query authority. The rights are not deletable or modifiable.

The system has a default hypervisor role built in, with the following permissions: creating user authority, modifying user authority, adding user role authority, deleting user role authority, creating role authority, modifying role authority, adding role authority and deleting role authority. Any user who has all or part of the above rights may be referred to as an administrator. The default hypervisor role built in the system cannot be deleted or modified. And the role authority information is stored in the block chain account book through the block chain platform.

According to the specific embodiment of the invention, the steps of adding the authority to the role are as follows:

And (5) checking the user authority. And (3) taking the ' administrator user ID ' and the ' authority for increasing role authority ' as parameters, judging whether the user has the authority for increasing the role authority ' by using a ' user authority verification ' function of the user authority control intelligent contract, and returning an error if the user does not have the authority.

The signature is verified. And taking the 'administrator user ID' as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a 'user public key' of the user identity information to obtain the role ID, the authority and the timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

And checking the role of the super administrator. If the decrypted role ID from the digital signature is equal to the DefaultSuperAdminRole, an error is returned in violation of the principle that the system default Hypervisor role cannot be configured with permissions.

And checking the existence of the target role. And using the 'role ID' decrypted from the digital signature as a parameter, controlling a 'role existence checking' function of the intelligent contract through the user authority to check whether the role exists, and returning an error if the role does not exist.

Role rights presence check. And (3) using the 'role ID' and the 'authority' decrypted from the digital signature as parameters, controlling the 'authority existence checking' function of the intelligent contract through the user authority to check whether the role authority exists, if so, indicating that the same authority has been added to the role, and returning an error.

And updating the role information record. The fixed prefix "bcbase _ KV _ DB _ R _" and the "role ID" decrypted from the digital signature are concatenated together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ R _ { role ID }". And then, searching target data 'role information record' from an account book at the bottom layer of the block chain platform according to 'combined KEY' through a query interface of the block chain platform. Decrypting the 'authority' parameter item from the digital signature, and adding the 'authority' parameter item into an 'authority list' field of the 'role information record'; the "update time" in the "role information record" is replaced with the current system time stamp. And finally, writing the combined KEY and the latest role information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and covering the original old role information record, thereby completing the operation of increasing the role authority.

According to a specific embodiment of the present invention, the steps of deleting the authority for the role are as follows:

And (5) checking the user authority. And (3) taking the ' administrator user ID ' and the ' authority for deleting role authority ' as parameters, judging whether the user has the authority for deleting the role authority ' by using a ' user authority verification ' function of the user authority control intelligent contract, and returning an error if the user does not have the authority.

And checking the existence of the target role. And (3) taking the 'role ID' decrypted from the digital signature as a parameter, controlling a 'role existence checking' function of the intelligent contract through the user authority to check whether the user exists, and if not, returning an error.

Role rights presence check. And (3) using the 'role ID' and the 'authority' decrypted from the digital signature as parameters, controlling a 'user role existence check' function of the intelligent contract through the user authority, checking whether the user role exists, if not, indicating that the target user does not own the role, and returning an error.

And updating the role information record. The fixed prefix "bcbase _ KV _ DB _ R _" and the "role ID" decrypted from the digital signature are concatenated together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ R _ { role ID }". And then, searching target data 'role information record' from an account book at the bottom layer of the block chain platform according to 'combined KEY' through a query interface of the block chain platform. Secondly, decrypting the parameter item 'authority' from the digital signature, and then searching the 'authority' from the 'authority list' field of the 'role information record' and deleting the 'authority'; the "update time" in the "role information record" is replaced with the current system time stamp. And finally, writing the combined KEY and the latest role information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and covering the old role information record, thereby finishing the operation of deleting the role authority.

In one example, the method further includes checking existence of role permissions, specifically including:

the fixed prefix "bcbase _ KV _ DB _ R _" and the parameter "role ID" are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ R _ { role ID }". And then, searching target data 'role information record' from an account book at the bottom layer of the block chain platform according to 'combined KEY' through a query interface of the block chain platform. Secondly, parameter authority is searched from the authority list field of the role information record, if the authority is found, the authority of the role is judged to exist, and if the authority is not found, the authority of the role is judged to not exist.

In one example, the role existence check further includes: the fixed prefix "bcbase _ KV _ DB _ R _" and the parameter "role ID" are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ R _ { role ID }". And then, searching target data 'role information record' from an account book at the bottom layer of the block chain platform according to 'combined KEY' through a query interface of the block chain platform. And if the corresponding character information record is found, judging that the target character exists, otherwise, judging that the target character does not exist.

According to the specific embodiment of the invention, the role authority verification of the user searches the user information record through the parameter 'user ID', and obtains the role list owned by the user. And then, circularly traversing the role list, further searching the role information record, acquiring the role authority list, and finding out the target authority. If the target authority matched with the parameters can be found out, the user is judged to have the authority, otherwise, the user is judged to have no authority. The method specifically comprises the following steps:

the fixed prefix "bcbase _ KV _ DB _ U _" and the parameter "user ID" are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ U _ { user ID }". And then, searching target data user information records from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform. All the role lists owned by the user, user role list, are obtained from the role list field of the user info record.

For each "role ID" in the "user role list" obtained in the above step, the following processing is performed:

and searching the role information record. The fixed prefixes "bcbase _ KV _ DB _ R _" and "role ID" are connected together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ R _ { role ID }". And then, searching target data 'role information record' from an account book at the bottom layer of the block chain platform according to 'combined KEY' through a query interface of the block chain platform.

And searching for the authority. The parameter "permission" is looked up from the "permission list" field of the "role information record". If the authority matched with the parameter authority is found, the user is judged to have the authority, and the processing is finished. Otherwise, the steps of searching the role information record and searching the authority are continuously repeated until all the roles of the user role list are processed.

If all the roles of the user role list are traversed and the authority matched with the parameters cannot be found, the user is judged to have no authority, and the processing process is ended.

According to a specific embodiment of the present invention, writing the key value corresponding to the user release data into the block chain after the verification passes, and writing the key value corresponding to the user management data into the block chain after the verification passes includes: writing two fields of a data main key and a data value corresponding to the user management data into a data table, and writing two fields of a data main key and a data value corresponding to the data issued by the user into the data table; the block chain is provided with a plurality of databases, each database is provided with a plurality of data tables, and the databases and the data tables in the block chain are dynamically generated according to the user release data.

According to a specific embodiment of the present invention, the database management functions include: creating a database, modifying the database, creating a data table, modifying the data table, checking the existence of the database and checking the existence of the data table. The database information includes: database ID, database name, creation time, update time, etc. The information of the data table includes: database ID, data table name, creation time, update time, etc. Multiple data tables may be created in the database. The data table only contains two fields of data primary KEY (data KEY) and data value. And the information of the database and the data table is stored in the block chain account book through the block chain platform.

According to the embodiment of the invention, database IDs are used as unique primary keys, and databases with the same ID cannot be repeatedly created. The steps of creating the database are as follows:

and (6) checking parameters. The parameters that must be entered are: user ID, timestamp, digital signature. And verifying whether the parameters are lacked or not, and if the parameters are lacked, returning an error. The parameter "timestamp" should be within a predetermined time range, i.e. the absolute value of the current system timestamp minus the parameter "timestamp" is less than a predetermined value, such as 30 seconds. The time stamp is used to prevent digital signature theft, data replay attacks, and the like.

And checking the validity of the user. And (3) taking the user ID as a parameter, judging whether the user is valid or not by using a user authority control intelligent contract user validity checking function, and if the user belongs to an invalid user, returning an error.

And (5) checking the user authority. And (3) taking the 'user ID' and the 'database creation authority' as parameters, judging whether the user has the authority of 'database creation authority' or not by using a 'user authority verification' function of controlling the intelligent contract by the user authority, and returning an error if the user does not have the authority.

The signature is verified. And taking the user ID as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a user public key of the user identity information to obtain the database ID, the database name and the timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

And checking the existence of the database. And taking the database ID decrypted from the digital signature as a parameter, checking whether the database exists or not through a database existence checking function of the key value storage database management intelligent contract, and if so, indicating that the database with the same database ID is created and returning an error.

And storing the database. The fixed prefix "bcbase _ KV _ DB _" and the "database ID" decrypted from the digital signature are concatenated together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ { database ID }". The "database name" decrypted from the digital signature and the current system timestamp are structured as a "database information record" of the form: { databaseName: { database name }, createTime: { Current System timestamp }, updateTime: { Current System timestamp } }. And finally, writing the combined KEY and the database information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and finishing the operation of creating the database.

According to the embodiment of the invention, only the database name and the update time can be modified by modifying the database, and the steps are as follows:

And (5) checking the user authority. And (3) taking the 'user ID' and the 'database modification permission' as parameters, judging whether the user has the permission of 'database modification permission' or not by using a 'user permission verification' function of the user permission control intelligent contract, and if the user does not have the permission, returning an error.

And checking the existence of the database. And taking the database ID decrypted from the digital signature as a parameter, managing a database existence checking function of the intelligent contract through the key value storage database, checking whether the database exists, and returning an error if the database does not exist.

And modifying the name of the database and the updating time. The fixed prefix "bcbase _ KV _ DB _" and the "database ID" decrypted from the digital signature are concatenated together by a connector, e.g., "_", to construct a combined KEY in the form of "bcbase _ KV _ DB _ { database ID }". And then, searching a target data database information record from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform. Replacing the database name in the database information record with the database name decrypted from the digital signature; the current system timestamp is used to replace the "update time" in the "database information record". And finally, writing the combined KEY and the latest database information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and covering the old database information record, thereby finishing the modification operation of the database.

According to the specific embodiment of the invention, the data table ID is used as the unique primary key in the database, and the data tables with the same ID cannot be repeatedly created. The steps of creating the data table are as follows:

And (5) checking the user authority. And taking the 'user ID' and the 'permission for creating the data table' as parameters, judging whether the user has the permission for creating the data table permission or not by using a 'user permission verification' function of the user permission control intelligent contract, and returning an error if the user does not have the permission.

The signature is verified. And taking the user ID as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a user public key of the user identity information to obtain the database ID, the data table name and the timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

Data table presence check. And using the 'database ID' and the 'data table ID' decrypted from the digital signature as parameters, checking whether the data table exists or not through a 'data table existence checking' function of the key value storage database management intelligent contract, and if so, indicating that the data table with the same 'database ID' and 'data table ID' is created and returning an error.

And saving the data table. The fixed prefix "bcbase _ KV _ DB _ TABLE" and the "database ID", "data TABLE ID", decrypted from the digital signature are connected together by a connector, e.g., "_", to construct a combined KEY, e.g., "bcbase _ KV _ DB _ TABLE _ { database ID } _{ data TABLE ID }". The "data table name" decrypted from the digital signature and the current system timestamp are structured as a "data table information record" of the form: { tableName: { data table name }, createTime: { current system timestamp }, updateTime: { current system timestamp } }. And finally, writing the combined KEY and the data table information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and finishing the creation operation of the data table.

According to an embodiment of the present invention, modifying the table can only modify the table name and the update time. The steps for modifying the data table are as follows:

And (5) checking the user authority. And taking the 'user ID' and the 'permission for modifying the data table' as parameters, judging whether the user has the permission for modifying the data table through a 'user permission verification' function of the user permission control intelligent contract, and returning an error if the user does not have the permission.

Data table presence check. And using the 'database ID' and the 'data table ID' decrypted from the digital signature as parameters, checking whether the data table exists or not through a 'data table existence checking' function of the key value storage database management intelligent contract, and returning an error if the data table does not exist.

Modifying the data table name and the update time. The fixed prefix "bcbase _ KV _ DB _ TABLE" and the "database ID", "data TABLE ID", decrypted from the digital signature are connected together by a connector, e.g., "_", to construct a combined KEY, e.g., "bcbase _ KV _ DB _ TABLE _ { database ID } _{ data TABLE ID }". And then, searching target data table information records from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform. Replacing the "data table name" in the "data table information record" with the "data table name" decrypted from the digital signature; the current system timestamp is used to replace the "update time" in the "data table information record". And finally, writing the combined KEY and the latest data table information record into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform, and covering the old data table information record, thereby finishing the modification operation of the data table.

According to the embodiment of the present invention, the method of data saving is described by the following steps, and the data update is the same as the method of data saving.

And (6) checking parameters. The parameters that must be entered are: user ID, data value, timestamp, digital signature. And verifying whether the parameters are lacked or not, and if the parameters are lacked, returning an error. The parameter "timestamp" should be within a predetermined time range, i.e. the absolute value of the current system timestamp minus the parameter "timestamp" is less than a predetermined value, such as 30 seconds. The time stamp is used to prevent digital signature theft, data replay attacks, and the like.

And (5) checking the user authority. And (3) taking the 'user ID' and the 'data updating authority' as parameters, judging whether the user has the authority of the 'data updating authority' or not through a 'user authority verification' function of the user authority control intelligent contract, and if the user does not have the authority, returning an error.

The signature is verified. And taking the user ID as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a user public KEY of the user identity information to obtain the database ID, the data table ID, the data KEY, the timestamp T1 and the data value hash value H1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

And (6) checking the integrity of the data. And calculating the hash value of the parameter data value, comparing the hash value with the data value hash value H1 decrypted from the digital signature, and if the hash value is not consistent with the data value hash value H1, judging that the data is damaged and returning an error.

And (4) data storage. The fixed prefix "bcbase _ KV _ DB _ V _" and "database ID", "data table ID", and "data KEY", decrypted from the digital signature, are connected together by a connector, e.g., "_", to construct a combination KEY in the form of "bcbase _ KV _ DB _ V _ { database ID } _{ data table ID } _{ data KEY }". And finally, writing the combined KEY and the data value in the parameter into an account book at the bottom layer of the blockchain platform through an accounting interface of the blockchain platform.

According to the specific embodiment of the invention, the data query steps are as follows:

And (5) checking the user authority. And (3) taking the 'user ID' and the 'data query authority' as parameters, judging whether the user has the authority of the 'data query authority' through a 'user authority verification' function of the user authority control intelligent contract, and if the user does not have the authority, returning an error.

The signature is verified. And taking the user ID as a parameter, inquiring user identity information from the block chain digital real-name identity intelligent contract, and decrypting the digital signature by using a user public KEY of the user identity information to obtain the database ID, the data table ID, the data KEY and the timestamp T1. If decryption fails, an error is returned. The parameter "time stamp" is compared with "time stamp T1" decrypted from the digital signature to determine that the signature is an illegal signature and an error is returned if the parameter "time stamp" is different from the "time stamp T1".

And querying the data. The fixed prefix "bcbase _ KV _ DB _ V _" and "database ID", "data table ID", and "data KEY", decrypted from the digital signature, are connected together by a connector, e.g., "_", to construct a combination KEY in the form of "bcbase _ KV _ DB _ V _ { database ID } _{ data table ID } _{ data KEY }". And then, searching target data from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform. And finally, returning a query result.

According to an embodiment of the present invention, the method further comprises a database presence check, wherein the fixed prefix "bcbase _ KV _ DB _" and the parameter "database ID" are connected together by a connector, such as "_", to form a combined KEY, such as "bcbase _ KV _ DB _ { database ID }". And then, searching a target database information record from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform, if the corresponding information record is found, judging that the target database exists, and otherwise, judging that the target database does not exist.

According to an embodiment of the present invention, the fixed prefix "bcbase _ KV _ DB _ TABLE _" and the parameters "database ID", "data TABLE ID" are connected together by a connector, e.g., "_", to construct a combined KEY, e.g., "bcbase _ KV _ DB _ TABLE _ { database ID } _{ data TABLE ID }". And then, searching a target data table information record from an account book at the bottom layer of the block chain platform according to the combined KEY through a query interface of the block chain platform, if the corresponding information record is found, determining that the target data table exists, and otherwise, determining that the target data table does not exist.

According to an embodiment of the present invention, the private key of the user is the password of the user, and the private key of the user does not need to be stored in the system. The private key of the user is the identity of the user, and the digital signature based on the private key of the user is the representation of the identity of the user. The block chain digital real-name identity system is combined with the block chain digital real-name identity system, the user ID of the block chain digital real-name identity system is used as the user ID of the scheme, the user public key of the block chain digital real-name identity system is used as the decryption key of the scheme, the real identity of the user can be locked, the purposes that the user behavior cannot be repudiated, the behavior can be traced and the data can be traced are achieved. It is understood that users include general users, administrators, and super administrators.

Based on the same idea, some embodiments of the present application further provide a device and a non-volatile computer storage medium corresponding to the above method.

Fig. 3 is a schematic diagram of a device framework provided in an embodiment of the present specification, and a key-value storage device based on a block chain includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to:

Some embodiments of the present application provide a non-volatile computer storage medium corresponding to fig. 1 for block chain based key value storage, storing computer executable instructions configured to:

The embodiments in the present application are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the device and media embodiments, the description is relatively simple as it is substantially similar to the method embodiments, and reference may be made to some descriptions of the method embodiments for relevant points.

The device and the medium provided by the embodiment of the application correspond to the method one to one, so the device and the medium also have the similar beneficial technical effects as the corresponding method, and the beneficial technical effects of the method are explained in detail above, so the beneficial technical effects of the device and the medium are not repeated herein.

Claims

1. A key value storage method based on a block chain is characterized by comprising the following steps:

2. The method of claim 1, wherein the user information comprises at least one of: user ID, user name, validity or not, role list, creation time and updating time;

3. The method of claim 1, wherein the managing of user information for other users in the blockchain system by a hypervisor and/or administrator in the blockchain system comprises:

4. The method of claim 1, wherein the managing of user information by a hypervisor and/or administrator in the blockchain system for other hypervisors and/or administrators in a blockchain comprises:

5. The method of claim 1, wherein the rights the hypervisor has include: creating user authority, modifying user authority, adding user role authority, deleting user role authority, creating role authority, modifying role authority, adding role authority and deleting role authority, wherein the authority of the super manager is permanent and effective and can not be modified.

6. The method of claim 1, wherein writing the key value corresponding to the user release data into the block chain after the verification is passed comprises:

writing two fields of a data main key and a data value corresponding to the user release data into a data table;

7. The method of claim 1, wherein verifying administrator privileges in the management of the user information via a user privilege control intelligent contract comprises:

8. The method of claim 1, wherein verifying administrator privileges in the management of the user information via a user privilege control intelligent contract comprises:

9. A blockchain-based key-value storage device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to:

10. A non-volatile computer storage medium storing computer-executable instructions for block chain based key value storage, the computer-executable instructions configured to: