CN115396209A - Access authorization method and device, electronic equipment and readable storage medium - Google Patents

Access authorization method and device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN115396209A
CN115396209A CN202211032776.2A CN202211032776A CN115396209A CN 115396209 A CN115396209 A CN 115396209A CN 202211032776 A CN202211032776 A CN 202211032776A CN 115396209 A CN115396209 A CN 115396209A
Authority
CN
China
Prior art keywords
node
user
access
user node
computing power
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211032776.2A
Other languages
Chinese (zh)
Other versions
CN115396209B (en
Inventor
田新雪
李朝霞
肖征荣
马书惠
杨子文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202211032776.2A priority Critical patent/CN115396209B/en
Publication of CN115396209A publication Critical patent/CN115396209A/en
Application granted granted Critical
Publication of CN115396209B publication Critical patent/CN115396209B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1854Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with non-centralised forwarding system, e.g. chaincast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses an access authorization method, an access authorization device, electronic equipment and a readable storage medium, and belongs to the technical field of block chains. The method comprises the following steps: receiving a force calculation request initiated by a user node in a block chain, and returning the identifier of the force calculation node to the user node; under the condition that the user node meets a preset condition, acquiring a user identifier and a user public key of the user node; registering the user node as a temporary manager based on the user identifier, and encrypting an access secret key and an access time limit of the algorithm node by using a user public key to obtain first encryption information; signing the first encrypted information by using a private key of the computational power node to obtain first signature information; and broadcasting the first signature information in the blockchain, so that the user node can access the algorithm node based on the access key and the access period. The access authorization method improves the authorization efficiency and reduces the probability of hacker access attack on the computational power node.

Description

Access authorization method and device, electronic equipment and readable storage medium
Technical Field
The invention relates to the technical field of block chains, in particular to an access authorization method, an access authorization device, electronic equipment and a readable storage medium.
Background
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm, is a decentralized distributed database in essence, is considered to be a subversive core technology of the next generation after a steam engine, electric power and the Internet, serves as a machine for constructing trust, can possibly thoroughly change the mode of transmitting the whole human social value, and can realize data consistency storage, anti-tampering and decentration.
Access authorization for a compute node is typically handled by the administrator of the compute node. For example, after an operator of the computing power scheduling platform schedules a computing power node to a certain user, the operator needs to notify a computing power node manager to add access rights to the user, and after the user finishes using the computing power node, the operator needs to delete the corresponding rights. This requires the power node administrator to have super-administrative rights for the power node, however, the user is not acceptable from a security point of view. How to let users automatically and safely obtain the access rights of the computing power nodes becomes a problem to be solved.
Disclosure of Invention
Therefore, the invention provides an access authorization method, an access authorization device, an electronic device and a readable storage medium, which are used for solving the problems that in the prior art, a computing node manager is required to have super management authority of a computing node, the computing node manager is not safe, and a user cannot automatically and safely obtain the access authority of the computing node due to the fact that the user cannot accept the computing node.
In a first aspect, an embodiment of the present application provides an access authorization method, which is applied to a computational node, and includes:
receiving a force calculation request initiated by a user node in a block chain, and returning the identifier of the force calculation node to the user node; wherein the computing power request comprises a user identification of the user node;
under the condition that the user node meets a preset condition, acquiring a user identifier and a user public key of the user node;
registering the user node as a temporary manager based on the user identifier, and encrypting an access key and an access deadline of the algorithm node by using the user public key to obtain first encryption information;
signing the first encrypted information by using a private key of the computational power node to obtain first signature information;
broadcasting the first signature information in the blockchain for the user node to access the computing node based on the access key and the access deadline.
Wherein the preset condition at least comprises one of the following items:
the user node pays the token of the transaction corresponding to the computing power request in a blockchain transaction mode;
the owner of the computing power node confirms the transaction corresponding to the computing power request;
and writing the transaction corresponding to the computing power request into a new block of the block chain and a block chain account book.
Wherein the broadcasting the first signature information in the blockchain for the user node to access the computing node based on the access key and the access deadline further comprises:
and under the condition that the access deadline is expired and the user node is not renewed, revoking the temporary manager identity of the user node.
Wherein, when the access deadline expires and the user node is determined to be not renewed based on the blockchain ledger, the method further comprises, after revoking the temporary administrator identity of the user node:
user data generated during the period of obtaining the temporary manager at the user node is encrypted and stored in a preset storage space.
Wherein, in the process of obtaining the temporary administrator by the user node, after encrypting and storing the generated data in a preset storage space, the method further comprises:
retrieving the user data from the storage space in case the user node again obtains the temporary administrator.
Wherein, in the process of obtaining the temporary administrator by the user node, after encrypting and storing the generated data in a preset storage space, the method further comprises:
and deleting the user data according to a first-in first-out principle under the condition that the storage space is insufficient.
In a second aspect, an embodiment of the present application provides an access authorization method, which is applied to a user node, and includes:
broadcasting a computation power request in a block chain; wherein the computing power request comprises a user identification of the user node;
receiving first signature information broadcast by an algorithm node in the block chain; the first signature information is that the computing power node acquires a user identifier and a user public key of the user node based on the computing power request under the condition that the user node meets a preset condition; registering the user node as a temporary manager based on the user identifier, and encrypting an access secret key and an access time limit of the algorithm node by using the user public key to obtain first encryption information; signing the first encrypted information by using a private key of the computational power node to obtain information;
accessing the compute node based on the access key and access deadline.
In a third aspect, an embodiment of the present application provides an access authorization apparatus, which is applied to a computational node, and includes:
the first receiving module is used for receiving a calculation force request initiated by a user node in a block chain; wherein the computing power request comprises a user identification of the user node;
the first sending module is used for returning the identifier of the computational power node to the user node;
the acquisition module is used for acquiring the user identifier and the user public key of the user node under the condition that the user node meets the preset condition;
a registration module for registering the user node as a temporary administrator based on the user identifier;
the encryption module is used for encrypting the access secret key and the access time limit of the algorithm node by using the user public key to obtain first encryption information;
the signature module is used for signing the first encrypted information by using a private key of the computational power node to obtain first signature information;
the first sending module is further configured to broadcast the first signature information in the blockchain, so that the user node accesses the computing node based on the access key and the access deadline.
In a fourth aspect, an embodiment of the present application provides an access authorization apparatus, which is applied to a user node, and includes:
the second sending module is used for broadcasting the computing power request in the block chain; wherein the computing power request comprises a user identification of the user node;
the second receiving module is used for receiving first signature information broadcast by the computation force node in the block chain; the first signature information is that the computing power node acquires a user identifier and a user public key of the user node based on the computing power request under the condition that the user node meets a preset condition; registering the user node as a temporary manager based on the user identifier, and encrypting an access secret key and an access time limit of the algorithm node by using the user public key to obtain first encryption information; signing the first encrypted information by using a private key of the computational power node to obtain information;
and the access module is used for accessing the computing power node based on the access secret key and the access time limit.
In a fifth aspect, an embodiment of the present application provides an electronic device, including:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6 and 7.
In a sixth aspect, embodiments of the present application provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform any one of the methods provided by embodiments of the present application.
The access authorization method provided by the embodiment can enable the user node to actively send the computing power request in the block chain when the computing power resource is required, establish communication with the computing power node, automatically and safely obtain the authorization of the computing power node, obtain the access key and the access authority of the computing power node, and access the computing power node. The whole authorization process does not need to depend on a calculation power node manager, and does not require that a user node must trust the calculation power node manager, so that the security is ensured, and the efficiency is improved. And before the user identification and the user public key of the user node are acquired, whether the user node meets the preset condition or not is judged, the computational power node is prevented from being accessed and attacked by hackers and the like, and the safety of the system is guaranteed.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a flowchart of an access authorization method according to an embodiment of the present invention;
fig. 2 is a flowchart for determining whether a user node meets a preset condition according to an embodiment of the present invention;
fig. 3 is a flowchart of another access authorization method provided in the embodiment of the present invention;
fig. 4 is a flowchart of an access authorization method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an access authorization apparatus according to an embodiment of the present invention;
fig. 6 is a flowchart of another access authorization apparatus provided in an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an access authorization apparatus according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are given by way of illustration and explanation only, not limitation.
As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
When the terms "comprises" and/or "comprising" … … are used in this disclosure, the presence of the stated features, integers, steps, operations, elements, and/or components are specified, but does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and the present invention and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Fig. 1 is a flowchart of an access authorization method provided in an embodiment of the present application, and is applied to a computational node. As shown in fig. 1, the method comprises the steps of:
step S101, receiving a calculation force request initiated by a user node in a block chain, and returning the identifier of the calculation force node to the user node.
Wherein the computing power request comprises a user identification of the user node.
The user node is a node which needs to acquire computing power resources in the block chain, and the computing power node is a node which can provide the needed computing power resources for the user node.
In some embodiments, there may be one or more user nodes in the blockchain, the user identifier is an identifier used to distinguish the user nodes, the user identifier has a corresponding relationship with the user node, and the user node may be uniquely determined by the user identifier.
In some embodiments, there may be one or more computation force nodes in the blockchain, where the identifier of a computation force node is an identifier used to distinguish the computation force node, and there is a correspondence between the identifier of a computation force node and the computation force node, and the computation force node may be uniquely determined by the identifier of the computation force node.
When the user node has a computing power demand, the user node sends out a computing power request in the block chain so as to obtain the computing power resource provided by the computing power node from the block chain.
In some embodiments, the user identifier of the user node is carried in the computing force request sent by the user node, so that the computing force node determines the user node according to the user identifier, so as to subsequently provide computing force resources for the user node.
Step S102, under the condition that the user node meets the preset conditions, the user identification and the user public key of the user node are obtained.
The preset condition can be set according to the use requirement, and the preset condition can be a general condition or an individualized condition.
The user public key and the user private key are a key pair of the user node, the user public key can be published to the force calculation node, but the user private key is reserved by the user node, the force calculation node can encrypt data to be transmitted by using the user public key, and the user node can decrypt the data encrypted by using the user private key.
In some embodiments, after receiving the computing power request of the user node, the computing power node determines whether the user node meets a preset condition, and acquires the user identifier and the user public key of the user node when the user node meets the preset condition.
Step S103, registering the user node as a temporary manager based on the user identifier, and encrypting the access secret key and the access deadline of the algorithm node by using the user public key to obtain first encryption information.
The temporary administrator is a role of controlling the computing resources of the computing node. After the user node obtains the identity of the temporary manager, the user node can access and control the computing power node and use the computing power resource of the computing power node.
The embodiment of the application does not limit the registration mode of the user node as the temporary manager, and the computational power node can register the user node in any preset mode so that the user node obtains the identity of the temporary manager.
In some embodiments, to ensure security of the transmission of the access key and the access deadline, the algorithm node encrypts the access key and the access deadline with the user public key before transmitting the access key and the access deadline, to obtain the first encryption information.
And step S104, signing the first encrypted information by using the private key of the computational power node to obtain first signature information.
The private key of the computational power node and the public key of the computational power node are a key pair of the computational power node, and similar to the user public key and the user private key of the user node, the public key of the computational power node can be published to the user node, but the private key of the computational power node is reserved by the computational power node.
In some embodiments, to prevent the first encrypted information from being tampered with during transmission, the force node signs the first encrypted information with a private key of the force node prior to transmission of the first encrypted information.
Step S105, broadcasting the first signature information in the blockchain, so that the user node accesses the computing power node based on the access key and the access deadline.
Illustratively, the computing power node a and the user node B are both connected in a block chain, and the user node B broadcasts the computing power request in the block chain, and carries the user identifier of the user node in the computing power request. After receiving the computing force request sent by the user node B, the computing force node A judges whether the user node meets the preset conditions, and acquires the user identification and the user public key of the user node B under the condition that the user node B meets the preset conditions.
The access authorization method provided by the embodiment can enable the user node to actively send the computing power request in the block chain when the computing power resource is required, establish communication with the computing power node, automatically and safely obtain the authorization of the computing power node, obtain the access key and the access authority of the computing power node, and access the computing power node. The whole authorization process does not need to depend on a calculation power node manager, and does not require that a user node must trust the calculation power node manager, so that the security is ensured, and the efficiency is improved. And before the user identification and the user public key of the user node are acquired, whether the user node meets the preset condition or not is judged, the computational power node is prevented from being accessed and attacked by hackers and the like, and the safety of the system is guaranteed.
In some embodiments, the preset condition includes at least one of:
and the user node pays a token of the transaction corresponding to the computing power request in a blockchain transaction mode, an owner of the computing power node confirms the transaction corresponding to the computing power request, and the transaction corresponding to the computing power request is written into a new block of the blockchain and a blockchain ledger.
The owner of the computing power node refers to an operating system or a blockchain plug-in installed on the computing power node and supporting a blockchain, the owner detects the transaction condition on the blockchain in real time, and after receiving the identification of the computing power node, a user node which needs computing power resources needs to perform transaction with the owner of the computing power node.
The block chain account book is an account book commonly maintained by all nodes in the block chain, and all transactions occurring on the block chain are recorded in the account book.
In some embodiments, a user node can only obtain the computing resources provided by the computing node after a (computing) transaction with the owner of the computing node. For example, the user node needs to pay for the token of the transaction.
In some embodiments, the user node may pay for the token of the transaction for which the effort request initiated by the user node is in the form of a blockchain transaction. The form of the blockchain transaction may be various in the related art, and the embodiment of the present invention is not limited thereto.
In some embodiments, the user node can obtain the computing resources provided by the computing node only if the transaction corresponding to the computing request is written into the new block of the blockchain and the blockchain ledger.
Illustratively, fig. 2 is a flowchart for determining whether a user node satisfies a predetermined condition. As shown in fig. 2, the determining, by the computation node, whether the user node satisfies the preset condition includes:
step S201, determining whether the user node pays the token of the transaction corresponding to the effort request in the form of blockchain transaction.
In some embodiments, step S202 is executed in a case where the algorithm node determines that the user node has paid the token of the transaction corresponding to the algorithm request in the form of the blockchain transaction, and the process ends in a case where the algorithm node determines that the user node has not paid the token of the transaction corresponding to the algorithm request in the form of the blockchain transaction;
step S202, judging whether the owner of the calculation force node confirms the transaction corresponding to the calculation force request.
In the embodiment of the present application, the owner of the computing power node needs to confirm the transaction corresponding to the computing power request, and the confirmation mode may be in various forms, for example, the owner of the computing power node may confirm through the blockchain, or confirm through other forms.
In some embodiments, step S203 is performed in case the force node confirms the corresponding transaction of the force request; and under the condition that the calculation force node does not confirm the transaction corresponding to the calculation force request, ending the flow.
In step S203, it is determined whether the transaction corresponding to the calculation force request is written into a new block of the block chain and the block chain account book.
In some embodiments, after the owner of the inode confirms the transaction, a new block is generated based on the transaction and the transaction is written to the blockchain ledger.
And under the condition that the calculation power node judges that the transaction corresponding to the calculation power request is written into the new block and the block chain account book of the block chain, acquiring the user identifier and the user public key of the user node, and under the condition that the calculation power node judges that the transaction corresponding to the calculation power request is not written into the new block and the block chain account book of the block chain, ending the process.
It should be noted that the sequence of the above steps S201 to S203 is not limited to this, and in practical applications, the steps S201 to S203 may be ordered arbitrarily.
In some embodiments, the algorithm node detects the transaction condition of the token in the block chain in real time, and when a transaction related to the algorithm node is detected, the algorithm node starts to judge whether the transaction meets a preset condition.
In some embodiments, the strength nodes detect the transaction condition of the tokens in the blockchain through the blockchain clients, that is, each strength node has a corresponding blockchain client, and the blockchain clients of the strength nodes detect the transaction condition of the tokens.
In some embodiments, as shown in fig. 3, step S105, after broadcasting the first signature information in the blockchain for the user node to access the computing node based on the access key and the access deadline, may further include:
and step S106, under the condition that the access period expires and the user node is not renewed, revoking the temporary manager identity of the user node.
Whether the user node is renewed is confirmed based on the block chain account book.
The access deadline is a time length during which the user node can use the computing power resource of the computing power node, and the user node can use the computing power resource of the computing power node within the access deadline. And after the access deadline is expired, the user node cannot use the computing resources of the computing node. And after the access deadline is expired, the user node needs to be continued if the computing resource of the computing node is continuously used. The flow of the renewal can be the same as the flow of the first application for the computing resources, and the renewal flow can be simplified according to the existing data. After the computing resource of the user node for the computing node is continued, the continuation record corresponds to the transaction in the block chain account book.
In some embodiments, after the access deadline of the user node expires, the policy node queries the block chain ledger to determine whether the user node has been renewed.
In some embodiments, after the computing node registers the user node as the temporary administrator, the user node can use the computing resource of the computing node within the access time limit, when the access time limit expires and the user node is not renewed, the user node finishes using the computing node, and the computing node recovers the use authority of the user node, that is, the temporary administrator identity of the user node is revoked.
The access authorization method provided by the embodiment can automatically delete the use permission of the user node after the user node finishes using the computing power node, so that the access permission of the computing power node is safely controlled, and the use permission of the user node is continuously maintained under the condition that the user node is continued, so that the use continuity is maintained, and the use experience of the user is improved.
In some embodiments, step S106, after the expiration of the access deadline and confirming that the user node is not renewed based on a blockchain ledger, further includes:
in step S107, the user data generated during the user node obtaining the temporary administrator is encrypted and stored in a preset storage space.
The user data is data generated in the process that the user node accesses the computing power node within the access period and uses the computing power resource.
The preset storage space is a space preset by the blockchain and used for storing user data, such as: the preset storage space is the storage space of the power calculation node, or the preset storage space is a special storage space except the power calculation node and the user node in the block chain.
In some embodiments, a dedicated memory space is pre-set for storing user data for retrieval when needed. In order to prevent user data from being tampered and ensure safety, the user data is encrypted before being stored in a preset storage space. The encryption mode may be an encryption mode in the related technical field, and the encryption mode is not limited in the embodiment of the present application.
In some embodiments, the effort node may also choose to discard the user data, i.e., not store the user data.
The access authorization method provided by the embodiment encrypts the user data and stores the encrypted user data in the preset storage space, and the encrypted user data can be directly called from the storage space when the user data is used in the later period.
In some embodiments, step S107, in the process that the user node obtains the temporary administrator, after encrypting and storing the generated data in a preset storage space, further includes:
in step S108, in the case where the user node acquires the temporary administrator again, the user data is retrieved from the storage space.
In some embodiments, after the user node is revoked, the temporary administrator identity of the same computing power node may be obtained again as needed to obtain the computing power resource. When the user node again obtains the temporary administrator identity, the previously generated user data may be retrieved from the storage space.
In some embodiments, the user node may retrieve previously generated user data from the storage space as needed. In addition, the user node may retrieve the previously generated user data from the storage space after paying a fee, or may retrieve the previously generated user data from the storage space in a free manner.
According to the access authorization method provided by the embodiment, after the user node obtains the temporary manager identity again, the user data generated before can be retrieved from the storage space as required, and the use condition and the related data of the computing resource before are obtained, so that the user experience is improved.
In some embodiments, step S107, in the process that the user node obtains the temporary administrator, after encrypting and storing the generated data in a preset storage space, further includes:
and step S109, deleting the user data according to a first-in first-out principle under the condition that the storage space is insufficient.
In some embodiments, there are multiple user nodes in the blockchain, and different user nodes may need to access the computing resource to obtain the computing resource and generate corresponding user data during use. However, the predetermined storage space is limited, and when the predetermined storage space is insufficient, the user data may be deleted according to the first-in first-out principle. The principle according to which the user data is deleted is not limited in the embodiment of the present application. For example, the predetermined rule may be a least recently used rule, or the like to free up the storage space.
According to the access authorization method provided by the embodiment of the application, the user data is deleted according to the first-in first-out principle when the insufficient space is judged, the preset storage space is reasonably applied, the expenditure of the computing power node in deleting the data is saved, and the fairness for processing the user data is improved.
It should be noted that, the access authorization of the computing power node is generally responsible for the administrator of the computing power node, and the administrator adds and deletes the access right for the user node, and for this reason, the administrator must always have the super management right of the computing power node, so that the user node cannot automatically and safely obtain the access right of the computing power node. The access authorization method provided by the embodiment of the application only uses the manager of the computing node in the registration stage, and after the registration is completed, the management authority of the manager is revoked.
Specifically, a manager of the algorithm node installs a blockchain operating system or an algorithm network blockchain client, has a unique identity in a blockchain, and registers the unique identity under the name of an algorithm node owner, namely the algorithm node is successfully registered in the algorithm network blockchain; and as long as the computing power node is successfully registered in the computing power network block chain, the access authority of a manager of the computing power node to the computing power node is automatically deleted, the access authority of the computing power node is in a state to be activated, and only the receiving function and the sending function can be normally used.
In some embodiments, a blockchain client on a force node may detect transaction information in the blockchain in real time. When the blockchain client detects the transaction related to the computing node, the access authority of the computing node is activated, and the user node corresponding to the transaction obtains the access authority of the computing node.
The embodiment of the application also provides an access authorization method, which is applied to the user node.
Fig. 4 is a flowchart of an access authorization method according to an embodiment of the present application. As shown in fig. 4, the method comprises the steps of:
in step S401, a computation request is broadcast in the blockchain.
Wherein the computing power request comprises a user identification of the user node.
The user node is a node which needs to acquire the computing power resource in the block chain, the computing power node is a node which can provide the computing power resource needed by the user node, and when the computing power requirement exists in the user node, the user node broadcasts the computing power request in the block chain so as to acquire the computing power resource provided by the computing power node from the block chain.
In some embodiments, there may be one or more user nodes in the blockchain, the user identifier is an identifier used to distinguish the user nodes, the user identifier has a corresponding relationship with the user node, and the user node may be uniquely determined by the user identifier.
In some embodiments, the user identifier of the user node is carried in the computing force request sent by the user node, so that the computing force node determines the user node according to the user identifier, so as to subsequently provide computing force resources for the user node.
Step S402, receiving first signature information broadcast by the computation force node in the block chain.
The first signature information is that the computing power node acquires a user identifier and a user public key of the user node based on the computing power request under the condition that the user node meets a preset condition; registering the user node as a temporary manager based on the user identifier, and encrypting an access secret key and an access time limit of the algorithm node by using a user public key to obtain first encryption information; and then, the first encrypted information is signed by using a private key of the computational power node to obtain information.
In some embodiments, after obtaining the first signature information, the computing force node broadcasts the first signature information in the blockchain, and since the user public key and the user private key are a key pair of the user node, the user public key may be published to the computing force node, but the user private key is retained by the user node, the computing force node may encrypt data to be transmitted by using the user public key, and the user node may decrypt the data encrypted by using the user private key, so that the user node receives and decrypts the first signature information broadcast in the blockchain by the computing force node by using the user private key, and obtains an access key and an access deadline of the computing force node.
In step S403, the algorithm node is accessed based on the access key and the access deadline.
In some embodiments, after obtaining the access key and the access deadline of the computing power node, the user node randomly accesses the computing power node based on the access key and the access deadline, and uses the computing power resource provided by the computing power node to meet the computing power requirement of the user node.
It should be noted that the user node may receive a response from the computation force node after broadcasting the computation force request in the blockchain. The response comprises an identification of the computing power node, the user node can determine the computing power node which is to provide the computing power resource for the user node based on the identification, and the user node needs to perform block chain transaction with an owner of the computing power node so as to pay a transaction token corresponding to the computing power request and further obtain the authorization of the computing power node.
And under the condition that the calculation node judges that the user node meets the preset condition, determining the access deadline of the user node, and under the condition that the access deadline is expired and the user node is determined to be not renewed based on the block chain account book, revoking the temporary manager identity of the user node. In some embodiments, after the user node is revoked, the temporary administrator identity of the same computing power node may be obtained again according to the demand for computing power resources.
After the user node obtains the temporary manager identity of the same algorithm node again, the data generated in the process of accessing the algorithm node can be retrieved from the preset storage space of the algorithm node in a payment or free mode according to the requirement.
The access authorization method provided by the embodiment of the application can enable the user node to actively send the power calculation request in the block chain when the power calculation resource is required, establish communication with the power calculation node, and automatically and safely obtain the access key and the access authority of the power calculation node to access the power calculation node by receiving and utilizing the private key of the user to decrypt the first signature information broadcasted by the power calculation node in the block chain. According to the method provided by the embodiment of the application, the user node can automatically and efficiently access the computing power node and obtain computing power resources, the security of the computing power node is guaranteed, and the user experience degree is improved.
Fig. 5 is a schematic structural diagram of an access authorization apparatus according to an embodiment of the present application. The access authorization apparatus is applied to a computational node, as shown in fig. 5, the access authorization apparatus 500 includes:
a first receiving module 501, configured to receive a computation power request initiated by a user node in a blockchain.
Wherein the computing power request comprises a user identification of the user node. The user identification is used for uniquely determining the user node, and the computing force node determines the user node sending the computing force request according to the user identification so as to provide computing force resources for the user node subsequently.
In some embodiments, after the computing node is successfully registered in the computing network blockchain, only the receiving function and the sending function may be used normally, and the first receiving module 501 continuously receives the computing request initiated by the user node with the computing requirement on the blockchain.
A first sending module 502 for returning the identity of the algorithm node to the user node.
Wherein the identification of the computational power node is used to uniquely determine the computational power node.
In some embodiments, after the computing power node is successfully registered in the computing power network block chain, only the receiving function and the sending function may be used normally, and after the first receiving module 501 receives the computing power request, the first sending module 502 sends a response to the user node corresponding to the computing power request, where the response includes an identifier of the computing power node, so that the user determines the computing power node that is to provide computing power resources for the user.
The obtaining module 503 is configured to obtain the user identifier and the user public key of the user node when the user node meets the preset condition.
The preset conditions can be set according to the use requirements; the user public key and the user private key are a key pair of the user node, the algorithm node can encrypt data to be transmitted by using the user public key, and the user node can decrypt the data encrypted by using the user private key.
In some embodiments, the obtaining module 503 determines whether the user node satisfies a preset condition after the computational power node receives the computational power request of the user node, and obtains the user identifier and the user public key of the user node when the user node satisfies the preset condition.
In some embodiments, the obtaining module 503 includes a determining unit and an extracting unit, where the determining unit determines whether the user node satisfies a preset condition after the computing node receives the computing request of the user node, and the extracting unit obtains the user identifier and the user public key of the user node when determining that the user node satisfies the preset condition.
A registration module 504 for registering the user node as a temporary administrator based on the user identification.
The temporary administrator is a role of controlling the computing resources of the computing node. After the user node obtains the identity of the temporary manager, the user node can access and control the computing power node and use the computing power resource of the computing power node.
In some embodiments, after obtaining the user identifier of the user node, the registration module 504 registers the user node corresponding to the user identifier as a temporary administrator, where the user node has an access right to the computing node within an access deadline, and the access right of the computing node is activated.
And an encryption module 505, configured to encrypt the access key and the access deadline of the computation node by using the user public key, to obtain first encryption information.
The user node can randomly access the computing power node by using the access key; the access deadline is a duration determined by the computational power node based on the blockchain transaction performed by the user node and the computational power node owner, and the user node can randomly use computational power resources of the computational power node within the access deadline.
In some embodiments, to ensure the security of the transmitted access key and access terms, the encryption module 505 encrypts the access key and the access terms with the user public key before transmitting the access key and the access terms, obtaining the first encrypted information.
The signature module 506 is configured to sign the first encrypted information by using a private key of the computational power node to obtain first signature information.
The private key of the computational power node and the public key of the computational power node are a key pair of the computational power node, the public key of the computational power node can be published to the user node, and the private key of the computational power node is reserved by the computational power node.
In some embodiments, to prevent the first encrypted information from being tampered with during transmission, the signing module 506 signs the first encrypted information with the private key of the force node prior to transmission of the first encrypted information.
The first sending module 502 is further configured to broadcast the first signature information in the blockchain, so that the user node accesses the computing power node based on the access key and the access deadline.
The access authorization apparatus provided in this embodiment may be used to implement the access authorization method provided in the embodiment shown in fig. 1.
The access authorization device provided by the embodiment can enable the user node to actively send the computing force request in the block chain when the computing force resource is required, establish communication with the computing force node, automatically and safely obtain authorization of the computing force node, obtain the access key and the access authority of the computing force node, and access the computing force node. The whole authorization process does not need to rely on a calculation force node manager, and the user node does not need to trust the calculation force node manager, so that the security of the calculation force node is ensured, and the authorization efficiency is improved. And before the user identification and the user public key of the user node are obtained, whether the user node meets the preset condition or not is judged, the condition that the force calculation node is accessed and attacked by hackers is avoided, and the safety of the system is guaranteed.
Fig. 6 is a schematic structural diagram of another access authorization apparatus provided in an embodiment of the present application, and as shown in fig. 6, on the basis of the embodiment shown in fig. 5, the access authorization apparatus 500 further includes:
a revoking module 507, configured to revoke the temporary administrator identity of the user node when the access deadline expires and the user node is not renewed based on the blockchain ledger.
The block chain account book is an account book maintained by all nodes in the block chain together, and all transactions occurring on the block chain are recorded in the account book.
In some embodiments, after the registration module 504 registers the user node as the temporary administrator, the user node can use the computing resource of the computing node within the access time limit, when the access time limit expires and the user node is not renewed, the user node finishes using the computing node, and the computing node recovers the use authority of the user node, that is, the revocation module 507 revokes the temporary administrator identity of the user node.
And a storage module 508, configured to encrypt and store the generated user data in a preset storage space in the process of obtaining the temporary administrator by the user node.
The user data is data generated in the process that the user node accesses the computing power node within the access period and uses the computing power resource, and the preset storage space is a space which is preset by the block chain and used for storing the user data.
In some embodiments, the storage module 508 is pre-configured to store user data for retrieval for use when needed.
In some embodiments, the storage module 508 is preset, and the storage module 508 includes an encryption unit and a storage unit. The encryption unit encrypts the user data to prevent the user data from being tampered; the storage unit stores the encrypted user data for retrieval for use when needed. The encryption mode used by the encryption unit may be set by an encryption mode in the related technical field, and the encryption mode is not limited in the embodiment of the present application.
A user data processing module 509, configured to retrieve the user data from the storage space if the user node obtains the temporary administrator again.
In some embodiments, after the revocation module 507 revokes the temporary administrator identity of the user node, the user node may obtain the temporary administrator identity of the same computing power node again as needed to obtain the computing power resource. After the user node obtains the temporary administrator identity again, the user data processing module 509 may retrieve the user data previously generated by the user node from the storage module 508 to meet the usage requirement.
In some embodiments, the user data processing module 509 comprises a charging unit and a reading unit. The user node pays a fee to the charging unit and the reading unit retrieves the user data previously generated by the user node from the storage module 508 to meet the usage demand.
The storage space management module 510 is configured to delete the user data according to a first-in first-out principle when the storage space is insufficient.
In some embodiments, there are multiple user nodes in the blockchain, and different user nodes may need to access the computing resource to obtain the computing resource and generate corresponding user data during use. However, the storage space of the storage module 508 is limited, and when the storage space is insufficient, the storage space management module 510 may delete the user data in the storage space of the storage module 508 according to a first-in first-out principle.
The access authorization apparatus provided in this embodiment may be used to implement the access authorization method provided in the embodiment shown in fig. 3. The functions or modules included in the apparatus provided in the embodiment of the present invention may be used to execute the method described in the above method embodiment, and specific implementation and technical effects thereof may refer to the description of the above method embodiment, which is not described herein again for brevity.
The access authorization device provided by the embodiment can enable the user node to actively send the computing force request in the block chain when the computing force resource is required, establish communication with the computing force node, automatically and safely obtain authorization of the computing force node, obtain the access key and the access authority of the computing force node, and access the computing force node. The whole authorization process does not need to depend on a calculation power node manager, and does not require that a user node must trust the calculation power node manager, so that the security is ensured, and the efficiency is improved. And before the user identification and the user public key of the user node are acquired, whether the user node meets the preset condition or not is judged, the computational power node is prevented from being accessed and attacked by hackers and the like, and the safety of the system is guaranteed. In addition, the access authorization device automatically deletes the use permission of the user node after the user node finishes the use of the computational power node, continuously maintains the use permission of the user node under the condition that the user node is continued, encrypts and stores user data in a preset storage space, can retrieve the user data generated before from the storage space as required after the user node obtains the identity of the temporary manager again, and deletes the user data according to the first-in first-out principle when the judgment space is insufficient. Therefore, the access authorization device can safely control the access authority of the computational power node, properly process user data, improve the use experience of the user node and reasonably apply the data storage space.
The embodiment of the application also provides an access authorization device, which is applied to the user node.
Fig. 7 is a schematic structural diagram of an access authorization apparatus according to an embodiment of the present application. As shown in fig. 7, the access authorization apparatus 700 includes the following modules:
a second sending module 701, configured to broadcast the computation power request in the blockchain.
Wherein the computing power request comprises a user identification of the user node.
When the user node has a computing power demand, the second broadcasting module 701 broadcasts a computing power request in the blockchain to obtain the computing power resource provided by the computing power node from the blockchain.
A second receiving module 702, configured to receive first signature information broadcasted by the computation node in the blockchain.
The first signature information is that the computing power node acquires a user identifier and a user public key of the user node based on the computing power request under the condition that the user node meets a preset condition; registering the user node as a temporary manager based on the user identifier, and encrypting an access secret key and an access time limit of the algorithm node by using a user public key to obtain first encryption information; and then, the private key of the computational power node is utilized to sign the first encrypted information to obtain the information.
In some embodiments, after the first broadcasting module broadcasts the first signature information obtained by the power node in the blockchain, the second receiving module 702 receives and decrypts the first signature information by using the user private key to obtain the access key and the access deadline of the power node.
An access module 703 is configured to access the computing power node based on the access key and the access deadline.
In some embodiments, after the second receiving module 702 obtains the access key and the access deadline of the computing power node, the accessing module 703 optionally accesses the computing power node based on the access key and the access deadline, and satisfies the computing power requirement of the user node using the computing power resource provided by the computing power node.
The access authorization apparatus provided in this embodiment may be used to implement the access authorization method provided in the embodiment shown in fig. 4. The functions or modules included in the apparatus provided in the embodiment of the present invention may be used to execute the method described in the above method embodiment, and specific implementation and technical effects thereof may refer to the description of the above method embodiment, which is not described herein again for brevity.
The access authorization device provided by the embodiment can enable the user node to actively send the computing power request in the blockchain when the computing power resource is required, establish communication with the computing power node, and automatically and safely obtain the access key and the access authority of the computing power node to access the computing power node by receiving and decrypting the first signature information broadcasted by the computing power node in the blockchain by using the user private key. According to the method provided by the embodiment of the application, the user node can automatically and efficiently access the computing power node and obtain computing power resources, the security of the computing power node is guaranteed, and the user experience degree is improved.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
Referring to fig. 8, an embodiment of the present invention provides an electronic device, including:
one or more processors 801;
a memory 802 having one or more programs stored thereon that, when executed by the one or more processors, cause the one or more processors to implement an access authorization method of any of the above;
one or more I/O interfaces 803, coupled between the processor and the memory, are configured to enable information interaction between the processor and the memory.
The processor 801 is a device with data processing capability, and includes, but is not limited to, a Central Processing Unit (CPU), and the like; memory 802 is a device having data storage capabilities including, but not limited to, random access memory (RAM, more specifically SDRAM, DDR, etc.), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), FLASH memory (FLASH); an I/O interface (read/write interface) 803 is connected between the processor 801 and the memory 802, and can realize information interaction between the processor 801 and the memory 802, which includes but is not limited to a data Bus (Bus) and the like.
In some embodiments, the processor 801, memory 802, and I/O interface 803 are interconnected via a bus, which in turn connects with other components of the computing device.
The present embodiment further provides a computer readable medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the access authorization method provided in this embodiment, and in order to avoid repeated descriptions, specific steps of an access authorization method are not described herein again.
It will be understood by those of ordinary skill in the art that all or some of the steps of the above inventive method, systems, functional modules/units in the apparatus may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
It will be understood by those of ordinary skill in the art that all or some of the steps of the above inventive method, systems, functional modules/units in the apparatus may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
Those skilled in the art will appreciate that although some embodiments described herein include some features included in other embodiments instead of others, combinations of features of different embodiments are meant to be within the scope of the embodiments and form different embodiments.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and scope of the invention, and such modifications and improvements are also considered to be within the scope of the invention.

Claims (11)

1. An access authorization method applied to a computational node, comprising:
receiving a calculation force request initiated by a user node in a block chain, and returning the identifier of the calculation force node to the user node; wherein the computing power request comprises a user identification of the user node;
under the condition that the user node meets a preset condition, acquiring the user identifier and a user public key of the user node;
registering the user node as a temporary manager based on the user identifier, and encrypting an access key and an access deadline of the algorithm node by using the user public key to obtain first encryption information;
signing the first encrypted information by using a private key of the computational power node to obtain first signature information;
broadcasting the first signature information in the blockchain for the user node to access the computing node based on the access key and the access deadline.
2. The method according to claim 1, wherein the preset condition comprises at least one of:
the user node pays the token of the transaction corresponding to the computing power request in a blockchain transaction mode;
the owner of the computing power node confirms the transaction corresponding to the computing power request;
and writing the transaction corresponding to the computing power request into a new block of the block chain and a block chain account book.
3. The method of claim 2, wherein after broadcasting the first signature information in the blockchain for the user node to access the computing node based on the access key and access deadline, further comprising:
and under the condition that the access deadline is expired and the user node is not renewed, revoking the temporary manager identity of the user node.
4. The method of claim 3, wherein after the revoking the temporary administrator identity of the user node if the access deadline expires and the user node is not renewed based on a blockchain ledger, further comprises:
user data generated during the period of obtaining the temporary manager at the user node is encrypted and stored in a preset storage space.
5. The method according to claim 4, wherein the generating data is encrypted and stored in a preset storage space after the user node obtains the temporary manager, and further comprising:
retrieving the user data from the storage space in case the user node again obtains the temporary administrator.
6. The method according to claim 4, wherein the data generated in the process of the user node obtaining the temporary administrator is encrypted and stored in a preset storage space, and further comprising:
and deleting the user data according to a first-in first-out principle under the condition that the storage space is insufficient.
7. An access authorization method, applied to a user node, includes:
broadcasting a computing power request in a block chain; wherein the computing power request comprises a user identification of the user node;
receiving first signature information broadcast by an algorithm node in the block chain; the first signature information is that the computing power node acquires a user identifier and a user public key of the user node based on the computing power request under the condition that the user node meets a preset condition; registering the user node as a temporary manager based on the user identifier, and encrypting an access secret key and an access time limit of the algorithm node by using the user public key to obtain first encryption information; signing the first encrypted information by using a private key of the computational power node to obtain information;
accessing the compute node based on the access key and access deadline.
8. An access authorization apparatus, applied to a computational node, comprising:
the first receiving module is used for receiving a calculation force request initiated by a user node in a block chain; wherein the computing power request comprises a user identification of the user node;
the first sending module is used for returning the identifier of the computational power node to the user node;
the acquisition module is used for acquiring the user identifier and the user public key of the user node under the condition that the user node meets the preset condition;
a registration module for registering the user node as a temporary administrator based on the user identifier;
the encryption module is used for encrypting the access secret key and the access time limit of the algorithm node by using the user public key to obtain first encryption information;
the signature module is used for signing the first encrypted information by using a private key of the computational power node to obtain first signature information;
the first sending module is further configured to broadcast the first signature information in the blockchain, so that the user node accesses the computing node based on the access key and the access deadline.
9. An access authorization apparatus, applied to a user node, includes:
a second sending module, configured to broadcast the computation power request in a block chain; wherein the computing power request comprises a user identification of the user node;
the second receiving module is used for receiving first signature information broadcast by the computation node in the block chain; the first signature information is that the computing power node acquires a user identifier and a user public key of the user node based on the computing power request under the condition that the user node meets a preset condition; registering the user node as a temporary manager based on the user identifier, and encrypting an access secret key and an access time limit of the algorithm node by using the user public key to obtain first encryption information; signing the first encrypted information by using a private key of the computational power node to obtain information;
and the access module is used for accessing the computing power node based on the access secret key and the access time limit.
10. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6 and 7.
11. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any of claims 1-6 and 7.
CN202211032776.2A 2022-08-26 2022-08-26 Access authorization method, device, electronic equipment and readable storage medium Active CN115396209B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211032776.2A CN115396209B (en) 2022-08-26 2022-08-26 Access authorization method, device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211032776.2A CN115396209B (en) 2022-08-26 2022-08-26 Access authorization method, device, electronic equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN115396209A true CN115396209A (en) 2022-11-25
CN115396209B CN115396209B (en) 2024-03-08

Family

ID=84123560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211032776.2A Active CN115396209B (en) 2022-08-26 2022-08-26 Access authorization method, device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN115396209B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115766830A (en) * 2023-01-05 2023-03-07 中国联合网络通信集团有限公司 Computing power network processing method, device, equipment and storage medium

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170177898A1 (en) * 2015-12-16 2017-06-22 International Business Machines Corporation Personal ledger blockchain
WO2018213672A1 (en) * 2017-05-18 2018-11-22 Codex Llc Decentralized digital content distribution system and process using block chains
CN109729080A (en) * 2018-12-20 2019-05-07 全链通有限公司 Access attack guarding method and system based on block chain domain name system
CN109981622A (en) * 2019-03-15 2019-07-05 智链万源(北京)数字科技有限公司 Block chain network node permission reverse proxy method and apparatus
CN111241557A (en) * 2019-12-31 2020-06-05 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain
CN111444273A (en) * 2020-03-24 2020-07-24 腾讯科技(深圳)有限公司 Data authorization method and device based on block chain
CN111464494A (en) * 2020-02-26 2020-07-28 北京十安赛恩科技有限公司 E-mail encryption method, first client and block chain system
CN112804260A (en) * 2021-03-17 2021-05-14 中国工商银行股份有限公司 Information transmission method and node based on block chain
CN114090511A (en) * 2021-11-26 2022-02-25 中国联合网络通信集团有限公司 File access method, block chain system, electronic device and computer readable medium
CN114218583A (en) * 2021-11-26 2022-03-22 中国联合网络通信集团有限公司 File access method, block chain system, electronic device and computer readable medium
CN114595432A (en) * 2022-03-10 2022-06-07 深圳前海微众银行股份有限公司 Federal learning license authorization method, device and computer readable storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170177898A1 (en) * 2015-12-16 2017-06-22 International Business Machines Corporation Personal ledger blockchain
WO2018213672A1 (en) * 2017-05-18 2018-11-22 Codex Llc Decentralized digital content distribution system and process using block chains
CN109729080A (en) * 2018-12-20 2019-05-07 全链通有限公司 Access attack guarding method and system based on block chain domain name system
CN109981622A (en) * 2019-03-15 2019-07-05 智链万源(北京)数字科技有限公司 Block chain network node permission reverse proxy method and apparatus
CN111241557A (en) * 2019-12-31 2020-06-05 支付宝(杭州)信息技术有限公司 Service request method and device based on block chain
CN111464494A (en) * 2020-02-26 2020-07-28 北京十安赛恩科技有限公司 E-mail encryption method, first client and block chain system
CN111444273A (en) * 2020-03-24 2020-07-24 腾讯科技(深圳)有限公司 Data authorization method and device based on block chain
CN112804260A (en) * 2021-03-17 2021-05-14 中国工商银行股份有限公司 Information transmission method and node based on block chain
CN114090511A (en) * 2021-11-26 2022-02-25 中国联合网络通信集团有限公司 File access method, block chain system, electronic device and computer readable medium
CN114218583A (en) * 2021-11-26 2022-03-22 中国联合网络通信集团有限公司 File access method, block chain system, electronic device and computer readable medium
CN114595432A (en) * 2022-03-10 2022-06-07 深圳前海微众银行股份有限公司 Federal learning license authorization method, device and computer readable storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
""NGMN_E2EArchFramework_v3.0.8"", 3GPP INBOX\\LSS_FROM_EXTERNAL_BODIES, 23 September 2019 (2019-09-23) *
周艺华;李洪明;: "基于区块链的数据管理方案", 信息安全研究, no. 01, 5 January 2020 (2020-01-05) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115766830A (en) * 2023-01-05 2023-03-07 中国联合网络通信集团有限公司 Computing power network processing method, device, equipment and storage medium
CN115766830B (en) * 2023-01-05 2023-04-25 中国联合网络通信集团有限公司 Computing power network processing method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN115396209B (en) 2024-03-08

Similar Documents

Publication Publication Date Title
JP4976492B2 (en) Methods and systems for backing up and restoring licenses
US5968177A (en) Method and apparatus for processing administration of a secured community
CN103098070B (en) For the methods, devices and systems of Data Position in monitoring network service
US8997198B1 (en) Techniques for securing a centralized metadata distributed filesystem
CN110352413B (en) Policy-based real-time data file access control method and system
US8539233B2 (en) Binding content licenses to portable storage devices
US20050216739A1 (en) Portable storage device and method of managing files in the portable storage device
CN110213276B (en) Authorization verification method under micro-service architecture, server, terminal and medium
US20110258434A1 (en) Online secure device provisioning with updated offline identity data generation and offline device binding
KR100656402B1 (en) Method and apparatus for the secure digital contents distribution
CN108696356B (en) Block chain-based digital certificate deleting method, device and system
CN103003822A (en) Domain-authenticated control of platform resources
CN110611657A (en) File stream processing method, device and system based on block chain
JP2003296281A (en) Method and system for access control
CN113656780B (en) Cross-chain access control method and device
TW200949603A (en) System and method for providing a system management command
CN112187470B (en) Internet of things certificate distribution method, device and system, storage medium and electronic device
JP7053031B2 (en) Information processing system, information processing device, information processing method and information processing program
JP2007226470A (en) Authority management server, authority management method, and authority management program
KR102410006B1 (en) Method for creating decentralized identity able to manage user authority and system for managing user authority using the same
WO2005093558A1 (en) Portable storage device and method of managing files in the portable storage device
CN112926082A (en) Information processing method and device based on block chain
CN112257093A (en) Authentication method of data object, terminal and storage medium
CN115396209B (en) Access authorization method, device, electronic equipment and readable storage medium
CN113810410B (en) Method, system and storage medium for encryption of non-abusive key decentralization attribute base

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant