CN115664704A - Authority management method and device based on block chain and node in block chain system - Google Patents

Authority management method and device based on block chain and node in block chain system Download PDF

Info

Publication number
CN115664704A
CN115664704A CN202211116478.1A CN202211116478A CN115664704A CN 115664704 A CN115664704 A CN 115664704A CN 202211116478 A CN202211116478 A CN 202211116478A CN 115664704 A CN115664704 A CN 115664704A
Authority
CN
China
Prior art keywords
computing device
authority
node
transaction
application information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211116478.1A
Other languages
Chinese (zh)
Inventor
庞洋
陈丰可
陈丰
闻浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Priority to CN202211116478.1A priority Critical patent/CN115664704A/en
Publication of CN115664704A publication Critical patent/CN115664704A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A block chain-based authority management method and device and a node in a block chain system relate to a first computing device and a second computing device which belong to different participants, the first computing device and the second computing device are respectively connected with the first node and the second node in the block chain system in a butt joint mode, an intelligent contract is deployed in the block chain system, and the first computing device is associated with a target service system. The method comprises the following steps: the method comprises the steps that a first computing device responds to a first message initiated by a target service system and sends a first transaction to a first node, wherein the first message and the first transaction both comprise authority application information, so that the block chain system is enabled to newly add the authority application information in a contract state of an intelligent contract; and the second computing equipment acquires the authority application information from the second node and sends a second transaction to the second node according to the authority application information, wherein the second transaction comprises authority decision information corresponding to the authority application information, so that the block chain system is added with the authority decision information in the contract state of the intelligent contract.

Description

Authority management method and device based on block chain and node in block chain system
Technical Field
The embodiment of the specification belongs to the technical field of block chains, and particularly relates to a block chain-based right management method and device and a node in a block chain system.
Background
The Blockchain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. In the block chain system, data blocks are combined into a chain data structure in a sequential connection mode according to a time sequence, and a distributed account book which is not falsified and forged is guaranteed in a cryptology mode. Because the blockchain has the characteristics of decentralization, information non-tampering, autonomy and the like, the blockchain is also paid more and more attention and is applied by people. The block chain can be generally divided into three categories, namely, public chain (public block), private chain (private block) and federation chain (consortium block), according to different application scenarios and user requirements.
Disclosure of Invention
The invention aims to provide a block chain-based authority management method and device and a node in a block chain system.
In a first aspect, a block chain-based rights management method is provided, which relates to a first computing device and a second computing device belonging to different participants, where the first computing device and the second computing device are respectively connected to a first node and a second node in a block chain system, an intelligent contract is deployed in the block chain system, and the first computing device is associated with a target service system. The method comprises the following steps: the first computing device responds to a first message initiated by the target business system, and sends a first transaction to the first node, wherein the first message and the first transaction comprise permission application information, so that the blockchain system adds the permission application information in a contract state of the intelligent contract; and the second computing equipment acquires the authority application information from the second node and sends a second transaction to the second node according to the authority application information, wherein the second transaction comprises authority decision information corresponding to the authority application information, so that the block chain system adds the authority decision information in the contract state of the intelligent contract.
In one possible embodiment, the permission application information indicates a first account desired to be registered in the target business system, and the permission decision information indicates whether to allow registration of the first account in the target business system.
In a possible embodiment, the permission application information indicates a first account and a first service which the first account desires to use, and the permission decision information indicates whether the first account is allowed to use the first service.
In one possible embodiment, the method further comprises: the first computing device responds to a second message initiated by the target service system, and sends a third transaction to the first node, wherein the second message is initiated by the target service system after receiving an access request, the second message and the third transaction comprise authority inquiry information corresponding to the access request, and the first node returns an authority inquiry result, and when the contract state of the intelligent contract comprises target authority application information corresponding to the authority inquiry information, the authority inquiry result comprises target authority decision information corresponding to the target authority application information; and the first computing equipment provides the authority inquiry result to the target service system, so that the target service system responds to the access request according to the authority inquiry result.
In a possible implementation manner, the access request is used for requesting to register a second account in the target business system, or the access request is used for requesting the target business system to provide a second service for the second account.
In a possible implementation manner, the access request is used for requesting to register a second account in the target business system, and when target permission application information corresponding to the permission query information is not included in the contract state of the intelligent contract, the permission query result indicates that the target business system prohibits registering the second account in the target business system.
In a possible implementation manner, the access request is used to request the target business system to provide a second service to a second account, and when target permission application information corresponding to the permission query information is not included in the contract status of the intelligent contract, the permission query result indicates that the target business system prohibits providing the second service to the second account.
In a possible implementation manner, the acquiring, by the second computing device, the authority application information from the second node specifically includes: and the second computing equipment sends a fourth transaction to the second node, so that the second node returns the authority application information.
In a second aspect, a block chain-based rights management method is provided, which relates to a first computing device and a second computing device belonging to different participants, where the first computing device and the second computing device respectively interface a first node and a second node in a block chain system, an intelligent contract is deployed in the block chain system, and the first computing device is associated with a target business system, and the method is executed by the first computing device. The method comprises the following steps: acquiring a first message initiated by the target service system, wherein the first message comprises authority application information; sending a first transaction including the authority application information to the first node, causing the blockchain system to newly add the authority application information in a contract state of the intelligent contract, and causing the blockchain system to newly add authority decision information corresponding to the authority application information in the contract state of the intelligent contract according to a second transaction from the second computing device.
In one possible embodiment, the permission application information indicates a first account desired to be registered in the target business system, and the permission decision information indicates whether to allow registration of the first account in the target business system.
In a possible embodiment, the permission application information indicates a first account and a first service which the first account desires to use, and the permission decision information indicates whether the first account is allowed to use the first service.
In one possible embodiment, the method further comprises: responding to a second message initiated by the target service system, sending a third transaction to the first node, wherein the second message is initiated by the target service system after receiving an access request, and the second message and the third transaction comprise authority query information corresponding to the access request, so that the first node returns an authority query result, wherein when a contract state of the intelligent contract comprises target authority application information corresponding to the authority query information, the authority query result comprises target authority decision information corresponding to the target authority application information; and providing the authority inquiry result to the target service system, so that the target service system responds to the access request according to the authority inquiry result. .
In a possible implementation manner, the access request is used for requesting to register a second account in the target business system, or the access request is used for requesting the target business system to provide a second service for the second account.
In a possible implementation manner, the access request is used for requesting to register a second account in the target business system, and when target permission application information corresponding to the permission query information is not included in the contract state of the intelligent contract, the permission query result indicates that the target business system prohibits registering the second account in the target business system.
In a possible implementation manner, the access request is used to request the target business system to provide a second service to a second account, and when target permission application information corresponding to the permission query information is not included in the contract status of the intelligent contract, the permission query result indicates that the target business system prohibits providing the second service to the second account.
In a third aspect, a block chain-based rights management method is provided, which relates to a first computing device and a second computing device belonging to different parties, where the first computing device and the second computing device are respectively connected to a first node and a second node in a block chain system, the first computing device is associated with a target service system, an intelligent contract is deployed in the block chain system, a contract state of the intelligent contract includes rights application information newly added by the block chain system according to a first transaction, the first transaction is sent by the first computing device after a first message initiated by the target service system is obtained, and the method is executed by the second computing device. The method comprises the following steps: acquiring the permission application information from the second node; and sending a second transaction to the second node according to the authority application information, wherein the second transaction comprises authority decision information corresponding to the authority application information, so that the block chain system is added with the authority decision information in a contract state of the intelligent contract.
In one possible embodiment, the permission application information indicates a first account desired to be registered in the target business system, and the permission decision information indicates whether to allow registration of the first account in the target business system.
In a possible embodiment, the permission application information indicates a first account and a first service that the first account desires to use, and the permission decision information indicates whether the first account is allowed to use the first service.
In a possible implementation manner, the acquiring the permission application information from the second node specifically includes: sending a fourth transaction to the second node, so that the second node returns the authority application information; the sending of the second transaction to the second node according to the permission application information specifically includes: and responding to the decision operation of the participant of the second computing device on the permission application information, and sending a second transaction to the second node.
In a fourth aspect, a first node in a blockchain system is provided, where the blockchain system further includes a second node, the first node and the second node are respectively connected to a first computing device and a second computing device belonging to different participants, an intelligent contract is deployed in the blockchain system, and the first computing device is associated with a target service system. The first node comprises: the communication processing unit is configured to acquire a first transaction, the first transaction is sent by the first computing device according to a first message initiated by the target service system, and the first message and the first transaction comprise authority application information; and the transaction processing unit is configured to newly add the authority application information in the contract state of the intelligent contract according to the first transaction.
In a possible implementation manner, the communication processing unit is further configured to obtain a third transaction, where the third transaction is sent by the first computing device according to a second message initiated by the target service system, the second message is initiated by the target service system after receiving an access request, and the second message and the third transaction include permission query information corresponding to the access request; the transaction processing unit is further configured to return an authority query result to the first computing device according to the third transaction, where the authority query result includes target authority decision information corresponding to the target authority application information when the contract state of the intelligent contract includes the target authority application information corresponding to the authority query information, so that the target service system responds to the access request according to the authority query result.
In a fifth aspect, a second node in a blockchain system is provided, where the blockchain system further includes a first node, the first node and the second node are respectively in butt joint with a first computing device and a second computing device that belong to different parties, the first computing device is associated with a target service system, an intelligent contract is deployed in the blockchain system, a contract state of the intelligent contract includes an authority application information that is newly added by the blockchain system according to a first transaction, and the first transaction is sent by the first computing device after obtaining a first message initiated by the target service system. The second node comprises: a communication processing unit configured to transmit the permission application information to the second computing device; acquiring a second transaction sent by the second computing device according to the permission application information, wherein the second transaction comprises permission decision information corresponding to the permission application information; and the transaction processing unit is configured to newly add the authority decision information in the contract state of the intelligent contract according to the second transaction.
In a sixth aspect, an apparatus for rights management based on a blockchain is provided, which relates to a first computing device and a second computing device belonging to different participants, where the first computing device and the second computing device respectively interface a first node and a second node in a blockchain system, an intelligent contract is deployed in the blockchain system, the first computing device is associated with a target business system, and the apparatus is deployed in the first computing device. The device comprises: an information obtaining unit, configured to obtain a first message initiated by the target service system, where the first message includes authority application information; an information sending unit configured to send a first transaction including the authority application information to the first node, cause the blockchain system to newly add the authority application information in a contract state of the intelligent contract, and cause the blockchain system to newly add authority decision information corresponding to the authority application information in the contract state of the intelligent contract according to a second transaction from the second computing device.
A sixth aspect provides a block chain-based rights management apparatus, which relates to a first computing device and a second computing device belonging to different parties, where the first computing device and the second computing device are respectively docked with a first node and a second node in a block chain system, the first computing device is associated with a target service system, an intelligent contract is deployed in the block chain system, a contract state of the intelligent contract includes new rights application information added by the block chain system according to a first transaction, the first transaction is sent by the first computing device after obtaining a first message initiated by the target service system, and the apparatus is deployed in the second computing device. The device comprises: an information obtaining unit configured to obtain the permission application information from the second node; and the information sending unit is configured to send a second transaction to the second node according to the authority application information, wherein the second transaction comprises authority decision information corresponding to the authority application information, so that the block chain system adds the authority decision information in the contract state of the intelligent contract.
In a seventh aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computing device, causes the computing device to perform the method of any of the second or third aspects.
In an eighth aspect, there is provided a computing device comprising a memory having a computer program stored therein and a processor that, when executed, implements the method of any of the second or third aspects.
By the technical scheme provided in the embodiment of the specification, an intelligent contract is deployed in a blockchain system, a first node and a second node in the blockchain system are respectively in butt joint with a first computing device and a second computing device which belong to different participants, and the first computing device is associated with a target business system; on this basis, a participant of the first computing device can trigger the target service system to initiate a first message according to the own requirement, and then the first computing device sends a first transaction to the first node, wherein the first message and the first transaction comprise authority application information, so that the block chain system is newly added with the authority application information in the contract state of the intelligent contract; the second computing device may obtain the permission application information from the second node, and a participant to which the second computing device belongs may trigger the second computing device to send a second transaction to the second node according to the permission application information, where the second transaction includes permission decision information corresponding to the permission application information, so that the block chain system adds the permission decision information in a contract state of the intelligent contract, where the permission decision information may be used to support the target service system to respond to an access request received by the target service system and corresponding to the permission application information. Therefore, the authority application information from the first computing device and the corresponding authority decision information from the second computing device are recorded through the intelligent contract in the block chain system, and the authorization system data of the target business system are supported to be transferred among the computing devices belonging to different participants, so that the participant belonging to the second computing device can manage the related authority of the participant belonging to the first computing device for using the target business system.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and it is obvious for a person skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is a system architecture diagram of a block chain system exemplarily provided in an embodiment of the present specification;
fig. 2 is one of schematic diagrams of a block chain-based rights management method provided in an embodiment of the present specification;
fig. 3 is a second schematic diagram of a block chain-based rights management method provided in an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a first node in a blockchain system provided in an embodiment of the present specification;
fig. 5 is a schematic diagram of a second node in a blockchain system provided in an embodiment of the present disclosure;
fig. 6 is one of schematic diagrams of a block chain-based rights management unit provided in an embodiment of the present specification;
fig. 7 is a second schematic diagram of a block chain-based rights management device provided in an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
The block chain system is a distributed network established by a plurality of nodes, and any two nodes in the system realize communication connection at an application layer through a Peer-to-Peer (P2P) network. Referring to fig. 1, the block chain system may include nodes 1 to 4, for example, and any two nodes of the nodes 1 to 4 may implement communication connection at the application layer through a P2P network. The blockchain system uses decentralized (or multi-centralized) distributed ledger constructed by a chained blockchain structure to be stored on each node (or most nodes) in the distributed blockchain network, so the blockchain system needs to solve the problem of consistency and correctness of respective ledger data on the decentralized (or multi-centralized) nodes. Each node of the blockchain system runs a blockchain program, and under the design of certain fault tolerance requirements, all loyalty nodes are ensured to have the same transaction through a consensus (consensus) mechanism, so that the execution results of all loyalty nodes on the same transaction are ensured to be consistent, a plurality of transactions arranged in sequence are packaged into blocks, and the world state is updated based on the execution results of the transactions. The consensus mechanisms of the current mainstream can include but are not limited to: proof of Work (POW), proof of stock (POS), practical Byzantine Fault Tolerance (PBFT) algorithm, and badger Byzantine Fault Tolerance (honeybadger bft) algorithm, among others.
A transaction in a blockchain system refers to a task unit that is executed in the blockchain system and recorded in the blockchain system. The transaction typically includes a send field (From), a receive field (To), and a Data field (Data). Where the transaction is a transfer transaction, the From field indicates the account address From which the transaction was initiated (i.e. the transfer task To another account was initiated), the To field indicates the account address From which the transaction was received (i.e. the transfer was received), and the Data field includes the transfer amount. In the case of a transaction calling an intelligent contract in a blockchain system, the From field represents the account address From which the transaction was initiated, the To field represents the account address of the contract called by the transaction, and the Data field includes the name of the function in the calling contract and Data such as incoming parameters To the function for retrieving the code of the function From the blockchain system and executing the code of the function when the transaction is executed.
An intelligent contract in a blockchain system is a contract that can be executed triggered by a transaction. An intelligent contract may be defined in the form of code. For example, invoking an intelligent contract in a federation chain initiates a transaction directed to an intelligent contract address, such that each node in the network of the federation chain runs intelligent contract code in a distributed manner. It should be noted that, in addition to the creation of the intelligent contract by the user, the intelligent contract may also be set by the system in the creation block. This type of contract is generally referred to as a startup contract. In general, the data structure, parameters, attributes and methods of some blockchain systems may be set in the startup contract. Further, an account with system administrator privileges may create a contract at the system level, or modify a contract at the system level (simply referred to as a system contract).
In a scenario of deploying smart contracts, a transaction containing smart contract creation information (i.e., a transaction for creating a smart contract) may be sent into the blockchain system, the from field of the transaction being the account address of the transaction initiator, the data field of the transaction including the code (e.g., bytecode or machine code) of the smart contract to be created, and the to field of the transaction being null to indicate that the transaction is for deploying a contract. After the agreement is achieved between the nodes through a consensus mechanism, a contract address of a contract is determined, a contract account corresponding to the contract address of the intelligent contract is added into a state database, state storage corresponding to the contract account is allocated, and a contract code is stored in the state storage of the intelligent contract.
In the scenario of invoking a contract, a transaction for invoking a smart contract may be sent into the blockchain system, the from field of the transaction being the account address of the transaction initiator, the to field being the contract address of the invoked smart contract, the data field of the transaction including the method and parameters of invoking the smart contract. After the transaction is identified in the blockchain system, each node can execute the transaction respectively, so that the intelligent contract is executed respectively, and the state database is updated correspondingly based on the execution of the intelligent contract.
It should be noted that a contract account will typically also have states that are defined by state variables in the intelligent contract and that generate new values when the intelligent contract is created and executed. Wherein the contract account may be used to store contract status associated with the intelligent contract. The code may be executed automatically as soon as an event triggers a term in the intelligent contract (execution condition is met). In a block chain system, the contract state of an intelligent contract is saved in a storage tree (storage tree), and the hash value of the root node of the storage tree is stored in a storage _ root, so that all the contract state of the contract is locked under the contract account through the hash. The storage tree is an MPT tree structure that stores key-value mappings of state addresses to state values. The address of a state variable is stored from the root node to the leaf node of the storage tree, and the value of a state variable is stored in one leaf node.
The blockchain system may correspond to multiple participants, i.e., different nodes in the blockchain system may be responsible for interfacing with different computing devices, where the interfaced nodes and computing devices belong to the same participant, while different nodes/computing devices may belong to different participants, where the aforementioned participants may be organizations, or natural persons. For example, the blockchain system may be a federation chain corresponding to a plurality of participants, with node 1 and computing device 10 belonging to participant a, node 2 and computing device 20 belonging to participant B, node 3 and computing device 30 belonging to participant C, and node 4 and computing device 40 belonging to participant D. The computing equipment can be used for performing computing processing on corresponding data and transmitting a processing result to a node connected with the computing equipment in a transaction mode; communication connections between different computing devices may be established through a block chain transmission network (BTN) or the like.
A target business system developed and/or operated by one participant may be deployed in the intranet environment of another participant. For example, the service system P is operated by the participant a; computing device 20 is located in an intranet environment of party B, and business system B may be deployed on computing device 20 or on other computing devices connected to computing device 20 in the intranet environment of party B, in which case business system P is the business system associated with computing device 20. The service system P may employ various software application modes including Software As A Service (SAAS), and the service system P itself is generally capable of providing a plurality of services.
The intranet environments of two different participants may not realize network intercommunication, and the authorization system data of the target service system cannot be circulated in the inner ring environments of the two participants. For example, the authority application information initiated by the participant B through the service system P may not be directly transmitted to the participant a, and the participant B also cannot provide the authority decision information corresponding to the authority application information initiated by the service system P, so that when the service system P receives an access request initiated by the participant and corresponding to the authority application information, the service system P uses the authority decision information to respond to the access request; wherein the aforementioned access request may be used to request that an account be registered in business system P, or may be used to request that a service be provided to an account registered in business system P.
In view of the foregoing, at least one embodiment of the present specification provides a method and an apparatus for managing block chain-based rights, and a node in a block chain system. The intelligent contract is deployed in the block chain system, a first node and a second node in the block chain system are respectively in butt joint with first computing equipment and second computing equipment which belong to different participants, and the first computing equipment is associated with a target business system; on the basis, a participant to which the first computing device belongs can trigger the target service system to initiate a first message according to the requirement of the participant, and then the first computing device sends a first transaction to the first node, wherein the first message and the first transaction comprise authority application information, so that the block chain system newly adds the authority application information in a contract state of an intelligent contract; the second computing device may obtain the authority application information from the second node, and a participant to which the second computing device belongs may trigger the second computing device to send a second transaction to the second node according to the authority application information, where the second transaction includes authority decision information corresponding to the authority application information, so that the block chain system adds the authority decision information in a contract state of the intelligent contract, where the authority decision information may be used to support the target service system to respond to an access request, which is received by the target service system and corresponds to the authority application information. Therefore, the authority application information from the first computing device and the corresponding authority decision information from the second computing device are recorded through the intelligent contract in the block chain system, and the data of the authorization system of the target service system are supported to be transferred among the computing devices belonging to different participants, so that the participant belonging to the second computing device can manage the relative authority of the participant belonging to the first computing device for using the target service system.
Fig. 2 is a schematic diagram of a block chain-based rights management method provided in an embodiment of this specification. The process of a party B belonging to the computing device 20 applying for a party a belonging to the computing device 10 for granting a right related to the business system P through the business system P is exemplarily described. Industry application middleware 1 and industry application middleware 2 can be deployed in the computing devices 10 and 20, respectively, and the participant B may initiate an access request Q1 to the business system P using an administrator account in a browser or other client program, requesting the participant a to grant the administrator account the right to register the account d1 in the business system P; or an administrator account is used for initiating an access request Q2 to the business system P, and the authority of using a certain service S1 provided by the business system P to the account d1 registered in the business system P is requested to be granted. Both the access request Q1 and the access request Q2 may trigger the service system P to initiate a message M1 containing the permission application information. Referring to fig. 2, the process may include, but is not limited to, the following steps S21 to S26.
In step S21, the computing device 20 obtains the message M1 initiated by the service system P.
The computing device 20 receives its originated message M1 from the business system P, for example, through the industry application middleware 2. For the rights application information included in the message M1: when the message M1 is initiated based on the foregoing access request Q1, the permission application information may indicate an account d1 expected to be registered in the business system P, and may further indicate an administrator account initiating the access request Q1; when the message M1 is initiated based on the aforementioned access request Q2, the permission application information may indicate the account d1 already registered in the business system P and a certain service S1 that it desires to use and is provided by the business system P.
At step S22, the computing device 20 sends a transaction Tx1 to node 2 in the blockchain system.
The computing device 20 sends to the node 2, for example through the industry application middleware 2, a transaction Tx1, the transaction Tx1 requesting invocation of the intelligent contract C1 deployed in the blockchain system, the transaction Tx1 including, for example, the rights application information located in the message M1.
And step S23, adding permission application information in the contract state of the intelligent contract C1 by the blockchain system according to the transaction Tx1.
The nodes including the node 1 and the node 2 in the blockchain system can execute the transaction Tx1 to newly add the right application information in the transaction Tx1 in the contract state of the intelligent contract C1.
In step S24, the computing device 10 obtains the right application information newly added by the block chain system in the contract state of the intelligent contract C1.
The computing device 10 sends a transaction Tx2 to the node 1 in the blockchain system, for example, through the industry application middleware 1, the transaction Tx2 requests to invoke the intelligent contract C1 for polling whether the newly added right application information exists in the contract state of the intelligent contract C1, and when the newly added right application information exists in the contract state of the intelligent contract C1, the newly added right application information in the contract state of the intelligent contract C1 is returned to the industry application middleware 1 in the computing device 20, for example, by the node 1. The information returned by the node 1 to the computing device 20 based on the transaction Tx2 may also include a hash value of the permission application information newly added in the contract state of the intelligent contract C1.
The computing device 10 presents the rights application information it obtained from the blockchain system to party a, for example, through the industry application middleware 1, or presents the rights application information it obtained from the blockchain system to party a through the industry application middleware 1, for example, through another application program. Accordingly, party a may initiate a decision operation based on the rights application information presented thereto, such that computing device 10 performs the following step S25 based on the decision operation initiated by party a.
At step S25, the computing device 10 sends a transaction Tx3 to the node 1 in the blockchain system according to the permission application information.
The computing device 10 sends a transaction Tx3 to the node 1, for example, through the industry application middleware 1, in response to a decision operation initiated by the party a on the permission application information, the transaction Tx3 requesting to invoke the intelligent contract C1, the permission decision information corresponding to the permission application information being included in the transaction Tx3. Wherein when the permission application information indicates an account d1 desired to be registered in the business system P, the permission decision information indicates whether to allow the account d1 to be registered in the business system P; when the authority application information indicates the account d1 and the service S1 that the account d2 desires to use, the authority decision information indicates whether the account d2 is allowed to use the service S1. Additionally, the transaction Tx3 may also include, for example, a hash value of the permission application information corresponding to the permission decision information, which, as can be seen from the foregoing, may be returned by the node 1 in the blockchain system to the industry application middleware 1 in the computing device 20 based on the transaction Tx 2.
In step S26, the blockchain system adds permission decision information in the contract state of the intelligent contract according to the transaction Tx3.
The nodes in the blockchain system, including the node 1 and the node 2, can execute the transaction Tx3 to add the authority decision information in the transaction Tx3 in the contract state of the intelligent contract C1. The authority application information and the authority decision information which correspond to each other can be recorded in the contract state of the intelligent contract C1 in a correlated manner; for example, when the node 1 executes the transaction Tx3, the authority application information corresponding to the authority decision information may be queried from the contract state of the intelligent contract C1 according to the hash value of the authority application information corresponding to the authority decision information in the transaction Tx3, and then the authority application information and the authority decision information corresponding to each other may be stored as a complete authority application record in the contract state of the intelligent contract C1.
It is understood that if the steps S21 to S26 are executed a plurality of times, it may be completed to record a plurality of sets of rights application information and rights decision information corresponding to each other in the contract status of the smart contract C1. The permission application information and the permission decision information which are recorded in the contract state of the intelligent contract C1 and correspond to each other in each group can support the service system to respond to the received access request.
Fig. 3 is a second schematic diagram of a block chain-based rights management method provided in an embodiment of the present disclosure. The process that the service system P responds to the access request received by the service system P by using the mutually corresponding sets of authority application information and authority decision information recorded in the contract state of the intelligent contract C1 is exemplarily described. Referring to fig. 3, the process may include, but is not limited to, the following steps S31 to S36.
In step S31, the service system P receives the access request.
Party B may initiate an access request Q3 to business system P using the administrator account, for example in a browser or other client program, requesting registration of account d2 in the business system; or initiating an access request Q4 to the business system P for requesting the business system P to provide a certain service S2 to the account d2 by using the account d2 registered in the business system P. The access request received by the service system P in step S31 may be the access request Q3 or the access request Q4 of the aforementioned example.
In step S32, the computing device 20 obtains the message M2 initiated by the target service system.
The computing device 20 receives a message M2 initiated by the service system P, for example, through the industry application middleware 2, and the message M2 may include therein authority query information corresponding to the access request received by the service system P in step 31. Wherein, when the message M2 is initiated based on the aforementioned access request Q3, the authority query information may indicate an account d2 expected to be registered in the service system P, and may further indicate an administrator account initiating the access request Q3. When the message M2 is initiated based on the aforementioned access request Q4, the permission query information may indicate the account d2 from which the access request Q4 was initiated and the desire of the business system P to provide a certain service S2 to the account d2.
At step S33, the computing device 20 sends a transaction Tx4 to node 2 in the blockchain system.
The computing device 20 sends to the node 2, for example through the industry application middleware 2, a transaction Tx4, the transaction Tx4 requesting invocation of the intelligent contract C1, the transaction Tx4 including the entitlement query message located in message M2.
In step S34, the node 2 in the blockchain system returns the result of the permission query to the computing device 20 according to the transaction Tx4.
The node 2 may execute a transaction Tx4 and return an authority query result to the industry application middleware 2 in the computing device 20 according to the execution result of the transaction Tx4. When the contract state of the intelligent contract C1 includes the target authority application information corresponding to the authority query information, for example, when the target authority application information identical to the authority query information exists, the authority query result includes the target authority decision information corresponding to the target authority application information. In addition, when the target authority application information corresponding to the authority query information is not included in the contract state of the intelligent contract, for example, when the target authority application information identical to the authority query information does not exist, the authority query result indicates that the business system P prohibits registering the account d2, which is requested to be registered by the access request Q3, in the business system P, or indicates that the business system P prohibits providing the service S2 to the account d2 registered in the business system according to the access request Q4.
In step S35, the computing device 20 provides the permission query result to the service system P.
The computing device 20 provides the permission query result returned by the node 2 to the business system P, for example, through the industry application middleware 2.
And step S36, the service system P responds to the access request according to the permission query result.
When the access request received in step 31 is the aforementioned access request Q3, the service system P can make a decision whether to register the account d2 in the service system P according to the access request Q3, according to the permission query. When the access request received in step 31 is the aforementioned access request Q4, the service system P may query and decide whether to provide the service S2 to the account d2 according to the access request Q4, where when the service system P adopts the software application mode SAAS, the service system P may return a page corresponding to the service S2 to the browser or the client program initiating the access request Q4 according to the access request Q4, so as to complete providing the service S2 to the account d2 through the page.
It should be noted that, when the result of the right inquiry indicates that the service system P prohibits registering the account d2 requested to be registered by the access request Q3 in the service system P, or indicates that the service system P prohibits providing the service S2 to the account d2 registered in the service system P according to the access request Q4, the service system P may trigger to execute a process similar to the foregoing step S21 to step S26 based on the corresponding administrator account, request the participant a to grant the authority of the administrator account to register the account d2 in the service system P, or request to grant the authority of the account d2 registered in the service system P to use a certain service S2 provided by the service system P.
Based on the same concept as that of the foregoing method embodiment, an embodiment of the present specification further provides a first node in a blockchain system, where the blockchain system further includes a second node, the first node and the second node respectively interface a first computing device and a second computing device that belong to different participants, an intelligent contract is deployed in the blockchain system, and the first computing device is associated with a target business system. As shown in fig. 4, the first node includes: a communication processing unit 41, configured to obtain a first transaction, where the first transaction is sent by the first computing device according to a first message initiated by the target service system, and the first message and the first transaction include permission application information; a transaction processing unit 43 configured to add the right application information in the contract state of the smart contract according to the first transaction.
In a possible implementation manner, the communication processing unit 41 is further configured to obtain a third transaction, where the third transaction is sent by the first computing device according to a second message initiated by the target service system, the second message is initiated by the target service system after receiving an access request, and the second message and the third transaction include authority query information corresponding to the access request; the transaction processing unit 43 is further configured to return an authority query result to the first computing device according to the third transaction, where the authority query result includes target authority decision information corresponding to the target authority application information when the contract state of the intelligent contract includes the target authority application information corresponding to the authority query information, so that the target service system responds to the access request according to the authority query result.
Based on the same concept as the foregoing method embodiment, in this specification embodiment, there is also provided a second node in a blockchain system, where the blockchain system further includes a first node, the first node and the second node are respectively docked with a first computing device and a second computing device that belong to different parties, the first computing device is associated with a target service system, an intelligent contract is deployed in the blockchain system, a contract state of the intelligent contract includes an authority application information that is newly added by the blockchain system according to a first transaction, and the first transaction is sent by the first computing device after obtaining a first message initiated by the target service system. As shown in fig. 5, the second node includes: a communication processing unit 51 configured to transmit the authority application information to the second computing device; acquiring a second transaction sent by the second computing device according to the permission application information, wherein the second transaction comprises permission decision information corresponding to the permission application information; a transaction processing unit 53 configured to add the permission decision information in the contract state of the smart contract according to the second transaction.
Based on the same concept as the foregoing method embodiment, an embodiment of the present specification further provides an apparatus for rights management based on a blockchain, which relates to a first computing device and a second computing device belonging to different participants, where the first computing device and the second computing device respectively interface a first node and a second node in a blockchain system, an intelligent contract is deployed in the blockchain system, the first computing device is associated with a target business system, and the apparatus is deployed in the first computing device. As shown in fig. 6, the apparatus includes: an information obtaining unit 61, configured to obtain a first message initiated by the target service system, where the first message includes authority application information; an information sending unit 63 configured to send a first transaction including the authority application information to the first node, cause the blockchain system to newly add the authority application information in the contract state of the intelligent contract, and cause the blockchain system to newly add authority decision information corresponding to the authority application information in the contract state of the intelligent contract according to a second transaction from the second computing device.
Based on the same concept as the foregoing method embodiment, an embodiment of the present specification further provides a block chain-based rights management apparatus, which relates to a first computing device and a second computing device belonging to different parties, where the first computing device and the second computing device are respectively connected to a first node and a second node in a block chain system, the first computing device is associated with a target service system, an intelligent contract is deployed in the block chain system, a contract state of the intelligent contract includes rights application information newly added by the block chain system according to a first transaction, the first transaction is sent by the first computing device after obtaining a first message initiated by the target service system, and the apparatus is deployed in the second computing device. As shown in fig. 7, the apparatus includes: an information obtaining unit 71 configured to obtain the authority application information from the second node; the information sending unit 73 is configured to send a second transaction to the second node according to the authority application information, where the second transaction includes authority decision information corresponding to the authority application information, so that the block chain system adds the authority decision information in the contract state of the intelligent contract.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD) (e.g., a Field Programmable Gate Array (FPGA)) is an integrated circuit whose Logic functions are determined by a user programming the Device. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development, but the original code before compiling is also written in a specific Programming Language, which is called Hardware Description Language (HDL), and the HDL is not only one kind but many kinds, such as abll (Advanced boot Expression Language), AHDL (alternate hard Description Language), traffic, CUPL (computer universal Programming Language), HDCal (Java hard Description Language), lava, lola, HDL, PALASM, software, rhydl (Hardware Description Language), and vhul-Language (vhyg-Language), which is currently used in the field. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. One typical implementation device is a server system. Of course, this application does not exclude that with future developments in computer technology, the computer implementing the functionality of the above described embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device or a combination of any of these devices.
Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of sequences, and does not represent a unique order of performance. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. For example, the use of the terms first, second, etc. are used to denote names, but not to denote any particular order.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or the modules implementing the same functions may be implemented by a combination of a plurality of sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
One skilled in the art will appreciate that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the various embodiments or examples and features of the various embodiments or examples described in this specification can be combined and combined by those skilled in the art without being mutually inconsistent.
The above description is intended to be illustrative of one or more embodiments of the disclosure, and is not intended to limit the scope of one or more embodiments of the disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.

Claims (21)

1. A block chain-based authority management method relates to a first computing device and a second computing device belonging to different participants, wherein the first computing device and the second computing device are respectively connected with a first node and a second node in a block chain system, an intelligent contract is deployed in the block chain system, and the first computing device is associated with a target business system, and the method comprises the following steps:
the first computing device responds to a first message initiated by the target business system, and sends a first transaction to the first node, wherein the first message and the first transaction comprise permission application information, so that the blockchain system adds the permission application information in a contract state of the intelligent contract;
and the second computing equipment acquires the authority application information from the second node and sends a second transaction to the second node according to the authority application information, wherein the second transaction comprises authority decision information corresponding to the authority application information, so that the block chain system is added with the authority decision information in the contract state of the intelligent contract.
2. The method of claim 1, the entitlement application information indicating a first account desired to be registered in the target business system, the entitlement decision information indicating whether registration of the first account in the target business system is allowed;
or, the permission application information indicates a first account and a first service which the first account desires to use, and the permission decision information indicates whether the first account is allowed to use the first service.
3. The method of claim 1, further comprising:
the first computing device responds to a second message initiated by the target service system, and sends a third transaction to the first node, wherein the second message is initiated by the target service system after receiving an access request, the second message and the third transaction comprise authority query information corresponding to the access request, and the first node returns an authority query result, and when the contract state of the intelligent contract comprises target authority application information corresponding to the authority query information, the authority query result comprises target authority decision information corresponding to the target authority application information;
and the first computing equipment provides the authority inquiry result to the target service system, so that the target service system responds to the access request according to the authority inquiry result.
4. The method of claim 3, the access request requesting registration of a second account with the target business system, or the access request requesting the target business system to provide a second service to a second account.
5. The method of claim 3, wherein the access request is for requesting registration of a second account in the target business system, and when target permission application information corresponding to the permission query information is not included in the contract status of the intelligent contract, the permission query result indicates that the target business system prohibits registration of the second account in the target business system;
or the access request is used for requesting the target business system to provide a second service to a second account, and when the contract state of the intelligent contract does not include target permission application information corresponding to the permission query information, the permission query result indicates that the target business system forbids the provision of the second service to the second account.
6. The method according to any one of claims 1 to 5, wherein the obtaining, by the second computing device, the permission application information from the second node specifically includes: and the second computing equipment sends a fourth transaction to the second node, so that the second node returns the permission application information.
7. A block chain-based authority management method relates to a first computing device and a second computing device belonging to different participants, wherein the first computing device and the second computing device are respectively connected with a first node and a second node in a block chain system, an intelligent contract is deployed in the block chain system, the first computing device is associated with a target business system, and the method is executed by the first computing device and comprises the following steps:
acquiring a first message initiated by the target service system, wherein the first message comprises authority application information;
sending a first transaction including the authority application information to the first node, causing the blockchain system to newly add the authority application information in a contract state of the intelligent contract, and causing the blockchain system to newly add authority decision information corresponding to the authority application information in the contract state of the intelligent contract according to a second transaction from the second computing device.
8. The method of claim 7, the permission application information indicating a first account desired to be registered in the target business system, the permission decision information indicating whether registration of the first account in the target business system is allowed;
or, the permission application information indicates a first account and a first service which the first account desires to use, and the permission decision information indicates whether the first account is allowed to use the first service.
9. The method of claim 7, further comprising:
responding to a second message initiated by the target service system, sending a third transaction to the first node, wherein the second message is initiated by the target service system after receiving an access request, and the second message and the third transaction comprise authority query information corresponding to the access request, so that the first node returns an authority query result, wherein when a contract state of the intelligent contract comprises target authority application information corresponding to the authority query information, the authority query result comprises target authority decision information corresponding to the target authority application information;
and providing the authority inquiry result to the target service system, so that the target service system responds to the access request according to the authority inquiry result.
10. The method of claim 9, the access request requesting registration of a second account with the target business system, or the access request requesting the target business system to provide a second service to a second account.
11. The method of claim 9, wherein the access request is for requesting registration of a second account in the target business system, and when target permission application information corresponding to the permission query information is not included in the contract status of the intelligent contract, the permission query result indicates that the target business system prohibits registration of the second account in the target business system;
or, the access request is used to request the target business system to provide a second service to a second account, and when the contract state of the intelligent contract does not include target permission application information corresponding to the permission query information, the permission query result indicates that the target business system prohibits providing the second service to the second account.
12. A block chain-based authority management method relates to a first computing device and a second computing device belonging to different participants, wherein the first computing device and the second computing device are respectively connected with a first node and a second node in a block chain system in a butt joint mode, the first computing device is associated with a target business system, an intelligent contract is deployed in the block chain system, the contract state of the intelligent contract comprises authority application information newly added by the block chain system according to a first transaction, the first transaction is provided by the first computing device after a first message initiated by the target business system is obtained, and the method is executed by the second computing device and comprises the following steps:
acquiring the permission application information from the second node;
and sending a second transaction to the second node according to the authority application information, wherein the second transaction comprises authority decision information corresponding to the authority application information, so that the block chain system is added with the authority decision information in a contract state of the intelligent contract.
13. The method of claim 12, the permission application information indicating a first account desired to be registered in the target business system, the permission decision information indicating whether registration of the first account in the target business system is allowed;
or, the permission application information indicates a first account and a first service which the first account desires to use, and the permission decision information indicates whether the first account is allowed to use the first service.
14. The method according to claim 12 or 13, wherein the acquiring the permission application information from the second node specifically includes: sending a fourth transaction to the second node, so that the second node returns the permission application information;
the sending a second transaction to the second node according to the permission application information specifically includes: and responding to the decision operation of the participant of the second computing device to the authority application information, and sending a second transaction to the second node.
15. A first node in a blockchain system, the blockchain system further including a second node, the first node and the second node respectively interfacing with a first computing device and a second computing device belonging to different participants, an intelligent contract being deployed in the blockchain system, the first computing device being associated with a target business system, the first node comprising:
the communication processing unit is configured to acquire a first transaction, the first transaction is sent by the first computing device according to a first message initiated by the target service system, and the first message and the first transaction comprise authority application information;
and the transaction processing unit is configured to newly add the authority application information in the contract state of the intelligent contract according to the first transaction.
16. The first node of claim 15,
the communication processing unit is further configured to acquire a third transaction, where the third transaction is sent by the first computing device according to a second message initiated by the target service system, the second message is initiated by the target service system after receiving an access request, and the second message and the third transaction include permission query information corresponding to the access request;
the transaction processing unit is further configured to return an authority query result to the first computing device according to the third transaction, where the authority query result includes target authority decision information corresponding to the target authority application information when the contract state of the intelligent contract includes the target authority application information corresponding to the authority query information, so that the target service system responds to the access request according to the authority query result.
17. A second node in a blockchain system, where the blockchain system further includes a first node, the first node and the second node are respectively docked with a first computing device and a second computing device that belong to different participants, the first computing device is associated with a target service system, an intelligent contract is deployed in the blockchain system, a contract state of the intelligent contract includes permission application information that is newly added to the blockchain system according to a first transaction, the first transaction is sent by the first computing device after obtaining a first message initiated by the target service system, and the second node includes:
a communication processing unit configured to transmit the permission application information to the second computing device; acquiring a second transaction sent by the second computing device according to the permission application information, wherein the second transaction comprises permission decision information corresponding to the permission application information;
and the transaction processing unit is configured to newly add the authority decision information in the contract state of the intelligent contract according to the second transaction.
18. A block chain-based authority management device relates to a first computing device and a second computing device belonging to different participants, wherein the first computing device and the second computing device are respectively connected with a first node and a second node in a block chain system, an intelligent contract is deployed in the block chain system, the first computing device is associated with a target business system, the device is deployed in the first computing device, and the device comprises:
an information obtaining unit, configured to obtain a first message initiated by the target service system, where the first message includes authority application information;
an information sending unit configured to send a first transaction including the authority application information to the first node, cause the blockchain system to newly add the authority application information in a contract state of the intelligent contract, and cause the blockchain system to newly add authority decision information corresponding to the authority application information in a contract state of the intelligent contract according to a second transaction from the second computing device.
19. A permission management device based on a block chain relates to a first computing device and a second computing device belonging to different participants, wherein the first computing device and the second computing device are respectively connected with a first node and a second node in a block chain system in a butt joint mode, the first computing device is associated with a target service system, an intelligent contract is deployed in the block chain system, the contract state of the intelligent contract comprises permission application information newly added by the block chain system according to a first transaction, the first transaction is sent by the first computing device after a first message initiated by the target service system is obtained, and the device is deployed in the second computing device and comprises:
an information obtaining unit configured to obtain the permission application information from the second node;
and the information sending unit is configured to send a second transaction to the second node according to the authority application information, wherein the second transaction comprises authority decision information corresponding to the authority application information, so that the block chain system adds the authority decision information in the contract state of the intelligent contract.
20. A computer-readable storage medium having stored thereon a computer program which, when executed in a computing device, causes the computing device to perform the method of any of claims 7-14.
21. A computing device comprising a memory having stored therein a computer program and a processor that, when executing the computer program, implements the method of any of claims 7-14.
CN202211116478.1A 2022-09-14 2022-09-14 Authority management method and device based on block chain and node in block chain system Pending CN115664704A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211116478.1A CN115664704A (en) 2022-09-14 2022-09-14 Authority management method and device based on block chain and node in block chain system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211116478.1A CN115664704A (en) 2022-09-14 2022-09-14 Authority management method and device based on block chain and node in block chain system

Publications (1)

Publication Number Publication Date
CN115664704A true CN115664704A (en) 2023-01-31

Family

ID=84983966

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211116478.1A Pending CN115664704A (en) 2022-09-14 2022-09-14 Authority management method and device based on block chain and node in block chain system

Country Status (1)

Country Link
CN (1) CN115664704A (en)

Similar Documents

Publication Publication Date Title
CN109995713B (en) Service processing method in micro-service framework and related equipment
TW202040459A (en) Data processing method and device, block chain client and block chain node
WO2023160085A1 (en) Method for executing transaction, blockchain, master node, and slave node
CN114679457A (en) Node grouping method in block chain and block chain link point
CN114936092A (en) Method for executing transaction in block chain and main node of block chain
CN116032756A (en) Method for updating configuration information of application program based on block chain and block chain link point
CN115150409B (en) Method for executing transaction in blockchain system, node and computer readable storage medium
WO2023240933A1 (en) Distributed application deployment method and apparatus based on blockchain
CN114785800B (en) Cross-link communication method, device, storage medium and computing equipment
WO2024001025A1 (en) Pre-execution cache data cleaning method and blockchain node
CN114710350B (en) Method and device for distributing callable resources, electronic equipment and storage medium
CN115664704A (en) Authority management method and device based on block chain and node in block chain system
CN114363335B (en) Cross-chain interaction method and device
CN116167099A (en) Data access method and block link point in block chain system
CN115529352A (en) Routing processing method and device for computing service
CN111062814A (en) Resource transfer method, device and system based on block chain
CN116886726A (en) Service access method based on block chain system and block chain link point
EP3534588A1 (en) Network policy exchanging method and system
CN115576709A (en) Communication processing method and device based on block chain
CN115455447A (en) Communication processing method and device based on block chain and block chain system
CN115865365B (en) Block chain-based account dividing processing method, device and system
CN116647566A (en) Access management method and device based on block chain
CN112073449B (en) Kubernetes-based environment switching processing method and equipment
CN115880071A (en) Method for processing digital resources and nodes of block chain
CN116644452A (en) File read-write method, device and node based on block chain system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination