CN115883143A - Block chain application access method and system based on managed account - Google Patents
Block chain application access method and system based on managed account Download PDFInfo
- Publication number
- CN115883143A CN115883143A CN202211437378.9A CN202211437378A CN115883143A CN 115883143 A CN115883143 A CN 115883143A CN 202211437378 A CN202211437378 A CN 202211437378A CN 115883143 A CN115883143 A CN 115883143A
- Authority
- CN
- China
- Prior art keywords
- module
- block chain
- application
- enterprise
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application provides a block chain application access method and system based on a managed account, and relates to the technical field of IT and software development. A block chain application access method based on a managed account comprises the following steps: after an enterprise accesses the system, an authentication gateway module initializes an identity token for enterprise application; judging whether the enterprise application accesses the blockchain application, if so, signing the unique identifier of the visitor by using the identity token through the enterprise application module and then transmitting the unique identifier to the authentication gateway module; and after the authentication gateway module passes the verification of the signature, returning a one-time temporary identity token of the enterprise application module, and temporarily storing the identity of the requester. Under the condition that a service provider user does not need to establish an upper-layer account and perform account intercommunication with an enterprise, the packaged application service based on the block chain can be provided for the enterprise, under the condition that the privacy of the enterprise user is protected, the block chain access difficulty and the development amount of the enterprise are reduced, and the block chain service access efficiency is improved.
Description
Technical Field
The application relates to the technical field of IT and software development, in particular to a block chain application access method and system based on a managed account.
Background
As blockchain applications mature, more and more enterprises need to access some blockchain services. However, self-building blockchains are too costly, so most enterprises choose to use third party blockchains as underlying chains.
At present, two mainstream docking modes are available, the first mode is to directly use an API (Application Programming Interface) capability provided by a bottom link to dock a block chain, and the docking mode is suitable for the opposite side to provide a service contract capability; and the second method is that the nodes are directly connected after authorization is obtained and transaction is directly sent to the nodes, and the butt joint mode is suitable for enterprises to write contracts by themselves.
Neither of these two ways of interfacing is suitable if the enterprise needs the service providers to provide the business layer services at the same time. Due to the particularity of the block chain service, the only account of the block chain service is in the block chain layer of the bottom layer, but the user authentication is required for the upper layer service, and one account is required to log in unless the block chain private key is given to the user, so that the service layer service of the enterprise access service provider needs to get through the account systems of the service layers of the two parties, the joint logging is realized or the user is required to actively log in, the user experience is influenced, and the hidden danger of user information security leakage exists.
Disclosure of Invention
The application aims to provide a block chain application access method based on a managed account, which can provide packaged block chain-based application services for enterprises under the condition that service business users do not need to establish upper-layer accounts and perform account intercommunication with the enterprises, reduce the block chain access difficulty and development amount of the enterprises under the condition of protecting the privacy of the enterprise users, and improve the block chain service access efficiency.
Another object of the present application is to provide a blockchain application access system based on a managed account, which is capable of running a blockchain application access method based on a managed account.
The embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a block chain application access method based on a managed account, which includes that after an enterprise accesses a system, an authentication gateway module initializes an identity token for the enterprise application; judging whether the enterprise application accesses the blockchain application, if so, signing the unique identifier of the visitor by using the identity token through the enterprise application module and then transmitting the unique identifier to the authentication gateway module; after the authentication gateway module passes the verification of the signature, returning a one-time temporary identity token of the enterprise application module, and temporarily storing the identity of the requester; the enterprise application module pulls up the front-end application module and sends the one-time token to the front-end application module through the non-encrypted channel; the front-end application module uses the one-time token to authenticate the authentication gateway; and after authentication, the front-end application module acquires the short-term identity token and invalidates the disposable token.
In some embodiments of the present application, the above further includes: and the front-end application module uses the short-term identity token to access the business service module within the validity period of the short-term identity token.
In some embodiments of the present application, the above further includes: and after receiving the access request, the business service module verifies the authority at the authentication gateway module according to the short-term identity token.
In some embodiments of the present application, the above further includes: and after the authentication is passed, the authentication gateway informs the unique identification of the identity of the authenticator to the business service module.
In some embodiments of the present application, the above further includes: and the business service module inquires the block chain account of the user according to the unique identifier, if the user does not have the block chain account, the block chain module is accessed to create the block chain account for the user, and if the user has the block chain account, the related business operation is executed and the related contract is called.
In some embodiments of the present application, the above further includes: and the block chain module returns the execution result to the service module.
In some embodiments of the present application, the above further includes: and the business service module returns the business result to the front-end application module.
In a second aspect, an embodiment of the present application provides a block chain application access system based on a managed account, which includes an enterprise application module, configured to be deployed in an extranet environment, and responsible for initiating an authentication application for a user and pulling up a relevant front-end application page;
the authentication gateway module is used for generating an authority token, managing the token, checking and authenticating the token and checking the authority;
the service module is used for processing the application layer service, managing the block chain account secret key, and connecting with the block chain module to chain up the specific service;
the block chain module is used for sending transactions, interacting with the intelligent contract, receiving the call of the business service module and returning operation results;
and the front-end application module is used for displaying the service content and executing the authentication process.
In some embodiments of the present application, the above includes: at least one memory for storing computer instructions; at least one processor in communication with the memory, wherein the at least one processor, when executing the computer instructions, causes the system to: the system comprises an enterprise application module, an authentication gateway module, a business service module, a block chain module and a front-end application module.
In a third aspect, embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method as any one of the block chain application access methods based on a managed account.
Compared with the prior art, the embodiment of the application has at least the following advantages or beneficial effects:
when the enterprise accesses the block chain service, the enterprise can access the upper application service such as the page function of the service provider under the condition of not using a user account system of the service provider. The unique identification number of the user is encrypted information, and the block chain service provider can not obtain any user information and can also provide services for the user.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic diagram illustrating an authentication process of a managed account according to an embodiment of the present application;
fig. 2 is a schematic diagram of a block chain application access system module based on a managed account according to an embodiment of the present application;
fig. 3 is an electronic device according to an embodiment of the present disclosure.
Icon: 10-an enterprise application module; 20-authentication gateway module; 30-a business service module; 40-a blockchain module; 50-a front-end application module; 101-a memory; 102-a processor; 103-communication interface.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, as presented in the figures, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
It is to be noted that the term "comprises," "comprising," or any other variation thereof is intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the individual features of the embodiments can be combined with one another without conflict.
Example 1
An API (Application Programming Interface) is a predefined function that is intended to provide applications and developers the ability to access a set of routines based on certain software or hardware, without accessing source code or understanding the details of the internal workings. In addition to the meaning of application program interface, the API also refers specifically to the specification document of the API, also called help document.
The block chain is a chain formed by blocks. Each block holds certain information, which are linked in a chain according to a respective generated time sequence. This chain is maintained in all servers, and as long as one server can work in the entire system, the entire blockchain is secure. These servers, referred to as nodes in the blockchain system, provide storage space and computational support for the entire blockchain system. If the information in the block chain is to be modified, more than half of the nodes must be proved to agree and modify the information in all the nodes, and the nodes are usually held in different subjects, so that the information in the block chain is extremely difficult to tamper with. Compared with the traditional network, the block chain has two core characteristics: the first is that data is difficult to tamper with, and the second is decentralized. Based on the two characteristics, the information recorded by the block chain is more real and reliable, and the problem that people are not trusted each other can be solved.
The SM3 is mainly used for digital signature and verification, message authentication code generation and verification, random number generation and the like, and the algorithm thereof is disclosed. According to the representation of the national code administration, the security and the efficiency are equivalent to those of SHA-256.
ECC is the abbreviation of Error Correcting Code, and is a technology capable of realizing Error checking and correction, and an ECC memory is a memory using the technology and is generally applied to servers and graphic workstations, so that the running stability of computers can be improved, and the reliability can be increased.
The MD5 Message Digest Algorithm (english: MD5 Message-Digest Algorithm), a widely used cryptographic hash function, can generate a 128-bit (16-byte) hash value (hash value) to ensure the integrity of the Message transmission.
The RSA public key cryptosystem is a cryptosystem that uses different encryption and decryption keys, and it is computationally infeasible to derive a decryption key from a known encryption key
In some embodiments, a bank needs to access the digital collection application of the chinese telecommunication, needs to access as fast and low-cost as possible, does not want to develop in large quantities, and thus cannot accept the private deployment. Based on the protection of the user information, the bank APP user information cannot be provided to register as the telecommunication number storage user to log in the telecommunication number storage platform. Therefore, by using the managed account scheme, when the user needs to collect and view the number memory, the bank side performs managed account authentication, and when the user collects and views the number memory, the user completely uses the pages provided by the telecommunication, but the user is anonymous to the telecommunication. In the service process, the telecommunication only provides technical services of the front end and the back end, the user data is in the bank, and meanwhile, the bank does not need to develop and butt joint any service function, only needs to access an authentication system, and realizes quick, low-cost and light service access.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating an authentication process of a managed account according to an embodiment of the present application, which is as follows:
after the enterprise accesses the system, the authentication gateway module first initializes an identity token for the enterprise application.
When the enterprise application needs to access the blockchain application, the unique identifier of the visitor needs to be signed by the enterprise application module through the identity token and then transmitted to the authentication gateway module. The signature verification method comprises various signature methods such as SM3, ECC, MD5 and the like, and identity verification can be carried out by using symmetric or asymmetric secret keys such as SM2, SM4, RSA, ECC and the like to encrypt and decrypt instead of signature verification in some implementation scenes.
After the authentication gateway module passes the verification of the signature, the authentication gateway module returns a one-time temporary identity token to the enterprise application module, and temporarily stores the identity of the requester. In some implementation scenarios, the one-time token in the method may also be replaced by a short-term token.
The enterprise application module pulls up the front-end application module and gives the one-time token to the front-end application module. The front-end application module uses the one-time token to authenticate at the authentication gateway.
The front-end application module acquires a deadline identity token after authentication and disables the one-time token. In some implementation scenarios, the operation of replacing the one-time token with the short-term token in the method may also be omitted.
And the front-end application module can use the deadline identity token to access the business service module within the validity period of the deadline identity token.
After receiving the access request, the service module will take the deadline identity token to verify the authority at the authentication gateway module.
After passing the authentication, the authentication gateway will inform the service module of the unique identifier of the authenticator identity.
And the business service module inquires the block chain account of the business service module according to the unique identifier. If the user does not have a blockchain account, accessing a blockchain module to create a blockchain account for the user; and if the user has a block chain account, executing related business operation and calling related contracts. In some implementations, the blockchain module may also be omitted, with only a centralized business service module.
And the block chain module returns the execution result to the service module.
And the business service module returns the business result to the front-end application module.
Example 2
Referring to fig. 2, fig. 3 is a schematic diagram of a block chain application access system module based on managed accounts according to an embodiment of the present application, which is shown as follows:
the enterprise application module 10 is deployed in an external network environment, and is responsible for initiating an authentication application by a user and pulling up a related front-end application page;
the authentication gateway module 20 is responsible for generating an authority token, managing the token, verifying and authenticating the signature and checking the authority;
the service module 30 is responsible for processing application layer services, managing a block chain account key, and interfacing with the block chain module to uplink a specific service;
the block chain module 40 is used for sending transactions, interacting with the intelligent contracts, receiving the calling of the business service module and returning operation results;
the front-end application module 50 is responsible for displaying the service content and executing the authentication process.
As shown in fig. 3, an embodiment of the present application provides an electronic device, which includes a memory 101 for storing one or more programs; a processor 102. The one or more programs, when executed by the processor 102, implement the method of any of the first aspects as described above.
Also included is a communication interface 103, with the memory 101, processor 102, and communication interface 103 being electrically connected to each other, directly or indirectly, to enable transfer or interaction of data. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory 101 may be used to store software programs and modules, and the processor 102 executes the software programs and modules stored in the memory 101 to thereby execute various functional applications and data processing. The communication interface 103 may be used for communicating signaling or data with other node devices.
The Memory 101 may be, but not limited to, a Random Access Memory (RAM) 101, a Read Only Memory (ROM) 101, a Programmable Read Only Memory (PROM) 101, an Erasable Read Only Memory (EPROM) 101, an electrically Erasable Read Only Memory (EEPROM) 101, or the like.
The processor 102 may be an integrated circuit chip having signal processing capabilities. The Processor 102 may be a general-purpose Processor 102, including a Central Processing Unit (CPU) 102, a Network Processor (NP) 102, and the like; but may also be a Digital Signal processor 102 (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware components.
In the embodiments provided in the present application, it should be understood that the disclosed method and system can be implemented in other ways. The method and system embodiments described above are merely illustrative and, for example, the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In another aspect, embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by the processor 102, implements the method according to any one of the first aspect described above. The functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory 101 (ROM), a Random Access Memory 101 (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In summary, the block chain application access method and system based on the managed account provided by the embodiment of the present application enable an enterprise to access upper layer application services such as a page function of a service provider without using a user account system of the service provider when accessing the block chain service. The unique identification number of the user is encrypted information, and the block chain service provider can not obtain any user information and can also provide services for the user.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A block chain application access method based on a managed account is characterized by comprising the following steps:
after the enterprise accesses the system, the authentication gateway module initializes an identity token for the enterprise application;
judging whether the enterprise application accesses the blockchain application, if so, signing the unique identifier of the visitor by using the identity token through the enterprise application module and then transmitting the unique identifier to the authentication gateway module;
after the authentication gateway module passes the verification of the signature, returning a one-time temporary identity token of the enterprise application module, and temporarily storing the identity of the requester;
the enterprise application module pulls up the front-end application module and sends the one-time token to the front-end application module through the non-encrypted channel;
the front-end application module uses the one-time token to authenticate the authentication gateway;
and after authentication, the front-end application module acquires the short-term identity token and invalidates the one-time token.
2. The method of claim 1, further comprising:
and in the validity period of the short-term identity token, the front-end application module accesses the business service module by using the short-term identity token.
3. The method of claim 2, further comprising:
and after receiving the access request, the business service module verifies the authority at the authentication gateway module according to the short-term identity token.
4. The method of claim 3, further comprising:
after the authentication is passed, the authentication gateway informs the service module of the unique identifier of the authenticator identity.
5. The method of claim 4, further comprising:
and the business service module inquires the block chain account of the user according to the unique identifier, if the user does not have the block chain account, the block chain module is accessed to create the block chain account for the user, and if the user has the block chain account, the related business operation is executed and the related contract is called.
6. The method of claim 5, further comprising:
and the block chain module returns the execution result to the service module.
7. The method of claim 6, further comprising:
and the business service module returns the business result to the front-end application module.
8. A system for blockchain application access based on a hosted account, comprising:
the enterprise application module is used for being deployed in an external network environment, is responsible for initiating an authentication application by a user and pulling up a related front-end application page;
the authentication gateway module is used for generating an authority token, managing the token, checking and authenticating the token and checking the authority;
the service module is used for processing the application layer service, managing the block chain account secret key, and connecting with the block chain module to chain up the specific service;
the block chain module is used for sending transactions, interacting with the intelligent contract, receiving the calling of the business service module and returning operation results;
and the front-end application module is used for displaying the service content and executing the authentication process.
9. The system of claim 8, wherein the system comprises:
at least one memory for storing computer instructions;
at least one processor in communication with the memory, wherein the at least one processor, when executing the computer instructions, causes the system to perform: the system comprises an enterprise application module, an authentication gateway module, a business service module, a block chain module and a front-end application module.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211437378.9A CN115883143A (en) | 2022-11-17 | 2022-11-17 | Block chain application access method and system based on managed account |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211437378.9A CN115883143A (en) | 2022-11-17 | 2022-11-17 | Block chain application access method and system based on managed account |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115883143A true CN115883143A (en) | 2023-03-31 |
Family
ID=85760073
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211437378.9A Pending CN115883143A (en) | 2022-11-17 | 2022-11-17 | Block chain application access method and system based on managed account |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115883143A (en) |
-
2022
- 2022-11-17 CN CN202211437378.9A patent/CN115883143A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11449641B2 (en) | Integrity of communications between blockchain networks and external data sources | |
| CA3061808C (en) | Securely executing smart contract operations in a trusted execution environment | |
| CN110998581B (en) | Program execution and data attestation scheme using multiple key pair signatures | |
| CN110933108B (en) | Data processing method and device based on block chain network, electronic equipment and storage medium | |
| CN111066286B (en) | Retrieving common data for blockchain networks using high availability trusted execution environments | |
| CN109361668B (en) | Trusted data transmission method | |
| CN110417750B (en) | Block chain technology-based file reading and storing method, terminal device and storage medium | |
| WO2020062668A1 (en) | Identity authentication method, identity authentication device, and computer readable medium | |
| WO2021169107A1 (en) | Internet identity protection method and apparatus, electronic device, and storage medium | |
| JP2022545627A (en) | Decentralized data authentication | |
| CN111164948A (en) | Managing network security vulnerabilities using blockchain networks | |
| US20110276490A1 (en) | Security service level agreements with publicly verifiable proofs of compliance | |
| KR20210040078A (en) | Systems and methods for safe storage services | |
| WO2021219086A1 (en) | Data transmission method and system based on blockchain | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| CN114338091B (en) | Data transmission method, device, electronic equipment and storage medium | |
| Jiang et al. | Traceable method for personal information registration based on blockchain | |
| CN115811412A (en) | Communication method and device, SIM card, electronic equipment and terminal equipment | |
| CN114329395A (en) | Supply chain financial privacy protection method and system based on block chain | |
| Chiu et al. | TPMWallet: Towards blockchain hardware wallet using trusted platform module in iot | |
| CN113722749A (en) | Data processing method and device for block chain BAAS service based on encryption algorithm | |
| Ganesh et al. | An efficient integrity verification and authentication scheme over the remote data in the public clouds for mobile users | |
| Ahmed et al. | Transparency of SIM profiles for the consumer remote SIM provisioning protocol | |
| WO2021073383A1 (en) | User registration method, user login method and corresponding device | |
| CN115883143A (en) | Block chain application access method and system based on managed account |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |