CN115987683A - Node access control method, device, equipment and medium in block chain network - Google Patents
Node access control method, device, equipment and medium in block chain network Download PDFInfo
- Publication number
- CN115987683A CN115987683A CN202310247775.8A CN202310247775A CN115987683A CN 115987683 A CN115987683 A CN 115987683A CN 202310247775 A CN202310247775 A CN 202310247775A CN 115987683 A CN115987683 A CN 115987683A
- Authority
- CN
- China
- Prior art keywords
- node
- interface
- network address
- client
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the disclosure discloses a method, a device, equipment and a medium for controlling node access in a block chain network, wherein the method comprises the following steps: the gateway acquires a preset network address list from an interface management platform; the gateway determines whether the network address of the client in the node access request exists in a preset network address list or not; when the network address exists in the preset network address list, the gateway sends the network address to the interface management platform; the interface management platform determines whether a node interface of the first node is in butt joint with the network address; when the node interface of the first node is not in butt joint with the network address, the interface management platform sends a calling instruction allowing calling the node interface of the first node to the gateway; when the gateway receives the call instruction, the gateway control interface service platform sends a node interface of the first node to the client; the client accesses the first node through the node interface of the first node.
Description
Technical Field
The present disclosure relates to data access technologies and blockchain technologies, and in particular, to a method, an apparatus, a device, and a medium for controlling access to a node in a blockchain network.
Background
The building of the blockchain technology on the network of blockchains is one of the important factors determining the operation efficiency of blockchains. The blockchain network is provided with a plurality of nodes, the nodes are used for storing and/or processing data in the blockchain, and a user can view the data in the nodes, the states of the nodes and the like by accessing the nodes. In the prior art, a user usually directly accesses a node to obtain data in the node, so that the node has a large potential safety hazard.
Disclosure of Invention
The embodiments of the present disclosure provide a method, an apparatus, a device, and a medium for controlling node access in a blockchain network, so as to solve the above technical problems.
In one aspect of the embodiments of the present disclosure, a method for controlling access to a node in a blockchain network is provided, where the method includes: in response to a gateway receiving a node access request of a first node in an access block chain network sent by a client, the gateway acquires a preset network address list from an interface management platform; the gateway determines whether the network address of the client in the node access request exists in the preset network address list; responding to the network address existing in the preset network address list, and sending the network address to the interface management platform by the gateway; the interface management platform determining whether a node interface of the first node interfaces with the network address; in response to the node interface of the first node not being docked with the network address, the interface management platform sending a call instruction to the gateway that allows the node interface of the first node to be called; responding to the gateway receiving the calling instruction, and sending a node interface of the first node to the client by the gateway control interface service platform; the client accesses the first node through a node interface of the first node.
Optionally, in the method according to any of the foregoing embodiments of the present disclosure, the node access request includes an interface key of the client, where the interface key of the client is issued by the interface management platform; the interface management platform determining whether a node interface of the first node interfaces with the network address, comprising: and the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
Optionally, in the method according to any of the foregoing embodiments of the present disclosure, before the sending, by the interface management platform to the gateway, a call instruction that allows to call a node interface of the first node, the method further includes: the interface management platform interfaces the node interface of the first node with the interface key of the client to interface the node interface of the first node with the network address.
Optionally, in the method according to any of the above embodiments of the present disclosure, the method further includes: the interface management platform determines the corresponding access authority of the network address of the client in the corresponding list between the preset access authority and the network address by using the corresponding list between the preset access authority and the network address; determining whether the client has the authority to access the first node or not based on the access authority corresponding to the network address of the client; the responding to the node interface of the first node not being docked with the network address, the interface management platform sending a calling instruction which allows calling the node interface of the first node to the gateway, and the calling instruction comprises: and responding to the client side having the authority of accessing the first node and the node interface of the first node not being in butt joint with the network address, the interface management platform sends the calling instruction to the gateway.
Optionally, in the method according to any of the foregoing embodiments of the present disclosure, the method further includes: in response to the gateway receiving a data updating request sent by the client for updating data in a second node in the blockchain network, the gateway sending the data updating request to the interface management platform; the interface management platform determines whether the node interface of the second node is in butt joint with the network address of the client in the data updating request according to the interface key of the client in the data updating request; responding to the butt joint of a node interface of the second node and the network address of the client, and determining the corresponding data updating permission of the network address of the client in a corresponding list between the preset data updating permission and the network address according to a corresponding list between the preset data updating permission and the network address by the gateway; determining whether the client has the authority of updating the data in the second node or not according to the data updating authority corresponding to the network address of the client; and in response to the client having the authority to update the data in the second node, the gateway allows the client to update the data to be updated in the data update request in the second node.
Optionally, in the method according to any of the above embodiments of the present disclosure, the method further includes: the interface management platform determines whether the data format of the data to be updated is the preset data format; the responding to the butt joint of the node interface of the second node and the network address of the client, the gateway determining the corresponding data updating authority of the network address of the client in the corresponding list between the preset data updating authority and the network address according to the corresponding list between the preset data updating authority and the network address, and the method comprises the following steps: and in response to the fact that the node interface of the second node is in butt joint with the network address of the client, and the data format of the data to be updated is the preset data format, the gateway determines the corresponding data updating permission of the network address of the client in the corresponding list between the preset data updating permission and the network address according to the corresponding list between the preset data updating permission and the network address.
In another aspect of the embodiments of the present disclosure, an apparatus for controlling access to a node in a blockchain network is provided, including: the system comprises a first acquisition module, a first network address acquisition module and a first network address acquisition module, wherein the first acquisition module is used for responding to a node access request of a first node in an access block chain network sent by a client received by a gateway, and the gateway acquires a preset network address list from an interface management platform; a first determining module, configured to determine, by the gateway, whether a network address of the client in the node access request exists in the preset network address list; a first sending module, configured to, in response to that the network address exists in the preset network address list, send, by the gateway, the network address to the interface management platform; a second determining module, configured to determine, by the interface management platform, whether a node interface of the first node is docked with the network address; a second sending module, configured to, in response to that the node interface of the first node is not docked with the network address, send, by the interface management platform to the gateway, a call instruction that allows a call to the node interface of the first node; the control module is used for responding to the calling instruction received by the gateway, and the gateway control interface service platform sends the node interface of the first node to the client; and the access module is used for the client to access the first node through the node interface of the first node. Optionally, in the apparatus according to any of the foregoing embodiments of the present disclosure, the node access request includes an interface key of the client, where the interface key of the client is issued by the interface management platform; the second determining module is further configured to: and the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
In another aspect of an embodiment of the present disclosure, there is provided an electronic device including: a memory for storing a computer program; and a processor for executing the computer program stored in the memory, wherein when the computer program is executed, the node access control method in the blockchain network is realized.
In a further aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the above method for controlling access to nodes in a blockchain network.
The embodiment of the disclosure provides a method, a device, equipment and a medium for controlling node access in a block chain network, wherein the method comprises the following steps: when the client accesses the first node, the network address of the client is verified through the gateway, whether the client can call the node interface of the first node or not is determined, the reliability of the client is verified, and the safety of data in the node is effectively guaranteed. In addition, the node interfaces are managed in a unified mode through the interface management platform in the embodiment of the disclosure, the condition that the node interfaces are in butt joint with the network addresses is rapidly determined, and therefore the calling efficiency of the node interfaces is improved.
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a flowchart illustrating an embodiment of a method for controlling access to nodes in a blockchain network according to the present disclosure;
fig. 2 is a flow chart illustrating another embodiment of a method for controlling access to nodes in a blockchain network according to an embodiment of the present disclosure;
FIG. 3 is a flow diagram illustrating a method for controlling access to nodes in a blockchain network according to yet another embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an embodiment of a node access control apparatus in a blockchain network according to the present disclosure;
fig. 5 is a schematic structural diagram of an embodiment of an electronic device according to the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
It will be understood by those of skill in the art that the terms "first," "second," and the like in the embodiments of the present disclosure are used merely to distinguish one element from another, and are not intended to imply any particular technical meaning, nor is the necessary logical order between them.
It is also understood that in embodiments of the present disclosure, "a plurality" may refer to two or more and "at least one" may refer to one, two or more.
It is also to be understood that any reference to any component, data, or structure in the embodiments of the disclosure, may be generally understood as one or more, unless explicitly defined otherwise or stated otherwise.
In addition, the term "and/or" in the present disclosure is only one kind of association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B, may indicate: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the former and latter associated objects are in an "or" relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and the same or similar parts may be referred to each other, so that the descriptions thereof are omitted for brevity.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The disclosed embodiments may be applied to electronic devices such as terminal devices, computer systems, servers, etc., which are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with electronic devices, such as terminal devices, computer systems, servers, and the like, include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, networked personal computers, minicomputer systems, mainframe computer systems, distributed cloud computing environments that include any of the above, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system/server may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
The technique of the narrowly defined Blockchain (Blockchain) may be a chain data structure in which data blocks are combined in a sequential connection manner according to a time sequence, and a distributed ledger which is cryptographically secured and cannot be tampered and forged. The generalized block chain technology can verify and store data by using a block chain type data structure, generate and update data by using a Node consensus algorithm, ensure the safety of data transmission and access by using a cryptology mode, and use an intelligent contract consisting of automatic script codes. A node in a blockchain network generally refers to a computer in the blockchain network, that is, any computer (including a mobile phone, a server, etc.) connected to the blockchain network is called a node, and the blockchain network generally has a plurality of nodes for storing and/or processing data.
Fig. 1 is a flowchart illustrating a method for controlling access to a node in a blockchain network according to an embodiment of the present disclosure. The present embodiment can be applied to an electronic device, and as shown in fig. 1, the method for controlling access to a node in a blockchain network of the present embodiment includes the following steps:
step S110, in response to the gateway receiving a node access request for accessing a first node in the blockchain network sent by the client, the gateway obtains a preset network address list from the interface management platform.
The first node may be any node in the block chain network, and the node access request may include: the node identifier is used for uniquely identifying a node identifier of the first node and a network Address of the client, where the network Address of the client may be a URL (Uniform Resource Locator), an IP (Internet Protocol Address), and the like of the client, and the node identifier may be a custom code, a DID (Decentralized Identity) identifier, and the like.
The interface management platform stores a preset network address list, and the preset network address list records a plurality of network addresses which can allow the access node. The network address in the preset network address list may be a URL, an IP address, or the like.
The client may be a computer, server, etc. The interface management platform can be deployed on a computer, a server and the like, and is used for managing the interfaces of the nodes. Gateways (gateways), also called internetwork connectors, protocol converters, are the "gateways" that connect one network to another; the gateway realizes network interconnection on a network layer, is complex network interconnection equipment, and can be used for interconnection of a wide area network and a local area network.
In one embodiment, the client may register with the interface management platform before accessing a node in the blockchain network, so that the network address of the client is recorded in the preset network address list. The registering mode in the interface management platform may include: the client sends the network address of the client and the registration information required by the interface management platform to the interface management platform, the interface management platform audits the registration information, and after the audit of the registration information is passed, the interface management platform stores the network address of the client into a preset network address list, wherein the registration information may include identity information of the client, such as a business license, a unified social credit code, and the like.
In step S120, the gateway determines whether the network address of the client in the node access request exists in a preset network address list.
In an implementation manner, when a client needs to access a first node, the client sends a node access request for accessing the first node to a gateway, when the gateway receives the node access request, the gateway obtains a preset network address list from an interface management platform, the gateway traverses the preset network address list, determines whether a network address identical to the network address of the client exists in the preset network address list, and when the network address identical to the network address of the client exists in the preset network address list, determines that the network address of the client exists in the preset network address list, otherwise, determines that the network address of the client does not exist in the preset network address list.
Step S130, in response to that the network address of the client exists in the preset network address list, the gateway sends the network address of the client to the interface management platform.
When the gateway determines that the network address of the client exists in the preset network address list, the gateway sends the network address of the client to the interface management platform.
In step S140, the interface management platform determines whether the node interface of the first node is docked with the network address of the client.
The node Interface may be an API (Application Programming Interface), which is a set of definitions, programs, and protocols, and may implement mutual communication between computer software through the API Interface. The client may interact and communicate with the first node through the node interface of the first node, e.g., the client may access the first node through the node interface of the first node.
The node interface is in butt joint with the network address, and the client corresponding to the network address calls the node interface and can communicate and interact with the node corresponding to the node interface through the node interface.
In one embodiment, the interface management platform stores a corresponding list and a node state list between the node identification and the node interface; the node state list records node interface states of all nodes in the blockchain network address, the node interface state of each node comprises a network address in butt joint with the node interface, and a corresponding relation between the node identifier of each node in the blockchain network and the node interface of the node is stored in a corresponding list between the node identifier and the node interface. The interface management platform may query a node interface of the first node corresponding to the node identifier of the first node in a corresponding list between the node identifier and the node interface, then traverse a network address to which the node interface of the first node is docked in a node state list, determine whether a network address identical to the network address of the client exists in the network addresses to which the node interface of the first node is docked, determine that the node interface of the first node is not docked with the network address of the client when the network address identical to the network address of the client does not exist in the network addresses to which the node interface of the first node is docked, and otherwise determine that the node interface of the first node is docked with the network address of the client. When the node interface of the first node is determined to be in interface with the network address of the client, the client is indicated to have called the node interface of the first node.
Step S150, in response to that the node interface of the first node is not docked with the network address of the client, the interface management platform sends, to the gateway, a call instruction that allows the node interface of the first node to be called.
In one embodiment, when the interface management platform determines that the node interface of the first node is not docked with the network address of the client, the interface management platform sends a call instruction to the gateway that allows the node interface of the first node to be called.
Step S160, in response to the gateway receiving the call instruction, the gateway control interface service platform sends the node interface of the first node to the client.
The interface service platform may be deployed on a computer, a server, or the like, and node interfaces of each node in the block chain network are stored in the interface service platform. In an embodiment, when the gateway receives the call instruction, the gateway sends an interface call instruction allowing the client to call the node interface of the first node to the interface service platform, and after the interface service platform receives the interface call instruction, the interface service platform sends the node interface of the first node to the client, that is, returns the node interface of the first node to the client.
In step S170, the client accesses the first node through the node interface of the first node.
The client accesses the first node through the node interface of the first node, checks data in the first node and the like.
In the embodiment of the disclosure, when the client accesses the first node, the network address of the client is verified through the gateway, and whether the client can call the node interface of the first node is determined, so that the reliability of the client is verified, and the security of data in the node is effectively ensured. In addition, in the embodiment of the disclosure, the node interfaces are managed in a unified manner through the interface management platform, so that the condition that the node interfaces are in butt joint with the network addresses is quickly determined, and the calling efficiency of the node interfaces is further improved.
In an alternative embodiment, the node access request in the embodiments of the present disclosure includes an interface key of the client, which is issued by the interface management platform. Step S140 in the embodiment of the present disclosure further includes: and the interface management platform determines whether the node interface of the first node is in butt joint with the network address of the client according to whether the node interface of the first node is in butt joint with the interface key of the client.
The interface Key is used for interfacing with the node interface, and may be an API Key, which may be an encryption string and may be used when the node interface is called. And when the node interface of the first node is in butt joint with the interface key of the client, determining that the node interface of the first node is in butt joint with the network address of the client, otherwise, determining that the node interface of the first node is not in butt joint with the network address of the client.
In one embodiment, after the client is successfully registered in the interface management platform, the interface management platform performs hash calculation on the network address of the client to obtain a hash value of the network address of the client, a token (token) can be generated through a token generation program, then the hash value of the network address of the client and the token form an interface key of the client, the interface key of the client and the network address of the client are bound to form a corresponding relationship between the interface key of the client and the network address of the client, then the corresponding relationship between the interface key of the client and the network address of the client is stored in a preset network address list, and the interface management platform sends the interface key of the client to the client.
In one embodiment, the node status list further records an interface key for interfacing with a node interface of each node in the blockchain network. When determining that the node interface of the first node is in butt joint with the interface key of the client, the interface management platform may determine that the node interface of the first node is in butt joint with the network address of the client.
In an optional embodiment, step S150 in the embodiment of the present disclosure further includes, before: the interface management platform interfaces the node interface of the first node with the interface key of the client to interface the node interface of the first node with the network address of the client.
Before the interface management platform sends a calling instruction allowing calling of the node interface of the first node to the gateway, the interface management platform enables the node interface of the first node to be in butt joint with the interface key of the client, so that the node interface of the first node is in butt joint with the network address of the client.
In an embodiment, before the interface management platform sends a call instruction allowing a node interface of a first node to be called to the gateway, the interface management platform obtains an interface key of a client corresponding to the network address of the client in the network address list according to the network address of the client and a corresponding relationship between the interface key of the client and the network address of the client in the preset network address list, and uses the interface key as a verification interface key, the interface management platform compares the verification interface key with the interface key of the client in the access request, and when the verification interface key is the same as the interface key of the client in the access request, the interface management platform updates a node interface state of the first node in the node state list to be in butt joint between the node interface of the first node and the interface key of the client, and updates a node interface state of the first node to be in butt joint between the node interface of the first node and the network address of the client, thereby completing the butt joint between the node interface of the first node and the interface key of the client by the interface management platform.
In an alternative embodiment, as shown in fig. 2, the method in the embodiment of the present disclosure further includes the following steps:
step S210, the interface management platform determines, by using the corresponding list between the preset access right and the network address, the access right corresponding to the network address of the client in the corresponding list between the preset access right and the network address.
Step S220, determining whether the client has the right to access the first node based on the access right corresponding to the network address of the client.
The interface management platform stores a corresponding list between preset access authority and network addresses, the corresponding list between the preset access authority and the network addresses stores access authorities of a plurality of network addresses, and the access authority of the network addresses is used for indicating which nodes a client corresponding to the network addresses has authority to access.
In one embodiment, before step S150, that is, before the interface management platform sends the gateway a call instruction allowing to call the node interface of the first node, the interface management platform queries the access right corresponding to the network address of the client according to a corresponding list between the preset access right and the network address, and when the access right corresponding to the network address of the client indicates that the network address of the client has the right to access the first node, it is determined that the client has the right to access the first node, otherwise, it is determined that the client does not have the right to access the first node.
In an optional embodiment, step S150 in the embodiment of the present disclosure further includes: and in response to the client having the right to access the first node and the node interface of the first node not being in butt joint with the network address of the client, the interface management platform sends a calling instruction to the gateway.
In one embodiment, when the interface management platform simultaneously determines that the client has the right to access the first node and the node interface of the first node is not in butt joint with the network address of the client, the interface management platform sends a calling instruction to the gateway; when the interface management platform determines that the client does not have the authority of accessing the first node and/or the node interface of the first node is in butt joint with the network address, the interface management platform sends an instruction for prohibiting the client from calling the node interface of the first node to the gateway.
In an alternative embodiment, as shown in fig. 3, the method in the embodiment of the present disclosure further includes the following steps:
step S310, in response to the gateway receiving a data update request for updating data in the second node in the blockchain network sent by the client, the gateway sends the data update request to the interface management platform.
Wherein the data update request comprises: the data to be updated can be newly added data or can be the modification of the existing data in the second node. The second node may be any node in the blockchain network.
In one embodiment, when the gateway receives a data update request sent by a client, the gateway sends the data update request to the interface management platform.
Step S320, the interface management platform determines whether the node interface of the second node is in butt joint with the network address of the client in the data update request according to the interface key of the client in the data update request.
In an embodiment, the interface management platform may traverse the correspondence list between the node identifier and the node interface, determine the node interface of the second node corresponding to the node identifier of the second node in the data update request, then determine whether the node interface of the second node is in interface key docking with the client according to the node status list, and when it is determined that the node interface of the second node is in interface key docking with the client, may determine that the node interface of the second node is in network address docking with the client.
Step S330, in response to the docking of the node interface of the second node with the network address of the client, the gateway determines the corresponding data update permission of the network address of the client in the corresponding list between the preset data update permission and the network address according to the corresponding list between the preset data update permission and the network address.
The gateway stores a corresponding list between preset data updating authority and network addresses, the corresponding list between the preset data updating authority and the network addresses stores data updating authorities of a plurality of network addresses, and the data updating authority of the network addresses is used for indicating whether a client corresponding to the network addresses has the authority of updating data in the nodes.
Step S340, determining whether the client has the authority to update the data in the second node according to the data update authority corresponding to the network address of the client.
In one embodiment, when the interface management platform determines that the node interface of the second node is in butt joint with the network address of the client, the interface management platform sends a message including the butt joint of the node interface of the second node and the network address of the client to the gateway, and after the gateway receives the message, the gateway queries a corresponding list between preset data updating permission and the network address and determines the data updating permission corresponding to the network address of the client. And when the data updating permission corresponding to the network address of the client indicates that the network address of the client has the permission to update the data, determining that the client has the permission to update the data in the second node, otherwise, determining that the client does not have the permission to update the data in the second node.
In step S350, in response to that the client has the authority to update the data in the second node, the gateway allows the client to update the data to be updated in the data update request in the second node.
In an optional embodiment, the method in the embodiments of the present disclosure further comprises: the interface management platform determines whether the data format of the data to be updated is a preset data format.
The interface management platform stores a preset data format, and the preset data format is the same as the data format in the nodes in the block chain network. The data format (data format) is a rule describing the data stored in a file or record, and may be a text format in the form of characters, or a compressed format in the form of binary data.
In an embodiment, after determining that the node interface of the second node is in a docking with the network address of the client, the interface management platform may determine whether a data format of the data to be updated is a preset data format.
In an optional embodiment, step S330 in the embodiment of the present disclosure further includes: and responding to the butt joint of the node interface of the second node and the network address of the client, wherein the data format of the data to be updated is a preset data format, and the gateway determines the corresponding data updating permission of the network address of the client in the corresponding list between the preset data updating permission and the network address according to the corresponding list between the preset data updating permission and the network address.
When the interface management platform determines that the data format of the data to be updated is a preset data format and the node interface of the second node is in butt joint with the network address of the client, the interface management platform sends a message, including the data format of the data to be updated is the preset data format and the node interface of the second node is in butt joint with the network address of the client, to the gateway, and when the gateway receives the message, the gateway determines the data updating permission corresponding to the network address of the client according to a corresponding list between the preset data updating permission and the network address; and when the interface management platform determines that the data format of the data to be updated is not the preset data format and/or the node interface of the second node is not in butt joint with the network address of the client, the interface management platform sends an update refusing message to the gateway, and the gateway refuses the client to update the data to be updated to the second node.
Fig. 4 shows a block diagram of a node access control device in a blockchain network in an embodiment of the present disclosure. As shown in fig. 3, the node access control apparatus in the blockchain network according to this embodiment includes:
a first obtaining module 410, configured to, in response to a gateway receiving a node access request for accessing a first node in a block chain network sent by a client, obtain, by the gateway, a preset network address list from an interface management platform;
a first determining module 420, configured to determine, by the gateway, whether the network address of the client in the node access request exists in the preset network address list;
a first sending module 430, configured to, in response to that the network address exists in the preset network address list, send, by the gateway, the network address to the interface management platform;
a second determining module 440, configured to determine, by the interface management platform, whether the node interface of the first node is interfaced with the network address;
a second sending module 450, configured to, in response to that the node interface of the first node is not docked with the network address, send, by the interface management platform to the gateway, a call instruction that allows a call to the node interface of the first node;
the control module 460 is configured to, in response to the gateway receiving the call instruction, send the node interface of the first node to the client through the gateway control interface service platform;
an accessing module 470, configured to access the first node through the node interface of the first node by the client.
In an optional embodiment mode, the node access request comprises an interface key of the client, and the interface key of the client is issued by the interface management platform; the second determining module 440 is further configured to: and the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
In an optional embodiment, before the sending, by the interface management platform, a call instruction allowing a call to a node interface of the first node to the gateway, the method further includes:
and the interface updating module is used for the interface management platform to butt the node interface of the first node with the interface key of the client so as to butt the node interface of the first node with the network address.
In an optional embodiment, the apparatus further comprises:
a third determining module, configured to determine, by the interface management platform, an access right corresponding to the network address of the client in a corresponding list between a preset access right and a network address by using the corresponding list between the preset access right and the network address; determining whether the client has the authority to access the first node or not based on the access authority corresponding to the network address of the client;
the second sending module 450 is further configured to: and responding to the client side having the authority of accessing the first node and the node interface of the first node not being in butt joint with the network address, the interface management platform sends the calling instruction to the gateway.
In an alternative embodiment, the apparatus further comprises:
a third sending module, configured to, in response to the gateway receiving a data update request sent by the client to update data in a second node in the blockchain network, send the data update request to the interface management platform by the gateway;
a fourth determining module, configured to determine, by the interface management platform, whether the node interface of the second node is in butt joint with the network address of the client in the data update request according to the interface key of the client in the data update request;
a fifth determining module, configured to determine, by the gateway according to a correspondence list between preset data update permissions and network addresses, data update permissions corresponding to the network addresses of the clients in the correspondence list between the preset data update permissions and the network addresses in response to docking of a node interface of the second node with the network addresses of the clients;
a sixth determining module, configured to determine whether the client has an authority to update data in the second node according to a data update authority corresponding to the network address of the client;
and the permission module is used for responding to the client having the authority of updating the data in the second node, and the gateway allows the client to update the data to be updated in the data updating request in the second node.
In an alternative embodiment, the apparatus further comprises:
a seventh determining module, configured to determine, by the interface management platform, whether a data format of the data to be updated is the preset data format;
the fifth determining module is further configured to: and in response to the fact that the node interface of the second node is in butt joint with the network address of the client, and the data format of the data to be updated is the preset data format, the gateway determines the corresponding data updating permission of the network address of the client in the corresponding list between the preset data updating permission and the network address according to the corresponding list between the preset data updating permission and the network address.
In addition, an embodiment of the present disclosure also provides an electronic device, including:
a memory for storing a computer program;
a processor, configured to execute the computer program stored in the memory, and when the computer program is executed, implement the node access control method in the blockchain network according to any of the above embodiments of the present disclosure.
Fig. 5 is a schematic structural diagram of an embodiment of an electronic device according to the present disclosure. Next, an electronic apparatus according to an embodiment of the present disclosure is described with reference to fig. 5. The electronic device may be either or both of the first device and the second device, or a stand-alone device separate from them, which stand-alone device may communicate with the first device and the second device to receive the acquired input signals therefrom.
As shown in fig. 5, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device to perform desired functions.
The memory may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer-readable storage medium and executed by a processor to implement the node access control method of the various embodiments of the disclosure described above and/or other desired functionality.
In one example, the electronic device may further include: an input device and an output device, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
The input means may also comprise, for example, a keyboard, a mouse, etc.
The output device may output various information including the determined distance information, direction information, and the like to the outside. The output devices may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 5, omitting components such as buses, input/output interfaces, and the like. In addition, the electronic device may include any other suitable components, depending on the particular application.
In addition to the above methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in the method of node access control in a blockchain network according to various embodiments of the present disclosure described in the above section of this specification.
The computer program product may write program code for carrying out operations for embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions which, when executed by a processor, cause the processor to perform the steps in the method for node access control in a blockchain network according to various embodiments of the present disclosure described in the above section of the present specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Those of ordinary skill in the art will understand that: all or part of the steps of implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer-readable storage medium, and when executed, executes the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The foregoing describes the general principles of the present disclosure in conjunction with specific embodiments, however, it is noted that the advantages, effects, etc. mentioned in the present disclosure are merely examples and are not limiting, and they should not be considered essential to the various embodiments of the present disclosure. Furthermore, the foregoing disclosure of specific details is for the purpose of illustration and description and is not intended to be limiting, since the disclosure will be described in detail with reference to specific details.
In the present specification, the embodiments are described in a progressive manner, and each embodiment focuses on differences from other embodiments, and the same or similar parts in each embodiment are referred to each other. For the system embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The block diagrams of devices, apparatuses, devices, systems involved in the present disclosure are only given as illustrative examples and are not intended to require or imply that the connections, arrangements, configurations must be made in the manner shown in the block diagrams. These devices, apparatuses, devices, systems may be connected, arranged, configured in any manner, as will be appreciated by those skilled in the art. Words such as "including," "comprising," "having," and the like are open-ended words that mean "including, but not limited to," and are used interchangeably herein. The words "or" and "as used herein mean, and are used interchangeably with, the word" and/or, "unless the context clearly dictates otherwise. The word "such as" is used herein to mean, and is used interchangeably with, the phrase "such as but not limited to".
The method and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the devices, apparatuses, and methods of the present disclosure, each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be considered equivalents of the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit embodiments of the disclosure to the form disclosed herein. While a number of example aspects and embodiments have been discussed above, those of skill in the art will recognize certain variations, modifications, alterations, additions and sub-combinations thereof.
Claims (10)
1. A method for controlling access to nodes in a blockchain network, comprising:
in response to a gateway receiving a node access request of a first node in an access block chain network sent by a client, the gateway acquires a preset network address list from an interface management platform;
the gateway determines whether the network address of the client in the node access request exists in the preset network address list;
responding to the network address existing in the preset network address list, and sending the network address to the interface management platform by the gateway;
the interface management platform determining whether a node interface of the first node interfaces with the network address;
in response to the node interface of the first node not being docked with the network address, the interface management platform sending a call instruction to the gateway that allows the node interface of the first node to be called;
responding to the gateway receiving the calling instruction, the gateway control interface service platform sending the node interface of the first node to the client;
the client accesses the first node through a node interface of the first node.
2. The method of claim 1, wherein the node access request comprises an interface key of the client, the interface key of the client being issued by the interface management platform;
the interface management platform determining whether a node interface of the first node interfaces with the network address, comprising:
and the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
3. The method of claim 2, wherein the interface management platform further comprises, before sending a call instruction to the gateway to allow the call to the node interface of the first node:
the interface management platform interfaces the node interface of the first node with the interface key of the client to interface the node interface of the first node with the network address.
4. The method according to any one of claims 1-3, further comprising:
the interface management platform determines the corresponding access authority of the network address of the client in the corresponding list between the preset access authority and the network address by using the corresponding list between the preset access authority and the network address;
determining whether the client has the authority to access the first node or not based on the access authority corresponding to the network address of the client;
the responding to the node interface of the first node not being docked with the network address, the interface management platform sending a calling instruction which allows calling the node interface of the first node to the gateway, and the calling instruction comprises:
and responding to the client side having the authority of accessing the first node and the node interface of the first node not being in butt joint with the network address, the interface management platform sends the calling instruction to the gateway.
5. The method of claim 1, further comprising:
in response to the gateway receiving a data update request sent by the client for updating data in a second node in the blockchain network, the gateway sending the data update request to the interface management platform;
the interface management platform determines whether the node interface of the second node is in butt joint with the network address of the client in the data updating request according to the interface key of the client in the data updating request;
responding to the butt joint of a node interface of the second node and the network address of the client, and determining the corresponding data updating authority of the network address of the client in the corresponding list between the preset data updating authority and the network address according to the corresponding list between the preset data updating authority and the network address by the gateway;
determining whether the client has the authority to update the data in the second node or not according to the data updating authority corresponding to the network address of the client;
in response to the client having the authority to update the data in the second node, the gateway allows the client to update the data to be updated in the data update request in the second node.
6. The method of claim 5, further comprising:
the interface management platform determines whether the data format of the data to be updated is the preset data format;
the responding to the butt joint of the node interface of the second node and the network address of the client, the gateway determining the corresponding data updating authority of the network address of the client in the corresponding list between the preset data updating authority and the network address according to the corresponding list between the preset data updating authority and the network address, and the method comprises the following steps:
and in response to the fact that the node interface of the second node is in butt joint with the network address of the client, and the data format of the data to be updated is the preset data format, the gateway determines the corresponding data updating permission of the network address of the client in the corresponding list between the preset data updating permission and the network address according to the corresponding list between the preset data updating permission and the network address.
7. An apparatus for controlling access to nodes in a blockchain network, comprising:
the system comprises a first acquisition module, a first management module and a second acquisition module, wherein the first acquisition module is used for responding to a node access request of a first node in an access block chain network sent by a client received by a gateway, and the gateway acquires a preset network address list from an interface management platform;
a first determining module, configured to determine, by the gateway, whether a network address of the client in the node access request exists in the preset network address list;
the first sending module is used for responding to the fact that the network address exists in the preset network address list, and the gateway sends the network address to the interface management platform;
a second determining module, configured to determine, by the interface management platform, whether a node interface of the first node is docked with the network address;
a second sending module, configured to, in response to that the node interface of the first node is not docked with the network address, send, by the interface management platform, a call instruction that allows a call to the node interface of the first node to the gateway;
the control module is used for responding to the calling instruction received by the gateway, and the gateway control interface service platform sends the node interface of the first node to the client;
and the access module is used for the client to access the first node through the node interface of the first node.
8. The apparatus of claim 7, wherein the node access request comprises an interface key of the client, the interface key of the client being issued by the interface management platform;
the second determining module is further configured to: and the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing a computer program stored in the memory, and when executed, implementing a method of node access control in a blockchain network according to any of the preceding claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method for node access control in a blockchain network according to any one of the preceding claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310247775.8A CN115987683B (en) | 2023-03-15 | 2023-03-15 | Node access control method, device, equipment and medium in block chain network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310247775.8A CN115987683B (en) | 2023-03-15 | 2023-03-15 | Node access control method, device, equipment and medium in block chain network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115987683A true CN115987683A (en) | 2023-04-18 |
| CN115987683B CN115987683B (en) | 2023-07-28 |
Family
ID=85968358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310247775.8A Active CN115987683B (en) | 2023-03-15 | 2023-03-15 | Node access control method, device, equipment and medium in block chain network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115987683B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103929419A (en) * | 2014-03-28 | 2014-07-16 | 小米科技有限责任公司 | Access control method and device |
| CN109167780A (en) * | 2018-08-28 | 2019-01-08 | 下代互联网重大应用技术(北京)工程研究中心有限公司 | A kind of method, equipment, system and the medium of the access of control resource |
| CN111010372A (en) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | Block chain network identity authentication system, data processing method and gateway equipment |
| WO2020123898A1 (en) * | 2018-12-13 | 2020-06-18 | Neji, Inc. | Decentralized dynamic host configuration protocol using blockchain-based smart contracts |
| CN111371739A (en) * | 2020-02-14 | 2020-07-03 | 重庆邮电大学 | Internet of things data access control method based on block chain technology |
| CN111698228A (en) * | 2020-05-28 | 2020-09-22 | 中国平安财产保险股份有限公司 | System access authority granting method, device, server and storage medium |
| CN111786998A (en) * | 2020-06-30 | 2020-10-16 | 成都新潮传媒集团有限公司 | Authority management method and device based on micro-service calling and storage medium |
| CN112134828A (en) * | 2019-06-25 | 2020-12-25 | 中国信息通信研究院 | Method and system for controlling user access |
| CN113382017A (en) * | 2021-06-29 | 2021-09-10 | 深圳壹账通智能科技有限公司 | Permission control method and device based on white list, electronic equipment and storage medium |
| CN113542117A (en) * | 2021-07-09 | 2021-10-22 | 重庆邮电大学 | Internet of things equipment resource access control method based on hierarchical block chain |
| US20210390201A1 (en) * | 2020-06-15 | 2021-12-16 | Allstate Solutions Private Limited | Distributed Ledger Interface System for Background Verification of an Individual |
| CN114499942A (en) * | 2021-12-22 | 2022-05-13 | 天翼云科技有限公司 | Data access method and device and electronic equipment |
| CN114612103A (en) * | 2022-05-10 | 2022-06-10 | 中国信息通信研究院 | Method, device, system, medium and electronic equipment for cross-block chain transaction |
| CN114826749A (en) * | 2022-04-30 | 2022-07-29 | 济南浪潮数据技术有限公司 | Interface access control method, device and medium |
| CN114826661A (en) * | 2022-03-18 | 2022-07-29 | 浪潮卓数大数据产业发展有限公司 | Data access method, device and medium based on open API |
-
2023
- 2023-03-15 CN CN202310247775.8A patent/CN115987683B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103929419A (en) * | 2014-03-28 | 2014-07-16 | 小米科技有限责任公司 | Access control method and device |
| CN109167780A (en) * | 2018-08-28 | 2019-01-08 | 下代互联网重大应用技术(北京)工程研究中心有限公司 | A kind of method, equipment, system and the medium of the access of control resource |
| WO2020123898A1 (en) * | 2018-12-13 | 2020-06-18 | Neji, Inc. | Decentralized dynamic host configuration protocol using blockchain-based smart contracts |
| CN112134828A (en) * | 2019-06-25 | 2020-12-25 | 中国信息通信研究院 | Method and system for controlling user access |
| CN111010372A (en) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | Block chain network identity authentication system, data processing method and gateway equipment |
| CN111371739A (en) * | 2020-02-14 | 2020-07-03 | 重庆邮电大学 | Internet of things data access control method based on block chain technology |
| CN111698228A (en) * | 2020-05-28 | 2020-09-22 | 中国平安财产保险股份有限公司 | System access authority granting method, device, server and storage medium |
| US20210390201A1 (en) * | 2020-06-15 | 2021-12-16 | Allstate Solutions Private Limited | Distributed Ledger Interface System for Background Verification of an Individual |
| CN111786998A (en) * | 2020-06-30 | 2020-10-16 | 成都新潮传媒集团有限公司 | Authority management method and device based on micro-service calling and storage medium |
| CN113382017A (en) * | 2021-06-29 | 2021-09-10 | 深圳壹账通智能科技有限公司 | Permission control method and device based on white list, electronic equipment and storage medium |
| CN113542117A (en) * | 2021-07-09 | 2021-10-22 | 重庆邮电大学 | Internet of things equipment resource access control method based on hierarchical block chain |
| CN114499942A (en) * | 2021-12-22 | 2022-05-13 | 天翼云科技有限公司 | Data access method and device and electronic equipment |
| CN114826661A (en) * | 2022-03-18 | 2022-07-29 | 浪潮卓数大数据产业发展有限公司 | Data access method, device and medium based on open API |
| CN114826749A (en) * | 2022-04-30 | 2022-07-29 | 济南浪潮数据技术有限公司 | Interface access control method, device and medium |
| CN114612103A (en) * | 2022-05-10 | 2022-06-10 | 中国信息通信研究院 | Method, device, system, medium and electronic equipment for cross-block chain transaction |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115987683B (en) | 2023-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108848119B (en) | Cross-block-chain interaction method, device, system and electronic equipment | |
| CN112073400A (en) | Access control method, system and device and computing equipment | |
| CN110839087B (en) | Interface calling method and device, electronic equipment and computer readable storage medium | |
| CN111343168B (en) | Identity authentication method and device, computer equipment and readable storage medium | |
| CN112087502B (en) | Method, device and equipment for processing request and storage medium | |
| US11245577B2 (en) | Template-based onboarding of internet-connectible devices | |
| CN109240837B (en) | Construction method of universal cloud storage service API | |
| CN110933092A (en) | JWT (just-in-one wt) based single sign-on realization method and device | |
| JP2022525551A (en) | Preventing erroneous transmission of copies of data records to distributed ledger systems | |
| CN111260475A (en) | Data processing method, block chain node point equipment and storage medium | |
| CN111371889B (en) | Message processing method and device, internet of things system and storage medium | |
| CN110347750B (en) | Block chain-based data processing method and device | |
| WO2024146285A1 (en) | Blockchain-based data processing method, device, and readable storage medium | |
| CN115987683B (en) | Node access control method, device, equipment and medium in block chain network | |
| CN114885024A (en) | Routing method, device, equipment and medium of application example | |
| US11582345B2 (en) | Context data management interface for contact center | |
| CN113472781A (en) | Service acquisition method, server and computer readable storage medium | |
| CN113485731A (en) | Intelligent contract upgrading method and system for block chain | |
| JP5636394B2 (en) | Information processing apparatus, information processing method, and program | |
| CN112346888A (en) | Data communication method and device based on software application and server equipment | |
| CN113765871A (en) | Fortress management method and device | |
| CN115270110B (en) | Account inspection method and device, electronic equipment and storage medium | |
| CN117633900B (en) | File path verification method and device based on distributed network, equipment and medium | |
| CN112818403B (en) | Container data center operation and maintenance system | |
| CN112422429B (en) | Data request processing method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |