CN116232625A

CN116232625A - Block chain system-based account management method, device, equipment and readable medium

Info

Publication number: CN116232625A
Application number: CN202111487421.8A
Authority: CN
Inventors: 朱耿良
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2021-12-06
Filing date: 2021-12-06
Publication date: 2023-06-06

Abstract

The application provides a block chain system-based account management method, a block chain system-based account management device, a block chain system-based account management equipment and a readable medium. The method comprises the steps of obtaining a login authorization code of a first account according to a login exit request triggered by the first account, wherein the login authorization code is used for establishing communication connection between a blockchain node and a remote storage service corresponding to the first account, and the communication connection is established according to the login request and a connection verification request sent when the first account logs in the blockchain node; setting the login authorization code to a disabled state, the disabled state being used to indicate that the login authorization code cannot be used by the blockchain node to establish a communication connection with the remote storage service; and clearing the business data corresponding to the first account cached by the blockchain node and disconnecting the communication connection between the blockchain node and the remote storage service. The method can avoid the risk that the data is exposed to the subsequent personnel using the node equipment, prevent information leakage and improve the data safety.

Description

Block chain system-based account management method, device, equipment and readable medium

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a readable medium for managing accounts based on a blockchain system.

Background

With the development of computer technology, blockchain systems have been employed by many governments and businesses to manage their business content. In such scenarios, however, it often occurs that some nodes in the blockchain are not necessarily or are not suitable to be consensus nodes of the blockchain.

In the related art, block chain link points which do not participate in accounting consensus in a block chain form a witness network, wherein the block chain nodes mainly perform service execution, and block data visible to authorization are acquired from the consensus network in an identity authentication mode.

However, such blockchain nodes are usually in public environments or in non-trusted environments, node devices of the blockchain nodes can be shared with unauthorized personnel, and data which are not cleaned in time in the node devices can be checked by the unauthorized personnel, so that risks of information leakage are caused, and data security is affected.

Disclosure of Invention

Based on the technical problems, the application provides an account management method, an account management device, electronic equipment and a readable medium based on a blockchain system, so that risks that data are exposed to subsequent personnel using node equipment are avoided, information leakage is prevented, and data security is improved.

Other features and advantages of the present application will be apparent from the following detailed description, or may be learned in part by the practice of the application.

According to one aspect of the embodiments of the present application, there is provided an account management method based on a blockchain system, wherein a blockchain link point in the blockchain system corresponds to at least one account, and each account corresponds to a different remote storage service; comprising the following steps:

according to a logout request triggered by a first account, obtaining a logon authorization code of the first account, wherein the logon authorization code is used for establishing communication connection between the blockchain node and a remote storage service corresponding to the first account, and the communication connection is established according to the logon request and a connection verification request sent when the first account logs in the blockchain node;

setting the login authorization code to a disabled state, the disabled state being used to indicate that the login authorization code cannot be used by the blockchain node to establish a communication connection with the remote storage service;

and clearing the business data corresponding to the first account cached by the blockchain node and disconnecting the communication connection between the blockchain node and the remote storage service.

According to an aspect of the embodiments of the present application, there is provided an account management apparatus based on a blockchain system, including:

the login exit module is used for acquiring a login authorization code of a first account according to a login exit request triggered by the first account, wherein the login authorization code is used for establishing communication connection between the blockchain node and a remote storage service corresponding to the first account, and the communication connection is established according to the login request and a connection verification request sent when the first account logs in the blockchain node;

the failure setting module is used for setting the login authorization code into a failure state, and the failure state is used for indicating that the login authorization code cannot be used for establishing communication connection between the blockchain node and the remote storage service;

and the connection disconnection module is used for clearing the business data corresponding to the first account cached by the blockchain node and disconnecting the communication connection between the blockchain node and the remote storage service.

In an embodiment of the present application, based on the foregoing solution, the failure setting module includes:

a write-in stopping unit, configured to stop a write operation to a remote storage service corresponding to the first account and obtain a data state of service data corresponding to the first account in the remote storage service;

The integrity checking unit is used for generating and storing integrity checking information according to the data state of the service data;

and the invalidation request unit is used for sending an invalidation request comprising the login authorization code to the remote storage service so that the remote storage service refuses the connection verification request comprising the login authorization code according to the invalidation request.

In an embodiment of the present application, based on the above solution, the integrity checking unit includes:

the verification computing subunit is used for performing verification computation according to the data state of the service data corresponding to the first account to obtain a verification value, and sending the verification value to the remote storage service corresponding to the first account;

a signature receiving subunit, configured to receive a check signature sent by the remote storage service, where the check signature is obtained by signing by the remote storage service based on the check value;

and the local storage subunit is used for storing the check value and the check signature into the local storage of the blockchain node.

In one embodiment of the present application, based on the above-described scheme, the blockchain system further includes a management node; the account management device further includes:

The verification information acquisition module is used for acquiring login verification information of the first account;

the login request sending module is used for sending a login request comprising the login verification information to the management node so that the management node performs login verification according to the login verification information and feeds back a login verification result;

the verification result receiving module is used for receiving the login verification result, wherein the login verification result comprises a blockchain registration identifier of the first account, the login authorization code and service information of a remote storage service corresponding to the first account;

and the verification request sending module is used for sending a connection verification request to the remote storage service according to the service information of the remote storage service, wherein the connection verification request comprises the blockchain registration identifier corresponding to the first account and the login authorization code so as to establish communication connection with the remote storage service.

In an embodiment of the present application, based on the above solution, the account management device further includes:

the service data acquisition module is used for carrying out data synchronization with the management node to acquire service data corresponding to the first account;

A validity period checking module, configured to check a validity period of the login authorization code;

the service data sending module is used for sending the service data to the remote storage service corresponding to the first account according to the login authorization code if the current moment meets the valid period of the login authorization code;

and the renewal request sending module is used for sending an authorization code renewal request to the management node if the current moment exceeds the valid period of the login authorization code so as to enable the management node to prolong the valid period of the login authorization code.

the verification information acquisition module is used for acquiring the integrity verification information and acquiring storage data from a remote storage service corresponding to the first account;

the consistency verification module is used for carrying out consistency verification on the business data corresponding to the first account according to the integrity verification information;

the data synchronization module is used for performing data synchronization with the management node according to the storage data of the remote storage service if the consistency check is passed;

and the stored data deleting module is used for deleting the stored data in the remote storage service corresponding to the first account and re-acquiring the service data corresponding to the first account from the management node if the consistency check is not passed.

According to one aspect of the embodiments of the present application, there is provided an account management method based on a blockchain system, where a blockchain link point in the blockchain system corresponds to at least one account, each account corresponds to a different remote storage service, and each account is used to log in at the blockchain node to establish a communication connection between the blockchain node and the corresponding remote storage service; the method comprises the following steps:

receiving a login request sent by the blockchain node and performing login verification according to login verification information in the login request;

if the login verification is passed, a login authorization code is obtained according to the login verification information, and a login verification result is sent to the blockchain node, wherein the login verification result comprises a blockchain registration identifier of the first account, the login authorization code and service information of a remote storage service corresponding to the first account;

receiving an authorization code verification request sent by the remote storage service, wherein the authorization code verification request is generated by the blockchain node according to the login verification result, and the authorization code verification request comprises the blockchain registration identifier and the login authorization code;

And verifying the validity of the login authorization code according to the blockchain registration identifier, and sending a verification result of the validity verification to the remote storage service so as to enable the blockchain node to establish communication connection with the remote storage service.

According to one aspect of the embodiments of the present application, there is provided an account management apparatus based on a blockchain system, where a blockchain link point in the blockchain system corresponds to at least one account, each account corresponds to a different remote storage service, and each account is used to log in at the blockchain node to establish a communication connection between the blockchain node and the corresponding remote storage service; the method comprises the following steps:

the login request receiving module is used for receiving a login request sent by the blockchain node and carrying out login verification according to login verification information in the login request;

the login verification request module is used for acquiring a login authorization code according to the login verification information and sending a login verification result to the blockchain node if the login verification is passed, wherein the login verification result comprises a blockchain registration identifier of the first account, the login authorization code and service information of a remote storage service corresponding to the first account;

The authorization code verification module is used for receiving an authorization code verification request sent by the remote storage service, wherein the authorization code verification request is generated by the blockchain node according to the login verification result, and the authorization code verification request comprises the blockchain registration identifier and the login authorization code;

and the validity verification module is used for verifying the validity of the login authorization code according to the blockchain registration identifier, and sending a verification result of the validity verification to the remote storage service so as to enable the blockchain node to establish communication connection with the remote storage service.

the registration request receiving module is used for receiving an account registration request and generating a blockchain registration identifier according to the account registration request;

a registration request sending module, configured to send a service registration request to the remote storage service, where the service registration request includes the blockchain registration identifier;

and the registration response receiving module is used for receiving a service registration response, wherein the service registration response comprises service information of the remote storage service corresponding to the blockchain registration identifier.

In one embodiment of the application, an account management method based on a blockchain system is provided, wherein a blockchain link point in the blockchain system corresponds to at least one account, each account corresponds to a different remote storage service, and each account is used for logging in at the blockchain node to enable the blockchain node to establish a communication connection with the corresponding remote storage service; comprising the following steps:

receiving a connection verification request sent by the blockchain node, wherein the connection verification request comprises a blockchain registration identifier and a login authorization code of a first account;

sending an authorization code verification request to a management node according to the connection verification request, wherein the blockchain registration identifier and the login authorization code;

receiving a verification result sent by the management node, wherein the verification result comprises a verification result of the validity of the login authorization code;

if the verification result indicates that the login authorization code is valid, establishing a communication connection with the block link point

In one embodiment of the application, an account management device based on a blockchain system is provided, wherein a blockchain link point in the blockchain system corresponds to at least one account, each account corresponds to a different remote storage service, and each account is used for logging in at the blockchain node to enable the blockchain node to establish a communication connection with the corresponding remote storage service; comprising the following steps:

The connection request receiving module is used for receiving a connection verification request sent by the blockchain node, wherein the connection verification request comprises a blockchain registration identifier and a login authorization code of a first account;

the authorization code verification request module is used for sending an authorization code verification request to the management node according to the connection verification request, and the blockchain registration identifier and the login authorization code;

the verification result receiving module is used for receiving a verification result sent by the management node, wherein the verification result comprises a verification result of the validity of the login authorization code;

and the communication connection establishment module is used for establishing communication connection with the block link point if the verification result indicates that the login authorization code is valid.

a registration request receiving module, configured to receive a service registration request sent by the management node, where the service registration request includes a blockchain registration identifier of the first account;

the remote storage service generation module is used for responding to the service registration request and generating remote storage service corresponding to the first account according to the blockchain registration identifier;

And the registration response sending module is used for sending a service registration response to the management node, wherein the service registration response comprises service information of the remote storage service corresponding to the first account.

the invalidation request receiving module is used for receiving an invalidation request, and the invalidation request comprises a login authorization code of the second account;

the valid period acquisition module is used for acquiring the valid period of the login authorization code of the second account according to the invalidation request;

and the invalidation recording module is used for adding the login authorization code of the second account and the validity period into the invalidation authorization code record.

In an embodiment of the present application, based on the foregoing solution, the authorization code verification request module includes:

a login authorization code searching unit, configured to search the login authorization code in the connection verification request in the invalid authorization code record;

a connection rejecting unit, configured to reject the connection verification request if the invalid authorization code record includes a login authorization code in the connection verification request and the current time satisfies a valid period of the login authorization code in the invalid authorization code record;

And the verification request sending unit is used for sending an authorization code verification request to the management node if the invalid authorization code record does not contain the login authorization code in the connection verification request or the current moment does not meet the valid period in the invalid authorization code record.

According to an aspect of the embodiments of the present application, there is provided an electronic device, including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the blockchain system-based account management method as in the above technical solution via execution of the executable instructions.

According to an aspect of the embodiments of the present application, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a blockchain system-based account management method as in the above technical solution.

According to an aspect of embodiments of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from the computer-readable storage medium by a processor of a computer device, and executed by the processor, cause the computer device to perform the method of account management in various alternative implementations described above that provide a blockchain-based system.

In the embodiment of the application, the data obtained by synchronization are stored in the remote storage service, and the remote storage service is disconnected in the login exiting process, so that the node equipment cannot access the data in the remote storage service after login exiting, the risk that the data are exposed to personnel using the node equipment later is avoided, information leakage is prevented, and the data security is improved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.

In the drawings:

fig. 1 shows a schematic diagram of a blockchain network.

Fig. 2 to 4 show architecture diagrams of a blockchain system to which embodiments of the present application are applied.

FIG. 5 shows a schematic diagram of an electronic invoice system according to one embodiment of the application.

FIG. 6 illustrates a flow chart of a blockchain system-based account management method in accordance with an embodiment of the present application;

FIG. 7 illustrates a schematic diagram of a remote storage system connection process according to one embodiment of the present application;

FIG. 8 illustrates a block diagram of a blockchain system-based account management device in accordance with an embodiment of the present application;

fig. 9 shows a schematic diagram of a computer system suitable for use in implementing the electronic device of the embodiments of the present application.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art.

Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the present application. One skilled in the relevant art will recognize, however, that the aspects of the application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.

The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.

The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.

Blockchain (Blockchain) is a new application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, and the like. Blockchains are essentially a de-centralized database, which is a series of data blocks (i.e., blocks) that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeiting) of the information and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.

The blockchain underlying platform may include processing modules for user management, basic services, smart contracts, operation monitoring, and the like. The user management module is responsible for identity information management of all blockchain participants, including maintenance of public and private key generation (account management), key management, maintenance of corresponding relation between the real identity of the user and the blockchain address (authority management) and the like, and under the condition of authorization, supervision and audit of transaction conditions of certain real identities, and provision of rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node devices, is used for verifying the validity of a service request, recording the service request on a storage after the effective request is identified, for a new service request, the basic service firstly analyzes interface adaptation and authenticates the interface adaptation, encrypts service information (identification management) through an identification algorithm, and transmits the encrypted service information to a shared account book (network communication) in a complete and consistent manner, and records and stores the service information; the intelligent contract module is responsible for registering and issuing contracts, triggering contracts and executing contracts, a developer can define contract logic through a certain programming language, issue the contract logic to a blockchain (contract registering), invoke keys or other event triggering execution according to the logic of contract clauses to complete the contract logic, and simultaneously provide a function of registering contract upgrading; the operation monitoring module is mainly responsible for deployment in the product release process, modification of configuration, contract setting, cloud adaptation and visual output of real-time states in product operation, for example: alarms, monitoring network conditions, monitoring node device health status, etc.

The platform product service layer provides basic capabilities and implementation frameworks of typical applications, and developers can complete the blockchain implementation of business logic based on the basic capabilities and the characteristics of the superposition business. The application service layer provides the application service based on the block chain scheme to the business participants for use.

Referring to the blockchain network shown in fig. 1, a plurality of nodes 101 may be included in the blockchain network, and the plurality of nodes 101 may be individual clients forming the blockchain network. Each node 101 may receive input information while operating normally and maintain shared data within the blockchain network based on the received input information. In order to ensure information intercommunication in the blockchain network, information connection can exist between every two nodes in the blockchain network, and information transmission can be carried out between the nodes through the information connection. For example, when any node in the blockchain network receives input information, other nodes in the blockchain network acquire the input information according to a consensus algorithm, and store the input information as shared data, so that the data stored on all nodes in the blockchain network are consistent.

For each node in the blockchain network, there is a node identification corresponding thereto, and each node in the blockchain network may store the node identifications of other nodes for subsequent broadcasting of the generated blocks to other nodes in the blockchain network based on the node identifications of the other nodes. Each node can maintain a node identification list, and the node names and the node identifications are correspondingly stored in the node identification list. The node identifier may be an IP (Internet Protocol, protocol interconnecting between networks) address, or any other information that can be used to identify the node.

Each node in the blockchain network stores one and the same blockchain. The block chain consists of a plurality of blocks, the starting block comprises a block head and a block main body, the block head stores an input information characteristic value, a version number, a time stamp, a difficulty value and the like, and the block main body stores input information; the next block of the starting block takes the starting block as a father block, the next block also comprises a block head and a block main body, the block head stores the input information characteristic value of the current block, the block head characteristic value, the version number, the timestamp, the difficulty value and the like of the father block, and the like, so that the block data stored in each block in the block chain are associated with the block data stored in the father block, and the safety of the input information in the block is ensured.

When each block in the blockchain is generated, when the node where the blockchain is positioned receives input information, checking the input information, after the checking is finished, storing the input information into a memory pool, and updating a hash tree used for recording the input information; and updating the update time stamp to the time of receiving the input information, trying different random numbers, calculating the characteristic value for a plurality of times, and when the random numbers meeting the conditions are calculated, correspondingly storing the information to generate a block head and a block main body to obtain the current block. And then, the node where the blockchain is located sends the newly generated blocks to other nodes in the data sharing system where the newly generated blocks are located according to the node identification of other nodes in the data sharing system, the other nodes verify the newly generated blocks, and the newly generated blocks are added into the blockchain stored by the newly generated blocks after the verification is completed. Wherein, the node can perform consensus verification on the newly generated block through a consensus algorithm, and the consensus algorithm can comprise but is not limited to: pow (Proof of Work), pos (Proof of equity), DPos (Delegated Proof of Stake Proof of equity), PBFT (Practical Byzantine Fault Tolerance, bayer fault tolerance algorithm), paxos (a distributed algorithm) algorithm, and Raft (a distributed consensus algorithm) algorithm. Wherein, pow (Proof of Work): workload certification refers to a metric set by a system (such as the blockchain network system described above) to achieve a certain goal. Pos (proof-of-status): pos equity proof is an upgrade consensus mechanism for Pow workload proof; specifically, the longer the time who holds an electronic resource (the length of time that an electronic resource is held=the number of electronic resources that are held) the more the who has the opportunity to acquire the billing right for the block. DPos (Delegated Proof of Stake, delegated rights proving) share authorization proving mechanism: the DPos share authorization proof mechanism is similar to a board vote, where the object holding the electronic resource selects a certain number of nodes by voting, brokering them for checksum accounting. PBFT (Practical Byzantine Fault Tolerance, bayer fault tolerance algorithm): the PBFT bayer fault tolerance algorithm is a message transfer based consistency algorithm that agrees with three phases that may be repeated due to failure. Paxos (a distributed algorithm) algorithm: the Paxos algorithm is a two-stage algorithm with three main roles, proposer, accept, learner. Proposer issues agreement, acceptance or rejection, and learner obtains the final value after consensus. Raft (a distributed consensus algorithm) algorithm: the Raft algorithm contains three roles, respectively: follower (follower), candidate (leader) and leader (leader). All nodes are in the initial state of a follow, the follow which does not receive a heartbeat packet after overtime changes into a candidiate and broadcasts a voting request, the node which obtains majority votes takes the avatar, the process of voting is who sends out the first, and each node only gives out one vote.

Alternatively, each node in the blockchain network may be a server or a terminal device. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a Cloud server providing Cloud services, cloud databases, cloud Computing (Cloud Computing), cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs (Content Delivery Network, content distribution networks), basic Cloud Computing services such as big data and artificial intelligent platforms, and the like. The terminal device may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a smart home, a vehicle-mounted terminal, and the like. The nodes may be directly or indirectly connected through wired or wireless communication, which is not limited herein.

The cloud computing refers to a delivery and use mode of an IT infrastructure, and specifically refers to obtaining required resources in an on-demand and easily-expandable manner through a network; generalized cloud computing refers to the delivery and usage patterns of services, meaning that the required services are obtained in an on-demand, easily scalable manner over a network. Such services may be IT, software, internet related, or other services. Cloud Computing is a product of fusion of traditional computer and network technology developments such as Grid Computing (Grid Computing), distributed Computing (Distributed Computing), parallel Computing (Parallel Computing), utility Computing (Utility Computing), network storage (Network Storage Technologies), virtualization (Virtualization), load balancing (Load balancing), and the like. With the development of the internet, real-time data flow and diversification of connected devices, and the promotion of demands of search services, social networks, mobile commerce, open collaboration and the like, cloud computing is rapidly developed. Unlike the previous parallel distributed computing, the generation of cloud computing will promote the revolutionary transformation of the whole internet mode and enterprise management mode in concept.

Based on the blockchain technology, the embodiment of the application provides an architecture of a blockchain system. As shown in fig. 2, the blockchain system includes a network of accounting nodes 2 and a network of traffic nodes 1. The accounting node network 2 comprises accounting nodes 21 that agree on the data blocks and record the data blocks onto the blockchain. The service node network 1 comprises a service node 11, which service node 11 may verify the data blocks recorded by the accounting node onto the blockchain or may request corresponding transaction data from the accounting node.

Specifically, the service node 11 may verify the data block recorded by the accounting node onto the blockchain, which may include the following steps: a billing node 21 in the billing node network generates a signature based on transaction information to be included in a data chunk to be added to the blockchain using a key specific to the billing node; accounting node 21 adds the transaction information and the generated signature to the data block, adding to the blockchain; the accounting node 21 sends the signature to a service node in the service node network, which verifies the signature based on a key specific to the accounting node to enable the service node 11 to verify the data blocks recorded by the accounting node onto the blockchain. The accounting nodes in the accounting node network are responsible for recording the data blocks to the blockchain and the service nodes in the service node network are responsible for witnessing the results of the accounting node records. Specifically, the accounting node generates a signature based on transaction information to be included in one data chunk to be added to the blockchain, and then adds the transaction information and the generated signature to the data chunk for uplink. And transmitting the signature to a service node in the service node network, causing the service node to verify the signature based on a key specific to the accounting node. Service nodes in the service node network can witnesse the transaction data of the whole network by verifying the accounting node signature on the block. The accounting node network, while possessing monopolizing accounting rights, is publicly traceable in all acts because the data block has a digital signature representing the identity of the accounting party. If the accounting nodes act in aggregate, then all nodes in the service node network will retain evidence of the particular accounting node acting. Compared with the traditional centralized system and the private chain, the system in the embodiment of the application runs more transparently; compared with the traditional decentralization scheme, the scheme is more controllable and more convenient to monitor.

In one embodiment of the present application, the accounting node network 2 and the service node network 1 may be connected by means of a proxy node 12, the proxy node 12 may be a service node of the service node network 1, which is responsible for transferring information to be transferred by the accounting node 21 to the service node 11. The service node 11 is a terminal of a transaction party generating various transaction data to be uplinked, or a terminal of inquiring transaction data from the accounting node network 2. Transaction data generated by the service node 11 is transmitted to the accounting node 21 through the proxy node 12 and then recorded on the blockchain after being commonly recognized, so that unified processing and supervision of the transaction data are facilitated, and the service node 11 can also conduct uplink supervision and witness of the transaction data through information sent by the accounting node 21 through the proxy node 12, which is of great significance in certain scenes that nodes which need unified supervision and are afraid of supervision are cheated collectively, and therefore supervision is needed.

In the architecture shown in fig. 1, the service node network 1 adopts a P2P (Peer to Peer) network mode. P2P networks are a distributed application architecture that distributes tasks and workloads among peers, a form of networking or network that peer-to-peer computing models form at the application layer, i.e., a "point-to-point" or "end-to-end" network. It can be defined as: participants in the network share a portion of the hardware resources (processing power, storage power, network connectivity, printers, etc.) they own, which provide services and content through the network that can be accessed directly by other peer nodes without going through intermediate entities. The participants in this network are both providers of resources, services and content and acquisitors of resources, services and content. Therefore, in the service node network 1, when the proxy node 12 receives the message transmitted from the accounting node 21, the message propagates to the surrounding service nodes 11, and the surrounding service nodes 11 receive the message and then transmit the message to the surrounding service nodes 11, so that the message propagates between each service node 11 of the service node network 1.

FIG. 3 illustrates an architecture of another blockchain system used in the embodiments of the present application. The architecture differs from the architecture shown in fig. 2 in that: the P2P network mode is not adopted in the service node network 1, but the mode of the broadcast network is adopted. Specifically, the proxy node 12, upon receiving the message delivered from the accounting node 21, broadcasts the message to the other service nodes 11 in the service node network 1. In this way, propagation of the message between each service node 11 of the service node network 1 is also achieved.

FIG. 4 illustrates an architecture of another blockchain system to which embodiments of the present invention are applied. The architecture differs from the architecture shown in fig. 2 in that: the network of accounting nodes 2 is divided into a plurality of branched accounting node networks. Each branch billing node network may be responsible for the recording of some type of transaction information. For example, an enterprise may have a supply chain financial business, and may need to record information such as contract information, credit, etc. generated during the supply and distribution process to the blockchain, and also issue an invoice, and record information such as issue invoice, reimbursement invoice, etc. to the blockchain. At this time, in order to facilitate the need for the accounting node to be administered by the same department, the accounting node that records the supply chain financial business transaction and the accounting node that records the transaction during the invoice flow may be separate departments. For example, the accounting node that records supply chain financial transactions is a bank-set accounting terminal, and the accounting node that records transactions during invoice flows is a national tax office-set accounting terminal. And the supply chain financial business transactions and transactions during the recording invoice flows may also eventually be recorded on a different branch of the billing node network. At this time, the proxy node 12 transmits the transaction information to the branch accounting node network corresponding to the transaction type according to the transaction type carried in the transaction information transmitted from the service node 11.

It should be noted that, in the architecture of the blockchain system shown in fig. 2 to 4, the proxy node 12 is located in the service node network 1, and in other embodiments of the present application, the proxy node 12 may also be located in the consensus node network 2, or be independent from the service node network 1 and the consensus node network 2.

The architecture of the blockchain system shown in fig. 2 to 4 may be applied in the application scenario of electronic invoices, and is described in detail below:

in one embodiment of the present application, the accounting nodes in the accounting node network may be respective tax administration terminals, for example, the accounting node network is formed by tax administration terminals deployed in a plurality of regions as one accounting node respectively. Each service node in the service node network may be a local tax office terminal, an invoicing proxy server terminal, an invoicing enterprise terminal, a personal user terminal, etc.

Specifically, in the electronic invoice system shown in fig. 5, a service layer, a routing agent layer, and a consensus network (i.e., a billing node network, hereinafter referred to as a billing network) layer may be included. The service layer is a service node network, and includes each service node, for example, a local tax office in a tax private network; billing service providers, reimbursement service providers, enterprises, etc. in public cloud; payment facilitators, circulation facilitators, businesses, etc. in the private cloud.

The routing proxy layer comprises proxy nodes, the proxy nodes provide functions of routing service, certificate caching and authentication service, P2P service and the like, and the routing proxy layer plays a role in isolating a service layer and a consensus network layer, and the technical scheme of the embodiment is specifically referred to. Alternatively, the agent nodes in the routing agent layer may be in a tax private network. The consensus network (accounting network) layer is an accounting node network, which includes a plurality of blockchains, although in other embodiments of the present application, the consensus network (accounting network) layer may also include one blockchain.

In one embodiment of the present application, a consensus network (accounting network) in an electronic invoice system may include multiple blockchains that may be time-sequential, such as time-sequential, for example, with the same business being identical for the business participants and both blockchains employing the same CA (Certificate Authority, authentication authority) center as the authentication and authorization party for the invoice business system. Of course, in an embodiment of the present application, the splitting may be performed according to different services, for example, service a corresponds to one blockchain, service B corresponds to one blockchain, and inter-link interaction may also be performed between services.

For the multi-link scenario introduced in the foregoing embodiment, the embodiment of the present application further provides an account management method based on a blockchain system, which is specifically introduced as follows:

FIG. 6 illustrates a flow chart of a blockchain system-based account management method in accordance with an embodiment of the present application. Specifically, the scheme of the present application can be applied to the blockchain system shown in fig. 5, where the blockchain system includes a main chain and at least one sub-chain, and each sub-chain is derived from a blockheight in the main chain. The service node connects to the blockchain system through login authentication and acquires data in the blockchain system. The account management method based on the blockchain system shown in fig. 6 may be performed by service nodes in the blockchain system, where each service node corresponds to at least one account, and each account corresponds to a different remote storage service, specifically, referring to fig. 6, the account management method based on the blockchain system at least includes steps S610 to S630, which are described in detail below:

step S610, according to the logout request triggered by the first account, obtaining a logon authorization code of the first account, where the logon authorization code is used to establish a communication connection between the blockchain node and a remote storage service corresponding to the first account, and the communication connection is established according to the logon request and the connection verification request sent when the first account logs in the blockchain node.

The first account is one of at least one account corresponding to the blockchain node. In this embodiment, the first account has been registered at the block link point. During the login process of the first account, the blockchain node initiates a login request to verify the login information and obtain a login authorization code, and initiates a connection verification request with the login authorization code to establish a communication connection with a remote storage service corresponding to the first account. The communication connection is typically a remote network connection, and the remote storage service is connected to the blockchain node in a mounted manner to become a memory of the node, and the blockchain node stores information such as synchronization obtained data into the remote storage service to replace the local storage. Specifically, the remote storage service is a mountable encrypted network storage (secure elastic file system, SEFS), which is a secure storage device that is network-encrypted access, and the connection procedure of the remote storage service is performed based on the same authentication information as the login procedure of the first account.

The login authorization code is a verification message with timeliness provided by the blockchain system when the first account logs into the blockchain system. The first account is linked to the remote storage service based on the authentication information and the login authorization code is also provided for authentication when communicating with the remote storage service.

The logout request is typically initiated by the user or by the node device according to preset conditions, e.g. without any user operation and data communication etc. for a certain time. The manner in which the blockchain node obtains the login authorization code for the first account may include reading the login authorization code directly from local storage or requesting to send the login authorization code to the blockchain node.

In step S620, the login authorization code is set to a disabled state, where the disabled state is used to indicate that the login authorization code cannot be used by the blockchain node to establish a communication connection with the remote storage service.

Setting the login authorization code to a disabled state may include recording the login authorization code in a locally stored record or sending information to the remote storage service and blockchain system to cause the remote storage service and blockchain system to record the disabled login authorization code. The failure status of the login authorization code indicates that the authorization code is no longer available for the blockchain node to establish a communication connection with the remote storage service. In particular, the duration of the failure state may be the same as the validity period of the login authorization code. The validity period of the login authorization code refers to a period of time that the login authorization code can be used for logging in the blockchain system, the first account exits the login in the validity period of the login authorization code, the login authorization code is set to be in a disabled state in the validity period, and after the validity period of the login authorization code is overtime, the login authorization code is not set to be in the disabled state any more, and the login authorization code returns to be in the enabled state again, so that the login authorization code can be used for connecting a remote storage service. For example, when the validity period of the login authorization code is 12 hours and is pushed out when the validity period is 6 hours, the login authorization code is set to be invalid in the rest 6 hours, and after the rest 6 hours, the login authorization code is not invalid any more and can be reused for connecting a remote storage service.

In one embodiment of the present application, based on the above scheme, the process of setting the login authorization code to the invalid state may include the following steps: and stopping the writing operation to the remote storage service corresponding to the first account by the blockchain node and acquiring the data state of the business data corresponding to the first account in the remote storage service. The ongoing write operation is continued to be completed, while the write operation that has not yet been started is canceled. The data state of the business data refers to the state of all data in the remote storage service that is associated with the first account. And generating and storing the integrity check information according to the data state of the service data. The calculation of the integrity check information is performed by the blockchain node, specifically, the checksum of the data may be calculated, or encryption calculation may be performed according to a predetermined algorithm, or the like. The integrity check information is saved by the user, either to local memory or to mobile memory. Subsequently, a invalidation request including the login authorization code is sent to the remote storage service to cause the remote storage service to reject the connection verification request containing the login authorization code. The remote storage service may directly record the login authorization code for comparison at verification.

In one embodiment of the present application, based on the above scheme, the process of generating and storing the integrity check information according to the data state of the service data may include the following steps: performing verification calculation according to the data state of the service data corresponding to the first account to obtain a verification value, and sending the verification value to a remote storage service corresponding to the first account; receiving a check signature sent by the remote storage service, wherein the check signature is obtained by the remote storage service through signing based on the check value; storing the check value and the check signature in a local store of the blockchain node.

In one embodiment of the present application, based on the above scheme, the blockchain system further includes a management node. The management node may be a computing device in a blockchain system for performing a system management service. The computing device may be used to perform system functions such as user registration and login authorization. Before the step of acquiring the login authorization code of the first account according to the login exit request triggered by the first account, the account management method further comprises the following steps: acquiring login verification information of the first account; and sending a login request comprising the login verification information to the management node so that the management node performs login verification according to the login verification information and feeds back a login verification result. And then, receiving the login verification result, wherein the login verification result comprises the blockchain registration identification of the first account, the login authorization code and the service information of the remote storage service corresponding to the first account. The blockchain registration identifier is a unique identifier code of the first account registered on the blockchain, and the service information of the remote storage service may include information related to establishing communication connection by an internet address, a port and the like of the remote storage service. And sending a connection verification request to the remote storage service according to the service information of the remote storage service, wherein the connection verification request comprises the blockchain registration identifier corresponding to the first account and the login authorization code so as to establish communication connection with the remote storage service.

In one embodiment of the present application, based on the above-mentioned scheme, after sending a connection verification request to the remote storage service according to the service information of the remote storage service, the account management method further includes the following steps: carrying out data synchronization with the management node to obtain service data corresponding to the first account; checking the validity period of the login authorization code; if the current moment meets the valid period of the login authorization code, the business data is sent to a remote storage service corresponding to the first account according to the login authorization code; and if the current time exceeds the valid period of the login authorization code, sending an authorization code renewal request to the management node so that the management node prolongs the valid period of the login authorization code.

In one embodiment of the present application, based on the above-mentioned scheme, after sending a connection verification request to the remote storage service according to the service information of the remote storage service, the account management method further includes the following steps: acquiring the integrity check information, and acquiring storage data from a remote storage service corresponding to the first account; according to the integrity check information, consistency check is carried out on the business data corresponding to the first account; if the consistency check is passed, carrying out data synchronization with the management node according to the storage data of the remote storage service; and if the consistency check is not passed, deleting the storage data in the remote storage service corresponding to the first account and re-acquiring the service data corresponding to the first account from the management node. Specifically, at login, it is necessary to verify whether the data in the remote storage service is consistent with the previous one according to the integrity check. If not, then the complete data needs to be retrieved from the blockchain system and stored in a remote storage service. If so, data synchronization with the blockchain system may be performed based on data in the remote storage service.

Step S630, clearing the service data corresponding to the first account cached by the blockchain node, and disconnecting the communications connection between the blockchain node and the remote storage service.

The embodiment of the application also provides an account management method based on the block chain system, which is specifically introduced as follows: according to the account management method based on the blockchain system, other blockchains initiate a cross-chain transaction to the blockchain, and in particular, the scheme of the application can be applied to the blockchain system shown in fig. 5, wherein the blockchain system comprises a main chain and at least one sub-chain, and each sub-chain is derived from a block height in the main chain. The service node connects to the blockchain system through login authentication and obtains data in the blockchain system, and the management node responds to login sake of the blockchain node and controls login process, the blockchain link point in the blockchain system corresponds to at least one account, each account corresponds to a different remote storage service, and each account is used for logging in the blockchain node to enable the blockchain node to establish communication connection with the corresponding remote storage service. The account management method based on the blockchain system may be executed by a management node in the blockchain system, and specifically, the account management method based on the blockchain system at least includes the following steps of step S641 to step S644:

Step S641, receiving a login request sent by the blockchain node and performing login verification according to login verification information in the login request.

The login authentication information typically includes a user name and password of the user. The block link point transmits a login request according to login verification information input by a user. And determining whether the requested user has the authority to log in the blockchain system according to the login verification information during login verification. An account authenticated by login may log into the blockchain system.

In one embodiment of the present application, based on the above solution, before receiving the login request sent by the blockchain node, the method further includes: receiving an account registration request, and generating a blockchain registration identifier according to the account registration request; sending a service registration request to the remote storage service, wherein the service registration request comprises the blockchain registration identifier; a service registration response is received, the service registration response including service information for the remotely stored service corresponding to the blockchain registration identification. Specifically, during the process of user registration, the management node automatically registers the remote storage service for the user, so that the remote storage service allocates a corresponding storage space for the user.

Step S642, if the login verification is passed, a login authorization code is obtained according to the login verification information, and a login verification result is sent to the blockchain node, wherein the login verification result comprises a blockchain registration identifier of the first account, the login authorization code and service information of a remote storage service corresponding to the first account.

The login authorization code is automatically generated by the management node. The blockchain registration identification may be determined from login verification information provided by the user, for example using the user's username directly, or may be generated by the management node and assigned to the user account. The service information of the remote storage service is information obtained by the management node after the remote storage service registers for the user, so that the management node can be used for establishing connection between the subsequent blockchain node and the remote storage service.

Step S643, receiving an authorization code verification request sent by the remote storage service, where the authorization code verification request is generated by the blockchain node according to the login verification result, and the authorization code verification request includes the blockchain registration identifier and the login authorization code.

After receiving the login of the management node, the blockchain node initiates connection verification to the remote storage service according to the received service information and login authorization code of the remote storage service so as to connect to the remote storage service and mount the corresponding storage space. The remote storage service verifies the correctness of the login authorization code with the management node. Therefore, the management node receives an authorization code verification request sent by the remote storage service, and checks whether the relationship between the received blockchain registration identifier and the login authorization code is a correct correspondence, thereby determining a verification result.

Step S644, verifying the validity of the login authorization code according to the blockchain registration identifier, and sending a verification result of the validity verification to the remote storage service so as to enable the blockchain node to establish communication connection with the remote storage service.

Specifically, in the verification process, the locally recorded login authorization code is obtained according to the blockchain registration identifier, and then is compared with the login authorization code in the request, so that whether the authorization codes are consistent is determined, and the login authorization code is confirmed to be in the validity period. Further, the management node may also determine whether the login authorization code is an invalid status authorization code. After determining the result, sending a verification result to the remote storage service, so that the remote storage service agrees or refuses to establish connection with the block link point.

In the method, the verification of the management node and the verification of the remote storage service are performed based on the login authorization code, so that the login process and the remote connection process can be completed by the management node in a unified manner, the operation difficulty of the login process is reduced, and the use efficiency is improved.

The embodiment of the application also provides an account management method based on the block chain system, which is specifically introduced as follows: according to the account management method based on the blockchain system, other blockchains initiate a cross-chain transaction to the blockchain, and in particular, the scheme of the application can be applied to the blockchain system shown in fig. 5, wherein the blockchain system comprises a main chain and at least one sub-chain, and each sub-chain is derived from a block height in the main chain. The service node connects to and acquires data in the blockchain system through login authentication and connects with a remote storage service to store the synchronized data. The blockchain link points in the blockchain system correspond to at least one account, each account corresponding to a different remote storage service. The blockchain system-based account management method may be executed by a remote storage service, and specifically, the blockchain system-based account management method at least includes the following steps S645 to S648:

Step S645, receiving a connection verification request sent by the blockchain node, where the connection verification request includes a blockchain registration identifier and a login authorization code of the first account.

Specifically, the connection verification request is a request initiated by the blockchain node during a login process to establish a communication connection between the blockchain node and a remote storage service.

Step S646, according to the connection verification request, sends an authorization code verification request to the management node, where the blockchain registration identifier and the login authorization code.

In one embodiment of the present application, based on the above-mentioned scheme, before the process of receiving the connection verification request sent by the blockchain node, the method further includes the following steps: receiving a service registration request sent by the management node, wherein the service registration request comprises a blockchain registration identifier of the first account; responding to the service registration request, and generating a remote storage service corresponding to the first account according to the blockchain registration identifier; and sending a service registration response to the management node, wherein the service registration response comprises service information of the remote storage service corresponding to the first account.

In one embodiment of the present application, based on the above-mentioned scheme, before the process of receiving the connection verification request sent by the blockchain node, the method further includes the following steps: receiving a revocation request, the revocation request including a login authorization code for a second account; acquiring the validity period of the login authorization code of the second account according to the invalidation request; and adding the login authorization code of the second account and the validity period into a failure authorization code record. The login exit process of another account records the validity of the corresponding login authorization code, and in the subsequent process, whether the login authorization code is invalid is checked according to the record of the invalid authorization code.

Step S647, receiving a verification result sent by the management node, where the verification result includes a verification result of the validity of the login authorization code.

In one embodiment of the present application, based on the above-mentioned scheme, according to the connection verification request, the process of sending the authorization code verification request to the management node includes the following steps: firstly, searching a login authorization code in the connection verification request in the failure authorization code record; if the invalid authorization code record contains a login authorization code in the connection verification request and the current moment meets the validity period of the login authorization code in the invalid authorization code record, the login authorization code is invalid, and the connection verification request is refused; if the invalid authorization code record does not contain the login authorization code in the connection verification request, the login authorization code is valid, or the validity period in the invalid authorization code record is not met at the current moment, the login authorization code is valid at present although the login authorization code is invalid, and therefore an authorization code verification request is sent to the management node.

In step S648, if the verification result indicates that the login authorization code is valid, a communication connection is established with the block link point.

The implementation details of the technical solution of the embodiments of the present application are described in detail below with reference to fig. 7, where, as shown in fig. 7, the blockchain node is shared for use by user 1 and user 2. Taking a tax management system as an example, a user 1 logs in to a tax management end at equipment of a blockchain node, so that addresses of a blockchain registration identifier SPVID1, a corresponding login verification code AuthToken and SEFS corresponding to the user 1 are obtained.

Then, after the tax management system confirms the login, the blockchain node device uses the SPVID and the AuthToken as parameters to interactively login with the SEFS. The SEFS verifies the back-end gateway of the tax management system in the connection process, so that the validity of the login verification code AuthToken is verified. As shown in fig. 7, after the verification is passed, the blockchain node device hangs in the storage space, and the SEFS corresponding to the SPVID1 communicates through the AuthToken.

When the user 1 logs out, firstly, the blockchain node stops writing to the SEFS, then calculates a checksum from the blockchain node according to the data state of the SEFS, signs the checksum by the SEFS service, and returns the checksum and the signature file to the user SPV service, and the data checksum and the signature file are automatically stored in a local disk by the user so as to be checked next time. And then recording and reporting the login accumulated resource use and exit behavior of the SPVID corresponding to the user. If the previous steps are completed successfully, the authtoken is set to be not valid for the SEFS any more in the validity period, namely, after one login, the authtoken can not be used for logging in the SEFS any more. Unless the tax management system is re-logged in to obtain a new authtoken. And finally, carrying out anti-mounting on the SEFS network storage to disconnect the SEFS, clearly caching data locally and caching data in a memory, and exiting the login process of the tax management system.

Subsequently, when user 2 logs in through the blockchain node device, the blockchain node device connects to another SEFS corresponding to SPVID 1. When all users log out, the blockchain node device is not connected to any SEFS, and related information cannot be accessed through the blockchain node device.

In the specific embodiments of the present application, related data such as user information, transaction data in blocks, etc., when the embodiments of the present application are applied to specific products or technologies, user permissions or agreements need to be obtained, and the collection, use and processing of related data need to comply with related laws and regulations and standards of related countries and regions.

It should be noted that although the steps of the methods in the present application are depicted in the accompanying drawings in a particular order, this does not require or imply that the steps must be performed in that particular order, or that all illustrated steps be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.

The following describes an apparatus implementation of the present application that may be used to perform the blockchain system-based account management method in the above-described embodiments of the present application. Fig. 8 schematically shows a block diagram of an account management apparatus based on a blockchain system in an embodiment of the present application. As shown in fig. 8, the blockchain link points in the blockchain system correspond to at least one account, each account corresponds to a different remote storage service, and the blockchain system-based account management device 800 mainly may include:

The logout module 810 is configured to obtain a logout authorization code of a first account according to a logout request triggered by the first account, where the logout authorization code is used to establish a communication connection between the blockchain node and a remote storage service corresponding to the first account, and the communication connection is established according to a logout request and a connection verification request sent when the first account logs in the blockchain node;

a failure setting module 820 for setting the login authorization code to a failure state, the failure state being used to indicate that the login authorization code cannot be used by the blockchain node to establish a communication connection with the remote storage service;

the connection disconnection module 830 is configured to clear service data corresponding to the first account cached by the blockchain node and disconnect communication between the blockchain node and the remote storage service.

In one embodiment of the present application, based on the above-mentioned scheme, the failure setting module 820 includes:

In one embodiment of the present application, based on the above-described scheme, the blockchain system further includes a management node; the account management apparatus 800 further includes:

In one embodiment of the present application, based on the above solution, the account management device 800 further includes:

In one embodiment of the application, an account management device based on a blockchain system is provided, wherein a blockchain link point in the blockchain system corresponds to at least one account, each account corresponds to a different remote storage service, and each account is used for logging in at the blockchain node to enable the blockchain node to establish a communication connection with the corresponding remote storage service; the method comprises the following steps:

and the registration response receiving module is used for receiving a service registration response, wherein the service registration response comprises service information of the remote storage service corresponding to the blockchain registration identifier. In one embodiment of the present application, there is provided an account management device based on a blockchain system, wherein a blockchain link point in the blockchain system corresponds to at least one account, each account corresponds to a different remote storage service, and each account is used for logging in at the blockchain node to establish a communication connection between the blockchain node and the corresponding remote storage service; comprising the following steps:

It should be noted that, the apparatus provided in the foregoing embodiments and the method provided in the foregoing embodiments belong to the same concept, and a specific manner in which each module performs an operation has been described in detail in the method embodiment, which is not described herein again.

It should be noted that, the computer system 900 of the electronic device shown in fig. 9 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.

As shown in fig. 9, the computer system 900 includes a central processing unit (Central Processing Unit, CPU) 901 which can execute various appropriate actions and processes according to a program stored in a Read-Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a random access Memory (Random Access Memory, RAM) 903. In the RAM 903, various programs and data required for system operation are also stored. The CPU 901, ROM 902, and RAM 903 are connected to each other through a bus 904. An Input/Output (I/O) interface 905 is also connected to bus 904.

The following components are connected to the I/O interface 905: an input section 906 including a keyboard, a mouse, and the like; an output section 907 including a speaker and the like, such as a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and the like; a storage portion 908 including a hard disk or the like; and a communication section 909 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as needed. Removable media 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 910 so that a computer program read out therefrom is installed as needed into the storage section 908.

In particular, according to embodiments of the present application, the processes described in the various method flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911. When the computer program is executed by a Central Processing Unit (CPU) 901, various functions defined in the system of the present application are performed.

It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit, in accordance with embodiments of the present application. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a usb disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a touch terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.

Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains.

It is to be understood that the present application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims

1. An account management method based on a blockchain system is characterized in that at least one account is corresponding to a blockchain link point in the blockchain system, and each account corresponds to a different remote storage service; the method comprises the following steps:

2. The method of claim 1, wherein the setting the login authorization code to a disabled state comprises:

stopping writing operation to a remote storage service corresponding to the first account and acquiring a data state of business data corresponding to the first account in the remote storage service;

Generating and storing integrity check information according to the data state of the service data;

and sending a failure request comprising the login authorization code to the remote storage service, so that the remote storage service refuses a connection verification request comprising the login authorization code according to the failure request.

3. The method of claim 2, wherein generating and storing the integrity check information based on the data state of the traffic data comprises:

performing verification calculation according to the data state of the service data corresponding to the first account to obtain a verification value, and sending the verification value to a remote storage service corresponding to the first account;

receiving a check signature sent by the remote storage service, wherein the check signature is obtained by the remote storage service through signing based on the check value;

storing the check value and the check signature in a local store of the blockchain node.

4. The method of claim 2, wherein the blockchain system further comprises a management node; before the login authorization code of the first account is acquired according to the login exit request triggered by the first account, the method further comprises:

Acquiring login verification information of the first account;

sending a login request comprising the login verification information to the management node so that the management node performs login verification according to the login verification information and feeds back a login verification result;

receiving the login verification result, wherein the login verification result comprises a blockchain registration identifier of the first account, the login authorization code and service information of a remote storage service corresponding to the first account;

and sending a connection verification request to the remote storage service according to the service information of the remote storage service, wherein the connection verification request comprises the blockchain registration identifier corresponding to the first account and the login authorization code so as to establish communication connection with the remote storage service.

5. The method of claim 4, wherein after the sending a connection verification request to the remote storage service according to the service information of the remote storage service, the method further comprises:

carrying out data synchronization with the management node to obtain service data corresponding to the first account;

checking the validity period of the login authorization code;

if the current moment meets the valid period of the login authorization code, the business data is sent to a remote storage service corresponding to the first account according to the login authorization code;

And if the current time exceeds the valid period of the login authorization code, sending an authorization code renewal request to the management node so that the management node prolongs the valid period of the login authorization code.

6. The method of claim 4, wherein after the sending a connection verification request to the remote storage service according to the service information of the remote storage service, the method further comprises:

acquiring the integrity check information, and acquiring storage data from a remote storage service corresponding to the first account;

according to the integrity check information, consistency check is carried out on the business data corresponding to the first account;

if the consistency check is passed, carrying out data synchronization with the management node according to the storage data of the remote storage service;

and if the consistency check is not passed, deleting the storage data in the remote storage service corresponding to the first account and re-acquiring the service data corresponding to the first account from the management node.

7. An account management method based on a blockchain system is characterized in that at least one account is corresponding to a blockchain link point in the blockchain system, each account corresponds to a different remote storage service, and each account is used for logging in at the blockchain node so as to establish communication connection between the blockchain node and the corresponding remote storage service; the method comprises the following steps:

8. The method of claim 7, wherein prior to receiving the login request sent by the blockchain node, the method further comprises:

Receiving an account registration request, and generating a blockchain registration identifier according to the account registration request;

sending a service registration request to the remote storage service, wherein the service registration request comprises the blockchain registration identifier;

a service registration response is received, the service registration response including service information for the remotely stored service corresponding to the blockchain registration identification.

9. An account management method based on a blockchain system is characterized in that at least one account is corresponding to a blockchain link point in the blockchain system, each account corresponds to a different remote storage service, and each account is used for logging in at the blockchain node so as to establish communication connection between the blockchain node and the corresponding remote storage service; comprising the following steps:

And if the verification result indicates that the login authorization code is valid, establishing communication connection with the block link point.

10. The method of claim 9, wherein prior to receiving the connection verification request sent by the blockchain node, the method further comprises:

receiving a service registration request sent by the management node, wherein the service registration request comprises a blockchain registration identifier of the first account;

responding to the service registration request, and generating a remote storage service corresponding to the first account according to the blockchain registration identifier;

and sending a service registration response to the management node, wherein the service registration response comprises service information of the remote storage service corresponding to the first account.

11. The method of claim 9, wherein prior to receiving the connection verification request sent by the blockchain node, the method further comprises:

receiving a revocation request, the revocation request including a login authorization code for a second account;

acquiring the validity period of the login authorization code of the second account according to the invalidation request;

and adding the login authorization code of the second account and the validity period into a failure authorization code record.

12. The method of claim 11, wherein said sending an authorization code verification request to a management node in accordance with said connection verification request comprises:

searching a login authorization code in the connection verification request in the failure authorization code record;

if the invalid authorization code record contains a login authorization code in the connection verification request and the current moment meets the valid period of the login authorization code in the invalid authorization code record, rejecting the connection verification request;

and if the invalid authorization code record does not contain the login authorization code in the connection verification request or the current moment does not meet the valid period in the invalid authorization code record, sending an authorization code verification request to the management node.

13. An account management device based on a blockchain system, wherein at least one account is corresponding to a blockchain link point in the blockchain system, and each account corresponds to a different remote storage service; the device comprises:

14. An account management device based on a blockchain system, wherein a blockchain link point in the blockchain system corresponds to at least one account, each account corresponds to a different remote storage service, and each account is used for logging in at the blockchain node to enable the blockchain node to establish a communication connection with the corresponding remote storage service; the device comprises:

15. An account management device based on a blockchain system, wherein a blockchain link point in the blockchain system corresponds to at least one account, each account corresponds to a different remote storage service, and each account is used for logging in at the blockchain node to enable the blockchain node to establish a communication connection with the corresponding remote storage service; comprising the following steps:

16. A computer readable medium having stored thereon a computer program, which when executed by a processor implements a blockchain based service processing method according to any of claims 1 to 12.

17. An electronic device, comprising:

one or more processors;

storage means for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement the blockchain-based business processing method of any of claims 1 to 12.

18. A computer program product, characterized in that it comprises computer instructions stored in a computer readable storage medium, from which computer instructions are read and executed by a processor of a computer device, such that the computer device performs the blockchain-based service processing method according to any of claims 1 to 12.