CN117708787B - Cross-chain data acquisition method and device based on distributed identity recognition - Google Patents

Cross-chain data acquisition method and device based on distributed identity recognition Download PDF

Info

Publication number
CN117708787B
CN117708787B CN202410167670.6A CN202410167670A CN117708787B CN 117708787 B CN117708787 B CN 117708787B CN 202410167670 A CN202410167670 A CN 202410167670A CN 117708787 B CN117708787 B CN 117708787B
Authority
CN
China
Prior art keywords
chain
terminal
user account
address
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410167670.6A
Other languages
Chinese (zh)
Other versions
CN117708787A (en
Inventor
孙福辉
方中纯
王晓燕
吴斌
朱箭飞
周喆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
People's Court Information Technology Service Center
Original Assignee
People's Court Information Technology Service Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by People's Court Information Technology Service Center filed Critical People's Court Information Technology Service Center
Priority to CN202410167670.6A priority Critical patent/CN117708787B/en
Publication of CN117708787A publication Critical patent/CN117708787A/en
Application granted granted Critical
Publication of CN117708787B publication Critical patent/CN117708787B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2457Query processing with adaptation to user needs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Medical Informatics (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The specification provides a method and a device for acquiring cross-chain data based on distributed identity recognition, comprising the following steps: acquiring an access request by a cross-chain device; when the cross-link device generates a first dynamic request code according to the current address of the terminal, the user account, the source link number and the time stamp, the first dynamic request code is sent to the user terminal, and the time stamp is sent to a target link; the user terminal sends an access request to a target chain through a cross-chain device and carries a first dynamic request code; and the target chain generates a second dynamic request code according to the terminal reserved address, the user account, the target chain address and the time stamp, and establishes a transmission channel with the user terminal when the second dynamic request code is consistent with the first dynamic request code, so that the user terminal acquires the data in the target chain, and the transmission channel is established with the user terminal when the dynamic request code is consistent, so that the user terminal acquires the data on the target chain through the transmission channel.

Description

Cross-chain data acquisition method and device based on distributed identity recognition
Technical Field
The invention relates to the technical field of blockchain, in particular to a method and a device for acquiring cross-chain data based on distributed identity recognition.
Background
Currently, some enterprises or units with functional interaction form a alliance chain, and a data query function is opened for all members in the alliance chain, so that the members in the alliance chain can work conveniently. The federated chain is typically composed of several blockchains, each corresponding to an enterprise that stores enterprise-specific data that, due to specificity and legislation, is not publicly available to all public, but only to registered users on the federated chain and provides queries.
In the specification, the alliance chain can comprise units such as a public inspection method, public users on the alliance chain can comprise public inspection method staff or lawyers and the like, and in the process of inquiring/acquiring data by users on the alliance chain, the problems of privacy protection and the like of the data exist.
Disclosure of Invention
Aiming at the problems in the prior art, the purpose of the specification is to provide a cross-chain data acquisition method and device based on distributed identity recognition, so as to solve the problems that the protection degree is low, the data in a alliance chain cannot be efficiently protected, and the data is easy to steal in the prior art.
In order to solve the technical problems, the specific technical scheme in the specification is as follows:
In one aspect, the present disclosure provides a method for acquiring cross-chain data based on distributed identity recognition, including:
Acquiring an access request of a user terminal on a request chain by a cross-chain device, wherein the access request comprises a user account, a target chain address and a terminal current address;
the target chain receives the access request, inquires a private access list according to the access request, and sends a verification passing instruction to the cross-chain device after the inquiry is passed;
When the cross-link device receives the verification passing instruction, generating a first dynamic request code according to the current address of the terminal, the user account, a source chain number and a time stamp, and sending the first dynamic request code to the user terminal, and sending the time stamp to the target chain;
the user terminal sends the access request to the target chain through the cross-chain device and carries the first dynamic request code;
And the target chain queries the private access list according to the user account to obtain a terminal reserved address of the user account, generates a second dynamic request code according to the terminal reserved address, the user account, the target chain address and a timestamp, judges whether the second dynamic request code is consistent with the first dynamic request code, and establishes a transmission channel with the user terminal if the second dynamic request code is consistent with the first dynamic request code, so that the user terminal can acquire data in the target chain through the transmission channel.
As one embodiment of the present specification, before the target chain receives the access request and queries a private access list according to the access request, the method includes:
The cross-link device receives the access request and analyzes the access request to obtain a user account, a target link address and a current terminal address;
and the cross-link device uses all the registered account information in the user account traversal query authority table to determine whether the user account has the authority to access the target link, if so, the access request is sent to the target link according to the target link address, wherein the registered account information comprises registered accounts in all links, corresponding source link numbers, corresponding terminal current addresses and the access authority of each registered account to each link.
As one embodiment of the present specification, the generating a first dynamic request code according to the current address of the terminal, the user account, the source chain number and the timestamp, and sending the first dynamic request code to the user terminal, further includes:
The cross-link device receives the access request and analyzes the access request to obtain the user account, a target link address and a current terminal address;
The cross-chain device queries the authority table according to the user account to obtain the source chain number corresponding to the user account;
and the cross-chain device generates a time stamp, and performs hash operation after splicing the current address of the terminal, the user account, the source chain number and the time stamp to obtain the first dynamic request code.
As one embodiment of the present specification, the target chain receives the access request and queries a private access list according to the access request, and further includes:
the target chain receives the access request and analyzes the access request to obtain the user account, the target chain address and the current address of the terminal;
The target chain uses the user account traversal to inquire all registered account information in the private access list, wherein the registered account information comprises registered accounts in the target chain, corresponding source chain numbers and corresponding terminal reserved addresses;
If the registered account consistent with the user account is obtained through traversal, the inquiry is passed;
if the user account is not traversed to obtain the registered account consistent with the user account, the query is not passed.
As an embodiment of the present disclosure, the target chain queries the private access list according to the user account to obtain a terminal reserved address of the user account, and generates a second dynamic request code according to the terminal reserved address, the user account, the source chain number, and a timestamp, and further includes:
the target chain receives the access request and analyzes the access request to obtain the user account, the target chain address and the current address of the terminal;
The target chain queries all registered account information in the private access list according to the user account traversal to obtain a terminal reserved address corresponding to the user account and a corresponding source chain number;
and the target chain performs hash operation after splicing the terminal reserved address, the user account, the target chain address and the time stamp to obtain the second dynamic request code.
As an embodiment of the present specification, the establishing a transmission channel with the ue further includes:
the target chain uses the current address of the terminal and the user terminal to create a transmission thread;
and the target chain calculates the transmission interruption time after adding the time stamp and the preset transmission time length, and takes the transmission interruption time as the transmission thread deleting time to obtain the transmission channel.
As an embodiment of the present specification, after the step of causing the user terminal to acquire the data in the target chain through the transmission channel, the method includes:
and the target chain acquires a transmission termination instruction sent by the user terminal, and deletes the transmission channel for transmitting with the user terminal.
On the other hand, the specification also provides a cross-chain data acquisition device based on distributed identity recognition, which comprises:
The request acquisition unit is used for acquiring an access request of a user terminal on a request chain through the cross-chain device, wherein the access request comprises a user account, a target chain address and a terminal current address;
the list query unit is used for receiving the access request by the target chain, querying a private access list according to the access request, and sending a verification passing instruction to the cross-chain device after the query is passed;
The dynamic code generation unit is used for generating a first dynamic request code according to the current address of the terminal, the user account, the source chain number and the timestamp and sending the first dynamic request code to the user terminal and sending the timestamp to the target chain when the cross-chain device receives the verification passing instruction;
the request code transmission unit is used for sending the access request to the target chain through the cross-chain device by the user terminal and carrying the first dynamic request code;
the channel establishment unit is used for inquiring the private access list by the target chain according to the user account to obtain a terminal reserved address of the user account, generating a second dynamic request code according to the terminal reserved address, the user account, the target chain address and a timestamp, judging whether the second dynamic request code is consistent with the first dynamic request code, and if so, establishing a transmission channel with the user terminal so that the user terminal can acquire data in the target chain through the transmission channel.
In another aspect, the present disclosure further provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements any one of the distributed identity based cross-chain data acquisition methods when the computer program is executed.
In another aspect, the present disclosure also provides a computer readable storage medium storing a computer program, where the computer program when executed by a processor implements the method for acquiring cross-chain data based on distributed identity recognition according to any one of the above.
By adopting the technical scheme, the access request of the user terminal on the request chain can be acquired through the cross-chain device, so that the access request sent by a certain request user on the request chain by using the user terminal can be acquired; the target chain receives the access request, inquires a private access list according to the access request, and sends a verification passing instruction to the cross-chain device after the inquiry is passed, so that whether the user terminal has the qualification of accessing the target chain can be determined; by generating a first dynamic request code according to the access request and a time stamp when the cross-link device receives the verification passing instruction, sending the first dynamic request code to the user terminal and sending the time stamp to the target chain, the first dynamic request code with the access request and the time stamp when the first dynamic request code is generated can be generated and sent to the target chain; the user terminal sends the access request to the target chain through the cross-chain device and carries the first dynamic request code, so that the first dynamic request code and the access request can be returned; and generating a second dynamic request code according to the access request and the time stamp through the target chain, judging whether the second dynamic request code is consistent with the first dynamic request code, if so, establishing a transmission channel with the user terminal so that the user terminal can acquire data in the target chain through the transmission channel, generating the second dynamic request code by using the time stamp, and then verifying whether the first dynamic request code is consistent by using the second dynamic request code, and if so, establishing the transmission channel with the user terminal so that the user terminal acquires the data on the target chain through the transmission channel.
The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular description of preferred embodiments, as illustrated in the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present description, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 shows an overall system diagram of a method for acquiring cross-chain data based on distributed identity recognition according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram showing steps of a method for acquiring cross-chain data based on distributed identity recognition according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram illustrating a cross-chain device permission determination according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a first dynamic code generation method according to an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a second dynamic request code generation method according to an embodiment of the present disclosure;
FIG. 6 is a schematic diagram of a cross-chain data acquisition device based on distributed identity recognition according to an embodiment of the present disclosure;
Fig. 7 shows a schematic diagram of a computer device according to an embodiment of the present disclosure.
Description of the drawings:
101. a request chain;
102. A target chain;
103. A user terminal;
104. a chain crossing device;
601. a request acquisition unit;
602. A list inquiring unit;
603. A dynamic code generation unit;
604. a request code transmission unit;
605. A channel establishing unit;
702. A computer device;
704. a processor;
706. A memory;
708. A driving mechanism;
710. An input/output module;
712. an input device;
714. An output device;
716. a presentation device;
718. a graphical user interface;
720. A network interface;
722. A communication link;
724. a communication bus.
Detailed Description
The technical solutions of the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is apparent that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.
It should be noted that the terms "first," "second," and the like in the description and the claims, and in the foregoing figures, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the present description described herein may be capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or device.
The user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party.
The overall system diagram of the cross-chain data acquisition method based on distributed identity recognition as shown in fig. 1 comprises the following steps: request chain 101, target chain 102, user terminal 103, and cross-chain device 104.
The request chain 101 and the target chain 102 form part of a federated chain, which in this specification includes several chains, with interactions between the chains through the cross-chain device 104.
The request chain 101 is directly connected to the user terminal 103 that initiated the access request,
The request chain 101 is composed of a plurality of user terminals 103, the user terminals 103 on each chain are members on the chain, and the user uses the user terminals 103 to send access requests.
The target chain 102 is also formed by the user terminals 103, the user terminals 103 on the target chain 102 are not members on the request chain 101, and the user terminals 103 on the request chain 101 are not members on the target chain 102, so the user terminals 103 on the request chain 101 cannot directly acquire the data on the target chain 102.
The cross-chain device 104 allows users to exchange data, which corresponds to a virtual "switch".
The user terminal 103 is configured to log in to a user account, send an access request, and acquire data on the target chain 102.
In the prior art, a blacklist and whitelist mode is generally adopted to check users, so that the whitelist users are allowed to acquire data, the blacklist users are forbidden to acquire data, the protection degree of the mode is low, the data in a alliance chain cannot be protected efficiently, and the data are easy to steal.
In order to solve the above problems, the embodiment of the present disclosure provides a method for acquiring cross-chain data based on distributed identity recognition, which can improve the protection of data and avoid data from being stolen. Fig. 2 is a schematic diagram of steps of a method for acquiring cross-chain data based on distributed identity recognition according to an embodiment of the present disclosure, where the steps of the method are described in the examples or flowcharts, but may include more or fewer steps based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When a system or apparatus product in practice is executed, it may be executed sequentially or in parallel according to the method shown in the embodiments or the drawings. As shown in fig. 2, the method may include:
step 201, acquiring an access request of a user terminal on a request chain by a cross-chain device, wherein the access request comprises a user account, a target chain address and a current address of the terminal;
step 202, a target chain receives the access request, inquires a private access list according to the access request, and sends a verification passing instruction to the cross-chain device after the inquiry is passed;
Step 203, when the cross-link device receives the verification passing instruction, generating a first dynamic request code according to the current address of the terminal, the user account, a source chain number and a time stamp, and sending the first dynamic request code to the user terminal, and sending the time stamp to the target chain;
Step 204, the user terminal sends the access request to the target chain through the cross-chain device and carries the first dynamic request code;
step 205, the target chain queries the private access list according to the user account to obtain a terminal reserved address of the user account, generates a second dynamic request code according to the terminal reserved address, the user account, the target chain address and a timestamp, and judges whether the second dynamic request code is consistent with the first dynamic request code, if so, a transmission channel is established with the user terminal, so that the user terminal can acquire data in the target chain through the transmission channel.
By adopting the technical scheme, the access request of the user terminal on the request chain can be acquired through the cross-chain device, so that the access request sent by a certain request user on the request chain by using the user terminal can be acquired; the target chain receives the access request, inquires a private access list according to the access request, and sends a verification passing instruction to the cross-chain device after the inquiry is passed, so that whether the user terminal has the qualification of accessing the target chain can be determined; by generating a first dynamic request code according to the access request and a time stamp when the cross-link device receives the verification passing instruction, sending the first dynamic request code to the user terminal and sending the time stamp to the target chain, the first dynamic request code with the access request and the time stamp when the first dynamic request code is generated can be generated and sent to the target chain; the user terminal sends the access request to the target chain through the cross-chain device and carries the first dynamic request code, so that the first dynamic request code and the access request can be returned; and generating a second dynamic request code according to the access request and the time stamp through the target chain, judging whether the second dynamic request code is consistent with the first dynamic request code, if so, establishing a transmission channel with the user terminal so that the user terminal can acquire data in the target chain through the transmission channel, generating the second dynamic request code by using the time stamp, and then verifying whether the first dynamic request code is consistent by using the second dynamic request code, and if so, establishing the transmission channel with the user terminal so that the user terminal acquires the data on the target chain through the transmission channel.
As one embodiment of the present specification, the cross-link apparatus obtains an access request of a user terminal on a request chain, further including: in the specification, a user logs in a user terminal and binds with the user terminal by using a user account, and when the user needs to acquire other on-link data in a alliance link, an access request is sent through the user terminal and sent to a cross-link device.
Because the generation of the dynamic request code occupies operation resources, the specification primarily screens the authority of each user terminal in an authority table mode. And when the user terminal has the right of accessing the target chain, forwarding the access request to the target chain, and if the user terminal does not have the right of accessing the target chain, refusing to access the access request to the target chain.
As shown in fig. 3, as an embodiment of the present disclosure, before the target chain receives the access request and queries whether the user account exists in the private access list according to the access request, the method includes:
Step 301, the cross-link device receives the access request and analyzes the access request to obtain a user account, a target link address and a current address of a terminal;
In this specification, the cross-chain device may parse an access request, where the access request is composed of three parts, including a user account, a target chain address, and a current address of the terminal.
Step 302, the cross-link device uses the user account to traverse all the registered account information in the query authority table to determine whether the user account has the authority to access the target link, if so, the access request is sent to the target link according to the target link address, wherein the registered account information comprises registered accounts in all the links, corresponding source link numbers, corresponding current addresses of terminals and the access authority of each registered account to each link.
In this specification, the rights table holds registered account information in all chains, e.g., user account a is registered in the first chain, user account B is registered in the first chain, user account C is registered in the second chain, user account D is registered in the third chain, and in addition to the first chain recording that user account A, B is registered in itself, the first chain also broadcasts to the cross-chain device that knows that user account A, B is registered in the first chain, this information is held in the rights table. For example, when the user account A is registered in the first chain, a target chain (such as a second chain, a third chain and/or a fourth chain) which can be accessed by the user account A is selected at the same time, and is checked by a management node of the first chain, and if the check passes, the registration is realized. The registered account information in the present specification includes a registered account, a corresponding source chain number, a corresponding current address of the terminal, and access rights of each registered account to each chain, for example: registered accounts (a) -corresponding source chain number (first chain) -corresponding terminal current address (192.181..1) -access rights of each registered account to the respective chains (second and third chain). Registered accounts (B) -corresponding source chain number (second chain) -corresponding terminal current address (192.181..2) -access rights per registered account to the respective chain (first chain).
As one embodiment of the present specification, the target chain receives the access request and queries a private access list according to the access request, and further includes:
The target chain receives the access request and analyzes the access request to obtain the user account;
in this specification, the access request includes three parts, including a user account, a target chain address, and a current address of the terminal, where the target chain may obtain all or any part of information of the three parts.
The target chain uses the user account traversal to inquire all registered account information in the private access list, wherein the registered account information comprises registered accounts in the target chain, corresponding source chain numbers and corresponding terminal reserved addresses;
In the present specification, when a user account is registered in a request chain, a preset access right is stored in each target chain, if the user account is registered in the request chain and the right of accessing the target chain is preset, the request chain sends information to the target chain, the target chain stores the information of the user account in a private access list, wherein the private access list characterizes a plurality of pieces of registered account information, including a part of registered accounts directly registered in the target chain, and a part of registered accounts registered in the access chain and registered in the accessible target chain.
In this specification, the registered account information includes a registered account, a corresponding source chain number, and a corresponding terminal reserved address, where the registered account is a user account registered on other chains and preset with rights to access the target chain.
If the registered account consistent with the user account is obtained through traversal, the inquiry is passed;
If all the registered account information is traversed, the registered account which is consistent with the account information in the access request is queried, and the account is indicated to have the authority to access the target chain. And after the target chain determines that the user terminal has the access authority, sending a verification passing instruction to the cross-chain device.
If the user account is not traversed to obtain the registered account consistent with the user account, the query is not passed.
If all the registered account information is traversed, the registered account which is consistent with the account information in the access request is not queried, and the account is not authorized to access the target chain.
As an embodiment of the present disclosure, the generating the first dynamic request code according to the current address of the terminal, the user account, the source chain number, and the timestamp, and sending the first dynamic request code to the user terminal, as shown in fig. 4, further includes:
step 401, the cross-link device receives the access request and analyzes the access request to obtain the user account, a target link address and a current address of a terminal;
Step 402, the cross-link device queries the permission table according to the user account to obtain the source link number corresponding to the user account;
Because the source chain number of each user account is contained in the registered account information, the cross-chain device can directly acquire the source chain number of the user account and the current address of the terminal in the authority table.
And step 403, the cross-link device generates a time stamp, and performs hash operation after splicing the current address of the terminal, the user account, the source link number and the time stamp to obtain the first dynamic request code.
In this specification, the current address of the terminal and the user account are obtained by an access request.
In this specification, a time stamp is generated before splicing across the chain devices, and the time stamp characterizes the generation time of the first dynamic request code. And splicing the current address of the terminal, the user account, the source chain number and the time stamp, and then adopting a hash algorithm to operate the spliced data to generate a first dynamic request code with fixed digits. The first dynamic request code is sent to the associated terminal bound in the user terminal, such as a mobile phone, a mailbox and the like, for example, the first dynamic request code is a six-bit verification code, when the first dynamic request code is sent to the user terminal, the first dynamic request code can be sent to the associated terminal, then the user inquires the six-bit verification code in the associated terminal, and the user terminal is used for sending the access request again and carrying the six-bit verification code to the target chain through the cross-chain bridge.
Since the target chain is unaware of the time stamp at the time the first dynamic request code was generated, the cross-chain bridge needs to send the time stamp to the target chain at the same time as the first dynamic request code is sent to the user terminal.
As a second dynamic request code generating method schematic diagram shown in fig. 5, as an embodiment of the present disclosure, the target chain queries the private access list according to the user account to obtain a terminal reserved address of the user account, and generates a second dynamic request code according to the terminal reserved address, the user account, the target chain address and a timestamp, and further includes:
Step 501, the target chain receives the access request and analyzes the access request to obtain the user account, the target chain address and the current address of the terminal;
step 502, the target chain queries all registered account information in the private access list according to the user account traversal to obtain a terminal reserved address corresponding to the user account and a corresponding source chain number;
The source chain number corresponding to the user account and the terminal reserved address can be queried in the private access list in the target chain. Therefore, when the second dynamic request code is generated, the source chain number in the access request and the terminal reserved address in the access request are not used, but the source chain number and the terminal reserved address stored in the private access list are used, so that sudden change of the source chain number can be ensured, and data are stolen. And the account number of the user can be prevented from being stolen and logged in from different places.
And step 503, the target chain splices the terminal reserved address, the user account, the source chain number and the timestamp and then carries out hash operation to obtain the second dynamic request code.
In this specification, a time stamp is generated before splicing across the chain devices, and the time stamp characterizes the generation time of the first dynamic request code. And splicing the terminal reserved address, the user account, the source chain number and the time stamp, and then adopting a hash algorithm to operate the spliced data to generate a second dynamic request code with fixed digits. If the current address of the user terminal is unchanged and the user account is correctly logged in, the generated second dynamic request code is consistent with the first dynamic request code, and the target chain can identify the credible user terminal and allow connection.
As an embodiment of the present specification, the establishing a transmission channel with the ue further includes:
the target chain uses the current address of the terminal and the user terminal to create a transmission thread;
In the present specification, if the target chain verification passes, a new transmission thread is started, and connection is attempted with the user terminal through the current address of the terminal.
And the target chain calculates the transmission interruption time after adding the time stamp and the preset transmission time length, and takes the transmission interruption time as the transmission thread deleting time to obtain the transmission channel.
In this specification, a time stamp may be used as a data acquisition start time, each data acquisition process may be set to a preset transmission duration of three hours, four hours, and the like, and the transmission interruption time may be calculated by adding the preset transmission duration to the data acquisition start time, and the transmission interruption time may be used as a deletion time of a transmission thread, to obtain the transmission channel. When the time reaches the deleting time, deleting and terminating the transmission channel,
After the user terminal obtains the data in the target chain through the transmission channel, the method comprises the following steps:
and the target chain acquires a transmission termination instruction sent by the user terminal, and deletes the transmission channel for transmitting with the user terminal.
In addition to the manner of timing the transmission channel by using the preset transmission duration, the present disclosure may further use a transmission termination instruction to delete the transmission channel that transmits with the ue, so as to terminate data acquisition.
The schematic diagram of a cross-chain data acquisition device based on distributed identity recognition shown in fig. 6 comprises:
a request acquiring unit 601, configured to acquire an access request of a user terminal on a request chain from a cross-chain device;
A list query unit 602, configured to receive the access request and query a private access list according to the access request by using a target chain, and send a verification passing instruction to the cross-chain device after the query is passed;
A dynamic code generating unit 603, configured to generate, when the cross-link device receives the verification passing instruction, a first dynamic request code according to the access request and a timestamp, and send the first dynamic request code to the user terminal, and send the timestamp to the target link;
a request code transmission unit 604, configured to send, by the user terminal, the access request to the target chain through the cross-chain device and carry the first dynamic request code;
The channel establishment unit 605 is configured to generate a second dynamic request code according to the access request and the timestamp by using the target chain, determine whether the second dynamic request code is consistent with the first dynamic request code, and if so, establish a transmission channel with the user terminal, so that the user terminal obtains data in the target chain through the transmission channel.
By adopting the technical scheme, the access request of the user terminal on the request chain can be acquired through the cross-chain device, so that the access request sent by a certain request user on the request chain by using the user terminal can be acquired; the target chain receives the access request, inquires a private access list according to the access request, and sends a verification passing instruction to the cross-chain device after the inquiry is passed, so that whether the user terminal has the qualification of accessing the target chain can be determined; by generating a first dynamic request code according to the access request and a time stamp when the cross-link device receives the verification passing instruction, sending the first dynamic request code to the user terminal and sending the time stamp to the target chain, the first dynamic request code with the access request and the time stamp when the first dynamic request code is generated can be generated and sent to the target chain; the user terminal sends the access request to the target chain through the cross-chain device and carries the first dynamic request code, so that the first dynamic request code and the access request can be returned; and generating a second dynamic request code according to the access request and the time stamp through the target chain, judging whether the second dynamic request code is consistent with the first dynamic request code, if so, establishing a transmission channel with the user terminal so that the user terminal can acquire data in the target chain through the transmission channel, generating the second dynamic request code by using the time stamp, and then verifying whether the first dynamic request code is consistent by using the second dynamic request code, and if so, establishing the transmission channel with the user terminal so that the user terminal acquires the data on the target chain through the transmission channel.
As shown in fig. 7, for a computer device provided in an embodiment of the present disclosure, the computer device runs the distributed identity-based cross-chain data acquisition method described herein, and the computer device 702 may include one or more processors 704, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. The computer device 702 may also include any memory 706 for storing any kind of information, such as code, settings, data, etc. For example, and without limitation, the memory 706 may include any one or more of the following combinations: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any memory may store information using any technique. Further, any memory may provide volatile or non-volatile retention of information. Further, any memory may represent fixed or removable components of computer device 702. In one case, the computer device 702 can perform any of the operations of the associated instructions when the processor 704 executes the associated instructions stored in any memory or combination of memories. The computer device 702 also includes one or more drive mechanisms 708, such as a hard disk drive mechanism, an optical disk drive mechanism, and the like, for interacting with any memory.
The computer device 702 may also include an input/output module 710 (I/O) for receiving various inputs (via an input device 712) and for providing various outputs (via an output device 714). One particular output mechanism may include a presentation device 716 and an associated Graphical User Interface (GUI) 718. In other embodiments, input/output module 710 (I/O), input device 712, and output device 714 may not be included as just one computer device in a network. The computer device 702 can also include one or more network interfaces 720 for exchanging data with other devices via one or more communication links 722. One or more communication buses 724 couple the above-described components together.
Communication link 722 may be implemented in any manner, for example, through a local area network, a wide area network (e.g., the internet), a point-to-point connection, etc., or any combination thereof. Communication link 722 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.
Corresponding to the method in fig. 2-5, the present description embodiment also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the above method.
The present description also provides computer-readable instructions, wherein the program therein causes the processor to perform the method as shown in fig. 2-5 when the processor executes the instructions.
It should be understood that, in various embodiments of the present disclosure, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation of the embodiments of the present disclosure.
It should also be understood that, in the embodiments of the present specification, the term "and/or" is merely one association relationship describing the association object, meaning that three relationships may exist. For example, a and/or B may represent: a exists alone, A and B exist together, and B exists alone. In the present specification, the character "/" generally indicates that the front and rear related objects are an or relationship.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the various example components and steps have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present specification.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided in this specification, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purposes of the embodiments of the present description.
In addition, each functional unit in each embodiment of the present specification may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present specification is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present specification. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The principles and embodiments of the present specification are explained in this specification using specific examples, the above examples being provided only to assist in understanding the method of the present specification and its core ideas; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope based on the ideas of the present specification, the present description should not be construed as limiting the present specification in view of the above.

Claims (8)

1. The method for acquiring the cross-chain data based on the distributed identity recognition is characterized by comprising the following steps of:
Acquiring an access request of a user terminal on a request chain by a cross-chain device, wherein the access request comprises a user account, a target chain address and a terminal current address;
the target chain receives the access request, inquires a private access list according to the access request, and sends a verification passing instruction to the cross-chain device after the inquiry is passed;
When the cross-link device receives the verification passing instruction, generating a first dynamic request code according to the current address of the terminal, the user account, a source chain number and a time stamp, and sending the first dynamic request code to the user terminal, and sending the time stamp to the target chain;
the user terminal sends the access request to the target chain through the cross-chain device and carries the first dynamic request code;
The target chain queries the private access list according to the user account to obtain a terminal reserved address of the user account, generates a second dynamic request code according to the terminal reserved address, the user account, the target chain address and a timestamp, judges whether the second dynamic request code is consistent with the first dynamic request code, and if so, establishes a transmission channel with the user terminal so that the user terminal can acquire data in the target chain through the transmission channel;
The generating a first dynamic request code according to the current address of the terminal, the user account, the source chain number and the timestamp and sending the first dynamic request code to the user terminal further comprises:
The cross-link device receives the access request and analyzes the access request to obtain the user account, a target link address and a current terminal address;
the cross-chain device queries a permission table according to the user account to obtain the source chain number corresponding to the user account;
the cross-link device generates a time stamp, and performs hash operation after splicing the current address of the terminal, the user account, the source link number and the time stamp to obtain the first dynamic request code;
The target chain queries the private access list according to the user account to obtain a terminal reserved address of the user account, and generates a second dynamic request code according to the terminal reserved address, the user account, the target chain address and a time stamp, and the method further comprises the following steps:
the target chain receives the access request and analyzes the access request to obtain the user account, the target chain address and the current address of the terminal;
The target chain queries all registered account information in the private access list according to the user account traversal to obtain a terminal reserved address corresponding to the user account and a corresponding source chain number;
and the target chain performs hash operation after splicing the terminal reserved address, the user account, the source chain number and the time stamp to obtain the second dynamic request code.
2. The distributed identity based cross-chain data acquisition method of claim 1, comprising, prior to the target chain receiving the access request and querying a private access list in accordance with the access request:
The cross-link device receives the access request and analyzes the access request to obtain a user account, a target link address and a current terminal address;
and the cross-link device uses all the registered account information in the user account traversal query authority table to determine whether the user account has the authority to access the target link, if so, the access request is sent to the target link according to the target link address, wherein the registered account information comprises registered accounts in all links, corresponding source link numbers, corresponding terminal current addresses and the access authority of each registered account to each link.
3. The distributed identity based cross-chain data acquisition method of claim 1, wherein the target chain receives the access request and queries a private access list according to the access request, further comprising:
the target chain receives the access request and analyzes the access request to obtain the user account, the target chain address and the current address of the terminal;
The target chain uses the user account traversal to inquire all registered account information in the private access list, wherein the registered account information comprises registered accounts in the target chain, corresponding source chain numbers and corresponding terminal reserved addresses;
If the registered account consistent with the user account is obtained through traversal, the inquiry is passed;
if the user account is not traversed to obtain the registered account consistent with the user account, the query is not passed.
4. The method for acquiring cross-link data based on distributed identity recognition according to claim 3, wherein the step of establishing a transmission channel with the user terminal further comprises:
the target chain uses the current address of the terminal and the user terminal to create a transmission thread;
and the target chain calculates the transmission interruption time after adding the time stamp and the preset transmission time length, and takes the transmission interruption time as the transmission thread deleting time to obtain the transmission channel.
5. The method for acquiring data across chains based on distributed identity recognition according to claim 1, wherein after the step of enabling the user terminal to acquire the data in the target chain through the transmission channel, the method comprises:
and the target chain acquires a transmission termination instruction sent by the user terminal, and deletes the transmission channel for transmitting with the user terminal.
6. The utility model provides a cross-chain data acquisition device based on distributed identification which characterized in that includes:
The request acquisition unit is used for acquiring an access request of a user terminal on a request chain through the cross-chain device, wherein the access request comprises a user account, a target chain address and a terminal current address;
the list query unit is used for receiving the access request by the target chain, querying a private access list according to the access request, and sending a verification passing instruction to the cross-chain device after the query is passed;
The dynamic code generation unit is used for generating a first dynamic request code according to the current address of the terminal, the user account, the source chain number and the timestamp and sending the first dynamic request code to the user terminal and sending the timestamp to the target chain when the cross-chain device receives the verification passing instruction; the dynamic code generating unit is further used for receiving the access request and analyzing to obtain the user account, the target chain address and the current address of the terminal; inquiring a permission table according to the user account to obtain the source chain number corresponding to the user account; generating a time stamp, and performing hash operation after splicing the current address of the terminal, the user account, the source chain number and the time stamp to obtain the first dynamic request code;
the request code transmission unit is used for sending the access request to the target chain through the cross-chain device by the user terminal and carrying the first dynamic request code;
the channel establishing unit is used for inquiring the private access list by the target chain according to the user account to obtain a terminal reserved address of the user account, generating a second dynamic request code according to the terminal reserved address, the user account, the target chain address and a timestamp, judging whether the second dynamic request code is consistent with the first dynamic request code, and establishing a transmission channel with the user terminal if the second dynamic request code is consistent with the first dynamic request code, so that the user terminal can acquire data in the target chain through the transmission channel; the channel establishing unit is further used for receiving the access request and analyzing to obtain the user account, the target chain address and the current address of the terminal; inquiring all registered account information in the private access list according to the user account traversal to obtain a terminal reserved address corresponding to the user account and a corresponding source chain number; and splicing the terminal reserved address, the user account, the source chain number and the timestamp, and then performing hash operation to obtain the second dynamic request code.
7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements a distributed identity based cross-chain data acquisition method as claimed in any one of claims 1 to 5 when the computer program is executed.
8. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program, which when executed by a processor implements a distributed identity based cross-chain data acquisition method according to any one of claims 1-5.
CN202410167670.6A 2024-02-06 2024-02-06 Cross-chain data acquisition method and device based on distributed identity recognition Active CN117708787B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410167670.6A CN117708787B (en) 2024-02-06 2024-02-06 Cross-chain data acquisition method and device based on distributed identity recognition

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410167670.6A CN117708787B (en) 2024-02-06 2024-02-06 Cross-chain data acquisition method and device based on distributed identity recognition

Publications (2)

Publication Number Publication Date
CN117708787A CN117708787A (en) 2024-03-15
CN117708787B true CN117708787B (en) 2024-04-26

Family

ID=90148377

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410167670.6A Active CN117708787B (en) 2024-02-06 2024-02-06 Cross-chain data acquisition method and device based on distributed identity recognition

Country Status (1)

Country Link
CN (1) CN117708787B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108366105A (en) * 2018-01-30 2018-08-03 百度在线网络技术(北京)有限公司 Data access method, device, system and the computer-readable medium of transregional piece of chain
CN109861968A (en) * 2018-12-13 2019-06-07 平安科技(深圳)有限公司 Resource access control method, device, computer equipment and storage medium
CN113807960A (en) * 2021-03-04 2021-12-17 京东科技控股股份有限公司 Cross-link processing method, device and system between heterogeneous chains and electronic equipment
CN115968481A (en) * 2020-04-15 2023-04-14 艾格斯有限责任公司 Smart assertion token for authenticating and controlling network communications using distributed ledgers
KR20230089520A (en) * 2021-12-13 2023-06-20 서울과학기술대학교 산학협력단 Access token management system and method using blockchain
CN117335958A (en) * 2023-10-14 2024-01-02 东南大学 Identity authentication method oriented to alliance chain crossing

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108366105A (en) * 2018-01-30 2018-08-03 百度在线网络技术(北京)有限公司 Data access method, device, system and the computer-readable medium of transregional piece of chain
CN109861968A (en) * 2018-12-13 2019-06-07 平安科技(深圳)有限公司 Resource access control method, device, computer equipment and storage medium
CN115968481A (en) * 2020-04-15 2023-04-14 艾格斯有限责任公司 Smart assertion token for authenticating and controlling network communications using distributed ledgers
CN113807960A (en) * 2021-03-04 2021-12-17 京东科技控股股份有限公司 Cross-link processing method, device and system between heterogeneous chains and electronic equipment
KR20230089520A (en) * 2021-12-13 2023-06-20 서울과학기술대학교 산학협력단 Access token management system and method using blockchain
CN117335958A (en) * 2023-10-14 2024-01-02 东南大学 Identity authentication method oriented to alliance chain crossing

Also Published As

Publication number Publication date
CN117708787A (en) 2024-03-15

Similar Documents

Publication Publication Date Title
WO2019237813A1 (en) Method and device for scheduling service resource
US20160021111A1 (en) Method, Terminal Device, and Network Device for Improving Information Security
CN107528865A (en) The method for down loading and system of file
CN110995656B (en) Load balancing method, device, equipment and storage medium
WO2016165505A1 (en) Connection control method and apparatus
CN109246078B (en) Data interaction method and server
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN111061685A (en) Log query method and device, node equipment and storage medium
CN115225269A (en) Key management method, device and system for distributed password card
CN110602130B (en) Terminal authentication system and method, equipment terminal and authentication server
CN111090616B (en) File management method, corresponding device, equipment and storage medium
CN103428176A (en) Mobile user accessing mobile Internet application method and system and application server
CN111786996A (en) Cross-domain synchronous login state method and device and cross-domain synchronous login system
CN109905352B (en) Method, device and storage medium for auditing data based on encryption protocol
CN117708787B (en) Cross-chain data acquisition method and device based on distributed identity recognition
CN113784354A (en) Request conversion method and device based on gateway
CN117294540B (en) Method, device and system for acquiring private data across chains based on role authorization
WO2021098213A1 (en) Trusted state monitoring method, device, and medium
CN104753774A (en) Distributed enterprise integrated access gateway
CN117336022A (en) Method, system, terminal and storage medium for authenticating power terminal in trusted WLAN
CN104396216A (en) Methods for identifying network traffic characteristics to correlate and manage one or more subsequent flows and devices thereof
US20230135920A1 (en) Network device authentication
CN116522308A (en) Database account hosting method, device, computer equipment and storage medium
CN112039921B (en) Verification method for parking access, parking user terminal and node server
KR20140113276A (en) Self-configuring local area network security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant