WO2020140931A1 - Blockchain access control method and apparatus, and electronic device - Google Patents

Blockchain access control method and apparatus, and electronic device Download PDF

Info

Publication number
WO2020140931A1
WO2020140931A1 PCT/CN2020/070058 CN2020070058W WO2020140931A1 WO 2020140931 A1 WO2020140931 A1 WO 2020140931A1 CN 2020070058 W CN2020070058 W CN 2020070058W WO 2020140931 A1 WO2020140931 A1 WO 2020140931A1
Authority
WO
WIPO (PCT)
Prior art keywords
organization
blockchain
identity information
information
identity
Prior art date
Application number
PCT/CN2020/070058
Other languages
French (fr)
Chinese (zh)
Inventor
张昇
刘旭进
Original Assignee
菜鸟智能物流控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 菜鸟智能物流控股有限公司 filed Critical 菜鸟智能物流控股有限公司
Publication of WO2020140931A1 publication Critical patent/WO2020140931A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • the present invention relates to the field of blockchain technology, and in particular, to a blockchain access control method and device, and electronic equipment.
  • the alliance chain is a kind of blockchain technology, which is a blockchain jointly managed by several organizations or institutions.
  • each organization institution
  • the prior art has at least the following problems:
  • the private node in order to enable members of organizations that are not qualified to join the alliance chain to participate in the alliance chain, the private node has an authentication center It is used to authorize members (users) belonging to organizations that are not qualified to join the alliance chain. Only authorized members can participate in the alliance chain.
  • Embodiments of the present invention provide a block chain access control method and device, and electronic equipment, to solve the defect in the prior art that an organization member must be authorized by the organization when accessing the alliance chain.
  • an embodiment of the present invention provides a block chain access control method, including:
  • the identity information pair including member identity information and organization identity information, wherein the member identity information is associated with corresponding organization identity information;
  • An embodiment of the present invention also provides a block chain access control device, including:
  • the identity information establishment module is used to establish an associated identity information pair on the local device of the organization to be added to the blockchain.
  • the identity information pair includes member identity information and organization identity information, wherein the member identity information is associated with each other Organizational identity information;
  • the signature information generation module is used to perform signature operations on the transaction data generated by the members of the organization according to the member identity information to generate signature information;
  • the access control module is used to transmit the transaction data, the organization identity information and the signature information to a public node in the blockchain or a private node in the blockchain.
  • An embodiment of the present invention also provides an electronic device, including:
  • a processor configured to run the program stored in the memory for:
  • the identity information pair including member identity information and organization identity information, wherein the member identity information is associated with corresponding organization identity information;
  • the block chain access control method and device and electronic equipment provided in the embodiments of the present invention realize the qualification of joining the alliance chain by establishing associated organization identity information and member identity information for the organization and its members to be added to the blockchain
  • the decentralization of the organization does not require organizations that are qualified to join the alliance chain to authorize members of organizations that are not qualified to join the alliance chain.
  • the member uses the member identity information to initiate a transaction, the association between the member identity information and the organization identity information is used , Can determine the corresponding organization identity information to verify the identity of the organization, and then achieve access control to the blockchain.
  • FIG. 1 is a system block diagram of a business system provided by an embodiment of the present invention.
  • FIG. 2 is a flowchart of an embodiment of a method for access control of a blockchain provided by the present invention
  • FIG. 3 is a flowchart of another embodiment of the block chain access control method provided by the present invention.
  • FIG. 4 is a schematic structural diagram of an embodiment of a block chain access control device provided by the present invention.
  • FIG. 5 is a schematic structural diagram of another embodiment of a block chain access control device provided by the present invention.
  • FIG. 6 is a schematic structural diagram of an embodiment of an electronic device provided by the present invention.
  • this application proposes a blockchain access control scheme, the main principles of which are: setting up a public node on the blockchain, and establishing an associated identity information pair on the local device of the organization to be added to the blockchain That is, establish organizational identity information for the organization, establish membership identity information for the members in the organization, and the member identity information is associated with the corresponding organizational identity information.
  • the correlation between the member identity information and the organization identity information can be used to determine the corresponding organization identity information to verify the organization identity, thereby achieving access control to the blockchain. Therefore, the decentralization of the organization can be achieved, and when members access the blockchain, there is no need for the organization to authorize the members.
  • the private node refers to that the relevant organization that has the qualification to join the alliance chain needs to authorize and pass the private node to the members of the organization that does not have the qualification to join the alliance chain.
  • Private nodes send transactions initiated by members of the organization to the blockchain.
  • the public node refers to that members in related organizations that are not qualified to join the alliance chain do not need to be authorized by the private node of the organization that is qualified to join the alliance chain, but use the associated identity established by the solution of the present invention through the public node Information pair to verify the identity of the organization, so as to send transactions initiated by members of organizations that are not eligible to join the alliance chain to the blockchain through public nodes.
  • the nodes can be divided into two types: one type is a node (private node) established by an organization that has the ability to self-build a node; the other type is for a node that does not have capacity building or is unwilling to build a node Organizations, the nodes (public nodes) established by blockchain service providers for these organizations.
  • the functions of the two types of nodes are the same, and both use the associated identity information pairs to verify the identity of the organization, and send transactions initiated by members of the organization to the blockchain.
  • FIG. 1 is a system block diagram of a business system provided by an embodiment of the present invention.
  • the structure shown in FIG. 1 is only one example of a business system to which the technical solution of the present invention can be applied.
  • the business system includes an access control device.
  • the device includes: an identity information establishment module, a signature information generation module, and an access control module, which can be used to execute the processing flow shown in FIGS. 2 and 3 described below.
  • an associated identity information pair is established on the local device of the organization to be added to the blockchain.
  • the identity information pair includes member identity information and organization identity information, where the member identity information is associated with the corresponding organization Identity information; when a member initiates a transaction, the generated transaction data is signed according to the member identity information in the above identity information pair to generate signature information; then, the transaction data, organization identity information, and signature information are transmitted to
  • the public node in the blockchain or the private node in the blockchain is sent to the blockchain after the identity verification by the public node or private node; finally, the corresponding node in the blockchain sends it to the public node or private node Identity verification; when the number of nodes with successful identity verification is greater than or equal to the preset number, the transaction results are stored to the nodes in the blockchain.
  • the decentralization of organizations that are eligible to join the alliance chain can be achieved, and organizations that do not need to join the alliance chain are not required to join the alliance
  • the member of the chain-qualified organization authorizes, when the member uses the member identity information to initiate a transaction, the association of the member identity information and the organization identity information can be used to determine the corresponding organization identity information to verify the organization identity, and then realize Access control to the blockchain.
  • FIG. 2 is a flowchart of an embodiment of a block chain access control method provided by the present invention.
  • the method may be executed by the above-mentioned business system, or may be a block chain service provider server device, or may be integrated in Devices or chips on these server devices.
  • the access control method of the blockchain includes the following steps:
  • an associated identity information pair needs to be established for the organization to be added to the blockchain.
  • the established identity information pair includes the organization identity information established for the organization and the member identity information established for the members in the organization, wherein the member identity information is associated with the corresponding organization identity information.
  • S202 Perform signature operation on the transaction data generated by the members of the organization according to the member identity information to generate signature information.
  • the generated transaction data may be signed according to the member identity information, thereby generating signature information.
  • S203 Transmit transaction data, organization identity information and signature information to a public node in the blockchain or a private node in the blockchain. After the public node or private node passes the identity verification, it is sent to the blockchain.
  • the corresponding node in the blockchain authenticates the information sent by the public node or the private node.
  • the block chain access control method provided by the embodiment of the present invention realizes the decentralization of organizations qualified to join the alliance chain by establishing associated organization identity information and member identity information for the organizations and their members to be added to the blockchain , No organization with qualification to join alliance chain is required to authorize members of organizations without qualification to join alliance chain.
  • members use member identity information to initiate transactions, the association of member identity information and organization identity information can be used to determine the corresponding organization Identity information, to verify the identity of the organization, and then achieve access control to the blockchain.
  • FIG. 3 is a flowchart of another embodiment of a block chain access control method provided by the present invention.
  • the associated identity information pair established for the organization to be added to the blockchain and its members is an asymmetric key pair, where the member identity information It is the private key in the asymmetric key pair, and the organization identity information is the public key in the asymmetric key pair.
  • the block chain access control method provided in this embodiment may further include the following steps:
  • S301 Establish an asymmetric key pair on the local device of the organization to be added to the blockchain according to the elliptic curve encryption algorithm.
  • an asymmetric key pair includes two keys: a public key (public key, that is, a public key) and a private key (private key, that is, a private key).
  • the public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt. If the private key is used to encrypt data, then only the corresponding public key can be used to decrypt.
  • the private key in the asymmetric key pair can be used to determine the characteristics of the corresponding public key, and the asymmetric key pair is used as the identity information pair of the organization and its members.
  • an elliptic curve encryption algorithm (Elliptic curve encryption, ECC for short) can be used to establish an asymmetric key pair on the local device of the organization to be added to the blockchain, for example, the secp256k1 algorithm can be used .
  • ECC elliptic curve encryption
  • other encryption algorithms may also be used to obtain the asymmetric key pair, for example, RSA algorithm, Elgamal algorithm, knapsack algorithm, Rabin algorithm, D-H algorithm, etc.
  • the organization address of the organization may be added to the white list of the blockchain in advance, so as to subsequently perform identity authentication and admission permission.
  • the details are as described in steps S302 and S303 below.
  • the public key is organizational identity information established for an organization and can represent the identity of the organization. Therefore, the organization address identifying the organization can be generated based on the public key assigned to the organization.
  • the asymmetric key pair corresponding to member b is (private key M2, public key N2);
  • the asymmetric key pair corresponding to member c is (private key M3, public key N3);
  • the organization corresponds to three public keys.
  • an organization can also correspond to one or more organization addresses (calculated by each public key).
  • the hash value of the public key can be calculated first, and the array of the hash value of the public key and the network version number of the blockchain can be calculated; then, the array can be hashed to obtain the verification Code, and add the verification code to the above array; finally, the address array is added with the verification code to generate the organization address.
  • the public key can be processed by the SHA-256 algorithm to obtain a 32-byte hash value, and then processed by the RIEPMD-160 algorithm to obtain a 20-byte hash value; then, at 20 words Add the network version number of the blockchain to the head of the hash value of the section to form a 21-byte array; after performing two hash calculations on the 21-byte array, use the first 4 bytes of the calculation result as The check code is added to the end of the 21-byte array to form a 25-byte array; finally, the 25-byte array is encoded using the Base58 algorithm to obtain the organization address.
  • S305 Perform encryption processing on the hash value of the transaction data according to the private key, and encode the encryption processing result to generate signature information.
  • the transaction data generated by the member in the organization is signed according to the private key to generate signature information.
  • the hash value of the transaction data can be calculated first, and then the hash value of the transaction data is encrypted according to the private key, and the encryption processing result is encoded to generate signature information.
  • the transaction data can be processed by the SHA-256 algorithm to obtain a 32-byte hash value; then, the elliptic curve digital signature is applied to the 32-byte hash value according to the private key
  • the algorithm (EllipticCurveDigitalSignatureAlgorithm; referred to as: ECDSA) secp256k1 algorithm for signature processing, and Base64 encoding of the signature processing results to obtain signature information.
  • S306 Generate an identity verification public key based on the transaction data and signature information, and verify whether the generated identity verification public key is consistent with the public key in the received asymmetric key pair.
  • the identity verification public key can be derived from the transaction data and signature information, and the derived identity verification public key can be verified for consistency with the public key sent directly to the public node. If they match, the signature verification by. You can first decode the signature information and calculate the hash value of the transaction data; then, based on the decoded signature information and the hash value of the transaction data, generate an identity verification public key.
  • the signature information can be Base64 decoded, and the transaction data can be processed by the SHA-256 algorithm to obtain a 32-byte hash value; then, the decoded signature information and the decoded signature information can be obtained by the ECDSA secp256k1 algorithm. The hash value of the transaction data is processed to obtain the identity verification public key.
  • S307 Generate an identity verification address based on the generated identity verification public key, and verify whether the identity verification address exists in the white list.
  • the operation of generating an identity verification address based on the generated identity verification public key is the same as the operation of generating an organization address based on the public key in step S302 above, and details are not described herein again.
  • the identity verification address is generated by the generated identity verification public key, verify whether the identity verification address exists in the white list to verify the identity of the organization in the smart contract.
  • S308 Perform decryption processing on the signature information according to the generated identity verification public key, and verify the consistency of the decrypted data and the transaction data.
  • the signature information is decrypted according to the generated identity verification public key, and the consistency between the decrypted data and the transaction data is verified, thereby verifying whether the transaction data initiated by the organization belongs to the block chain.
  • Organization to prevent the organization from operating data from other organizations.
  • At least one private node may be provided on the blockchain, and the private node has a certification center (CA center), which may be used to treat organizations that join the blockchain through the private node Authorized by members of. That is to say, in the embodiment of the present invention, an organization that has the ability to self-build a node can also authorize members through a self-built private node, and send transactions initiated by members of the organization to the blockchain through the private node.
  • CA center certification center
  • the access control method of the blockchain realizes the decentralization of organizations that are eligible to join the alliance chain by establishing asymmetric key pairs for the organizations and members to join the blockchain, without having to join the alliance Chain-qualified organizations authorize members of organizations that are not qualified to join the consortium chain.
  • members initiate transactions, they use private keys to sign transaction data, and use the correlation between private keys and public keys.
  • the public key representing the identity of the organization is pushed out to verify the identity of the organization, thereby achieving access control to the blockchain.
  • FIG. 4 is a schematic structural diagram of an embodiment of a block chain access control device provided by the present invention, and can be used to execute the method steps shown in FIG. 2.
  • the access control device of the blockchain may include: an identity information establishment module 41, a signature information generation module 42, and an access control module 43.
  • the identity information establishment module 41 can be used to establish an associated identity information pair on the local device of the organization to be added to the blockchain, the identity information pair includes member identity information and organization identity information, wherein the member identity information is associated with For organization identity information; signature information generation module 42 can be used to sign transaction data generated by members of the organization based on member identity information to generate signature information; access control module 43 can be used to integrate transaction data and organization identity information
  • the signature information is transmitted to a public node in the blockchain or a private node in the blockchain. After the identity verification is passed by the public node or the private node, it is sent to the blockchain.
  • the identity information establishing module 41 needs to establish an associated identity information pair for the organization to be added to the blockchain.
  • the established identity information pair includes the organization identity information established for the organization and the member identity information established for the members in the organization.
  • the signature information generation module 42 may sign the generated transaction data according to the member identity information generated by the identity information establishment module 41, thereby generating signature information.
  • the access control module 43 can transmit the transaction data generated by the organization members, the member identity information established by the identity information establishment module 41 for the organization members and the signature information generated by the signature information generation module 42 together to a public node or private in the blockchain Nodes are sent to the blockchain after being authenticated by public or private nodes.
  • the block chain access control device realizes the decentralization of organizations qualified to join the consortium chain by establishing associated organization identification information and member identification information for the organizations and their members to be added to the block chain , No organization with qualification to join alliance chain is required to authorize members of organizations without qualification to join alliance chain.
  • members use member identity information to initiate transactions, the association of member identity information and organization identity information can be used to determine the corresponding organization Identity information, to verify the identity of the organization, and then achieve access control to the blockchain.
  • FIG. 5 is a schematic structural diagram of another embodiment of a block chain access control device provided by the present invention, and can be used to execute the method steps shown in FIG. As shown in FIG. 5, on the basis of the embodiment shown in FIG. 4 above, the block chain access control device provided by the embodiment of the present invention may further include: an identity verification module 53 and a sending module 54.
  • the identity verification module 53 is set in the corresponding node in the blockchain to perform identity verification on the information sent by the public node or the private node; the sending module 54 is used when the number of nodes successfully authenticated is greater than or equal to the preset number, Store transaction results to nodes in the blockchain.
  • the identity information establishment module 41 establishes an associated asymmetric key pair for the organization to be added to the blockchain and its members, where the member identity information is the private key in the asymmetric key pair, The organization identity information is the public key in the asymmetric key pair.
  • the identity information establishment module 41 may be specifically used to establish an asymmetric key on the local device of the organization to be added to the blockchain according to the elliptic curve encryption algorithm Correct.
  • an asymmetric key pair includes two keys: a public key (public key, that is, a public key) and a private key (private key, that is, a private key).
  • the public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt. If the private key is used to encrypt data, then only the corresponding public key can be used to decrypt.
  • the identity information establishment module 41 can determine the characteristics of the corresponding public key by using the private key in the asymmetric key pair, and uses the asymmetric key pair as the identity information pair of the organization and its members.
  • the identity information establishment module 41 may use ECC to establish an asymmetric key pair on the local device of the organization to be added to the blockchain, for example, the secp256k1 algorithm may be used.
  • ECC ECC
  • other encryption algorithms may also be used to obtain the asymmetric key pair, for example, RSA algorithm, Elgamal algorithm, knapsack algorithm, Rabin algorithm, D-H algorithm, etc.
  • the access control device of the blockchain may further include: an address generation module 51 and a registration module 52.
  • the address generation module 51 can be used to generate an organization address for identifying an organization based on the public key in the asymmetric key pair; the registration module 52 can be used to register the organization address in the blockchain whitelist.
  • the public key is the organization identity information established by the identity information establishment module 41 for the organization, and can represent the identity of the organization. Therefore, the address generation module 51 can generate an identity identifying the organization based on the public key assigned to the organization Organization address.
  • the address generation module 51 can first calculate the hash value of the public key, and combine the hash value of the public key with the network version number of the blockchain; then, hash the array to obtain the verification code, and Add the verification code to the above array; finally, the address array is added with the verification code to generate the organization address.
  • the address generation module 51 may use the SHA-256 algorithm to process the public key to obtain a 32-byte hash value, and then use the RIEPMD-160 algorithm to obtain a 20-byte hash value; then , Add the network version number of the blockchain to the head of the 20-byte hash value to form a 21-byte array; after performing two hash calculations on the 21-byte array, the first 4 of the calculation result will be Each byte is added as a check code to the end of the 21-byte array to form a 25-byte array; finally, the 25-byte array is encoded using the Base58 algorithm to obtain the organization address.
  • the signature information generation module 42 may first calculate the hash value of the transaction data, and then encrypt the hash value of the transaction data according to the private key, and Encoding the encryption processing result to generate signature information.
  • the signature information generation module 42 may perform SHA-256 algorithm processing on the transaction data to obtain a 32-byte hash value; then, the 32-byte hash value according to the private key
  • the secp256k1 algorithm in ECDSA is used for signature processing, and the signature processing result is Base64 encoded to obtain signature information.
  • the access control module 43 may be specifically used to generate an identity verification public key based on transaction data and signature information on a public node, and verify the generated identity verification key and the public key in the received asymmetric key pair Is consistent; used to generate an identity verification address based on the generated identity verification public key and verify that the identity verification address exists in the white list; and, used to decrypt signature information based on the generated identity verification public key, And verify the consistency of the decrypted data and transaction data.
  • the access control module 43 may derive the identity verification public key based on the transaction data and signature information, and perform consistency verification on the derived identity verification key and the public key directly sent to the public node. If they match, the signature verification is passed.
  • the access control module 43 may first decode the signature information and calculate the hash value of the transaction data; then, based on the decoded signature information and the hash value of the transaction data, generate an identity verification public key.
  • the access control module 43 may perform Base64 decoding on the signature information, and perform SHA-256 algorithm processing on the transaction data to obtain a 32-byte hash value; then, after decoding through the ECDSA secp256k1 algorithm The signature information and the hash value of the transaction data are processed to obtain the identity verification public key.
  • the process of the access control module 43 generating the identity verification address based on the public key is the same as the operation of the address generating module 51 generating the organization address based on the public key, and will not be repeated here.
  • the access control module 43 After generating the identity verification address through the public key, the access control module 43 verifies whether the identity verification address exists in the white list to verify the identity of the organization in the smart contract. Then, the access control module 43 can also decrypt the signature information according to the generated identity verification public key, and verify the consistency of the decrypted data and the transaction data, thereby verifying whether the transaction data initiated by the organization belongs in the blockchain The organization to prevent the organization from operating data from other organizations.
  • At least one private node may also be provided on the blockchain, and the private node has an authentication center, which may be used to authorize members of the organization that joined the blockchain through the private node . That is to say, in the embodiment of the present invention, an organization that has the ability to self-build a node can also authorize members through a self-built private node, and send transactions initiated by members of the organization to the blockchain through the private node.
  • the block chain access control device realizes the decentralization of organizations qualified to join the alliance chain by establishing asymmetric key pairs for the organizations and their members to be added to the blockchain, without having to join the alliance Chain-qualified organizations authorize members of organizations that are not qualified to join the consortium chain.
  • members initiate transactions, they use private keys to sign transaction data, and use the correlation between private keys and public keys.
  • the public key representing the identity of the organization is pushed out to verify the identity of the organization, thereby achieving access control to the blockchain.
  • FIG. 6 is a schematic structural diagram of an embodiment of an electronic device provided by the present invention. As shown in FIG. 6, the electronic device includes a memory 61 and a processor 62.
  • the memory 61 is used to store programs. In addition to the above-mentioned programs, the memory 61 may be configured to store various other data to support operations on the electronic device. Examples of these data include instructions for any application or method for operating on the electronic device, contact data, phone book data, messages, pictures, videos, etc.
  • the memory 61 may be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read only memory (EEPROM), erasable and removable Programmable read only memory (EPROM), programmable read only memory (PROM), read only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk.
  • SRAM static random access memory
  • EEPROM electrically erasable programmable read only memory
  • EPROM erasable and removable Programmable read only memory
  • PROM programmable read only memory
  • ROM read only memory
  • magnetic memory magnetic memory
  • flash memory magnetic disk or optical disk.
  • the processor 62 is coupled to the memory 61 and executes the program stored in the memory 61 for:
  • the identity information pair includes member identity information and organization identity information, where the member identity information association corresponds to the organization identity information;
  • the transaction data, organization identity information and signature information are transmitted to public nodes in the blockchain or private nodes in the blockchain, and the identity verification by the public nodes or private nodes is passed to the blockchain.
  • the electronic device may further include: a communication component 63, a power component 64, an audio component 65, a display 66, and other components. Only some components are schematically shown in FIG. 6, which does not mean that the electronic device includes only the components shown in FIG.
  • the communication component 63 is configured to facilitate wired or wireless communication between the electronic device and other devices.
  • Electronic devices can access wireless networks based on communication standards, such as WiFi, 2G or 3G, or a combination thereof.
  • the communication component 63 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel.
  • the communication component 63 further includes a near field communication (NFC) module to facilitate short-range communication.
  • NFC near field communication
  • the NFC module can be implemented based on radio frequency identification (RFID) technology, infrared data association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
  • RFID radio frequency identification
  • IrDA infrared data association
  • UWB ultra-wideband
  • Bluetooth Bluetooth
  • the power supply component 64 provides power for various components of the electronic device.
  • the power component 64 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for electronic devices.
  • the audio component 65 is configured to output and/or input audio signals.
  • the audio component 65 includes a microphone (MIC).
  • the microphone When the electronic device is in an operation mode, such as a call mode, a recording mode, and a voice recognition mode, the microphone is configured to receive an external audio signal.
  • the received audio signal may be further stored in the memory 61 or transmitted via the communication component 63.
  • the audio component 65 further includes a speaker for outputting audio signals.
  • the display 66 includes a screen, which may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from the user.
  • the touch panel includes one or more touch sensors to sense touch, swipe, and gestures on the touch panel. The touch sensor may not only sense the boundary of the touch or sliding action, but also detect the duration and pressure related to the touch or sliding operation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A blockchain access control method and apparatus, and an electronic device. The method comprises: establishing associated member identity information and organization identity information on a local device of an organization to be added to a blockchain; according to the member identity information, signing transaction data created by a member in the organization so as to generate signature information; and transmitting the transaction data, the organization identity information and the signature information to a common node or private node in the blockchain for identity verification, and sending the information to the blockchain. The method implements the decentralization of an organization by means of establishing associated organization identity information and member identity information for an organization to be added to a blockchain and the members thereof, and, when a member initiates a transaction by using the member identity information, corresponding organization identity information may be determined by using the association of the member identity information and organization identity information so as to verify the organization identity, thereby implementing access control for the blockchain.

Description

区块链的访问控制方法和装置以及电子设备Block chain access control method and device and electronic equipment
本申请要求2019年01月03日递交的申请号为201910005782.0、发明名称为“区块链的访问控制方法和装置以及电子设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requires the priority of the Chinese patent application with the application number 201910005782.0 and the invention titled "Blockchain Access Control Method and Device and Electronic Equipment" filed on January 03, 2019, the entire content of which is incorporated by reference in this application in.
技术领域Technical field
本发明涉及区块链技术领域,尤其涉及一种区块链的访问控制方法和装置以及电子设备。The present invention relates to the field of blockchain technology, and in particular, to a blockchain access control method and device, and electronic equipment.
背景技术Background technique
联盟链是区块链技术中的一种,是由若干组织或机构共同参与管理的区块链。在联盟链中,每个组织(机构)需要建设一个或多个私有节点,以便于其成员参与到联盟链中,因此,只有这些建立了私有节点的组织能够加入联盟链,不具有私有节点(没有能力建设或者不愿建设私有节点)、也不愿依附联盟链上其它具有私有节点的组织,则不具有加入该联盟链的资格。The alliance chain is a kind of blockchain technology, which is a blockchain jointly managed by several organizations or institutions. In the alliance chain, each organization (institution) needs to build one or more private nodes to facilitate its members to participate in the alliance chain. Therefore, only those organizations that have established private nodes can join the alliance chain, and do not have private nodes ( Without capacity building or unwillingness to build a private node), and unwilling to rely on other organizations with private nodes on the alliance chain, they are not eligible to join the alliance chain.
发明人在实现本发明的过程中,发现现有技术至少存在如下问题:在现有技术中,为了使得不具有加入联盟链资格的组织的成员能够参与到联盟链中,私有节点设有认证中心,用于对隶属于不具有加入联盟链资格的组织的成员(用户)进行授权,只有获得授权的成员才能参与到联盟链中。In the process of implementing the present invention, the inventor found that the prior art has at least the following problems: In the prior art, in order to enable members of organizations that are not qualified to join the alliance chain to participate in the alliance chain, the private node has an authentication center It is used to authorize members (users) belonging to organizations that are not qualified to join the alliance chain. Only authorized members can participate in the alliance chain.
发明内容Summary of the invention
本发明实施例提供一种区块链的访问控制方法和装置以及电子设备,以解决现有技术中组织成员访问联盟链时必须由组织授权的缺陷。Embodiments of the present invention provide a block chain access control method and device, and electronic equipment, to solve the defect in the prior art that an organization member must be authorized by the organization when accessing the alliance chain.
为达到上述目的,本发明实施例提供了一种区块链的访问控制方法,包括:To achieve the above objective, an embodiment of the present invention provides a block chain access control method, including:
在待加入区块链的组织的本地设备上建立相关联的身份信息对,所述身份信息对包括成员身份信息和组织身份信息,其中,所述成员身份信息关联对应的组织身份信息;Establishing an associated identity information pair on the local device of the organization to be added to the blockchain, the identity information pair including member identity information and organization identity information, wherein the member identity information is associated with corresponding organization identity information;
根据所述成员身份信息,对所述组织中的成员所产生的交易数据进行签名操作,生成签名信息;Based on the member identity information, sign the transaction data generated by the members of the organization to generate signature information;
将所述交易数据、所述组织身份信息和所述签名信息传输至所述区块链中的公共节点或所述区块链中的私有节点,由所述公共节点或私有节点进行身份验证通过后,发送 至所述区块链。Transmitting the transaction data, the organization identity information, and the signature information to a public node in the blockchain or a private node in the blockchain, and the public node or private node performs identity verification After that, send to the blockchain.
本发明实施例还提供了一种区块链的访问控制装置,包括:An embodiment of the present invention also provides a block chain access control device, including:
身份信息建立模块,用于在待加入区块链的组织的本地设备上建立相关联的身份信息对,所述身份信息对包括成员身份信息和组织身份信息,其中,所述成员身份信息关联对应的组织身份信息;The identity information establishment module is used to establish an associated identity information pair on the local device of the organization to be added to the blockchain. The identity information pair includes member identity information and organization identity information, wherein the member identity information is associated with each other Organizational identity information;
签名信息生成模块,用于根据所述成员身份信息,对所述组织中的成员所产生的交易数据进行签名操作,生成签名信息;The signature information generation module is used to perform signature operations on the transaction data generated by the members of the organization according to the member identity information to generate signature information;
访问控制模块,用于将所述交易数据、所述组织身份信息和所述签名信息传输至所述区块链中的公共节点或所述区块链中的私有节点,由所述公共节点或私有节点进行身份验证通过后,发送至所述区块链。The access control module is used to transmit the transaction data, the organization identity information and the signature information to a public node in the blockchain or a private node in the blockchain. The public node or After the identity verification of the private node is passed, it is sent to the blockchain.
本发明实施例还提供一种电子设备,包括:An embodiment of the present invention also provides an electronic device, including:
存储器,用于存储程序;Memory for storing programs;
处理器,用于运行所述存储器中存储的所述程序,以用于:A processor, configured to run the program stored in the memory for:
在待加入区块链的组织的本地设备上建立相关联的身份信息对,所述身份信息对包括成员身份信息和组织身份信息,其中,所述成员身份信息关联对应的组织身份信息;Establishing an associated identity information pair on the local device of the organization to be added to the blockchain, the identity information pair including member identity information and organization identity information, wherein the member identity information is associated with corresponding organization identity information;
根据所述成员身份信息,对所述组织中的成员所产生的交易数据进行签名操作,生成签名信息;Based on the member identity information, sign the transaction data generated by the members of the organization to generate signature information;
将所述交易数据、所述组织身份信息和所述签名信息传输至所述区块链中的公共节点或所述区块链中的私有节点,由所述公共节点或私有节点进行身份验证通过后,发送至所述区块链。Transmitting the transaction data, the organization identity information, and the signature information to a public node in the blockchain or a private node in the blockchain, and the public node or private node performs identity verification After that, send to the blockchain.
本发明实施例提供的区块链的访问控制方法和装置以及电子设备,通过为待加入区块链的组织及其成员建立相关联的组织身份信息和成员身份信息,实现具有加入联盟链资格的组织的去中心化,无需具有加入联盟链资格的组织对不具有加入联盟链资格的组织的成员进行授权,在该成员使用成员身份信息发起交易时,利用成员身份信息与组织身份信息的关联性,能够确定对应的组织身份信息,以对组织身份进行验证,进而实现对区块链的访问控制。The block chain access control method and device and electronic equipment provided in the embodiments of the present invention realize the qualification of joining the alliance chain by establishing associated organization identity information and member identity information for the organization and its members to be added to the blockchain The decentralization of the organization does not require organizations that are qualified to join the alliance chain to authorize members of organizations that are not qualified to join the alliance chain. When the member uses the member identity information to initiate a transaction, the association between the member identity information and the organization identity information is used , Can determine the corresponding organization identity information to verify the identity of the organization, and then achieve access control to the blockchain.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention. In order to understand the technical means of the present invention more clearly, it can be implemented in accordance with the content of the specification, and in order to make the above and other objects, features and advantages of the present invention more obvious and understandable The specific embodiments of the present invention are listed below.
附图说明BRIEF DESCRIPTION
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本申请的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:By reading the detailed description of the preferred embodiments below, various other advantages and benefits will become clear to those of ordinary skill in the art. The drawings are only for the purpose of showing the preferred embodiments, and are not considered to limit the present application. Furthermore, throughout the drawings, the same reference symbols are used to denote the same components. In the drawings:
图1为本发明实施例提供的业务系统的系统框图;1 is a system block diagram of a business system provided by an embodiment of the present invention;
图2为本发明提供的区块链的访问控制方法一个实施例的流程图;2 is a flowchart of an embodiment of a method for access control of a blockchain provided by the present invention;
图3为本发明提供的区块链的访问控制方法另一个实施例的流程图;FIG. 3 is a flowchart of another embodiment of the block chain access control method provided by the present invention;
图4为本发明提供的区块链的访问控制装置一个实施例的结构示意图;4 is a schematic structural diagram of an embodiment of a block chain access control device provided by the present invention;
图5为本发明提供的区块链的访问控制装置另一个实施例的结构示意图;5 is a schematic structural diagram of another embodiment of a block chain access control device provided by the present invention;
图6为本发明提供的电子设备实施例的结构示意图。6 is a schematic structural diagram of an embodiment of an electronic device provided by the present invention.
具体实施方式detailed description
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Hereinafter, exemplary embodiments of the present disclosure will be described in more detail with reference to the accompanying drawings. Although the exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure can be implemented in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided to enable a more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.
在现有的区块链技术中,只有建设私有节点的组织才能够加入联盟链,而不具有私有节点(没有能力建设,或者不愿建设私有节点)、也不愿依附联盟链上的其它具有私有节点的组织,则不具有加入联盟链的资格。为了使得不具有加入联盟链资格的组织的成员能够参与到联盟链中,私有节点设有认证中心,用于对隶属于不具有加入联盟链资格的组织的成员(用户)进行授权,只有获得授权的成员才能参与到联盟链中。因此,本申请提出了一种区块链的访问控制方案,其主要原理是:在区块链上设置公共节点,以及在待加入区块链的组织的本地设备上建立相关联的身份信息对,即,为组织建立组织身份信息,为组织中的成员建立成员身份信息,且成员身份信息关联对应的组织身份信息。在成员使用成员身份信息发起交易时,利用成员身份信息与组织身份信息的关联性,能够确定对应的组织身份信息,以对组织身份进行验证,进而实现对区块链的访问控制。因此,能够实现组织的去中心化,在成员访问区块链时,无需组织对成员进行授权。In the existing blockchain technology, only organizations that build private nodes can join the alliance chain, without private nodes (no capacity building, or unwillingness to build private nodes), and reluctance to rely on other owners of the alliance chain. Private node organizations are not eligible to join the alliance chain. In order to enable members of organizations that are not qualified to join the alliance chain to participate in the alliance chain, private nodes have a certification center for authorizing members (users) belonging to organizations that are not qualified to join the alliance chain, and only obtain authorization Members can participate in the alliance chain. Therefore, this application proposes a blockchain access control scheme, the main principles of which are: setting up a public node on the blockchain, and establishing an associated identity information pair on the local device of the organization to be added to the blockchain That is, establish organizational identity information for the organization, establish membership identity information for the members in the organization, and the member identity information is associated with the corresponding organizational identity information. When a member uses member identity information to initiate a transaction, the correlation between the member identity information and the organization identity information can be used to determine the corresponding organization identity information to verify the organization identity, thereby achieving access control to the blockchain. Therefore, the decentralization of the organization can be achieved, and when members access the blockchain, there is no need for the organization to authorize the members.
需要说明的是,在本发明方案的以下描述中,私有节点是指,相关的具有加入联盟链资格的组织需要通过其私有节点对不具有加入联盟链资格的组织的成员进行授权、并通过该私有节点将组织成员发起的交易发往区块链。公共节点是指,相关的不具有加入联盟链资格的组织中的成员无需通过具有加入联盟链资格的组织的私有节点进行授权,而是通过该公共节点利用本发明方案所建立的相关联的身份信息对,来实现组织身份的验证,从而通过公共节点将不具有加入联盟链资格的组织的成员发起的交易发往区块链。进一步地,在本发明的方案中,节点可以分为两类:一类为有能力自建节点的组织所建立的节点(私有节点);另一类为针对没有能力建设或者不愿建设节点的组织,区块链服务提供方为这些组织建立的节点(公共节点)。在本发明的方案中,这两类节点的功能相同,均为利用相关联的身份信息对来实现组织身份的验证,并将组织的成员发起的交易发往区块链。It should be noted that in the following description of the solution of the present invention, the private node refers to that the relevant organization that has the qualification to join the alliance chain needs to authorize and pass the private node to the members of the organization that does not have the qualification to join the alliance chain. Private nodes send transactions initiated by members of the organization to the blockchain. The public node refers to that members in related organizations that are not qualified to join the alliance chain do not need to be authorized by the private node of the organization that is qualified to join the alliance chain, but use the associated identity established by the solution of the present invention through the public node Information pair to verify the identity of the organization, so as to send transactions initiated by members of organizations that are not eligible to join the alliance chain to the blockchain through public nodes. Further, in the solution of the present invention, the nodes can be divided into two types: one type is a node (private node) established by an organization that has the ability to self-build a node; the other type is for a node that does not have capacity building or is unwilling to build a node Organizations, the nodes (public nodes) established by blockchain service providers for these organizations. In the solution of the present invention, the functions of the two types of nodes are the same, and both use the associated identity information pairs to verify the identity of the organization, and send transactions initiated by members of the organization to the blockchain.
本发明实施例提供的方法可应用于任何应用于区块链的业务系统。图1为本发明实施例提供的业务系统的系统框图,图1所示的结构仅仅是本发明的技术方案可以应用的业务系统的示例之一。如图1所示,该业务系统中包括访问控制装置。该装置包括:身份信息建立模块、签名信息生成模块和访问控制模块,可以用来执行下述图2和图3所示的处理流程。在该业务系统中,首先,在待加入区块链的组织的本地设备上建立相关联的身份信息对,该身份信息对包括成员身份信息和组织身份信息,其中,成员身份信息关联对应的组织身份信息;在成员发起交易时,则根据上述身份信息对中的成员身份信息,对产生的交易数据进行签名操作,生成签名信息;然后,将所述交易数据、组织身份信息和签名信息传输至区块链中的公共节点或区块链中的私有节点,由公共节点或私有节点进行身份验证通过后,发送至区块链;最后,由区块链中相应节点对公共节点或私有节点发送的信息进行身份验证;当身份验证成功的节点数量大于或等于预设数目,将交易结果存储至区块链中的节点。The method provided by the embodiment of the present invention can be applied to any business system applied to the blockchain. FIG. 1 is a system block diagram of a business system provided by an embodiment of the present invention. The structure shown in FIG. 1 is only one example of a business system to which the technical solution of the present invention can be applied. As shown in FIG. 1, the business system includes an access control device. The device includes: an identity information establishment module, a signature information generation module, and an access control module, which can be used to execute the processing flow shown in FIGS. 2 and 3 described below. In this business system, first, an associated identity information pair is established on the local device of the organization to be added to the blockchain. The identity information pair includes member identity information and organization identity information, where the member identity information is associated with the corresponding organization Identity information; when a member initiates a transaction, the generated transaction data is signed according to the member identity information in the above identity information pair to generate signature information; then, the transaction data, organization identity information, and signature information are transmitted to The public node in the blockchain or the private node in the blockchain is sent to the blockchain after the identity verification by the public node or private node; finally, the corresponding node in the blockchain sends it to the public node or private node Identity verification; when the number of nodes with successful identity verification is greater than or equal to the preset number, the transaction results are stored to the nodes in the blockchain.
通过为待加入区块链的组织及其成员建立相关联的组织身份信息和成员身份信息,实现具有加入联盟链资格的组织的去中心化,无需具有加入联盟链资格的组织对不具有加入联盟链资格的组织的成员进行授权,在该成员使用成员身份信息发起交易时,利用成员身份信息与组织身份信息的关联性,能够确定出对应的组织身份信息,以对组织身份进行验证,进而实现对区块链的访问控制。By establishing associated organization identity information and member identity information for organizations and their members to join the blockchain, the decentralization of organizations that are eligible to join the alliance chain can be achieved, and organizations that do not need to join the alliance chain are not required to join the alliance The member of the chain-qualified organization authorizes, when the member uses the member identity information to initiate a transaction, the association of the member identity information and the organization identity information can be used to determine the corresponding organization identity information to verify the organization identity, and then realize Access control to the blockchain.
上述实施例是对本发明实施例的技术原理和示例性的应用框架的说明,下面通过多 个实施例来进一步对本发明实施例具体技术方案进行详细描述。The above embodiments are descriptions of the technical principles and exemplary application frameworks of the embodiments of the present invention. The following describes the specific technical solutions of the embodiments of the present invention in detail through multiple embodiments.
实施例一Example one
图2为本发明提供的区块链的访问控制方法一个实施例的流程图,该方法的执行主体可以为上述业务系统,也可以为区块链服务提供方的服务器设备,也可以为集成在这些服务器设备上的装置或芯片。如图2所示,该区块链的访问控制方法包括如下步骤:FIG. 2 is a flowchart of an embodiment of a block chain access control method provided by the present invention. The method may be executed by the above-mentioned business system, or may be a block chain service provider server device, or may be integrated in Devices or chips on these server devices. As shown in Figure 2, the access control method of the blockchain includes the following steps:
S201,在待加入区块链的组织的本地设备上建立相关联的身份信息对。S201. Establish an associated identity information pair on the local device of the organization to be added to the blockchain.
在本发明实施例中,首先,需要为待加入区块链的组织建立相关联的身份信息对。建立的身份信息对包括为该组织建立的组织身份信息,以及为该组织中的成员建立的成员身份信息,其中,成员身份信息关联对应的组织身份信息。In the embodiment of the present invention, first, an associated identity information pair needs to be established for the organization to be added to the blockchain. The established identity information pair includes the organization identity information established for the organization and the member identity information established for the members in the organization, wherein the member identity information is associated with the corresponding organization identity information.
S202,根据成员身份信息,对该组织中的成员所产生的交易数据进行签名操作,生成签名信息。S202. Perform signature operation on the transaction data generated by the members of the organization according to the member identity information to generate signature information.
在本发明实施例中,在该组织中的成员发起交易时,可以根据上述成员身份信息对产生的交易数据进行签名操作,从而生成签名信息。In the embodiment of the present invention, when a member of the organization initiates a transaction, the generated transaction data may be signed according to the member identity information, thereby generating signature information.
S203,将交易数据、组织身份信息和签名信息传输至区块链中的公共节点或区块链中的私有节点,由公共节点或私有节点进行身份验证通过后,发送至区块链。S203: Transmit transaction data, organization identity information and signature information to a public node in the blockchain or a private node in the blockchain. After the public node or private node passes the identity verification, it is sent to the blockchain.
S204,由区块链中相应节点对公共节点或私有节点发送的信息进行身份验证。S204, the corresponding node in the blockchain authenticates the information sent by the public node or the private node.
S205,当身份验证成功的节点数量大于或等于预设数目,将交易结果存储至区块链中的节点。S205: When the number of nodes with successful identity verification is greater than or equal to the preset number, store the transaction result to the nodes in the blockchain.
本发明实施例提供的区块链的访问控制方法,通过为待加入区块链的组织及其成员建立相关联的组织身份信息和成员身份信息,实现具有加入联盟链资格的组织的去中心化,无需具有加入联盟链资格的组织对不具有加入联盟链资格的组织的成员进行授权,在成员使用成员身份信息发起交易时,利用成员身份信息与组织身份信息的关联性,能够确定对应的组织身份信息,以对组织身份进行验证,进而实现对区块链的访问控制。The block chain access control method provided by the embodiment of the present invention realizes the decentralization of organizations qualified to join the alliance chain by establishing associated organization identity information and member identity information for the organizations and their members to be added to the blockchain , No organization with qualification to join alliance chain is required to authorize members of organizations without qualification to join alliance chain. When members use member identity information to initiate transactions, the association of member identity information and organization identity information can be used to determine the corresponding organization Identity information, to verify the identity of the organization, and then achieve access control to the blockchain.
实施例二Example 2
图3为本发明提供的区块链的访问控制方法另一个实施例的流程图。如图3所示,在上述图2所示实施例的基础上,为待加入区块链的组织及其成员所建立的相关联的身份信息对为非对称密钥对,其中,成员身份信息为非对称密钥对中的私钥,组织身份信 息为非对称密钥对中的公钥。具体地,本实施例提供的区块链的访问控制方法还可以包括以下步骤:FIG. 3 is a flowchart of another embodiment of a block chain access control method provided by the present invention. As shown in FIG. 3, on the basis of the embodiment shown in FIG. 2 above, the associated identity information pair established for the organization to be added to the blockchain and its members is an asymmetric key pair, where the member identity information It is the private key in the asymmetric key pair, and the organization identity information is the public key in the asymmetric key pair. Specifically, the block chain access control method provided in this embodiment may further include the following steps:
S301,根据椭圆曲线加密算法,在待加入区块链的组织的本地设备上建立非对称密钥对。S301: Establish an asymmetric key pair on the local device of the organization to be added to the blockchain according to the elliptic curve encryption algorithm.
在非对称加密算法中,非对称密钥对包括两个密钥:公开密钥(publickey,即,公钥)和私有密钥(privatekey,即,私钥)。公钥与私钥是一对,如果用公钥对数据进行加密,则只有用对应的私钥才能解密;如果用私钥对数据进行加密,那么只有用对应的公钥才能解密。本发明的方案,利用非对称密钥对中私钥能够确定对应的公钥的特性,采用非对称密钥对作为组织及其成员的身份信息对。In an asymmetric encryption algorithm, an asymmetric key pair includes two keys: a public key (public key, that is, a public key) and a private key (private key, that is, a private key). The public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt. If the private key is used to encrypt data, then only the corresponding public key can be used to decrypt. In the solution of the present invention, the private key in the asymmetric key pair can be used to determine the characteristics of the corresponding public key, and the asymmetric key pair is used as the identity information pair of the organization and its members.
具体地,在本发明实施例中,可以采用椭圆曲线加密算法(Elliptic curve cryptography,简称:ECC),在待加入区块链的组织的本地设备上建立非对称密钥对,例如可以采用secp256k1算法。当然,在本发明的实施例中,也可以采用其它的加密算法得到非对称密钥对,例如,RSA算法、Elgamal算法、背包算法、Rabin算法、D-H算法等。Specifically, in the embodiment of the present invention, an elliptic curve encryption algorithm (Elliptic curve encryption, ECC for short) can be used to establish an asymmetric key pair on the local device of the organization to be added to the blockchain, for example, the secp256k1 algorithm can be used . Of course, in the embodiment of the present invention, other encryption algorithms may also be used to obtain the asymmetric key pair, for example, RSA algorithm, Elgamal algorithm, knapsack algorithm, Rabin algorithm, D-H algorithm, etc.
另外,在本发明实施例中,可以提前将组织的组织地址加入到区块链的白名单中,以便后续进行身份认证和准入许可。具体如下述步骤S302和S303所描述。In addition, in the embodiment of the present invention, the organization address of the organization may be added to the white list of the blockchain in advance, so as to subsequently perform identity authentication and admission permission. The details are as described in steps S302 and S303 below.
S302,根据非对称密钥对中的公钥,生成用于标识组织的组织地址。S302: According to the public key in the asymmetric key pair, generate an organization address for identifying the organization.
S303,将组织地址注册到区块链的白名单中。S303, register the organization address in the white list of the blockchain.
在本发明实施例中,公钥是为组织建立的组织身份信息,能够代表该组织的身份,因此,可以根据为组织分配的公钥来生成标识该组织的组织地址。In the embodiment of the present invention, the public key is organizational identity information established for an organization and can represent the identity of the organization. Therefore, the organization address identifying the organization can be generated based on the public key assigned to the organization.
在这里需要说明的是:What needs to be explained here is:
若组织内有三个成员a、b、c;则If there are three members a, b, c in the organization; then
成员a对应的非对称密钥对为(私钥M1,公钥N1);The asymmetric key pair corresponding to member a is (private key M1, public key N1);
成员b对应的非对称密钥对为(私钥M2,公钥N2);The asymmetric key pair corresponding to member b is (private key M2, public key N2);
成员c对应的非对称密钥对为(私钥M3,公钥N3);The asymmetric key pair corresponding to member c is (private key M3, public key N3);
则在上述情况下,组织对应三个公钥。In the above case, the organization corresponds to three public keys.
因此,组织也可以对应一个或多个组织地址(由各个公钥经过计算获得)。Therefore, an organization can also correspond to one or more organization addresses (calculated by each public key).
在本发明实施例中,可以首先计算公钥的哈希值,将公钥的哈希值与区块链的网络版本号组成的数组;然后,对该数组进行哈希计算,以得到校验码,并将该校验码添加 到上述数组中;最后,将添加了校验码的数组进行地址编码,以生成组织地址。In the embodiment of the present invention, the hash value of the public key can be calculated first, and the array of the hash value of the public key and the network version number of the blockchain can be calculated; then, the array can be hashed to obtain the verification Code, and add the verification code to the above array; finally, the address array is added with the verification code to generate the organization address.
具体地,在本发明实施例中,可以对公钥采用SHA-256算法处理得到32字节的哈希值,再用RIEPMD-160算法处理得到20字节的哈希值;然后,在20字节的哈希值的头部添加区块链的网络版本号,以组成21字节的数组;在对21字节的数组进行两次哈希计算后,将计算结果的前4个字节作为校验码添加到21字节的数组尾部,形成25字节的数组;最后,对该25字节的数组采用Base58算法进行编码,从而得到组织地址。Specifically, in the embodiment of the present invention, the public key can be processed by the SHA-256 algorithm to obtain a 32-byte hash value, and then processed by the RIEPMD-160 algorithm to obtain a 20-byte hash value; then, at 20 words Add the network version number of the blockchain to the head of the hash value of the section to form a 21-byte array; after performing two hash calculations on the 21-byte array, use the first 4 bytes of the calculation result as The check code is added to the end of the 21-byte array to form a 25-byte array; finally, the 25-byte array is encoded using the Base58 algorithm to obtain the organization address.
S304,计算交易数据的哈希值。S304: Calculate the hash value of the transaction data.
S305,根据私钥对交易数据的哈希值进行加密处理,并对加密处理结果进行编码,以生成签名信息。S305: Perform encryption processing on the hash value of the transaction data according to the private key, and encode the encryption processing result to generate signature information.
在本发明实施例中,在组织中的成员发起交易时,根据私钥,对组织中的成员所产生的交易数据进行签名操作,以生成签名信息。可以首先计算交易数据的哈希值,然后,根据私钥对交易数据的哈希值进行加密处理,并对加密处理结果进行编码,从而生成签名信息。In the embodiment of the present invention, when a member in an organization initiates a transaction, the transaction data generated by the member in the organization is signed according to the private key to generate signature information. The hash value of the transaction data can be calculated first, and then the hash value of the transaction data is encrypted according to the private key, and the encryption processing result is encoded to generate signature information.
具体地,在本发明实施例中,可以对交易数据进行SHA-256算法处理,以得到32字节的哈希值;然后,根据私钥对该32字节的哈希值采用椭圆曲线数字签名算法(Elliptic Curve Digital Signature Algorithm;简称:ECDSA)中的secp256k1算法进行签名处理,并对签名处理结果做Base64编码,从而得到签名信息。Specifically, in the embodiment of the present invention, the transaction data can be processed by the SHA-256 algorithm to obtain a 32-byte hash value; then, the elliptic curve digital signature is applied to the 32-byte hash value according to the private key The algorithm (EllipticCurveDigitalSignatureAlgorithm; referred to as: ECDSA) secp256k1 algorithm for signature processing, and Base64 encoding of the signature processing results to obtain signature information.
在本发明实施例中,将交易数据、组织身份信息和签名信息通过公共节点发送至区块链,以进行身份验证和访问控制的过程可以如下述步骤S306至S308所描述。In the embodiment of the present invention, the process of sending transaction data, organization identity information and signature information to the blockchain through a public node for identity verification and access control can be described as steps S306 to S308 described below.
S306,根据交易数据和签名信息,生成身份验证公钥,并验证该生成的身份验证公钥与接收到的非对称密钥对中的公钥是否一致。S306: Generate an identity verification public key based on the transaction data and signature information, and verify whether the generated identity verification public key is consistent with the public key in the received asymmetric key pair.
在本发明实施例中,可以根据交易数据和签名信息推导出身份验证公钥,并将该推导出的身份验证公钥与直接发送至公共节点的公钥进行一致性验证,如果一致则签名验证通过。可以首先对签名信息进行解码,并计算交易数据的哈希值;然后,根据解码后的签名信息和交易数据的哈希值,生成身份验证公钥。In the embodiment of the present invention, the identity verification public key can be derived from the transaction data and signature information, and the derived identity verification public key can be verified for consistency with the public key sent directly to the public node. If they match, the signature verification by. You can first decode the signature information and calculate the hash value of the transaction data; then, based on the decoded signature information and the hash value of the transaction data, generate an identity verification public key.
具体地,在本发明实施例中,可以对签名信息进行Base64解码,并对交易数据进行SHA-256算法处理得到32字节的哈希值;然后,通过ECDSA secp256k1算法对解码后的签名信息和交易数据的哈希值进行处理,从而获取身份验证公钥。Specifically, in the embodiment of the present invention, the signature information can be Base64 decoded, and the transaction data can be processed by the SHA-256 algorithm to obtain a 32-byte hash value; then, the decoded signature information and the decoded signature information can be obtained by the ECDSA secp256k1 algorithm. The hash value of the transaction data is processed to obtain the identity verification public key.
S307,根据生成的身份验证公钥,生成身份验证地址,并验证该身份验证地址是否 存在于白名单中。S307: Generate an identity verification address based on the generated identity verification public key, and verify whether the identity verification address exists in the white list.
在本发明实施例中,根据生成的身份验证公钥生成身份验证地址的操作与上述步骤S302中根据公钥生成组织地址的操作相同,在此不再赘述。在通过生成的身份验证公钥生成身份验证地址后,验证该身份验证地址是否存在于白名单中,以验证该组织在智能合约中的身份。In the embodiment of the present invention, the operation of generating an identity verification address based on the generated identity verification public key is the same as the operation of generating an organization address based on the public key in step S302 above, and details are not described herein again. After the identity verification address is generated by the generated identity verification public key, verify whether the identity verification address exists in the white list to verify the identity of the organization in the smart contract.
S308,根据生成的身份验证公钥对签名信息进行解密处理,并验证解密处理后的数据与交易数据的一致性。S308: Perform decryption processing on the signature information according to the generated identity verification public key, and verify the consistency of the decrypted data and the transaction data.
在本发明实施例中,根据生成的身份验证公钥对签名信息进行解密处理,并验证解密处理后的数据与交易数据的一致性,从而验证组织发起的交易数据在区块链中是否归属该组织,以防止该组织操作其他组织的数据。In the embodiment of the present invention, the signature information is decrypted according to the generated identity verification public key, and the consistency between the decrypted data and the transaction data is verified, thereby verifying whether the transaction data initiated by the organization belongs to the block chain. Organization to prevent the organization from operating data from other organizations.
需要说明的是,在本发明实施例中,区块链上还可以设置有至少一个私有节点,私有节点具有认证中心(CA中心),可以用于对待通过该私有节点加入区块链的组织中的成员进行授权。也就是说,在本发明实施例中,有能力自建节点的组织,也可以通过自建的私有节点来进行成员授权,以及通过该私有节点将组织成员发起的交易发往区块链。It should be noted that, in the embodiment of the present invention, at least one private node may be provided on the blockchain, and the private node has a certification center (CA center), which may be used to treat organizations that join the blockchain through the private node Authorized by members of. That is to say, in the embodiment of the present invention, an organization that has the ability to self-build a node can also authorize members through a self-built private node, and send transactions initiated by members of the organization to the blockchain through the private node.
本发明实施例提供的区块链的访问控制方法,通过为待加入区块链的组织及其成员建立不对称密钥对,实现具有加入联盟链资格的组织的去中心化,无需具有加入联盟链资格的组织对不具有加入联盟链资格的组织的成员进行授权,在成员发起交易时,使用私钥对交易数据进行签名处理,利用私钥与公钥的关联性,根据交易数据和签名信息推到出代表组织身份的公钥,从而对组织身份进行验证,进而实现对区块链的访问控制。The access control method of the blockchain provided by the embodiment of the present invention realizes the decentralization of organizations that are eligible to join the alliance chain by establishing asymmetric key pairs for the organizations and members to join the blockchain, without having to join the alliance Chain-qualified organizations authorize members of organizations that are not qualified to join the consortium chain. When members initiate transactions, they use private keys to sign transaction data, and use the correlation between private keys and public keys. According to the transaction data and signature information The public key representing the identity of the organization is pushed out to verify the identity of the organization, thereby achieving access control to the blockchain.
实施例三Example Three
图4为本发明提供的区块链的访问控制装置一个实施例的结构示意图,可用于执行如图2所示的方法步骤。如图4所示,该区块链的访问控制装置可以包括:身份信息建立模块41、签名信息生成模块42和访问控制模块43。FIG. 4 is a schematic structural diagram of an embodiment of a block chain access control device provided by the present invention, and can be used to execute the method steps shown in FIG. 2. As shown in FIG. 4, the access control device of the blockchain may include: an identity information establishment module 41, a signature information generation module 42, and an access control module 43.
其中,身份信息建立模块41可以用于在待加入区块链的组织的本地设备上建立相关联的身份信息对,该身份信息对包括成员身份信息和组织身份信息,其中,成员身份信息关联对应于组织身份信息;签名信息生成模块42可以用于根据成员身份信息,对组织中的成员所产生的交易数据进行签名操作,生成签名信息;访问控制模块43可以 用于将交易数据、组织身份信息和签名信息传输至区块链中的公共节点或区块链中的私有节点,由公共节点或私有节点进行身份验证通过后,发送至区块链。Among them, the identity information establishment module 41 can be used to establish an associated identity information pair on the local device of the organization to be added to the blockchain, the identity information pair includes member identity information and organization identity information, wherein the member identity information is associated with For organization identity information; signature information generation module 42 can be used to sign transaction data generated by members of the organization based on member identity information to generate signature information; access control module 43 can be used to integrate transaction data and organization identity information The signature information is transmitted to a public node in the blockchain or a private node in the blockchain. After the identity verification is passed by the public node or the private node, it is sent to the blockchain.
在本发明实施例中,首先,需要由身份信息建立模块41为待加入区块链的组织建立相关联的身份信息对。建立的身份信息对包括为组织建立的组织身份信息,以及为组织中的成员建立的成员身份信息。在组织中的成员发起交易时,签名信息生成模块42则可以根据上述身份信息建立模块41生成的成员身份信息对产生的交易数据进行签名操作,从而生成签名信息。访问控制模块43可以将组织成员产生的交易数据、身份信息建立模块41为组织成员建立的成员身份信息以及上述签名信息生成模块42生成的签名信息,一起传输至区块链中的公共节点或私有节点,由公共节点或私有节点进行身份验证通过后,发送至区块链。In the embodiment of the present invention, first, the identity information establishing module 41 needs to establish an associated identity information pair for the organization to be added to the blockchain. The established identity information pair includes the organization identity information established for the organization and the member identity information established for the members in the organization. When a member of the organization initiates a transaction, the signature information generation module 42 may sign the generated transaction data according to the member identity information generated by the identity information establishment module 41, thereby generating signature information. The access control module 43 can transmit the transaction data generated by the organization members, the member identity information established by the identity information establishment module 41 for the organization members and the signature information generated by the signature information generation module 42 together to a public node or private in the blockchain Nodes are sent to the blockchain after being authenticated by public or private nodes.
本发明实施例提供的区块链的访问控制装置,通过为待加入区块链的组织及其成员建立相关联的组织身份信息和成员身份信息,实现具有加入联盟链资格的组织的去中心化,无需具有加入联盟链资格的组织对不具有加入联盟链资格的组织的成员进行授权,在成员使用成员身份信息发起交易时,利用成员身份信息与组织身份信息的关联性,能够确定对应的组织身份信息,以对组织身份进行验证,进而实现对区块链的访问控制。The block chain access control device provided by the embodiment of the present invention realizes the decentralization of organizations qualified to join the consortium chain by establishing associated organization identification information and member identification information for the organizations and their members to be added to the block chain , No organization with qualification to join alliance chain is required to authorize members of organizations without qualification to join alliance chain. When members use member identity information to initiate transactions, the association of member identity information and organization identity information can be used to determine the corresponding organization Identity information, to verify the identity of the organization, and then achieve access control to the blockchain.
实施例四Example 4
图5为本发明提供的区块链的访问控制装置另一个实施例的结构示意图,可以用于执行如图3所示的方法步骤。如图5所示,在上述图4所示实施例的基础上,本发明实施例提供的区块链的访问控制装置还可以包括:身份验证模块53和发送模块54。FIG. 5 is a schematic structural diagram of another embodiment of a block chain access control device provided by the present invention, and can be used to execute the method steps shown in FIG. As shown in FIG. 5, on the basis of the embodiment shown in FIG. 4 above, the block chain access control device provided by the embodiment of the present invention may further include: an identity verification module 53 and a sending module 54.
其中,身份验证模块53设置于区块链中相应节点中,用于对公共节点或私有节点发送的信息进行身份验证;发送模块54用于当身份验证成功的节点数量大于或等于预设数目,将交易结果存储至区块链中的节点。Among them, the identity verification module 53 is set in the corresponding node in the blockchain to perform identity verification on the information sent by the public node or the private node; the sending module 54 is used when the number of nodes successfully authenticated is greater than or equal to the preset number, Store transaction results to nodes in the blockchain.
另外,身份信息建立模块41为待加入区块链的组织及其成员所建立的相关联的身份信息对为非对称密钥对,其中,成员身份信息为非对称密钥对中的私钥,组织身份信息为非对称密钥对中的公钥。In addition, the identity information establishment module 41 establishes an associated asymmetric key pair for the organization to be added to the blockchain and its members, where the member identity information is the private key in the asymmetric key pair, The organization identity information is the public key in the asymmetric key pair.
具体地,本发明实施例提供的区块链的访问控制装置中,身份信息建立模块41可以具体用于根据椭圆曲线加密算法,在待加入区块链的组织的本地设备上建立非对称密钥对。Specifically, in the access control device of the blockchain provided by the embodiment of the present invention, the identity information establishment module 41 may be specifically used to establish an asymmetric key on the local device of the organization to be added to the blockchain according to the elliptic curve encryption algorithm Correct.
在非对称加密算法中,非对称密钥对包括两个密钥:公开密钥(publickey,即,公钥)和私有密钥(privatekey,即,私钥)。公钥与私钥是一对,如果用公钥对数据进行加密,则只有用对应的私钥才能解密;如果用私钥对数据进行加密,那么只有用对应的公钥才能解密。本发明的方案中,身份信息建立模块41利用非对称密钥对中私钥能够确定对应的公钥的特性,采用非对称密钥对作为组织及其成员的身份信息对。In an asymmetric encryption algorithm, an asymmetric key pair includes two keys: a public key (public key, that is, a public key) and a private key (private key, that is, a private key). The public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt. If the private key is used to encrypt data, then only the corresponding public key can be used to decrypt. In the solution of the present invention, the identity information establishment module 41 can determine the characteristics of the corresponding public key by using the private key in the asymmetric key pair, and uses the asymmetric key pair as the identity information pair of the organization and its members.
具体地,在本发明实施例中,身份信息建立模块41可以采用ECC,在待加入区块链的组织的本地设备上建立非对称密钥对,例如可以采用secp256k1算法。当然,在本发明的实施例中,也可以采用其它的加密算法得到非对称密钥对,例如,RSA算法、Elgamal算法、背包算法、Rabin算法、D-H算法等。Specifically, in the embodiment of the present invention, the identity information establishment module 41 may use ECC to establish an asymmetric key pair on the local device of the organization to be added to the blockchain, for example, the secp256k1 algorithm may be used. Of course, in the embodiment of the present invention, other encryption algorithms may also be used to obtain the asymmetric key pair, for example, RSA algorithm, Elgamal algorithm, knapsack algorithm, Rabin algorithm, D-H algorithm, etc.
另外,本发明实施例提供的区块链的访问控制装置还可以包括:地址生成模块51和注册模块52。In addition, the access control device of the blockchain provided by the embodiment of the present invention may further include: an address generation module 51 and a registration module 52.
其中,地址生成模块51可以用于根据非对称密钥对中的公钥,生成用于标识组织的组织地址;注册模块52可以用于将组织地址注册到区块链的白名单中。Among them, the address generation module 51 can be used to generate an organization address for identifying an organization based on the public key in the asymmetric key pair; the registration module 52 can be used to register the organization address in the blockchain whitelist.
在本发明实施例中,公钥是身份信息建立模块41为组织建立的组织身份信息,能够代表该组织的身份,因此,地址生成模块51可以根据为组织分配的公钥来生成标识该组织的组织地址。地址生成模块51可以首先计算公钥的哈希值,将公钥的哈希值与区块链的网络版本号组成的数组;然后,对该数组进行哈希计算,以得到校验码,并将该校验码添加到上述数组中;最后,将添加了校验码的数组进行地址编码,以生成组织地址。In the embodiment of the present invention, the public key is the organization identity information established by the identity information establishment module 41 for the organization, and can represent the identity of the organization. Therefore, the address generation module 51 can generate an identity identifying the organization based on the public key assigned to the organization Organization address. The address generation module 51 can first calculate the hash value of the public key, and combine the hash value of the public key with the network version number of the blockchain; then, hash the array to obtain the verification code, and Add the verification code to the above array; finally, the address array is added with the verification code to generate the organization address.
具体地,在本发明实施例中,地址生成模块51可以对公钥采用SHA-256算法处理得到32字节的哈希值,再用RIEPMD-160算法处理得到20字节的哈希值;然后,在20字节的哈希值的头部添加区块链的网络版本号,以组成21字节的数组;在对21字节的数组进行两次哈希计算后,将计算结果的前4个字节作为校验码添加到21字节的数组尾部,形成25字节的数组;最后,对该25字节的数组采用Base58算法进行编码,从而得到组织地址。Specifically, in the embodiment of the present invention, the address generation module 51 may use the SHA-256 algorithm to process the public key to obtain a 32-byte hash value, and then use the RIEPMD-160 algorithm to obtain a 20-byte hash value; then , Add the network version number of the blockchain to the head of the 20-byte hash value to form a 21-byte array; after performing two hash calculations on the 21-byte array, the first 4 of the calculation result will be Each byte is added as a check code to the end of the 21-byte array to form a 25-byte array; finally, the 25-byte array is encoded using the Base58 algorithm to obtain the organization address.
另外,在本发明实施例中,在组织中的成员发起交易时,签名信息生成模块42可以首先计算交易数据的哈希值,然后,根据私钥对交易数据的哈希值进行加密处理,并对加密处理结果进行编码,从而生成签名信息。In addition, in the embodiment of the present invention, when a member of the organization initiates a transaction, the signature information generation module 42 may first calculate the hash value of the transaction data, and then encrypt the hash value of the transaction data according to the private key, and Encoding the encryption processing result to generate signature information.
具体地,在本发明实施例中,签名信息生成模块42可以对交易数据进行SHA-256算 法处理,以得到32字节的哈希值;然后,根据私钥对该32字节的哈希值采用ECDSA中的secp256k1算法进行签名处理,并对签名处理结果做Base64编码,从而得到签名信息。Specifically, in the embodiment of the present invention, the signature information generation module 42 may perform SHA-256 algorithm processing on the transaction data to obtain a 32-byte hash value; then, the 32-byte hash value according to the private key The secp256k1 algorithm in ECDSA is used for signature processing, and the signature processing result is Base64 encoded to obtain signature information.
进一步地,访问控制模块43可以具体用于在公共节点上,根据交易数据和签名信息,生成身份验证公钥,并验证该生成的身份验证密钥与接收的非对称密钥对中的公钥的是否一致;用于根据生成的身份验证公钥,生成身份验证地址,并验证该身份验证地址是否存在于白名单中;以及,用于根据生成的身份验证公钥对签名信息进行解密处理,并验证解密处理后的数据与交易数据的一致性。Further, the access control module 43 may be specifically used to generate an identity verification public key based on transaction data and signature information on a public node, and verify the generated identity verification key and the public key in the received asymmetric key pair Is consistent; used to generate an identity verification address based on the generated identity verification public key and verify that the identity verification address exists in the white list; and, used to decrypt signature information based on the generated identity verification public key, And verify the consistency of the decrypted data and transaction data.
在本发明实施例中,访问控制模块43可以根据交易数据和签名信息推导出身份验证公钥,并将该推到出的身份验证密钥与直接发送至公共节点的公钥进行一致性验证,如果一致则签名验证通过。访问控制模块43可以首先对签名信息进行解码,并计算交易数据的哈希值;然后,根据解码后的签名信息和交易数据的哈希值,生成身份验证公钥。In the embodiment of the present invention, the access control module 43 may derive the identity verification public key based on the transaction data and signature information, and perform consistency verification on the derived identity verification key and the public key directly sent to the public node. If they match, the signature verification is passed. The access control module 43 may first decode the signature information and calculate the hash value of the transaction data; then, based on the decoded signature information and the hash value of the transaction data, generate an identity verification public key.
具体地,在本发明实施例中,访问控制模块43可以对签名信息进行Base64解码,并对交易数据进行SHA-256算法处理得到32字节的哈希值;然后,通过ECDSA secp256k1算法对解码后的签名信息和交易数据的哈希值进行处理,从而获取身份验证公钥。Specifically, in the embodiment of the present invention, the access control module 43 may perform Base64 decoding on the signature information, and perform SHA-256 algorithm processing on the transaction data to obtain a 32-byte hash value; then, after decoding through the ECDSA secp256k1 algorithm The signature information and the hash value of the transaction data are processed to obtain the identity verification public key.
在本发明实施例中,访问控制模块43根据公钥生成身份验证地址的过程与上述地址生成模块51根据公钥生成组织地址的操作相同,在此不再赘述。在通过公钥生成身份验证地址后,访问控制模块43验证该身份验证地址是否存在于白名单中,以验证该组织在智能合约中的身份。然后,访问控制模块43还可以根据生成的身份验证公钥对签名信息进行解密处理,并验证解密处理后的数据与交易数据的一致性,从而验证组织发起的交易数据在区块链中是否归属该组织,以防止该组织操作其他组织的数据。In the embodiment of the present invention, the process of the access control module 43 generating the identity verification address based on the public key is the same as the operation of the address generating module 51 generating the organization address based on the public key, and will not be repeated here. After generating the identity verification address through the public key, the access control module 43 verifies whether the identity verification address exists in the white list to verify the identity of the organization in the smart contract. Then, the access control module 43 can also decrypt the signature information according to the generated identity verification public key, and verify the consistency of the decrypted data and the transaction data, thereby verifying whether the transaction data initiated by the organization belongs in the blockchain The organization to prevent the organization from operating data from other organizations.
需要说明的是,在本发明实施例中,区块链上还可以设置有至少一个私有节点,私有节点具有认证中心,可以用于对待通过该私有节点加入区块链的组织中的成员进行授权。也就是说,在本发明实施例中,有能力自建节点的组织,也可以通过自建的私有节点来进行成员授权,以及通过该私有节点将组织成员发起的交易发往区块链。It should be noted that, in the embodiment of the present invention, at least one private node may also be provided on the blockchain, and the private node has an authentication center, which may be used to authorize members of the organization that joined the blockchain through the private node . That is to say, in the embodiment of the present invention, an organization that has the ability to self-build a node can also authorize members through a self-built private node, and send transactions initiated by members of the organization to the blockchain through the private node.
本发明实施例提供的区块链的访问控制装置,通过为待加入区块链的组织及其成员建立不对称密钥对,实现具有加入联盟链资格的组织的去中心化,无需具有加入联盟链 资格的组织对不具有加入联盟链资格的组织的成员进行授权,在成员发起交易时,使用私钥对交易数据进行签名处理,利用私钥与公钥的关联性,根据交易数据和签名信息推到出代表组织身份的公钥,从而对组织身份进行验证,进而实现对区块链的访问控制。The block chain access control device provided by the embodiment of the present invention realizes the decentralization of organizations qualified to join the alliance chain by establishing asymmetric key pairs for the organizations and their members to be added to the blockchain, without having to join the alliance Chain-qualified organizations authorize members of organizations that are not qualified to join the consortium chain. When members initiate transactions, they use private keys to sign transaction data, and use the correlation between private keys and public keys. According to the transaction data and signature information The public key representing the identity of the organization is pushed out to verify the identity of the organization, thereby achieving access control to the blockchain.
实施例五Example 5
以上描述了区块链的访问控制装置的内部功能和结构,该装置可实现为一种电子设备。图6为本发明提供的电子设备实施例的结构示意图。如图6所示,该电子设备包括存储器61和处理器62。The above describes the internal functions and structure of the access control device of the blockchain, which can be implemented as an electronic device. 6 is a schematic structural diagram of an embodiment of an electronic device provided by the present invention. As shown in FIG. 6, the electronic device includes a memory 61 and a processor 62.
存储器61,用于存储程序。除上述程序之外,存储器61还可被配置为存储其它各种数据以支持在电子设备上的操作。这些数据的示例包括用于在电子设备上操作的任何应用程序或方法的指令,联系人数据,电话簿数据,消息,图片,视频等。The memory 61 is used to store programs. In addition to the above-mentioned programs, the memory 61 may be configured to store various other data to support operations on the electronic device. Examples of these data include instructions for any application or method for operating on the electronic device, contact data, phone book data, messages, pictures, videos, etc.
存储器61可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。The memory 61 may be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read only memory (EEPROM), erasable and removable Programmable read only memory (EPROM), programmable read only memory (PROM), read only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk.
处理器62,与存储器61耦合,执行存储器61所存储的程序,以用于:The processor 62 is coupled to the memory 61 and executes the program stored in the memory 61 for:
在待加入区块链的组织的本地设备上建立相关联的身份信息对,该身份信息对包括成员身份信息和组织身份信息,其中,成员身份信息关联对应于组织身份信息;Establish an associated identity information pair on the local device of the organization to be added to the blockchain. The identity information pair includes member identity information and organization identity information, where the member identity information association corresponds to the organization identity information;
根据成员身份信息,对该组织中的成员所产生的交易数据进行签名操作,生成签名信息;According to the membership information, sign the transaction data generated by the members of the organization to generate signature information;
将交易数据、组织身份信息和签名信息通过传输至区块链中的公共节点或区块链中的私有节点,由公共节点或私有节点进行身份验证通过后,发送至区块链。The transaction data, organization identity information and signature information are transmitted to public nodes in the blockchain or private nodes in the blockchain, and the identity verification by the public nodes or private nodes is passed to the blockchain.
进一步,如图6所示,电子设备还可以包括:通信组件63、电源组件64、音频组件65、显示器66等其它组件。图6中仅示意性给出部分组件,并不意味着电子设备只包括图6所示组件。Further, as shown in FIG. 6, the electronic device may further include: a communication component 63, a power component 64, an audio component 65, a display 66, and other components. Only some components are schematically shown in FIG. 6, which does not mean that the electronic device includes only the components shown in FIG.
通信组件63被配置为便于电子设备和其他设备之间有线或无线方式的通信。电子设备可以接入基于通信标准的无线网络,如WiFi,2G或3G,或它们的组合。在一个示例性实施例中,通信组件63经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,所述通信组件63还包括近场通信(NFC)模块, 以促进短程通信。例如,在NFC模块可基于射频识别(RFID)技术,红外数据协会(IrDA)技术,超宽带(UWB)技术,蓝牙(BT)技术和其他技术来实现。The communication component 63 is configured to facilitate wired or wireless communication between the electronic device and other devices. Electronic devices can access wireless networks based on communication standards, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 63 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 63 further includes a near field communication (NFC) module to facilitate short-range communication. For example, the NFC module can be implemented based on radio frequency identification (RFID) technology, infrared data association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
电源组件64,为电子设备的各种组件提供电力。电源组件64可以包括电源管理系统,一个或多个电源,及其他与为电子设备生成、管理和分配电力相关联的组件。The power supply component 64 provides power for various components of the electronic device. The power component 64 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for electronic devices.
音频组件65被配置为输出和/或输入音频信号。例如,音频组件65包括一个麦克风(MIC),当电子设备处于操作模式,如呼叫模式、记录模式和语音识别模式时,麦克风被配置为接收外部音频信号。所接收的音频信号可以被进一步存储在存储器61或经由通信组件63发送。在一些实施例中,音频组件65还包括一个扬声器,用于输出音频信号。The audio component 65 is configured to output and/or input audio signals. For example, the audio component 65 includes a microphone (MIC). When the electronic device is in an operation mode, such as a call mode, a recording mode, and a voice recognition mode, the microphone is configured to receive an external audio signal. The received audio signal may be further stored in the memory 61 or transmitted via the communication component 63. In some embodiments, the audio component 65 further includes a speaker for outputting audio signals.
显示器66包括屏幕,其屏幕可以包括液晶显示器(LCD)和触摸面板(TP)。如果屏幕包括触摸面板,屏幕可以被实现为触摸屏,以接收来自用户的输入信号。触摸面板包括一个或多个触摸传感器以感测触摸、滑动和触摸面板上的手势。所述触摸传感器可以不仅感测触摸或滑动动作的边界,而且还检测与所述触摸或滑动操作相关的持续时间和压力。The display 66 includes a screen, which may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from the user. The touch panel includes one or more touch sensors to sense touch, swipe, and gestures on the touch panel. The touch sensor may not only sense the boundary of the touch or sliding action, but also detect the duration and pressure related to the touch or sliding operation.
本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Persons of ordinary skill in the art may understand that all or part of the steps of the foregoing method embodiments may be completed by a program instructing relevant hardware. The aforementioned program may be stored in a computer-readable storage medium. When the program is executed, the steps including the foregoing method embodiments are executed; and the foregoing storage media include various media that can store program codes, such as ROM, RAM, magnetic disk, or optical disk.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention, rather than limiting it; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features can be equivalently replaced; and these modifications or replacements do not deviate from the essence of the corresponding technical solutions of the technical solutions of the embodiments of the present invention. range.

Claims (21)

  1. 一种区块链的访问控制方法,其特征在于,所述方法包括:A block chain access control method, characterized in that the method includes:
    在待加入区块链的组织的本地设备上建立相关联的身份信息对,所述身份信息对包括成员身份信息和组织身份信息,其中,所述成员身份信息关联对应的组织身份信息;Establishing an associated identity information pair on the local device of the organization to be added to the blockchain, the identity information pair including member identity information and organization identity information, wherein the member identity information is associated with corresponding organization identity information;
    根据所述成员身份信息,对所述组织中的成员所产生的交易数据进行签名操作,生成签名信息;Based on the member identity information, sign the transaction data generated by the members of the organization to generate signature information;
    将所述交易数据、所述组织身份信息和所述签名信息传输至所述区块链中的公共节点或所述区块链中的私有节点,由所述公共节点或私有节点进行身份验证通过后,发送至所述区块链。Transmitting the transaction data, the organization identity information, and the signature information to a public node in the blockchain or a private node in the blockchain, and the public node or private node performs identity verification After that, send to the blockchain.
  2. 根据权利要求1所述的区块链的访问控制方法,其特征在于,还包括:The access control method of the blockchain according to claim 1, further comprising:
    由所述区块链中相应节点对所述公共节点或私有节点发送的信息进行身份验证;The identity verification of the information sent by the public node or private node by the corresponding node in the blockchain;
    当身份验证成功的节点数量大于或等于预设数目,将交易结果存储至所述区块链中的节点。When the number of nodes with successful identity verification is greater than or equal to the preset number, the transaction result is stored to the nodes in the blockchain.
  3. 根据权利要求1所述的区块链的访问控制方法,其特征在于,所述身份信息对为非对称密钥对,所述成员身份信息为所述非对称密钥对中的私钥,所述组织身份信息为所述非对称密钥对中的公钥。The access control method of the blockchain according to claim 1, wherein the identity information pair is an asymmetric key pair, and the member identity information is a private key in the asymmetric key pair. The organization identity information is the public key in the asymmetric key pair.
  4. 根据权利要求3所述的区块链的访问控制方法,其特征在于,所述在待加入区块链的组织的本地设备上建立相关联的身份信息对,包括:The method for access control of a blockchain according to claim 3, wherein the establishment of the associated identity information pair on the local device of the organization to be added to the blockchain includes:
    根据椭圆曲线加密算法,在待加入区块链的组织的本地设备上建立所述非对称密钥对。According to the elliptic curve encryption algorithm, the asymmetric key pair is established on the local device of the organization to be added to the blockchain.
  5. 根据权利要求3所述的区块链的访问控制方法,其特征在于,还包括:The access control method of the blockchain according to claim 3, further comprising:
    根据所述非对称密钥对中的公钥,生成用于标识所述组织的组织地址;Generating an organization address for identifying the organization according to the public key in the asymmetric key pair;
    将所述组织地址注册到所述区块链的白名单中。Register the organization address in the whitelist of the blockchain.
  6. 根据权利要求5所述的区块链的访问控制方法,其特征在于,所述根据所述非对称密钥对中的公钥,生成用于标识所述组织的组织地址,包括:The access control method of the blockchain according to claim 5, wherein the generating an organization address for identifying the organization according to the public key in the asymmetric key pair includes:
    计算所述公钥的哈希值;Calculating the hash value of the public key;
    将所述公钥的哈希值与所述区块链的网络版本号组成的数组;An array of the hash value of the public key and the network version number of the blockchain;
    对所述数组进行哈希计算,以得到校验码;Performing hash calculation on the array to obtain a verification code;
    将所述校验码添加到所述数组中;Add the verification code to the array;
    将添加了所述校验码的数组进行地址编码,以生成所述组织地址。The address array is added with the verification code to generate the organization address.
  7. 根据权利要求3所述的区块链的访问控制方法,其特征在于,所述根据所述成员身份信息,对所述组织中的成员所产生的交易数据进行签名操作,生成签名信息,包括:The method for access control of a blockchain according to claim 3, wherein the signing of transaction data generated by members of the organization according to the member identity information to generate signature information includes:
    计算所述交易数据的哈希值;Calculating the hash value of the transaction data;
    根据所述私钥对所述交易数据的哈希值进行加密处理,并对加密处理结果进行编码,以生成所述签名信息。Perform encryption processing on the hash value of the transaction data according to the private key, and encode the encryption processing result to generate the signature information.
  8. 根据权利要求5所述的区块链的访问控制方法,其特征在于,还包括:The access control method of the blockchain according to claim 5, further comprising:
    根据所述交易数据和所述签名信息,生成身份验证公钥,并验证生成的身份验证公钥与接收的非对称密钥对中的公钥是否一致;Generate an identity verification public key based on the transaction data and the signature information, and verify whether the generated identity verification public key is consistent with the public key in the received asymmetric key pair;
    根据所述生成的身份验证公钥,生成身份验证地址,并验证所述身份验证地址是否存在于所述白名单中;Generate an identity verification address based on the generated identity verification public key, and verify whether the identity verification address exists in the white list;
    根据所述生成的身份验证公钥对所述签名信息进行解密处理,并验证解密处理后的数据与所述交易数据的一致性。Decrypt the signature information according to the generated identity verification public key, and verify the consistency of the decrypted data and the transaction data.
  9. 根据权利要求8所述的区块链的访问控制方法,其特征在于,所述根据所述交易数据和所述签名信息,生成身份验证公钥,包括:The access control method of the blockchain according to claim 8, wherein the generating of the identity verification public key based on the transaction data and the signature information includes:
    对所述签名信息进行解码;Decoding the signature information;
    计算所述交易数据的哈希值;Calculating the hash value of the transaction data;
    根据解码后的签名信息和所述交易数据的哈希值,生成所述身份验证公钥。The identity verification public key is generated according to the decoded signature information and the hash value of the transaction data.
  10. 根据权利要求1至9中任一权利要求所述的区块链的访问控制方法,其特征在于,所述私有节点具有认证中心,用于对待通过所述私有节点加入区块链的组织中的成员进行授权。The access control method for a blockchain according to any one of claims 1 to 9, wherein the private node has an authentication center, which is used to treat the organization that joins the blockchain through the private node Members authorize.
  11. 一种区块链的访问控制装置,其特征在于,所述装置包括:A block chain access control device, characterized in that the device includes:
    身份信息建立模块,用于在待加入区块链的组织的本地设备上建立相关联的身份信息对,所述身份信息对包括成员身份信息和组织身份信息,其中,所述成员身份信息关联对应的组织身份信息;The identity information establishment module is used to establish an associated identity information pair on the local device of the organization to be added to the blockchain. The identity information pair includes member identity information and organization identity information, wherein the member identity information is associated with each other Organizational identity information;
    签名信息生成模块,用于根据所述成员身份信息,对所述组织中的成员所产生的交易数据进行签名操作,生成签名信息;The signature information generation module is used to perform signature operations on the transaction data generated by the members of the organization according to the member identity information to generate signature information;
    访问控制模块,用于将所述交易数据、所述组织身份信息和所述签名信息传输至所述区块链中的公共节点或所述区块链中的私有节点,由所述公共节点或私有节点进行身份验证通过后,发送至所述区块链。The access control module is used to transmit the transaction data, the organization identity information and the signature information to a public node in the blockchain or a private node in the blockchain. The public node or After the identity verification of the private node is passed, it is sent to the blockchain.
  12. 根据权利要求11所述的区块链的访问控制装置,其特征在于,还包括:The access control device for blockchain according to claim 11, further comprising:
    身份验证模块,设置于所述区块链中相应节点中,用于对所述公共节点或私有节点发送的信息进行身份验证;An identity verification module, set in the corresponding node in the blockchain, is used for identity verification of the information sent by the public node or private node;
    发送模块,用于当身份验证成功的节点数量大于或等于预设数目,将交易结果存储至所述区块链中的节点。The sending module is used to store the transaction result to the nodes in the blockchain when the number of nodes with successful identity verification is greater than or equal to the preset number.
  13. 根据权利要求11所述的区块链的访问控制装置,其特征在于,所述身份信息对为非对称密钥对,所述成员身份信息为所述非对称密钥对中的私钥,所述组织身份信息为所述非对称密钥对中的公钥。The access control device of the blockchain according to claim 11, wherein the identity information pair is an asymmetric key pair, and the member identity information is a private key in the asymmetric key pair. The organization identity information is the public key in the asymmetric key pair.
  14. 根据权利要求13所述的区块链的访问控制装置,其特征在于,所述身份信息建立模块具体用于,根据椭圆曲线加密算法,在待加入区块链的组织的本地设备上建立所述非对称密钥对。The access control device for a blockchain according to claim 13, wherein the identity information establishment module is specifically configured to establish the local device of the organization to be added to the blockchain according to an elliptic curve encryption algorithm Asymmetric key pair.
  15. 根据权利要求13所述的区块链的访问控制装置,其特征在于,还包括:The access control device for blockchain according to claim 13, further comprising:
    地址生成模块,用于根据所述非对称密钥对中的公钥,生成用于标识所述组织的组织地址;An address generation module, configured to generate an organization address for identifying the organization based on the public key in the asymmetric key pair;
    注册模块,用于将所述组织地址注册到所述区块链的白名单中。The registration module is used to register the address of the organization in the white list of the blockchain.
  16. 根据权利要求15所述的区块链的访问控制装置,其特征在于,所述地址生成模块,具体用于计算所述公钥的哈希值;用于将所述公钥的哈希值与所述区块链的网络版本号组成的数组;用于对所述数组进行哈希计算,以得到校验码;用于将所述校验码添加到所述数组中;以及,用于将添加了所述校验码的数组进行地址编码,以生成所述组织地址。The access control device of the blockchain according to claim 15, wherein the address generation module is specifically used to calculate the hash value of the public key; and is used to compare the hash value of the public key with An array composed of the network version numbers of the blockchain; used to hash the array to obtain a verification code; used to add the verification code to the array; and, used to The array added with the verification code performs address coding to generate the organization address.
  17. 根据权利要求13所述的区块链的访问控制装置,其特征在于,所述签名信息生成模块,具体用于计算所述交易数据的哈希值;以及,用于根据所述私钥对所述交易数据的哈希值进行加密处理,并对加密处理结果进行编码,以生成所述签名信息。The block chain access control device according to claim 13, wherein the signature information generation module is specifically used to calculate the hash value of the transaction data; The hash value of the transaction data is encrypted, and the encryption processing result is encoded to generate the signature information.
  18. 根据权利要求15所述的区块链的访问控制装置,其特征在于,所述访问控制模块,具体用于在所述公共节点上,根据所述交易数据和所述签名信息,生成身份验证公钥,并验证生成的身份验证公钥与接收的非对称密钥对中的公钥是否一致;用于根据所述生成的身份验证公钥,生成身份验证地址,并验证所述身份验证地址是否存在于所述白名单中;以及,用于根据所述生成的身份验证公钥对所述签名信息进行解密处理,并验证解密处理后的数据与所述交易数据的一致性。The access control device of the blockchain according to claim 15, wherein the access control module is specifically used to generate an identity verification publicity on the public node based on the transaction data and the signature information Key, and verify that the generated identity verification public key is consistent with the public key in the received asymmetric key pair; used to generate an identity verification address based on the generated identity verification public key and verify whether the identity verification address Exists in the white list; and is used to decrypt the signature information according to the generated identity verification public key and verify the consistency of the decrypted data and the transaction data.
  19. 根据权利要求18所述的区块链的访问控制装置,其特征在于,所述访问控制 模块在根据所述交易数据和所述签名信息,生成身份验证公钥时,具体用于对所述签名信息进行解码,计算所述交易数据的哈希值,以及,根据解码后的签名信息和所述交易数据的哈希值,生成所述身份验证公钥。The access control device of the blockchain according to claim 18, characterized in that, when the access control module generates an identity verification public key based on the transaction data and the signature information, it is specifically used to sign the signature Decode the information, calculate the hash value of the transaction data, and generate the identity verification public key based on the decoded signature information and the hash value of the transaction data.
  20. 根据权利要求11至19中任一权利要求所述的区块链的访问控制装置,其特征在于,所述私有节点具有认证中心,用于对待通过所述私有节点加入区块链的组织中的成员进行授权。The access control device for a blockchain according to any one of claims 11 to 19, wherein the private node has an authentication center for treating the organization that joins the blockchain through the private node Members authorize.
  21. 一种电子设备,其特征在于,包括:An electronic device, characterized in that it includes:
    存储器,用于存储程序;Memory for storing programs;
    处理器,用于运行所述存储器中存储的所述程序,以用于:A processor, configured to run the program stored in the memory for:
    在待加入区块链的组织的本地设备上建立相关联的身份信息对,所述身份信息对包括成员身份信息和组织身份信息,其中,所述成员身份信息关联对应的组织身份信息;Establishing an associated identity information pair on the local device of the organization to be added to the blockchain, the identity information pair including member identity information and organization identity information, wherein the member identity information is associated with corresponding organization identity information;
    根据所述成员身份信息,对所述组织中的成员所产生的交易数据进行签名操作,生成签名信息;Based on the member identity information, sign the transaction data generated by the members of the organization to generate signature information;
    将所述交易数据、所述组织身份信息和所述签名信息传输至所述区块链中的公共节点或所述区块链中的私有节点,由所述公共节点或私有节点进行身份验证通过后,发送至所述区块链。Transmitting the transaction data, the organization identity information, and the signature information to a public node in the blockchain or a private node in the blockchain, and the public node or private node performs identity verification After that, send to the blockchain.
PCT/CN2020/070058 2019-01-03 2020-01-02 Blockchain access control method and apparatus, and electronic device WO2020140931A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910005782.0 2019-01-03
CN201910005782.0A CN111400727B (en) 2019-01-03 2019-01-03 Block chain access control method and device and electronic equipment

Publications (1)

Publication Number Publication Date
WO2020140931A1 true WO2020140931A1 (en) 2020-07-09

Family

ID=71407164

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/070058 WO2020140931A1 (en) 2019-01-03 2020-01-02 Blockchain access control method and apparatus, and electronic device

Country Status (2)

Country Link
CN (1) CN111400727B (en)
WO (1) WO2020140931A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822687A (en) * 2020-12-31 2021-05-18 山西特信环宇信息技术有限公司 Cone block chain mobile terminal authentication method
CN112925846A (en) * 2021-01-18 2021-06-08 迅鳐成都科技有限公司 Historical operation tracing method and system based on block chain and identity authentication
CN113904854A (en) * 2021-10-13 2022-01-07 筹远(上海)信息科技有限公司 Block chain data encryption method and device based on quotient secret algorithm
CN114039753A (en) * 2021-10-27 2022-02-11 中国联合网络通信集团有限公司 Access control method and device, storage medium and electronic equipment
CN114465815A (en) * 2022-03-15 2022-05-10 浙江大学 Access right control system and method based on block chain and SGX
CN114499952A (en) * 2021-12-23 2022-05-13 中电科大数据研究院有限公司 Alliance chain consensus identity authentication method
CN114499883A (en) * 2022-02-09 2022-05-13 浪潮云信息技术股份公司 Cross-organization identity authentication method and system based on block chain and SM9 algorithm
CN114760065A (en) * 2022-03-24 2022-07-15 北京邮电大学 Access control method and device for teaching resource sharing of online learning platform
CN115174076A (en) * 2022-07-25 2022-10-11 广东科学技术职业学院 Private pursuit and edge computing network construction method based on alliance chain technology
CN117499159A (en) * 2023-12-27 2024-02-02 杭州字节方舟科技有限公司 Block chain-based data transaction method and device and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106790253A (en) * 2017-01-25 2017-05-31 中钞信用卡产业发展有限公司北京智能卡技术研究院 Authentication method and device based on block chain
CN107493273A (en) * 2017-08-02 2017-12-19 深圳市易成自动驾驶技术有限公司 Identity identifying method, system and computer-readable recording medium
CN108665359A (en) * 2017-03-29 2018-10-16 中国移动通信有限公司研究院 Block chain processing method, accounting nodes and verification node
CN109067521A (en) * 2018-07-27 2018-12-21 天津大学 A kind of public key distribution method based on block chain

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150356523A1 (en) * 2014-06-07 2015-12-10 ChainID LLC Decentralized identity verification systems and methods
US20170180367A1 (en) * 2015-12-16 2017-06-22 ClearChat, Inc. System And Method For Encrypted And Authenticated Electronic Messaging Using A Central Address Book
CN107079037B (en) * 2016-09-18 2018-10-23 深圳前海达闼云端智能科技有限公司 Identity identifying method, device, node based on block chain and system
CN107547514A (en) * 2017-07-17 2018-01-05 招商银行股份有限公司 Identity identifying method, system and computer-readable recording medium
CN108009825A (en) * 2017-11-29 2018-05-08 江苏安凰领御科技有限公司 A kind of identity management system and method based on block chain technology
CN108270571B (en) * 2017-12-08 2019-10-11 西安电子科技大学 Internet of Things identity authorization system and its method based on block chain
CN108768988B (en) * 2018-05-17 2021-01-05 深圳前海微众银行股份有限公司 Block chain access control method, block chain access control equipment and computer readable storage medium
CN108777684B (en) * 2018-05-30 2021-07-13 招商银行股份有限公司 Identity authentication method, system and computer readable storage medium
CN108833114A (en) * 2018-06-13 2018-11-16 上海交通大学 A kind of decentralization identity authorization system and method based on block chain
CN109039655A (en) * 2018-09-13 2018-12-18 全链通有限公司 Real name identity identifying method and device, identity block chain based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106790253A (en) * 2017-01-25 2017-05-31 中钞信用卡产业发展有限公司北京智能卡技术研究院 Authentication method and device based on block chain
CN108665359A (en) * 2017-03-29 2018-10-16 中国移动通信有限公司研究院 Block chain processing method, accounting nodes and verification node
CN107493273A (en) * 2017-08-02 2017-12-19 深圳市易成自动驾驶技术有限公司 Identity identifying method, system and computer-readable recording medium
CN109067521A (en) * 2018-07-27 2018-12-21 天津大学 A kind of public key distribution method based on block chain

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822687B (en) * 2020-12-31 2023-03-24 山西特信环宇信息技术有限公司 Cone block chain mobile terminal authentication method
CN112822687A (en) * 2020-12-31 2021-05-18 山西特信环宇信息技术有限公司 Cone block chain mobile terminal authentication method
CN112925846A (en) * 2021-01-18 2021-06-08 迅鳐成都科技有限公司 Historical operation tracing method and system based on block chain and identity authentication
CN113904854A (en) * 2021-10-13 2022-01-07 筹远(上海)信息科技有限公司 Block chain data encryption method and device based on quotient secret algorithm
CN113904854B (en) * 2021-10-13 2024-01-02 筹远(上海)信息科技有限公司 Block chain data encryption method and device based on quotient algorithm
CN114039753A (en) * 2021-10-27 2022-02-11 中国联合网络通信集团有限公司 Access control method and device, storage medium and electronic equipment
CN114039753B (en) * 2021-10-27 2024-03-12 中国联合网络通信集团有限公司 Access control method and device, storage medium and electronic equipment
CN114499952A (en) * 2021-12-23 2022-05-13 中电科大数据研究院有限公司 Alliance chain consensus identity authentication method
CN114499952B (en) * 2021-12-23 2024-04-09 中电科大数据研究院有限公司 Alliance chain consensus identity authentication method
CN114499883A (en) * 2022-02-09 2022-05-13 浪潮云信息技术股份公司 Cross-organization identity authentication method and system based on block chain and SM9 algorithm
CN114465815B (en) * 2022-03-15 2022-11-08 浙江大学 Access right control system and method based on block chain and SGX
CN114465815A (en) * 2022-03-15 2022-05-10 浙江大学 Access right control system and method based on block chain and SGX
CN114760065A (en) * 2022-03-24 2022-07-15 北京邮电大学 Access control method and device for teaching resource sharing of online learning platform
CN114760065B (en) * 2022-03-24 2024-03-19 北京邮电大学 Access control method and device for online learning platform teaching resource sharing
CN115174076A (en) * 2022-07-25 2022-10-11 广东科学技术职业学院 Private pursuit and edge computing network construction method based on alliance chain technology
CN115174076B (en) * 2022-07-25 2024-04-12 广东科学技术职业学院 Private pursuit and edge computing network construction method based on alliance chain technology
CN117499159B (en) * 2023-12-27 2024-03-26 杭州字节方舟科技有限公司 Block chain-based data transaction method and device and electronic equipment
CN117499159A (en) * 2023-12-27 2024-02-02 杭州字节方舟科技有限公司 Block chain-based data transaction method and device and electronic equipment

Also Published As

Publication number Publication date
CN111400727A (en) 2020-07-10
CN111400727B (en) 2023-08-22

Similar Documents

Publication Publication Date Title
WO2020140931A1 (en) Blockchain access control method and apparatus, and electronic device
US11856104B2 (en) Methods for secure credential provisioning
CN110177354B (en) Wireless control method and system for vehicle
US9467430B2 (en) Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
KR20180129028A (en) Methods and system for managing personal information based on programmable blockchain and one-id
KR101556654B1 (en) Method for processing video telecommunication and apparatus for the same
US10999260B1 (en) Secure messaging between cryptographic hardware modules
US11636478B2 (en) Method of performing authentication for a transaction and a system thereof
US8397281B2 (en) Service assisted secret provisioning
WO2015161689A1 (en) Data processing method based on negotiation key
US9647842B2 (en) Dual-party session key derivation
CN114900304B (en) Digital signature method and apparatus, electronic device, and computer-readable storage medium
CN111931209B (en) Contract information verification method and device based on zero knowledge proof
CN112084521B (en) Unstructured data processing method, device and system for block chain
CN112766962A (en) Method for receiving and sending certificate, transaction system, storage medium and electronic device
CN106162537A (en) Method, Wireless Telecom Equipment and the terminal that a kind of safety certification connects
CN111709747B (en) Intelligent terminal authentication method and system
TW202231014A (en) Message transmitting system, user device and hardware security module for use therein
WO2023207113A1 (en) Device interconnection security authentication system, method and apparatus, and server and medium
CN113535852A (en) File processing method, file access method, device and system based on block chain
CN107682380A (en) A kind of method and device of cross-certification
CN104065650A (en) Data processing system for voice communication
TWI751433B (en) Secure communication key negotiation method
US20240097909A1 (en) One-time password delivery via in-band unauthenticated channel
TW202327313A (en) Message transmitting system, user device and hardware security module for use therein

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20736155

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20736155

Country of ref document: EP

Kind code of ref document: A1