WO2021164204A1 - 区块链数据授权方法、装置、设备及计算机可读存储介质 - Google Patents

区块链数据授权方法、装置、设备及计算机可读存储介质 Download PDF

Info

Publication number
WO2021164204A1
WO2021164204A1 PCT/CN2020/106045 CN2020106045W WO2021164204A1 WO 2021164204 A1 WO2021164204 A1 WO 2021164204A1 CN 2020106045 W CN2020106045 W CN 2020106045W WO 2021164204 A1 WO2021164204 A1 WO 2021164204A1
Authority
WO
WIPO (PCT)
Prior art keywords
authorization
data
blockchain
rule
enterprise
Prior art date
Application number
PCT/CN2020/106045
Other languages
English (en)
French (fr)
Inventor
刘浩
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021164204A1 publication Critical patent/WO2021164204A1/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • This application relates to the field of blockchain technology, and in particular to a blockchain data authorization method, device, equipment, and computer-readable storage medium.
  • the inventor realizes that the traditional data authorization scheme only authorizes the fixed data of fixed business modules to be viewed by fixed enterprises. For newly-added business modules, secondary development is required, and for the growing business data and enterprise data that continue to join the alliance on the chain, Data authorization is required every time new data and new enterprises are added. On the one hand, this authorization method is prone to errors in frequent operations, and on the other hand, operations require a lot of repeated operations. In addition, the timeliness of authorization cannot be guaranteed.
  • this application proposes a blockchain data authorization method, device, device, and computer-readable storage medium to solve at least one of the above technical problems.
  • a blockchain data authorization method includes the steps:
  • a block chain data authorization device includes:
  • Configuration module used to configure various business modules of enterprise data that need to be authorized on the blockchain
  • the setting module is used to set data authorization rules corresponding to the data of each of the business modules, where the data authorization rules include static authorization and dynamic authorization;
  • the synchronization module is used to synchronize the set data authorization rules to the blockchain network
  • the obtaining module is used to obtain the first data authorization rule related to the current node from the blockchain network regularly or when a notification is received, and is used to obtain the first data authorization rule related to the current node from the blockchain network according to the first data authorization rule Obtain the corresponding authorization data.
  • An electronic device comprising a memory and a processor, the memory stores a blockchain data authorization system that can run on the processor, and when the blockchain data authorization system is executed by the processor, the implementation is as follows step:
  • a computer-readable storage medium storing a blockchain data authorization system, which can be executed by at least one processor, so that the at least one processor executes the following step:
  • Fig. 1 is a schematic diagram of an optional hardware architecture of the electronic device of the present application
  • FIG. 2 is a schematic diagram of modules of the first embodiment of the blockchain data authorization device of the present application.
  • FIG. 3 is a schematic diagram of modules of a second embodiment of a blockchain data authorization device according to the present application.
  • FIG. 4 is a schematic diagram of modules of a third embodiment of a blockchain data authorization device according to the present application.
  • FIG. 5 is a schematic flowchart of the first embodiment of the blockchain data authorization method according to the present application.
  • Fig. 6 is a schematic flowchart of a second embodiment of a blockchain data authorization method according to the present application.
  • FIG. 7 is a schematic flowchart of a third embodiment of a blockchain data authorization method according to the present application.
  • FIG. 1 is a schematic diagram of an optional hardware architecture of the electronic device 2 of the present application.
  • the electronic device 2 may include, but is not limited to, a memory 11, a processor 12, and a network interface 13 that can communicate with each other through a system bus. It should be pointed out that FIG. 1 only shows the electronic device 2 with the components 11-13, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
  • the electronic device 2 may be a server, a PC (Personal Computer, personal computer), or a terminal device such as a smart phone, a tablet computer, a palmtop computer, and a portable computer.
  • the server may be a computing device such as a rack server, a blade server, a tower server, or a cabinet server, and may be an independent server or a server cluster composed of multiple servers.
  • the electronic device 2 may be a node forming a blockchain network.
  • the memory 11 includes at least one type of readable storage medium, the readable storage medium includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static Random access memory (SRAM), read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disks, optical disks, etc.
  • the memory 11 may be an internal storage unit of the electronic device 2, for example, a hard disk or a memory of the electronic device 2.
  • the memory 11 may also be an external storage device of the electronic device 2, for example, a plug-in hard disk, a smart memory card (Smart Media Card, SMC), and a secure digital device equipped on the electronic device 2. (Secure Digital, SD) card, flash card (Flash Card), etc.
  • the memory 11 may also include both the internal storage unit of the electronic device 2 and its external storage device.
  • the memory 11 is generally used to store an operating system and various application software installed in the electronic device 2, for example, the program code of the blockchain data authorization system 200.
  • the memory 11 can also be used to temporarily store various types of data that have been output or will be output.
  • the processor 12 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or other data processing chips in some embodiments.
  • the processor 12 is generally used to control the overall operation of the electronic device 2.
  • the processor 12 is used to run the program code or process data stored in the memory 11, for example, to run the blockchain data authorization system 200.
  • the network interface 13 may include a wireless network interface or a wired network interface, and the network interface 13 is usually used to establish a communication connection between the electronic device 2 and other electronic devices.
  • this application proposes a blockchain data authorization device 20.
  • FIG. 2 is a block diagram of the first embodiment of the blockchain data authorization device 20 of the present application.
  • the blockchain data authorization device 20 described in this application includes a configuration module 201, a setting module 202, a synchronization module 203, and an acquisition module 204. in:
  • the configuration module 201 is used to configure each service module that needs to perform data authorization on the blockchain.
  • the enterprise data of the alliance on the blockchain can be divided into various business modules, and a system page is provided for business module configuration.
  • the data such as commodities, orders, and logistics of the blockchain enterprise alliance are abstracted into multiple business modules for configuration.
  • the service module configuration table, the service module association configuration table, the service module detailed configuration table, etc. can be filled in, stored in the pre-database, and then distributed to each node of the blockchain network.
  • the field attributes include whether it is a unique value, whether it is a time field, whether it is a dynamic field, whether it must be authorized, and so on.
  • the setting module 202 is used to set data authorization rules.
  • static authorization includes authorization scenarios such as fixed data authorization and scope data authorization
  • dynamic authorization includes authorization scenarios such as dynamic data authorization, dynamic enterprise authorization, dynamic data + enterprise authorization, and dynamic multi-service associated data authorization.
  • the authorization of order data of enterprise A to enterprise B (fixed data for fixed enterprise viewing), and the authorization of order data from October to December 2018 to enterprise C (supporting data range filtering) belong to static authorization.
  • XX for example, the order amount is greater than 1 million
  • the dynamic authorization means that when new data or new enterprise nodes join the blockchain, there is no need to perform data authorization settings again, and you can directly press The data authorization rules that have been set before execute the data authorization related to them.
  • the data authorization rules include authorized institutions, authorized institutions, authorized services, authorized service fields, whether associated authorization, authorization validity period, authorization conditions, whether dynamic authorization, and so on. These data authorization rules can be stored in the pre-database by filling in the data authorization form, the associated data authorization form, and the data authorization condition form.
  • one or more items in the data authorization rules need to be set to non-fixed values.
  • the order data (rather than a fixed piece or pieces of data) with an order amount greater than 1 million is authorized to all mobile phone suppliers (not to a certain company). Class) view. Therefore, when new data or new enterprise nodes are added, the authorization rules can be directly adapted to perform related data authorization.
  • the synchronization module 203 is used to synchronize the set data authorization rules to the blockchain network.
  • each enterprise node After each enterprise node completes the setting of authorization data rules, it needs to be synchronized to the blockchain network, and other enterprise nodes in the blockchain can instantly synchronize data authorization rules related to itself through timing or notification.
  • the obtaining module 204 is used to obtain data authorization rules related to the current node.
  • the enterprise node regularly (or when receiving a notification) obtains data authorization rules related to itself from the blockchain network.
  • each enterprise node may periodically obtain its own data authorization rules from the blockchain network according to a preset time interval, for example, obtain it once every one hour.
  • each enterprise node may also obtain the data authorization rule from the blockchain network when receiving a notification, for example, when a certain enterprise node completes the authorization data rule setting (or a certain enterprise When a node has new data entry, etc.), other enterprise nodes on the blockchain are notified, and the other enterprise nodes obtain their own relevant data authorization rules from the blockchain network after receiving the notification.
  • the obtaining module 204 is further configured to obtain corresponding authorization data from the blockchain network according to the obtained data authorization rules.
  • the enterprise node upper layer service when the data authorization rule takes effect for the first time, the enterprise node upper layer service generates corresponding SQL for the authorization data in the data authorization rule, and traverses the blockchain corresponding to the authorization data in the pre-database data index table chainID, so as to obtain authorization data from the blockchain network according to the chainID.
  • the obtained authorization data information is stored in the one-to-one index table of the front-end database of the enterprise node.
  • the authorization execution history record of the data authorization rule is recorded in the data authorization record table of the pre-database.
  • the obtained authorization data is not to pull all the field data of the entire data, but to dynamically pull the authorization field (for example, only the data of the order amount field) through the field settings in the data authorization rule, to achieve different Different field values for different data of the business are authorized.
  • the core on-chain data includes the business data of each business module and the authorization result data.
  • the configuration tables of each enterprise node stored in the pre-database are also synchronized to the blockchain network .
  • the blockchain data authorization system can configure business modules and data authorization rules for the data on the blockchain, and synchronize them to each node of the blockchain network. It supports both fixed authorization methods and dynamic data. And/or the way of enterprise authorization, it also supports filtering of complex query conditions and data range, or authorization by field, avoiding a large number of repeated operations, reducing the error rate, and ensuring the timeliness of authorization.
  • the authorization execution record is also stored on the blockchain to ensure that it can be traced and cannot be tampered with.
  • the blockchain data authorization device 20 includes a judgment module 205 in addition to the configuration module 201, the setting module 202, the synchronization module 203, and the acquisition module 204 in the first embodiment. in:
  • the acquiring module 204 is also configured to acquire data authorization rules corresponding to the new data when new data related to the current node is added to the blockchain network.
  • the relevant information is saved in the service table (the service module configuration table, the service module association configuration table, the service module detailed configuration table), and then the new data is uploaded to the chain. If the current enterprise node is related to the new data (it needs to be authorized to the enterprise node), the enterprise node obtains the data authorization rule corresponding to the new data from the previously set data authorization rules.
  • a certain data authorization rule that has been set before is to dynamically authorize enterprise A's order data with an order amount greater than 1 million to enterprise B.
  • enterprise B obtains the data authorization rule.
  • the judgment module 205 is configured to judge whether the new data meets the authorization conditions in the data authorization rules.
  • the new data is related to the enterprise node, it is necessary to further determine whether the new data meets the authorization conditions. If not, the enterprise node cannot obtain the new data, ends the task, and waits for the new data to be uploaded to the chain next time. If the new data meets the authorization conditions, the enterprise node has the right to view the new data and needs to obtain the new data from the blockchain.
  • the new data is order data with an order value of 3 million
  • the new data meets the authorization conditions in the data authorization rule for dynamically authorizing enterprise A's order data with an order value of more than 1 million to enterprise B.
  • Enterprise B This new data needs to be obtained.
  • the obtaining module 204 is also configured to obtain corresponding authorization data in the new data when the authorization conditions are met.
  • the enterprise node when the new data meets the authorization conditions, it means that the enterprise node has the right to view the new data (the entire piece of data or a certain field of data). At this time, the enterprise node first matches the authorized data in the new data according to the data authorization rules (for example, a certain field data in the new data is the authorized data corresponding to the enterprise node), and then determines the blockchain of the authorized data chainID, and then obtain authorization data from the blockchain network according to the chainID.
  • the data authorization rules for example, a certain field data in the new data is the authorized data corresponding to the enterprise node
  • the data authorization rules related to the enterprise node can also be directly obtained from the blockchain network, and then the data authorization rules obtained from the Obtain the corresponding authorization data in the blockchain network.
  • a certain data authorization rule that has been set before is to dynamically authorize company A's order data with an order amount greater than 1 million to all mobile phone suppliers for viewing.
  • enterprise B and enterprise C there are only two mobile phone suppliers, enterprise B and enterprise C.
  • enterprise D can directly obtain data from the blockchain network after joining the blockchain.
  • Self-related data authorization rules such as obtaining a rule that dynamically authorizes enterprise A's order data with an order amount greater than 1 million to all mobile phone suppliers. Then, enterprise D can directly obtain authorization data according to the rules, without the need for enterprise A to re-authorize enterprise D.
  • the blockchain data authorization system provided in this embodiment can configure business modules and data authorization rules for data on the blockchain, and synchronize to each node of the blockchain network, supporting dynamic data and/or enterprise authorization methods , When new data or a new company joins the blockchain, there is no need to reconfigure the data authorization rules. You can directly obtain and execute the configured data authorization rules related to yourself from the blockchain.
  • the authorization execution records are also stored in On the blockchain, traceability is guaranteed and cannot be tampered with.
  • the blockchain data authorization device 20 includes the configuration module 201, the setting module 202, the synchronization module 203, the acquisition module 204, and the judgment module 205 in the second embodiment, and also includes the generation Module 206, execution module 207. in:
  • the generating module 206 is configured to generate a corresponding invalidation authorization rule when the authorization expires or is cancelled.
  • the authorization expires (reaches the expiration time in the data authorization rule) or is cancelled (receives a request from the authorizer to cancel the authorization)
  • a corresponding invalid authorization rule is generated, and the flag is marked as invalid .
  • the invalidation authorization rule is also stored in the pre-database of the node.
  • the synchronization module 203 is also used to synchronize the invalidation authorization rule to the blockchain network.
  • the invalidation authorization rule is also synchronized to the blockchain network, so that the enterprise node related to the invalidation authorization rule can execute the invalidation authorization rule.
  • the execution module 207 is configured to periodically execute invalidation authorization rules related to the current node, delete the pre-database index, and update the authorization history record on the chain.
  • each enterprise node on the blockchain must also periodically (for example, every second) obtain and execute invalid authorization rules related to the node, and delete the previously obtained and obtained from the one-to-one index table of the pre-database.
  • the authorization data corresponding to the invalid authorization rule, and the authorization history record is updated (the authorization invalid record should also be synchronized to the blockchain network).
  • the blockchain data authorization system can configure business modules and data authorization rules for the data on the blockchain, and synchronize them to each node of the blockchain network. It supports both fixed authorization methods and dynamic data. And/or the way of enterprise authorization also supports filtering of complex query conditions and data range, or authorization by field, and can perform authorization invalidation and cancellation operations, avoiding a large number of repeated operations, reducing error rates, and ensuring the timeliness of authorization.
  • the authorization execution record is also stored on the blockchain to ensure that it can be traced and cannot be tampered with.
  • this application also proposes a blockchain data authorization method.
  • FIG. 5 is a schematic flowchart of the first embodiment of the blockchain data authorization method of the present application.
  • the execution order of the steps in the flowchart shown in FIG. 5 can be changed, and some steps can be omitted.
  • the method includes:
  • Step S500 configure each business module that needs to perform data authorization on the blockchain.
  • the enterprise data of the alliance on the blockchain can be divided into various business modules, and a system page is provided for business module configuration.
  • the data such as commodities, orders, and logistics of the blockchain enterprise alliance are abstracted into multiple business modules for configuration.
  • the service module configuration table, the service module association configuration table, the service module detailed configuration table, etc. can be filled in, stored in the pre-database, and then distributed to each node of the blockchain network.
  • the field attributes include whether it is a unique value, whether it is a time field, whether it is a dynamic field, whether it must be authorized, and so on.
  • Step S502 Set data authorization rules.
  • static authorization includes authorization scenarios such as fixed data authorization and scope data authorization
  • dynamic authorization includes authorization scenarios such as dynamic data authorization, dynamic enterprise authorization, dynamic data + enterprise authorization, and dynamic multi-service associated data authorization.
  • the authorization of order data of enterprise A to enterprise B (fixed data for fixed enterprise viewing), and the authorization of order data from October to December 2018 to enterprise C (supporting data range filtering) belong to static authorization.
  • XX for example, the order amount is greater than 1 million
  • the dynamic authorization means that when new data or new enterprise nodes join the blockchain, there is no need to perform data authorization settings again, and you can directly press The data authorization rules that have been set before execute the data authorization related to them.
  • the data authorization rules include authorized institutions, authorized institutions, authorized services, authorized service fields, whether associated authorization, authorization validity period, authorization conditions, whether dynamic authorization, and so on. These data authorization rules can be stored in the pre-database by filling in the data authorization form, the associated data authorization form, and the data authorization condition form.
  • one or more items in the data authorization rules need to be set to non-fixed values.
  • the order data (rather than a fixed piece or pieces of data) with an order amount of more than 1 million is authorized to all mobile phone suppliers (rather than a certain company). Class) view. Therefore, when new data or new enterprise nodes are added, the authorization rules can be directly adapted to perform related data authorization.
  • Step S504 Synchronize the set data authorization rules to the blockchain network.
  • each enterprise node After each enterprise node completes the setting of authorization data rules, it needs to be synchronized to the blockchain network, and other enterprise nodes in the blockchain can instantly synchronize data authorization rules related to itself through timing or notification.
  • Step S506 Obtain data authorization rules related to the current node.
  • the enterprise node regularly (or when receiving a notification) obtains data authorization rules related to itself from the blockchain network.
  • each enterprise node may periodically obtain its own data authorization rules from the blockchain network according to a preset time interval, for example, obtain it once every one hour.
  • each enterprise node may also obtain the data authorization rule from the blockchain network when receiving a notification. For example, when a certain enterprise node completes the authorization data rule setting (or a certain enterprise When a node has new data entry, etc.), other enterprise nodes on the blockchain are notified, and the other enterprise nodes obtain their own relevant data authorization rules from the blockchain network after receiving the notification.
  • Step S508 Obtain corresponding authorization data from the blockchain network according to the acquired data authorization rules.
  • the enterprise node upper layer service when the data authorization rule takes effect for the first time, the enterprise node upper layer service generates corresponding SQL for the authorization data in the data authorization rule, and traverses the blockchain corresponding to the authorization data in the pre-database data index table chainID, so as to obtain authorization data from the blockchain network according to the chainID.
  • the obtained authorization data information is stored in the one-to-one index table of the front-end database of the enterprise node.
  • the authorization execution history record of the data authorization rule is recorded in the data authorization record table of the pre-database.
  • the obtained authorization data is not to pull all the field data of the entire data, but to dynamically pull the authorization field (for example, only the data of the order amount field) through the field settings in the data authorization rule, to achieve different Different field values for different data of the business are authorized.
  • the core on-chain data includes the business data of each business module and the authorization result data.
  • the configuration tables of each enterprise node stored in the pre-database are also synchronized to the blockchain network .
  • the blockchain data authorization method provided in this embodiment can configure business modules and data authorization rules for the data on the blockchain, and synchronize to each node of the blockchain network. It supports both fixed authorization methods and dynamic data. And/or the way of enterprise authorization, it also supports filtering of complex query conditions and data range, or authorization by field, avoiding a large number of repeated operations, reducing the error rate, and ensuring the timeliness of authorization. In addition, the authorization execution record is also stored on the blockchain to ensure that it can be traced and cannot be tampered with.
  • steps S600-S608 of the blockchain data authorization method are similar to steps S500-S508 of the first embodiment, except that the method further includes steps S610-S614.
  • the method includes the following steps:
  • Step S600 configure each business module that needs to perform data authorization on the blockchain.
  • the enterprise data of the alliance on the blockchain can be divided into various business modules, and a system page is provided for business module configuration.
  • the data such as commodities, orders, and logistics of the blockchain enterprise alliance are abstracted into multiple business modules for configuration.
  • the service module configuration table, the service module association configuration table, the service module detailed configuration table, etc. can be filled in, stored in the pre-database, and then distributed to each node of the blockchain network.
  • the field attributes include whether it is a unique value, whether it is a time field, whether it is a dynamic field, whether it must be authorized, and so on.
  • Step S602 Set data authorization rules.
  • static authorization includes authorization scenarios such as fixed data authorization and scope data authorization
  • dynamic authorization includes authorization scenarios such as dynamic data authorization, dynamic enterprise authorization, dynamic data + enterprise authorization, and dynamic multi-service associated data authorization.
  • authorization of order data No. 001 of enterprise A to enterprise B (fixed data for viewing by fixed enterprises), and authorization of order data from October to December 2018 to enterprise C (supporting data range filtering) is a static authorization.
  • XX for example, the order amount is greater than 1 million
  • the dynamic authorization means that when new data or new enterprise nodes join the blockchain, there is no need to perform data authorization settings again, and you can directly press The data authorization rules that have been set before execute the data authorization related to them.
  • the data authorization rules include authorized institutions, authorized institutions, authorized services, authorized service fields, whether associated authorization, authorization validity period, authorization conditions, whether dynamic authorization, and so on. These data authorization rules can be stored in the pre-database by filling in the data authorization form, the associated data authorization form, and the data authorization condition form.
  • one or more items in the data authorization rules need to be set to non-fixed values.
  • the order data (rather than a fixed piece or pieces of data) with an order amount of more than 1 million is authorized to all mobile phone suppliers (rather than a certain company). Class) view. Therefore, when new data or new enterprise nodes are added, the authorization rules can be directly adapted to perform related data authorization.
  • Step S604 Synchronize the set data authorization rules to the blockchain network.
  • each enterprise node After each enterprise node completes the setting of authorization data rules, it needs to be synchronized to the blockchain network, and other enterprise nodes in the blockchain can instantly synchronize data authorization rules related to itself through timing or notification.
  • Step S606 Obtain data authorization rules related to the current node.
  • the enterprise node regularly (or when receiving a notification) obtains data authorization rules related to itself from the blockchain network.
  • each enterprise node may periodically obtain its own data authorization rules from the blockchain network according to a preset time interval, for example, obtain it once every one hour.
  • each enterprise node may also obtain the data authorization rule from the blockchain network when receiving a notification. For example, when a certain enterprise node completes the authorization data rule setting (or a certain enterprise When a node has new data entry, etc.), other enterprise nodes on the blockchain are notified, and the other enterprise nodes obtain their own relevant data authorization rules from the blockchain network after receiving the notification.
  • Step S608 Obtain corresponding authorization data from the blockchain network according to the acquired data authorization rules.
  • the enterprise node upper layer service when the data authorization rule takes effect for the first time, the enterprise node upper layer service generates corresponding SQL for the authorization data in the data authorization rule, and traverses the blockchain corresponding to the authorization data in the pre-database data index table chainID, so as to obtain authorization data from the blockchain network according to the chainID.
  • the obtained authorization data information is stored in the one-to-one index table of the front-end database of the enterprise node.
  • the authorization execution history record of the data authorization rule is recorded in the data authorization record table of the pre-database.
  • the obtained authorization data is not to pull all the field data of the entire data, but to dynamically pull the authorization field (for example, only the data of the order amount field) through the field settings in the data authorization rule, to achieve different Different field values for different data of the business are authorized.
  • the core on-chain data includes the business data of each business module and the authorization result data.
  • the configuration tables of each enterprise node stored in the pre-database are also synchronized to the blockchain network .
  • Step S610 When new data related to the current node is added to the blockchain network, obtain the data authorization rule corresponding to the new data.
  • the relevant information is saved in the service table (the service module configuration table, the service module association configuration table, the service module detailed configuration table), and then the new data is uploaded to the chain. If the current enterprise node is related to the new data (it needs to be authorized to the enterprise node), the enterprise node obtains the data authorization rule corresponding to the new data from the previously set data authorization rules.
  • a certain data authorization rule that has been set before is to dynamically authorize enterprise A's order data with an order amount greater than 1 million to enterprise B.
  • enterprise B obtains the data authorization rule.
  • Step S612 Determine whether the new data meets the authorization conditions in the data authorization rules.
  • the new data is related to the enterprise node, it is necessary to further determine whether the new data meets the authorization conditions. If not, the enterprise node cannot obtain the new data, ends the task, and waits for the new data to be uploaded to the chain next time. If the new data meets the authorization conditions, the enterprise node has the right to view the new data and needs to obtain the new data from the blockchain.
  • the new data is order data with an order value of 3 million
  • the new data meets the authorization conditions in the data authorization rule for dynamically authorizing enterprise A's order data with an order value of more than 1 million to enterprise B.
  • Enterprise B This new data needs to be obtained.
  • Step S614 when the authorization conditions are met, obtain the corresponding authorization data in the new data.
  • the enterprise node when the new data meets the authorization conditions, it means that the enterprise node has the right to view the new data (the entire piece of data or a certain field of data). At this time, the enterprise node first matches the authorized data in the new data according to the data authorization rules (for example, a certain field data in the new data is the authorized data corresponding to the enterprise node), and then determines the blockchain of the authorized data chainID, and then obtain authorization data from the blockchain network according to the chainID.
  • the data authorization rules for example, a certain field data in the new data is the authorized data corresponding to the enterprise node
  • the data authorization rules related to the enterprise node can also be directly obtained from the blockchain network, and then the data authorization rules obtained from the Obtain the corresponding authorization data in the blockchain network.
  • a certain data authorization rule that has been set before is to dynamically authorize company A's order data with an order amount greater than 1 million to all mobile phone suppliers for viewing.
  • enterprise B and enterprise C there are only two mobile phone suppliers, enterprise B and enterprise C.
  • enterprise D can directly obtain data from the blockchain network after joining the blockchain.
  • Self-related data authorization rules such as obtaining a rule that dynamically authorizes enterprise A's order data with an order amount greater than 1 million to all mobile phone suppliers. Then, enterprise D can directly obtain authorization data according to the rules, without the need for enterprise A to re-authorize enterprise D.
  • the blockchain data authorization method provided in this embodiment can configure business modules and data authorization rules for data on the blockchain, and synchronize to each node of the blockchain network, supporting dynamic data and/or enterprise authorization methods , When new data or a new company joins the blockchain, there is no need to reconfigure the data authorization rules. You can directly obtain and execute the configured data authorization rules related to yourself from the blockchain.
  • the authorization execution records are also stored in On the blockchain, traceability is guaranteed and cannot be tampered with.
  • FIG. 7 it is a schematic flowchart of the third embodiment of the blockchain data authorization method of the present application.
  • the steps S700-S714 of the blockchain data authorization method are similar to the steps S600-S614 of the first embodiment, except that the method further includes steps S716-S720.
  • the method includes the following steps:
  • Step S700 configure each business module that needs to perform data authorization on the blockchain.
  • the enterprise data of the alliance on the blockchain can be divided into various business modules, and a system page is provided for business module configuration.
  • the data such as commodities, orders, and logistics of the blockchain enterprise alliance are abstracted into multiple business modules for configuration.
  • the service module configuration table, the service module association configuration table, the service module detailed configuration table, etc. can be filled in, stored in the pre-database, and then distributed to each node of the blockchain network.
  • the field attributes include whether it is a unique value, whether it is a time field, whether it is a dynamic field, whether it must be authorized, and so on.
  • Step S702 Set data authorization rules.
  • static authorization includes authorization scenarios such as fixed data authorization and scope data authorization
  • dynamic authorization includes authorization scenarios such as dynamic data authorization, dynamic enterprise authorization, dynamic data + enterprise authorization, and dynamic multi-service associated data authorization.
  • the authorization of order data of enterprise A to enterprise B (fixed data for fixed enterprise viewing), and the authorization of order data from October to December 2018 to enterprise C (supporting data range filtering) belong to static authorization.
  • XX for example, the order amount is greater than 1 million
  • the dynamic authorization means that when new data or new enterprise nodes join the blockchain, there is no need to perform data authorization settings again, and you can directly press The data authorization rules that have been set before execute the data authorization related to them.
  • the data authorization rules include authorized institutions, authorized institutions, authorized services, authorized service fields, whether associated authorization, authorization validity period, authorization conditions, whether dynamic authorization, and so on. These data authorization rules can be stored in the pre-database by filling in the data authorization form, the associated data authorization form, and the data authorization condition form.
  • one or more items in the data authorization rules need to be set to non-fixed values.
  • the order data (rather than a fixed piece or pieces of data) with an order amount greater than 1 million is authorized to all mobile phone suppliers (not to a certain company). Class) view. Therefore, when new data or new enterprise nodes are added, the authorization rules can be directly adapted to perform related data authorization.
  • Step S704 Synchronize the set data authorization rules to the blockchain network.
  • each enterprise node After each enterprise node completes the setting of authorization data rules, it needs to be synchronized to the blockchain network, and other enterprise nodes in the blockchain can instantly synchronize data authorization rules related to itself through timing or notification.
  • Step S706 Obtain data authorization rules related to the current node.
  • the enterprise node regularly (or when receiving a notification) obtains data authorization rules related to itself from the blockchain network.
  • each enterprise node may periodically obtain its own data authorization rules from the blockchain network according to a preset time interval, for example, obtain it once every one hour.
  • each enterprise node may also obtain the data authorization rule from the blockchain network when receiving a notification. For example, when a certain enterprise node completes the authorization data rule setting (or a certain enterprise When a node has new data entry, etc.), other enterprise nodes on the blockchain are notified, and the other enterprise nodes obtain their own relevant data authorization rules from the blockchain network after receiving the notification.
  • Step S708 Obtain corresponding authorization data from the blockchain network according to the acquired data authorization rules.
  • the enterprise node upper layer service when the data authorization rule takes effect for the first time, the enterprise node upper layer service generates corresponding SQL for the authorization data in the data authorization rule, and traverses the blockchain corresponding to the authorization data in the pre-database data index table chainID, so as to obtain authorization data from the blockchain network according to the chainID.
  • the obtained authorization data information is stored in the one-to-one index table of the front-end database of the enterprise node.
  • the authorization execution history record of the data authorization rule is recorded in the data authorization record table of the pre-database.
  • the obtained authorization data is not to pull all the field data of the entire data, but to dynamically pull the authorization field (for example, only the data of the order amount field) through the field settings in the data authorization rule, to achieve different Different field values for different data of the business are authorized.
  • the core on-chain data includes the business data of each business module and the authorization result data.
  • the configuration tables of each enterprise node stored in the pre-database are also synchronized to the blockchain network .
  • Step S710 When new data related to the current node is added to the blockchain network, obtain a data authorization rule corresponding to the new data.
  • the relevant information is saved in the service table (the service module configuration table, the service module association configuration table, the service module detailed configuration table), and then the new data is uploaded to the chain. If the current enterprise node is related to the new data (it needs to be authorized to the enterprise node), the enterprise node obtains the data authorization rule corresponding to the new data from the previously set data authorization rules.
  • a certain data authorization rule that has been set before is to dynamically authorize enterprise A's order data with an order amount greater than 1 million to enterprise B.
  • enterprise B obtains the data authorization rule.
  • Step S712 Determine whether the new data meets the authorization conditions in the data authorization rules.
  • the new data is related to the enterprise node, it is necessary to further determine whether the new data meets the authorization conditions. If not, the enterprise node cannot obtain the new data, ends the task, and waits for the new data to be uploaded to the chain next time. If the new data meets the authorization conditions, the enterprise node has the right to view the new data and needs to obtain the new data from the blockchain.
  • the new data is order data with an order value of 3 million
  • the new data meets the authorization conditions in the data authorization rule for dynamically authorizing enterprise A's order data with an order value of more than 1 million to enterprise B.
  • Enterprise B This new data needs to be obtained.
  • Step S714 when the authorization conditions are met, obtain the corresponding authorization data in the new data.
  • the enterprise node when the new data meets the authorization conditions, it means that the enterprise node has the right to view the new data (the entire piece of data or a certain field of data). At this time, the enterprise node first matches the authorized data in the new data according to the data authorization rules (for example, a certain field data in the new data is the authorized data corresponding to the enterprise node), and then determines the blockchain of the authorized data chainID, and then obtain authorization data from the blockchain network according to the chainID.
  • the data authorization rules for example, a certain field data in the new data is the authorized data corresponding to the enterprise node
  • the data authorization rules related to the enterprise node can also be directly obtained from the blockchain network, and then the data authorization rules obtained from the Obtain the corresponding authorization data in the blockchain network.
  • a certain data authorization rule that has been set before is to dynamically authorize company A's order data with an order amount greater than 1 million to all mobile phone suppliers for viewing.
  • enterprise B and enterprise C there are only two mobile phone suppliers, enterprise B and enterprise C.
  • enterprise D can directly obtain data from the blockchain network after joining the blockchain.
  • Self-related data authorization rules such as obtaining a rule that dynamically authorizes enterprise A's order data with an order amount greater than 1 million to all mobile phone suppliers. Then, enterprise D can directly obtain authorization data according to the rules, without the need for enterprise A to re-authorize enterprise D.
  • step S716 when the authorization expires or is cancelled, a corresponding invalid authorization rule is generated.
  • the authorization expires (reaches the expiration time in the data authorization rule) or is cancelled (receives a request from the authorizer to cancel the authorization)
  • a corresponding invalid authorization rule is generated, and the flag is marked as invalid .
  • the invalidation authorization rule is also stored in the pre-database of the node.
  • step S718 the invalid authorization rule is synchronized to the blockchain network.
  • the invalidation authorization rule is also synchronized to the blockchain network, so that the enterprise node related to the invalidation authorization rule can execute the invalidation authorization rule.
  • Step S720 Periodically execute invalid authorization rules related to the current node, delete the pre-database index, and update the authorization history record on the chain.
  • each enterprise node on the blockchain must also periodically (for example, every second) obtain and execute invalid authorization rules related to the node, and delete the previously obtained and obtained from the one-to-one index table of the pre-database.
  • the authorization data corresponding to the invalid authorization rule, and the authorization history record is updated (the authorization invalid record should also be synchronized to the blockchain network).
  • the blockchain data authorization method provided in this embodiment can configure business modules and data authorization rules for the data on the blockchain, and synchronize to each node of the blockchain network. It supports both fixed authorization methods and dynamic data. And/or the way of enterprise authorization, it also supports filtering of complex query conditions and data range, or authorization by field, and can perform authorization invalidation and cancellation operations, avoiding a large number of repeated operations, reducing error rates, and ensuring the timeliness of authorization.
  • the authorization execution record is also stored on the blockchain to ensure that it can be traced and cannot be tampered with.
  • the computer-readable storage medium may be non-volatile or volatile, and the computer-readable storage medium stores A blockchain data authorization program, the blockchain data authorization program can be executed by at least one processor, so that the at least one processor executes the steps of the blockchain data authorization method described above.
  • the specific implementation of the computer-readable storage medium of the present application is substantially the same as the foregoing method embodiment, and will not be repeated here.
  • the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present application.
  • a terminal device which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.

Abstract

本申请涉及一种区块链技术,揭露了一种区块链数据授权方法,该方法包括:配置需要在区块链上进行数据授权的企业数据的各个业务模块;针对各个所述业务模块的数据,设置相应的数据授权规则,其中,所述数据授权规则包括静态授权和动态授权两种方式;将所设置的数据授权规则同步至区块链网络;从所述区块链网络中获取与当前节点相关的第一数据授权规则;根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据。本申请还提供一种装置、设备及计算机可读存储介质。本申请提供的区块链数据授权方法、装置、设备及计算机可读存储介质能够避免大量反复操作,降低错误率,保障授权的及时性。

Description

区块链数据授权方法、装置、设备及计算机可读存储介质
本申请要求于2020年2月17日提交中国专利局、申请号为CN202010096097.6,发明名称为“区块链数据授权方法、电子装置及计算机可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及区块链技术领域,尤其涉及一种区块链数据授权方法、装置、设备及计算机可读存储介质。
背景技术
随着区块链技术的发展普及,利用区块链可溯源、不可篡改等特性,可以解决诸多场景下的难题。同时,由于数据存储在区块链上,对于企业数据的隐私性和安全性提出了更高的要求。一方面,需要通过数据加解密算法保证企业各自链上数据的安全性;另一方面,对于企业间的数据访问,需要提供一种数据授权方案。
发明人意识到传统的数据授权方案仅仅是授权固定业务模块固定数据给固定企业查看,对于新增的业务模块需要二次开发,并且对于不断增长的业务数据以及不断加入链上联盟的企业数据,每次新增数据及新增企业都要做数据授权。这种授权方式一方面频繁操作容易出错,另一方面运营需要做大量反复操作。另外,授权的及时性也无法保障。
技术问题
有鉴于此,本申请提出一种区块链数据授权方法、装置、设备及计算机可读存储介质,以解决至少一个上述技术问题。
技术解决方案
一种区块链数据授权方法,该方法包括步骤:
配置需要在区块链上进行数据授权的企业数据的各个业务模块;
设置与各个所述业务模块的数据相应的数据授权规则,其中,所述数据授权规则包括静态授权和动态授权两种方式;
将所设置的数据授权规则同步至区块链网络;
定时或者在收到通知时从所述区块链网络中获取与当前节点相关的第一数据授权规则;及
根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据。
一种区块链数据授权装置,包括:
配置模块,用于配置需要在区块链上进行数据授权的企业数据的各个业务模块;
设置模块,用于设置与各个所述业务模块的数据相应的数据授权规则,其中,所述数据授权规则包括静态授权和动态授权两种方式;
同步模块,用于将所设置的数据授权规则同步至区块链网络;
获取模块,用于定时或者在收到通知时从所述区块链网络中获取与当前节点相关的第一数据授权规则,及用于根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据。
一种电子设备,包括存储器、处理器,所述存储器上存储有可在所述处理器上运行的区块链数据授权系统,所述区块链数据授权系统被所述处理器执行时实现如下步骤:
配置需要在区块链上进行数据授权的企业数据的各个业务模块;
设置与各个所述业务模块的数据相应的数据授权规则,其中,所述数据授权规则包括静态授权和动态授权两种方式;
将所设置的数据授权规则同步至区块链网络;
定时或者在收到通知时从所述区块链网络中获取与当前节点相关的第一数据授权规则;及
根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据。
一种计算机可读存储介质,所述计算机可读存储介质存储有区块链数据授权系统,所述区块链数据授权系统可被至少一个处理器执行,以使所述至少一个处理器执行如下步骤:
配置需要在区块链上进行数据授权的企业数据的各个业务模块;
设置与各个所述业务模块的数据相应的数据授权规则,其中,所述数据授权规则包括静态授权和动态授权两种方式;
将所设置的数据授权规则同步至区块链网络;
定时或者在收到通知时从所述区块链网络中获取与当前节点相关的第一数据授权规则;及
根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据。
附图说明
图1是本申请电子设备一可选的硬件架构的示意图;
图2是本申请区块链数据授权装置第一实施例的模块示意图;
图3是本申请区块链数据授权装置第二实施例的模块示意图;
图4是本申请区块链数据授权装置第三实施例的模块示意图;
图5是本申请区块链数据授权方法第一实施例的流程示意图;
图6是本申请区块链数据授权方法第二实施例的流程示意图;
图7是本申请区块链数据授权方法第三实施例的流程示意图;
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。
本发明的实施方式
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。
需要说明的是,在本申请中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本申请要求的保护范围之内。
参阅图1所示,是本申请电子设备2一可选的硬件架构的示意图。
本实施例中,所述电子设备2可包括,但不仅限于,可通过系统总线相互通信连接存储器11、处理器12、网络接口13。需要指出的是,图1仅示出了具有组件11-13的电子设备2,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。
其中,所述电子设备2可以是服务器,也可以是PC(Personal Computer,个人电脑),也可以是智能手机、平板电脑、掌上电脑、便携计算机等终端设备。所述服务器可以是机架式服务器、刀片式服务器、塔式服务器或机柜式服务器等计算设备,并且可以是独立的服务器,也可以是多个服务器所组成的服务器集群。
所述电子设备2可以是组成区块链网络的节点。
所述存储器11至少包括一种类型的可读存储介质,所述可读存储介质包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等。在一些实施例中,所述存储器11可以是所述电子设备2的内部存储单元,例如该电子设备2的硬盘或内存。在另一些实施例中,所述存储器11也可以是所述电子设备2的外部存储设备,例如该电子设备2上配备的插接式硬盘,智能存储卡(Smart Media Card, SMC),安全数字(Secure Digital, SD)卡,闪存卡(Flash Card)等。当然,所述存储器11还可以既包括所述电子设备2的内部存储单元也包括其外部存储设备。本实施例中,所述存储器11通常用于存储安装于所述电子设备2的操作系统和各类应用软件,例如区块链数据授权系统200的程序代码等。此外,所述存储器11还可以用于暂时地存储已经输出或者将要输出的各类数据。
所述处理器12在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器12通常用于控制所述电子设备2的总体操作。本实施例中,所述处理器12用于运行所述存储器11中存储的程序代码或者处理数据,例如运行所述的区块链数据授权系统200等。
所述网络接口13可包括无线网络接口或有线网络接口,该网络接口13通常用于在所述电子设备2与其他电子设备之间建立通信连接。
至此,己经详细介绍了本申请相关设备的硬件结构和功能。下面,将基于上述介绍提出本申请的各个实施例。
首先,本申请提出一种区块链数据授权装置20。
参阅图2所示,是本申请区块链数据授权装置20第一实施例的模块图。
本实施例中,,本申请所述区块链数据授权装置20包括配置模块201、设置模块202、同步模块203、获取模块204。其中:
所述配置模块201,用于配置需要在区块链上进行数据授权的各个业务模块。
具体地,对于区块链上联盟的企业数据,可以划分为各个业务模块,提供系统页面进行业务模块配置。例如,将所述区块链企业联盟的商品、订单、物流等数据抽象为多个业务模块进行配置。在本实施例中,可以填写业务模块配置表、业务模块关联配置表、业务模块详细配置表等,保存在前置库中,然后下发到区块链网络的各个节点。其中,主要可以配置业务模块名称、唯一标识(ID)、业务模块字段、字段属性等。所述字段属性包括是否唯一值、是否为时间字段、是否为动态字段、是否必须授权等。
所述设置模块202,用于设置数据授权规则。
具体地,针对各个所述业务模块的数据,需要授权给相应的企业节点查看。因此,要对这些数据设置相应的数据授权规则。在本实施例中,提供静态授权和动态授权两种方式。其中,静态授权包括固定数据授权、范围数据授权等授权场景;动态授权包括动态数据授权、动态企业授权、动态数据+企业授权、动态多业务关联数据授权等授权场景。例如,将企业A的001号订单数据授权给企业B(固定数据给固定企业查看)、2018年10-12月的订单数据授权给企业C(支持数据范围的过滤),属于静态授权。另外,还可以设置各种复杂查询条件或者按字段授权,以及多业务关联数据授权,例如将企业A的某字段值为XX(如订单金额大于100万)的订单数据授权给企业B、授权企业A的业务A关联的业务B的某字段数据给企业B和C。
并且,在上述授权条件的基础上,还可以选择是否可以动态授权,所述动态授权即当有新数据或新企业节点加入所述区块链时,不需要重新进行数据授权设置,可以直接按之前已设置好的数据授权规则执行与之相关的数据授权。
也就是说,在本实施例中,所述数据授权规则包括授权机构、被授权机构、授权业务、授权业务字段、是否关联授权、授权有效期、授权条件、是否动态授权等。这些数据授权规则可以通过填写数据授权表、关联数据授权表、数据授权条件表等,保存在前置库中。
值得注意的是,当选择动态授权时,所述数据授权规则中的一个或多个项目(如被授权机构、授权条件等)需要被设置为非固定值。例如,当针对某企业的手机订单数据进行动态授权时,将订单金额大于100万的订单数据(而不是固定的某一条或某几条数据)授权给所有手机供应商(而不是某一个企业之类)查看。因此,当有新数据或新企业节点加入时,就可以直接适配利用所述授权规则,执行相关的数据授权。
所述同步模块203,用于将所设置的数据授权规则同步至区块链网络。
具体地,每个企业节点完成授权数据规则的设置后,需要同步至区块链网络,区块链中的其他企业节点通过定时或通知的方式,即时同步与自身相关的数据授权规则。
所述获取模块204,用于获取与当前节点相关的数据授权规则。
具体地,该企业节点定时(或者在收到通知时)从所述区块链网络中获取与自身相关的数据授权规则。在本实施例中,各个企业节点可以根据预先设置的时间间隔定时从所述区块链网络中获取与自身相关的数据授权规则,例如每隔一小时获取一次。在其他实施例中,各个企业节点也可以是在收到通知时从所述区块链网络中获取所述数据授权规则,例如当某个企业节点完成授权数据规则的设置后(或者某个企业节点有新数据录入时等等),通知区块链上的其他企业节点,则其他企业节点在收到该通知后从所述区块链网络中获取自身相关的数据授权规则。
所述获取模块204,还用于根据所获取的数据授权规则从所述区块链网络中获取相应的授权数据。
具体地,当所述数据授权规则首次生效时,该企业节点上层服务针对所述数据授权规则中的授权数据生成相应的SQL,在前置库数据索引表中遍历该授权数据对应的区块链chainID,从而根据该chainID从区块链网络获取授权数据。所获取的授权数据信息保存在该企业节点前置库的一对一索引表中。并且,所述数据授权规则的授权执行历史记录被记录在前置库的数据授权记录表中。
在本实施例中,所获取的授权数据并非拉取整条数据所有字段数据,而是通过数据授权规则中的字段设置,动态拉取授权字段(例如仅获取订单金额字段的数据),实现不同业务不同数据的不同字段值授权。
值得注意的是,整个过程中的数据授权规则设置、授权执行历史记录,及后续的授权失效或取消记录,均保存到每个企业节点所述前置库中。
在所述区块链网络中,核心的上链数据包括各个业务模块的业务数据以及授权结果数据,另外每个企业节点保存在前置库的各个配置表也同步至所述区块链网络中。
本实施例提供的区块链数据授权系统,可以针对区块链上的数据进行业务模块和数据授权规则的配置,并同步至区块链网络各个节点,既支持固定授权方式,也支持动态数据和/或企业授权的方式,还支持复杂查询条件和数据范围的过滤,或者按字段授权,避免了大量反复操作,降低错误率,保障了授权的及时性。另外,授权执行记录也存储在区块链上,保证可追溯,不可篡改。
参阅图3所示,是本申请区块链数据授权装置20第二实施例的模块图。本实施例中,所述的区块链数据授权装置20除了包括第一实施例中的所述配置模块201、设置模块202、同步模块203、获取模块204之外,还包括判断模块205。其中:
所述获取模块204,还用于当有与当前节点相关的新数据加入所述区块链网络时,获取所述新数据对应的数据授权规则。
具体地,当某个节点有新数据录入时,保存相关信息到业务表(业务模块配置表、业务模块关联配置表、业务模块详细配置表),然后将该新数据上链。若当前企业节点与该新数据相关(需要授权给该企业节点),则该企业节点从之前已设置好的数据授权规则中获取与该新数据对应的数据授权规则。
例如,之前已设置的某条数据授权规则为将企业A的订单金额大于100万的订单数据动态授权给企业B。当企业A有新的订单数据上链时,企业B获取该条数据授权规则。
所述判断模块205,用于判断所述新数据是否符合所述数据授权规则中的授权条件。
具体地,虽然该新数据与该企业节点相关,但还需进一步判断该新数据是否符合授权条件。若不符合,则该企业节点无法获取该新数据,结束此次任务,等待下次新数据上链。若该新数据符合授权条件,则该企业节点有权查看该新数据,需要从区块链中获取该新数据。
例如,所述新数据为订单金额为300万的订单数据,则该新数据符合将企业A的订单金额大于100万的订单数据动态授权给企业B这一条数据授权规则中的授权条件,企业B需要获取该新数据。
所述获取模块204,还用于当符合授权条件时,获取所述新数据中相应的授权数据。
具体地,当该新数据符合授权条件时,表示该企业节点有权查看该新数据(整条数据或某字段数据)。此时该企业节点首先根据所述数据授权规则匹配该新数据中的授权数据(例如该新数据中的某个字段数据为该企业节点对应的授权数据),然后确定该授权数据的区块链chainID,再根据该chainID从区块链网络中获取授权数据。
另外,当该节点为新加入所述区块链网络的企业节点时,也可以直接从区块链网络中获取与该企业节点相关的数据授权规则,然后根据所获取的数据授权规则从所述区块链网络中获取相应的授权数据。例如,之前已设置的某条数据授权规则为将企业A的订单金额大于100万的订单数据动态授权给所有手机供应商查看。之前所述区块链中只有企业B和企业C两个手机供应商,现在加入了另一个手机供应商企业D,则企业D加入区块链后可以直接从所述区块链网络中获取与自身相关的数据授权规则,例如获取到将企业A的订单金额大于100万的订单数据动态授权给所有手机供应商这一条规则。然后,企业D就可以根据该规则直接获取授权数据,而不需要企业A重新为企业D授权。
当然,在新的企业节点加入所述区块链网络时,也可以针对自身需要授权给其他企业的数据设置新的数据授权规则并发布到所述区块链网络,供其他企业节点获取。
具体过程中的详细技术内容在上述步骤中有类似说明,在此不再赘述。
本实施例提供的区块链数据授权系统,可以针对区块链上的数据进行业务模块和数据授权规则的配置,并同步至区块链网络各个节点,支持动态数据和/或企业授权的方式,当有新数据或新企业加入区块链时,不需要重新配置数据授权规则,可以直接从区块链上获取并执行与自身相关的已配置好的数据授权规则,授权执行记录也存储在区块链上,保证可追溯,不可篡改。
参阅图4所示,是本申请区块链数据授权装置20第三实施例的程序模块图。本实施例中,所述的区块链数据授权装置20除了包括第二实施例中的所述配置模块201、设置模块202、同步模块203、获取模块204、判断模块205之外,还包括生成模块206、执行模块207。其中:
所述生成模块206,用于当授权过期或取消时,生成对应的失效授权规则。
具体地,针对某一条数据授权规则,当授权过期(达到数据授权规则中的失效时间)或取消(接收到授权方主动取消授权的请求)时,生成一条对应的失效授权规则,标记flag为失效。所述失效授权规则也保存在该节点的前置库中。
所述同步模块203,还用于将所述失效授权规则同步至区块链网络。
具体地,当生成所述失效授权规则并保存后,还要将所述失效授权规则同步至区块链网络,从而使与所述失效授权规则相关的企业节点可以执行所述失效授权规则。
所述执行模块207,用于定期执行与当前节点相关的失效授权规则,删除前置库索引,并更新链上授权历史记录。
具体地,区块链上的每个企业节点也要定期(例如每一秒钟)获取并执行与该节点相关的失效授权规则,从前置库的一对一索引表中删除之前获取的与所述失效授权规则对应的授权数据,并更新授权历史记录(授权失效记录,也要同步到区块链网络)。
本实施例提供的区块链数据授权系统,可以针对区块链上的数据进行业务模块和数据授权规则的配置,并同步至区块链网络各个节点,既支持固定授权方式,也支持动态数据和/或企业授权的方式,还支持复杂查询条件和数据范围的过滤,或者按字段授权,并且可以进行授权失效及取消操作,避免了大量反复操作,降低错误率,保障了授权的及时性。另外,授权执行记录也存储在区块链上,保证可追溯,不可篡改。
此外,本申请还提出一种区块链数据授权方法。
参阅图5所示,是本申请区块链数据授权方法第一实施例的流程示意图。在本实施例中,根据不同的需求,图5所示的流程图中的步骤的执行顺序可以改变,某些步骤可以省略。该方法包括:
步骤S500,配置需要在区块链上进行数据授权的各个业务模块。
具体地,对于区块链上联盟的企业数据,可以划分为各个业务模块,提供系统页面进行业务模块配置。例如,将所述区块链企业联盟的商品、订单、物流等数据抽象为多个业务模块进行配置。在本实施例中,可以填写业务模块配置表、业务模块关联配置表、业务模块详细配置表等,保存在前置库中,然后下发到区块链网络的各个节点。其中,主要可以配置业务模块名称、唯一标识(ID)、业务模块字段、字段属性等。所述字段属性包括是否唯一值、是否为时间字段、是否为动态字段、是否必须授权等。
步骤S502,设置数据授权规则。
具体地,针对各个所述业务模块的数据,需要授权给相应的企业节点查看。因此,要对这些数据设置相应的数据授权规则。在本实施例中,提供静态授权和动态授权两种方式。其中,静态授权包括固定数据授权、范围数据授权等授权场景;动态授权包括动态数据授权、动态企业授权、动态数据+企业授权、动态多业务关联数据授权等授权场景。例如,将企业A的001号订单数据授权给企业B(固定数据给固定企业查看)、2018年10-12月的订单数据授权给企业C(支持数据范围的过滤),属于静态授权。另外,还可以设置各种复杂查询条件或者按字段授权,以及多业务关联数据授权,例如将企业A的某字段值为XX(如订单金额大于100万)的订单数据授权给企业B、授权企业A的业务A关联的业务B的某字段数据给企业B和C。
并且,在上述授权条件的基础上,还可以选择是否可以动态授权,所述动态授权即当有新数据或新企业节点加入所述区块链时,不需要重新进行数据授权设置,可以直接按之前已设置好的数据授权规则执行与之相关的数据授权。
也就是说,在本实施例中,所述数据授权规则包括授权机构、被授权机构、授权业务、授权业务字段、是否关联授权、授权有效期、授权条件、是否动态授权等。这些数据授权规则可以通过填写数据授权表、关联数据授权表、数据授权条件表等,保存在前置库中。
值得注意的是,当选择动态授权时,所述数据授权规则中的一个或多个项目(如被授权机构、授权条件等)需要被设置为非固定值。例如,当针对某企业的手机订单数据进行动态授权时,将订单金额大于100万的订单数据(而不是固定的某一条或某几条数据)授权给所有手机供应商(而不是某一个企业之类)查看。因此,当有新数据或新企业节点加入时,就可以直接适配利用所述授权规则,执行相关的数据授权。
步骤S504,将所设置的数据授权规则同步至区块链网络。
具体地,每个企业节点完成授权数据规则的设置后,需要同步至区块链网络,区块链中的其他企业节点通过定时或通知的方式,即时同步与自身相关的数据授权规则。
步骤S506,获取与当前节点相关的数据授权规则。
具体地,该企业节点定时(或者在收到通知时)从所述区块链网络中获取与自身相关的数据授权规则。在本实施例中,各个企业节点可以根据预先设置的时间间隔定时从所述区块链网络中获取与自身相关的数据授权规则,例如每隔一小时获取一次。在其他实施例中,各个企业节点也可以是在收到通知时从所述区块链网络中获取所述数据授权规则,例如当某个企业节点完成授权数据规则的设置后(或者某个企业节点有新数据录入时等等),通知区块链上的其他企业节点,则其他企业节点在收到该通知后从所述区块链网络中获取自身相关的数据授权规则。
步骤S508,根据所获取的数据授权规则从所述区块链网络中获取相应的授权数据。
具体地,当所述数据授权规则首次生效时,该企业节点上层服务针对所述数据授权规则中的授权数据生成相应的SQL,在前置库数据索引表中遍历该授权数据对应的区块链chainID,从而根据该chainID从区块链网络获取授权数据。所获取的授权数据信息保存在该企业节点前置库的一对一索引表中。并且,所述数据授权规则的授权执行历史记录被记录在前置库的数据授权记录表中。
在本实施例中,所获取的授权数据并非拉取整条数据所有字段数据,而是通过数据授权规则中的字段设置,动态拉取授权字段(例如仅获取订单金额字段的数据),实现不同业务不同数据的不同字段值授权。
值得注意的是,整个过程中的数据授权规则设置、授权执行历史记录,及后续的授权失效或取消记录,均保存到每个企业节点所述前置库中。
在所述区块链网络中,核心的上链数据包括各个业务模块的业务数据以及授权结果数据,另外每个企业节点保存在前置库的各个配置表也同步至所述区块链网络中。
本实施例提供的区块链数据授权方法,可以针对区块链上的数据进行业务模块和数据授权规则的配置,并同步至区块链网络各个节点,既支持固定授权方式,也支持动态数据和/或企业授权的方式,还支持复杂查询条件和数据范围的过滤,或者按字段授权,避免了大量反复操作,降低错误率,保障了授权的及时性。另外,授权执行记录也存储在区块链上,保证可追溯,不可篡改。
如图6所示,是本申请区块链数据授权方法的第二实施例的流程示意图。本实施例中,所述区块链数据授权方法的步骤S600-S608与第一实施例的步骤S500-S508相类似,区别在于该方法还包括步骤S610-S614。
该方法包括以下步骤:
步骤S600,配置需要在区块链上进行数据授权的各个业务模块。
具体地,对于区块链上联盟的企业数据,可以划分为各个业务模块,提供系统页面进行业务模块配置。例如,将所述区块链企业联盟的商品、订单、物流等数据抽象为多个业务模块进行配置。在本实施例中,可以填写业务模块配置表、业务模块关联配置表、业务模块详细配置表等,保存在前置库中,然后下发到区块链网络的各个节点。其中,主要可以配置业务模块名称、唯一标识(ID)、业务模块字段、字段属性等。所述字段属性包括是否唯一值、是否为时间字段、是否为动态字段、是否必须授权等。
步骤S602,设置数据授权规则。
具体地,针对各个所述业务模块的数据,需要授权给相应的企业节点查看。因此,要对这些数据设置相应的数据授权规则。在本实施例中,提供静态授权和动态授权两种方式。其中,静态授权包括固定数据授权、范围数据授权等授权场景;动态授权包括动态数据授权、动态企业授权、动态数据+企业授权、动态多业务关联数据授权等授权场景。例如,将企业A的001号订单数据授权给企业B(固定数据给固定企业查看)、2018年10-12月的订单数据授权给企业C(支持数据范围的过滤),属于静态授权。另外,还可以设置各种复杂查询条件或者按字段授权,以及多业务关联数据授权,例如将企业A的某字段值为XX(如订单金额大于100万)的订单数据授权给企业B、授权企业A的业务A关联的业务B的某字段数据给企业B和C。
并且,在上述授权条件的基础上,还可以选择是否可以动态授权,所述动态授权即当有新数据或新企业节点加入所述区块链时,不需要重新进行数据授权设置,可以直接按之前已设置好的数据授权规则执行与之相关的数据授权。
也就是说,在本实施例中,所述数据授权规则包括授权机构、被授权机构、授权业务、授权业务字段、是否关联授权、授权有效期、授权条件、是否动态授权等。这些数据授权规则可以通过填写数据授权表、关联数据授权表、数据授权条件表等,保存在前置库中。
值得注意的是,当选择动态授权时,所述数据授权规则中的一个或多个项目(如被授权机构、授权条件等)需要被设置为非固定值。例如,当针对某企业的手机订单数据进行动态授权时,将订单金额大于100万的订单数据(而不是固定的某一条或某几条数据)授权给所有手机供应商(而不是某一个企业之类)查看。因此,当有新数据或新企业节点加入时,就可以直接适配利用所述授权规则,执行相关的数据授权。
步骤S604,将所设置的数据授权规则同步至区块链网络。
具体地,每个企业节点完成授权数据规则的设置后,需要同步至区块链网络,区块链中的其他企业节点通过定时或通知的方式,即时同步与自身相关的数据授权规则。
步骤S606,获取与当前节点相关的数据授权规则。
具体地,该企业节点定时(或者在收到通知时)从所述区块链网络中获取与自身相关的数据授权规则。在本实施例中,各个企业节点可以根据预先设置的时间间隔定时从所述区块链网络中获取与自身相关的数据授权规则,例如每隔一小时获取一次。在其他实施例中,各个企业节点也可以是在收到通知时从所述区块链网络中获取所述数据授权规则,例如当某个企业节点完成授权数据规则的设置后(或者某个企业节点有新数据录入时等等),通知区块链上的其他企业节点,则其他企业节点在收到该通知后从所述区块链网络中获取自身相关的数据授权规则。
步骤S608,根据所获取的数据授权规则从所述区块链网络中获取相应的授权数据。
具体地,当所述数据授权规则首次生效时,该企业节点上层服务针对所述数据授权规则中的授权数据生成相应的SQL,在前置库数据索引表中遍历该授权数据对应的区块链chainID,从而根据该chainID从区块链网络获取授权数据。所获取的授权数据信息保存在该企业节点前置库的一对一索引表中。并且,所述数据授权规则的授权执行历史记录被记录在前置库的数据授权记录表中。
在本实施例中,所获取的授权数据并非拉取整条数据所有字段数据,而是通过数据授权规则中的字段设置,动态拉取授权字段(例如仅获取订单金额字段的数据),实现不同业务不同数据的不同字段值授权。
值得注意的是,整个过程中的数据授权规则设置、授权执行历史记录,及后续的授权失效或取消记录,均保存到每个企业节点所述前置库中。
在所述区块链网络中,核心的上链数据包括各个业务模块的业务数据以及授权结果数据,另外每个企业节点保存在前置库的各个配置表也同步至所述区块链网络中。
步骤S610,当有与当前节点相关的新数据加入所述区块链网络时,获取所述新数据对应的数据授权规则。
具体地,当某个节点有新数据录入时,保存相关信息到业务表(业务模块配置表、业务模块关联配置表、业务模块详细配置表),然后将该新数据上链。若当前企业节点与该新数据相关(需要授权给该企业节点),则该企业节点从之前已设置好的数据授权规则中获取与该新数据对应的数据授权规则。
例如,之前已设置的某条数据授权规则为将企业A的订单金额大于100万的订单数据动态授权给企业B。当企业A有新的订单数据上链时,企业B获取该条数据授权规则。
步骤S612,判断所述新数据是否符合所述数据授权规则中的授权条件。
具体地,虽然该新数据与该企业节点相关,但还需进一步判断该新数据是否符合授权条件。若不符合,则该企业节点无法获取该新数据,结束此次任务,等待下次新数据上链。若该新数据符合授权条件,则该企业节点有权查看该新数据,需要从区块链中获取该新数据。
例如,所述新数据为订单金额为300万的订单数据,则该新数据符合将企业A的订单金额大于100万的订单数据动态授权给企业B这一条数据授权规则中的授权条件,企业B需要获取该新数据。
步骤S614,当符合授权条件时,获取所述新数据中相应的授权数据。
具体地,当该新数据符合授权条件时,表示该企业节点有权查看该新数据(整条数据或某字段数据)。此时该企业节点首先根据所述数据授权规则匹配该新数据中的授权数据(例如该新数据中的某个字段数据为该企业节点对应的授权数据),然后确定该授权数据的区块链chainID,再根据该chainID从区块链网络中获取授权数据。
另外,当该节点为新加入所述区块链网络的企业节点时,也可以直接从区块链网络中获取与该企业节点相关的数据授权规则,然后根据所获取的数据授权规则从所述区块链网络中获取相应的授权数据。例如,之前已设置的某条数据授权规则为将企业A的订单金额大于100万的订单数据动态授权给所有手机供应商查看。之前所述区块链中只有企业B和企业C两个手机供应商,现在加入了另一个手机供应商企业D,则企业D加入区块链后可以直接从所述区块链网络中获取与自身相关的数据授权规则,例如获取到将企业A的订单金额大于100万的订单数据动态授权给所有手机供应商这一条规则。然后,企业D就可以根据该规则直接获取授权数据,而不需要企业A重新为企业D授权。
当然,在新的企业节点加入所述区块链网络时,也可以针对自身需要授权给其他企业的数据设置新的数据授权规则并发布到所述区块链网络,供其他企业节点获取。
具体过程中的详细技术内容在上述步骤中有类似说明,在此不再赘述。
本实施例提供的区块链数据授权方法,可以针对区块链上的数据进行业务模块和数据授权规则的配置,并同步至区块链网络各个节点,支持动态数据和/或企业授权的方式,当有新数据或新企业加入区块链时,不需要重新配置数据授权规则,可以直接从区块链上获取并执行与自身相关的已配置好的数据授权规则,授权执行记录也存储在区块链上,保证可追溯,不可篡改。
如图7所示,是本申请区块链数据授权方法的第三实施例的流程示意图。本实施例中,所述区块链数据授权方法的步骤S700-S714与第一实施例的步骤S600-S614相类似,区别在于该方法还包括步骤S716-S720。
该方法包括以下步骤:
步骤S700,配置需要在区块链上进行数据授权的各个业务模块。
具体地,对于区块链上联盟的企业数据,可以划分为各个业务模块,提供系统页面进行业务模块配置。例如,将所述区块链企业联盟的商品、订单、物流等数据抽象为多个业务模块进行配置。在本实施例中,可以填写业务模块配置表、业务模块关联配置表、业务模块详细配置表等,保存在前置库中,然后下发到区块链网络的各个节点。其中,主要可以配置业务模块名称、唯一标识(ID)、业务模块字段、字段属性等。所述字段属性包括是否唯一值、是否为时间字段、是否为动态字段、是否必须授权等。
步骤S702,设置数据授权规则。
具体地,针对各个所述业务模块的数据,需要授权给相应的企业节点查看。因此,要对这些数据设置相应的数据授权规则。在本实施例中,提供静态授权和动态授权两种方式。其中,静态授权包括固定数据授权、范围数据授权等授权场景;动态授权包括动态数据授权、动态企业授权、动态数据+企业授权、动态多业务关联数据授权等授权场景。例如,将企业A的001号订单数据授权给企业B(固定数据给固定企业查看)、2018年10-12月的订单数据授权给企业C(支持数据范围的过滤),属于静态授权。另外,还可以设置各种复杂查询条件或者按字段授权,以及多业务关联数据授权,例如将企业A的某字段值为XX(如订单金额大于100万)的订单数据授权给企业B、授权企业A的业务A关联的业务B的某字段数据给企业B和C。
并且,在上述授权条件的基础上,还可以选择是否可以动态授权,所述动态授权即当有新数据或新企业节点加入所述区块链时,不需要重新进行数据授权设置,可以直接按之前已设置好的数据授权规则执行与之相关的数据授权。
也就是说,在本实施例中,所述数据授权规则包括授权机构、被授权机构、授权业务、授权业务字段、是否关联授权、授权有效期、授权条件、是否动态授权等。这些数据授权规则可以通过填写数据授权表、关联数据授权表、数据授权条件表等,保存在前置库中。
值得注意的是,当选择动态授权时,所述数据授权规则中的一个或多个项目(如被授权机构、授权条件等)需要被设置为非固定值。例如,当针对某企业的手机订单数据进行动态授权时,将订单金额大于100万的订单数据(而不是固定的某一条或某几条数据)授权给所有手机供应商(而不是某一个企业之类)查看。因此,当有新数据或新企业节点加入时,就可以直接适配利用所述授权规则,执行相关的数据授权。
步骤S704,将所设置的数据授权规则同步至区块链网络。
具体地,每个企业节点完成授权数据规则的设置后,需要同步至区块链网络,区块链中的其他企业节点通过定时或通知的方式,即时同步与自身相关的数据授权规则。
步骤S706,获取与当前节点相关的数据授权规则。
具体地,该企业节点定时(或者在收到通知时)从所述区块链网络中获取与自身相关的数据授权规则。在本实施例中,各个企业节点可以根据预先设置的时间间隔定时从所述区块链网络中获取与自身相关的数据授权规则,例如每隔一小时获取一次。在其他实施例中,各个企业节点也可以是在收到通知时从所述区块链网络中获取所述数据授权规则,例如当某个企业节点完成授权数据规则的设置后(或者某个企业节点有新数据录入时等等),通知区块链上的其他企业节点,则其他企业节点在收到该通知后从所述区块链网络中获取自身相关的数据授权规则。
步骤S708,根据所获取的数据授权规则从所述区块链网络中获取相应的授权数据。
具体地,当所述数据授权规则首次生效时,该企业节点上层服务针对所述数据授权规则中的授权数据生成相应的SQL,在前置库数据索引表中遍历该授权数据对应的区块链chainID,从而根据该chainID从区块链网络获取授权数据。所获取的授权数据信息保存在该企业节点前置库的一对一索引表中。并且,所述数据授权规则的授权执行历史记录被记录在前置库的数据授权记录表中。
在本实施例中,所获取的授权数据并非拉取整条数据所有字段数据,而是通过数据授权规则中的字段设置,动态拉取授权字段(例如仅获取订单金额字段的数据),实现不同业务不同数据的不同字段值授权。
值得注意的是,整个过程中的数据授权规则设置、授权执行历史记录,及后续的授权失效或取消记录,均保存到每个企业节点所述前置库中。
在所述区块链网络中,核心的上链数据包括各个业务模块的业务数据以及授权结果数据,另外每个企业节点保存在前置库的各个配置表也同步至所述区块链网络中。
步骤S710,当有与当前节点相关的新数据加入所述区块链网络时,获取所述新数据对应的数据授权规则。
具体地,当某个节点有新数据录入时,保存相关信息到业务表(业务模块配置表、业务模块关联配置表、业务模块详细配置表),然后将该新数据上链。若当前企业节点与该新数据相关(需要授权给该企业节点),则该企业节点从之前已设置好的数据授权规则中获取与该新数据对应的数据授权规则。
例如,之前已设置的某条数据授权规则为将企业A的订单金额大于100万的订单数据动态授权给企业B。当企业A有新的订单数据上链时,企业B获取该条数据授权规则。
步骤S712,判断所述新数据是否符合所述数据授权规则中的授权条件。
具体地,虽然该新数据与该企业节点相关,但还需进一步判断该新数据是否符合授权条件。若不符合,则该企业节点无法获取该新数据,结束此次任务,等待下次新数据上链。若该新数据符合授权条件,则该企业节点有权查看该新数据,需要从区块链中获取该新数据。
例如,所述新数据为订单金额为300万的订单数据,则该新数据符合将企业A的订单金额大于100万的订单数据动态授权给企业B这一条数据授权规则中的授权条件,企业B需要获取该新数据。
步骤S714,当符合授权条件时,获取所述新数据中相应的授权数据。
具体地,当该新数据符合授权条件时,表示该企业节点有权查看该新数据(整条数据或某字段数据)。此时该企业节点首先根据所述数据授权规则匹配该新数据中的授权数据(例如该新数据中的某个字段数据为该企业节点对应的授权数据),然后确定该授权数据的区块链chainID,再根据该chainID从区块链网络中获取授权数据。
另外,当该节点为新加入所述区块链网络的企业节点时,也可以直接从区块链网络中获取与该企业节点相关的数据授权规则,然后根据所获取的数据授权规则从所述区块链网络中获取相应的授权数据。例如,之前已设置的某条数据授权规则为将企业A的订单金额大于100万的订单数据动态授权给所有手机供应商查看。之前所述区块链中只有企业B和企业C两个手机供应商,现在加入了另一个手机供应商企业D,则企业D加入区块链后可以直接从所述区块链网络中获取与自身相关的数据授权规则,例如获取到将企业A的订单金额大于100万的订单数据动态授权给所有手机供应商这一条规则。然后,企业D就可以根据该规则直接获取授权数据,而不需要企业A重新为企业D授权。
当然,在新的企业节点加入所述区块链网络时,也可以针对自身需要授权给其他企业的数据设置新的数据授权规则并发布到所述区块链网络,供其他企业节点获取。
具体过程中的详细技术内容在上述步骤中有类似说明,在此不再赘述。
步骤S716,当授权过期或取消时,生成对应的失效授权规则。
具体地,针对某一条数据授权规则,当授权过期(达到数据授权规则中的失效时间)或取消(接收到授权方主动取消授权的请求)时,生成一条对应的失效授权规则,标记flag为失效。所述失效授权规则也保存在该节点的前置库中。
步骤S718,将所述失效授权规则同步至区块链网络。
具体地,当生成所述失效授权规则并保存后,还要将所述失效授权规则同步至区块链网络,从而使与所述失效授权规则相关的企业节点可以执行所述失效授权规则。
步骤S720,定期执行与当前节点相关的失效授权规则,删除前置库索引,并更新链上授权历史记录。
具体地,区块链上的每个企业节点也要定期(例如每一秒钟)获取并执行与该节点相关的失效授权规则,从前置库的一对一索引表中删除之前获取的与所述失效授权规则对应的授权数据,并更新授权历史记录(授权失效记录,也要同步到区块链网络)。
本实施例提供的区块链数据授权方法,可以针对区块链上的数据进行业务模块和数据授权规则的配置,并同步至区块链网络各个节点,既支持固定授权方式,也支持动态数据和/或企业授权的方式,还支持复杂查询条件和数据范围的过滤,或者按字段授权,并且可以进行授权失效及取消操作,避免了大量反复操作,降低错误率,保障了授权的及时性。另外,授权执行记录也存储在区块链上,保证可追溯,不可篡改。
本申请还提供了另一种实施方式,即提供一种计算机可读存储介质,所述计算机可读存储介质可以是非易失性,也可以是易失性,所述计算机可读存储介质存储有区块链数据授权程序,所述区块链数据授权程序可被至少一个处理器执行,以使所述至少一个处理器执行如上述的区块链数据授权方法的步骤。本申请计算机可读存储介质的具体实施方式与上述方法实施例大致相同,在此不再赘述。
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。

Claims (20)

  1. 一种区块链数据授权方法,其中,所述方法包括步骤:
    配置需要在区块链上进行数据授权的企业数据的各个业务模块;
    设置与各个所述业务模块的数据相应的数据授权规则,其中,所述数据授权规则包括静态授权和动态授权两种方式;
    将所设置的数据授权规则同步至区块链网络;
    定时或者在收到通知时从所述区块链网络中获取与当前节点相关的第一数据授权规则;及
    根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据。
  2. 如权利要求1所述的区块链数据授权方法,其中,该方法还包括步骤:
    当有与当前节点相关的新数据加入所述区块链网络时,直接从所述区块链网络中获取所述新数据对应的第二数据授权规则;
    判断所述新数据是否符合所述第二数据授权规则中的授权条件;
    当所述新数据符合授权条件时,当前节点获取所述新数据中相应的授权数据。
  3. 如权利要求2所述的区块链数据授权方法,其中,该方法还包括步骤:
    当授权过期或取消时,生成对应的失效授权规则;
    将所述失效授权规则同步至区块链网络;
    定期获取并执行与当前节点相关的失效授权规则,删除前置库索引,并更新链上授权历史记录。
  4. 如权利要求1-3任一项所述的区块链数据授权方法,其中,所述静态授权包括固定数据授权、范围数据授权;所述动态授权包括动态数据授权、动态企业授权、动态数据及企业授权、动态多业务关联数据授权。
  5. 如权利要求1-3任一项所述的区块链数据授权方法,其中,所述数据授权规则包括授权机构、被授权机构、授权业务、授权业务字段、是否关联授权、授权有效期、授权条件、是否动态授权,其中,当选择动态授权时,所述数据授权规则中的一个或多个项目设置为非固定值。
  6. 如权利要求1-3任一项所述的区块链数据授权方法,其中,所述根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据的步骤包括:
    针对所述第一数据授权规则中的授权数据生成相应的SQL,在前置库数据索引表中遍历所述授权数据对应的区块链chainID,从而根据所述chainID从所述区块链网络获取所述授权数据。
  7. 如权利要求1-3任一项所述的区块链数据授权方法,其中,该方法还包括步骤:
    若当前节点为新加入所述区块链网络的企业节点,则直接从所述区块链网络中获取与所述当前节点相关的第三数据授权规则,然后根据所述第三数据授权规则从所述区块链网络中获取相应的授权数据。
  8. 如权利要求3所述的区块链数据授权方法,其中,该方法还包括步骤:
    将所述数据授权规则及授权执行历史记录、授权失效或取消记录,均保存在每个节点对应的前置库中。
  9. 一种区块链数据授权装置,其中,该装置包括:
    配置模块,用于配置需要在区块链上进行数据授权的企业数据的各个业务模块;
    设置模块,用于设置与各个所述业务模块的数据相应的数据授权规则,其中,所述数据授权规则包括静态授权和动态授权两种方式;
    同步模块,用于将所设置的数据授权规则同步至区块链网络;
    获取模块,用于定时或者在收到通知时从所述区块链网络中获取与当前节点相关的第一数据授权规则,及用于根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据。
  10. 一种电子设备,其中,所述电子设备包括存储器、处理器,所述存储器上存储有可在所述处理器上运行的区块链数据授权系统,所述区块链数据授权系统被所述处理器执行时实现如下步骤:
    配置需要在区块链上进行数据授权的企业数据的各个业务模块;
    设置与各个所述业务模块的数据相应的数据授权规则,其中,所述数据授权规则包括静态授权和动态授权两种方式;
    将所设置的数据授权规则同步至区块链网络;
    定时或者在收到通知时从所述区块链网络中获取与当前节点相关的第一数据授权规则;及
    根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据。
  11. 如权利要求10所述的电子设备,其中,所述区块链数据授权系统被所述处理器执行时还实现如下步骤:
    当有与当前节点相关的新数据加入所述区块链网络时,直接从所述区块链网络中获取所述新数据对应的第二数据授权规则;
    判断所述新数据是否符合所述第二数据授权规则中的授权条件;
    当所述新数据符合授权条件时,当前节点获取所述新数据中相应的授权数据。
  12. 如权利要求11所述的电子设备,其中,所述区块链数据授权系统被所述处理器执行时还实现如下步骤:
    当授权过期或取消时,生成对应的失效授权规则;
    将所述失效授权规则同步至区块链网络;
    定期获取并执行与当前节点相关的失效授权规则,删除前置库索引,并更新链上授权历史记录。
  13. 如权利要求10-12任一项所述的电子设备,其中,所述静态授权包括固定数据授权、范围数据授权;所述动态授权包括动态数据授权、动态企业授权、动态数据及企业授权、动态多业务关联数据授权。
  14. 如权利要求10-12任一项所述的电子设备,其中,所述数据授权规则包括授权机构、被授权机构、授权业务、授权业务字段、是否关联授权、授权有效期、授权条件、是否动态授权,其中,当选择动态授权时,所述数据授权规则中的一个或多个项目设置为非固定值。
  15. 一种计算机可读存储介质,其中,所述计算机可读存储介质存储有区块链数据授权系统,所述区块链数据授权系统被处理器执行时实现如下步骤:
    配置需要在区块链上进行数据授权的企业数据的各个业务模块;
    设置与各个所述业务模块的数据相应的数据授权规则,其中,所述数据授权规则包括静态授权和动态授权两种方式;
    将所设置的数据授权规则同步至区块链网络;
    定时或者在收到通知时从所述区块链网络中获取与当前节点相关的第一数据授权规则;及
    根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据。
  16. 如权利要求15所述的计算机可读存储介质,其中,所述区块链数据授权系统被处理器执行时还实现如下步骤:
    当有与当前节点相关的新数据加入所述区块链网络时,直接从所述区块链网络中获取所述新数据对应的第二数据授权规则;
    判断所述新数据是否符合所述第二数据授权规则中的授权条件;
    当所述新数据符合授权条件时,当前节点获取所述新数据中相应的授权数据。
  17. 如权利要求16所述的计算机可读存储介质,其中,所述区块链数据授权系统被处理器执行时还实现如下步骤:
    当授权过期或取消时,生成对应的失效授权规则;
    将所述失效授权规则同步至区块链网络;
    定期获取并执行与当前节点相关的失效授权规则,删除前置库索引,并更新链上授权历史记录。
  18. 如权利要求15-17任一项所述的计算机可读存储介质,其中,所述静态授权包括固定数据授权、范围数据授权;所述动态授权包括动态数据授权、动态企业授权、动态数据及企业授权、动态多业务关联数据授权。
  19. 如权利要求15-17任一项所述的计算机可读存储介质,其中,所述数据授权规则包括授权机构、被授权机构、授权业务、授权业务字段、是否关联授权、授权有效期、授权条件、是否动态授权,其中,当选择动态授权时,所述数据授权规则中的一个或多个项目设置为非固定值。
  20. 如权利要求15-17任一项所述的计算机可读存储介质,其中,所述根据所述第一数据授权规则从所述区块链网络中获取相应的授权数据的步骤包括:
    针对所述第一数据授权规则中的授权数据生成相应的SQL,在前置库数据索引表中遍历所述授权数据对应的区块链chainID,从而根据所述chainID从所述区块链网络获取所述授权数据。
PCT/CN2020/106045 2020-02-17 2020-07-31 区块链数据授权方法、装置、设备及计算机可读存储介质 WO2021164204A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010096097.6A CN111291421A (zh) 2020-02-17 2020-02-17 区块链数据授权方法、电子装置及计算机可读存储介质
CN202010096097.6 2020-02-17

Publications (1)

Publication Number Publication Date
WO2021164204A1 true WO2021164204A1 (zh) 2021-08-26

Family

ID=71017661

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/106045 WO2021164204A1 (zh) 2020-02-17 2020-07-31 区块链数据授权方法、装置、设备及计算机可读存储介质

Country Status (2)

Country Link
CN (1) CN111291421A (zh)
WO (1) WO2021164204A1 (zh)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111291421A (zh) * 2020-02-17 2020-06-16 深圳壹账通智能科技有限公司 区块链数据授权方法、电子装置及计算机可读存储介质
CN111932263B (zh) * 2020-10-10 2021-01-29 支付宝(杭州)信息技术有限公司 一种数据管理方法、装置及设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107657059A (zh) * 2017-10-20 2018-02-02 中国银行股份有限公司 基于区块链应用系统的数据同步方法、中间件及系统
CN108683626A (zh) * 2018-03-15 2018-10-19 众安信息技术服务有限公司 一种数据访问控制方法及装置
CN109995791A (zh) * 2019-04-11 2019-07-09 清华大学 一种数据授权方法及系统
US10505741B1 (en) * 2016-09-29 2019-12-10 Amazon Technologies, Inc. Cryptographically provable data certification and provenance
CN111291421A (zh) * 2020-02-17 2020-06-16 深圳壹账通智能科技有限公司 区块链数据授权方法、电子装置及计算机可读存储介质

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10505741B1 (en) * 2016-09-29 2019-12-10 Amazon Technologies, Inc. Cryptographically provable data certification and provenance
CN107657059A (zh) * 2017-10-20 2018-02-02 中国银行股份有限公司 基于区块链应用系统的数据同步方法、中间件及系统
CN108683626A (zh) * 2018-03-15 2018-10-19 众安信息技术服务有限公司 一种数据访问控制方法及装置
CN109995791A (zh) * 2019-04-11 2019-07-09 清华大学 一种数据授权方法及系统
CN111291421A (zh) * 2020-02-17 2020-06-16 深圳壹账通智能科技有限公司 区块链数据授权方法、电子装置及计算机可读存储介质

Also Published As

Publication number Publication date
CN111291421A (zh) 2020-06-16

Similar Documents

Publication Publication Date Title
EP3639465B1 (en) Improved hardware security module management
US11469891B2 (en) Expendable cryptographic key access
US10097557B2 (en) Virtual collaboration systems and methods
US20080189543A1 (en) Method and system for reducing a size of a security-related data object stored on a token
US20230316273A1 (en) Data processing method and apparatus, computer device, and storage medium
US9485202B2 (en) Alerting recipients to errors occurring when accessing external services
WO2021164204A1 (zh) 区块链数据授权方法、装置、设备及计算机可读存储介质
US11265146B2 (en) Electronic apparatus managing data based on block chain and method for managing data
US20220038258A1 (en) Preventing an erroneous transmission of a copy of a record of data to a distributed ledger system
US11928037B2 (en) Database restoration across cloud environments
CN111327613A (zh) 分布式服务的权限控制方法、装置及计算机可读存储介质
CN113271311A (zh) 一种跨链网络中的数字身份管理方法及系统
US20120246112A1 (en) Synchronizing human resource database with authorization database
EP4357950A1 (en) Device management method, system and apparatus
TWI690819B (zh) 權限撤銷方法及裝置
CN111800460A (zh) Ldap服务节点的数据同步方法、装置、设备及存储介质
WO2019218460A1 (zh) 业务线的处理方法、装置、终端设备及介质
US20230104103A1 (en) Custodial systems for non-fungible tokens
CN111339561A (zh) 数据处理方法、电子设备与存储介质
US10623528B2 (en) Enterprise application ecosystem operating system
US20220327242A1 (en) Data management method and apparatus
TWI637339B (zh) 將電子購買之內容項目指派給使用者
US9424405B2 (en) Using receipts to control assignments of items of content to users
JPWO2019202888A1 (ja) 排他制御システム及び排他制御方法
TWI766430B (zh) 可動態調整資料授權政策的去中心化資料授權控管系統

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20919701

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11/01/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 20919701

Country of ref document: EP

Kind code of ref document: A1