CN108810006A - resource access method, device, equipment and storage medium - Google Patents
resource access method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN108810006A CN108810006A CN201810662712.8A CN201810662712A CN108810006A CN 108810006 A CN108810006 A CN 108810006A CN 201810662712 A CN201810662712 A CN 201810662712A CN 108810006 A CN108810006 A CN 108810006A
- Authority
- CN
- China
- Prior art keywords
- party application
- resource
- access token
- authority record
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000012546 transfer Methods 0.000 claims abstract description 34
- 238000012795 verification Methods 0.000 claims abstract description 27
- 238000013475 authorization Methods 0.000 claims description 86
- 230000005540 biological transmission Effects 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 4
- 238000012937 correction Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 230000005291 magnetic effect Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of resource access method, device, equipment and storage mediums.Wherein, this method includes:The resource transfer request including access token that third-party application is sent is received, is generated wherein the access token is the block address stored in block chain according to the authority record of third-party application;The target authority record of third-party application is obtained according to the block address, and the access token is verified according to the target authority record;If verification passes through, to third-party application feedback resources.Technical solution provided in an embodiment of the present invention, since authority record and access token are stored in block chain, all it is transparent to third-party application and resource service node, it can not distort, ensure the accuracy and public credibility of authority record and access token, correspondingly, the accuracy that resource service node verifies access token according to authority record is also improved.
Description
Technical field
The present embodiments relate to block chain technical field more particularly to a kind of resource access method, device, equipment and deposit
Storage media.
Background technology
In certain the Internet, applications scenes, the third-party application (example of content service is provided a user by open platform
Such as the publisher of bear's paw platform or the public platform of wechat platform) need to call resource owner in open platform (i.e. common to use
Family) account information, then third-party application must obtain the mandate of resource owner.
Resource transfer process based on existing OAuth (Open Authorization, open to authorize) agreement is as follows:Third
Fang Yingyong sends authorization requests to resource owner, and resource owner is third-party application mandate and is awarded to third-party application return
Weigh result.Third-party application sends Authorization result to the authorization server of platform side, and authorization server is generated according to Authorization result
And store authority record.Also, authorization server also generates according to authority record and stores access token (Access Token)
And issue access token to third-party application.The access token that subsequent third side is issued using authorization server is to platform side
Resource Server ask resource, Resource Server carries out authentication process according to authority record to access token, and according to authentication
As a result the request of third-party application is responded.
Since authority record is unilaterally stored in authorization server in existing authorized agreement, authorization server is only to
Tripartite's application sends an access token.The validity of access token is that the Resource Server of platform side unilaterally verifies, and is deposited
It is relatively low or the defects of public credibility is insufficient in the accuracy of authority checking result.
Invention content
An embodiment of the present invention provides a kind of resource access method, device, equipment and storage mediums, can improve mandate and test
Demonstrate,prove the accuracy of result.
In a first aspect, an embodiment of the present invention provides a kind of resource access method, executed by the node in block catenary system,
This method includes:
The resource transfer request including access token that third-party application is sent is received, wherein the access token is foundation
What the block address that the authority record of third-party application stores in block chain generated;
The target authority record of third-party application is obtained according to the block address, and according to the target authority record pair
The access token is verified;
If verification passes through, to third-party application feedback resources.
Second aspect, the embodiment of the present invention additionally provide a kind of resource access method, are held by the node in block catenary system
Row, this method include:
The authority record for the machine third-party application node that authorization service node is sent in block catenary system is received in block
The block address stored in chain;
Access token is generated according to the block address, and resource service node is sent including described into block catenary system
The resource transfer of access token is asked;
It receives the resource service node and asks fed back resource information according to the resource transfer is responded.
The third aspect, the embodiment of the present invention additionally provide a kind of resource access device, the section being configured in block catenary system
In point, which includes:
Call request receiving module, the resource transfer request including access token for receiving third-party application transmission,
The wherein described access token is that the block address stored in block chain according to the authority record of third-party application generates;
Correction verification module, the target authority record for obtaining third-party application according to the block address, and according to described
Target authority record verifies the access token;
Feedback module, if passing through for verifying, to third-party application feedback resources.
Fourth aspect, the embodiment of the present invention additionally provide a kind of resource access device, the section being configured in block catenary system
In point, which includes:
Address receiving module, for receiving the machine third-party application node that authorization service node is sent in block catenary system
The block address that is stored in block chain of authority record;
Access token generation module, for generating access token according to the block address;
Call request sending module includes the access token for into block catenary system, resource service node to be sent
Resource transfer is asked;
Feedback information receiving module, it is anti-according to the resource transfer request institute is responded for receiving the resource service node
The resource information of feedback.
5th aspect, the embodiment of the present invention additionally provide a kind of equipment, which includes:
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors so that one or more of processing
Device realizes the arbitrary resource access method in first aspect or realizes the arbitrary resource access side in second aspect
Method.
6th aspect, the embodiment of the present invention additionally provide a kind of storage medium, are stored thereon with computer program, the program
The arbitrary resource access method in first aspect is realized when being executed by processor or is realized arbitrary described in second aspect
Resource access method.
The technical solution of the embodiment of the present invention, the resource service node in block catenary system receive what third-party application was sent
Include the resource transfer for the access token that the block address that the authority record according to third-party application stores in block chain generates
Request, and the target authority record of third-party application is obtained according to the block address in access token, and according to target mandate
Record verifies access token.Since authority record and access token are stored in block chain, to third-party application
All it is transparent with resource service node, can not distorts, it is ensured that the accuracy and public credibility of authority record and access token,
Correspondingly, the accuracy that resource service node verifies access token according to authority record is also improved.
Description of the drawings
Fig. 1 is a kind of flow chart of the resource access method provided in the embodiment of the present invention one;
Fig. 2 is a kind of flow chart of the resource access method provided in the embodiment of the present invention two;
Fig. 3 is a kind of flow chart of the resource access method provided in the embodiment of the present invention three;
Fig. 4 is a kind of flow chart of the resource access method provided in the embodiment of the present invention four;
Fig. 5 is a kind of flow chart of the resource access method provided in the embodiment of the present invention five;
Fig. 6 is a kind of structural schematic diagram of the resource access device provided in the embodiment of the present invention six;
Fig. 7 is a kind of structural schematic diagram of the resource access device provided in the embodiment of the present invention seven
Fig. 8 is a kind of structural schematic diagram of the equipment provided in the embodiment of the present invention eight.
Specific implementation mode
The embodiment of the present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this
The described specific embodiment in place is used only for explaining the embodiment of the present invention rather than limitation of the invention.It further needs exist for
It is bright, it illustrates only for ease of description, in attached drawing and the relevant part of the embodiment of the present invention rather than entire infrastructure.
Embodiment one
Fig. 1 is a kind of flow chart for resource access method that the embodiment of the present invention one provides.The present embodiment is authorized with OAuth
Based on agreement, block chain technology is applied in resource access scenario, is authorized during existing resource transfer for solving
Record is only unilaterally stored by authorization server and the validity of access token is only unilaterally verified by Resource Server, causes
The problems such as accuracy and low public credibility of authority record and access token.The block chain being applicable in can be publicly-owned chain or alliance
Chain.Complete Set of Resources access method is usually by resource service node, third-party application node and the authorization service in block catenary system
Node cooperation executes.Each node disjoint participates in the operational process of block catenary system.Wherein, match in third-party application node
It is equipped with third-party application client and block chain applications client, a third-party application node can be for multiple third-party applications
Account uses;It is also configured with block chain applications client in authorization service node, and is also integrated with the work(for realizing authorization service
It can module.It should be noted that can have a kind of authorization service node in block catenary system, it is possibility to have a variety of authorization service sections
Point.The authorization service function that different authorization service nodes are realized is different, such as the first open platform of section entitlement service node pair
Mandate handled, the mandate of the second open platform of section entitlement server node pair is handled etc..Resource service node
In be also configured with block chain applications client, and be also integrated with provide resource service function module, for being answered to third party
With offer resource.It is similar with authorization service node, there can be a kind of resource service node in block catenary system, it is possibility to have more
Kind resource service node.The resource service function that different resource service node is realized is different.
The scheme of the embodiment of the present invention is applied to the resource service node in block catenary system, and this method can be by the present invention
The resource access device that embodiment provides executes, which can be used software and/or the mode of hardware is realized, and can be integrated in
In the computing device for carrying block catenary system node.Referring to Fig. 1, this method specifically includes:
S110 receives the resource transfer including access token that third-party application is sent and asks, wherein access token be according to
It is generated according to the block address that the authority record of third-party application stores in block chain.
Wherein, third-party application refers to the application program that service is provided a user by the content and service of open platform,
Such as the developer of bear's paw platform or the public platform of wechat platform.
Resource transfer request refers to the related resource that third-party application calls the resource owner stored on Resource Server
When, third-party application node is to the request transmitted by local resource service node.Optionally, may include in resource transfer request
Access token and third-party application mark etc..Access token is the authority record of third-party application foundation third-party application in block
The resource etc. that the block address stored in chain generated may include optionally, in access token block address and be called;
Third-party application mark refers to the identity tag for unique identification third-party application, such as can be the public key of third-party application
Or ID etc..
It should be noted that in the present embodiment, the interaction between third-party application and Resource Server is to pass through third party
It is realized using the resource service node belonging to affiliated third-party application node and Resource Server.Specifically, working as third
When any third-party application that square application node is supported needs to call the resource of Resource Server storage, it can be answered by third party
With node resource transfer request is sent to resource service node.
It is that corresponding, different resource owner answers identical third party between third-party application and resource owner
Can be different with the permission authorized, it can also be identical;The permission that identical resource owner authorizes different third-party applications
Can be different, it can also be identical.
S120 obtains the target authority record of third-party application according to block address, and according to target authority record to visiting
Ask that token is verified.
Wherein, block address refers to the id of the block for storing authority record.Since the byte number of authority record is different,
It will cause in a block, inside can store one or more authority record.When a block stores a plurality of authority record,
For the ease of in user, block catenary system third-party application node and the machine authorization service node etc. quickly find it is a certain
Authority record, illustratively, block address may include the byte offset that block id and authority record store in block
Amount.Wherein, it can be block height that block id, which is block unique identification, and byte offsets are to refer to be accurately positioned to a certain
The offset of position in block where authority record.
Authority record refers to for authorizing relationship to record between third-party application and resource owner.Optionally,
May include resource owner mark in authority record, third-party application mark authorizes permission set and mandate time etc.;Its
In, resource owner mark can be user name, account, ID or cell-phone number of resource owner etc.;Authorizing permission set refers to
Resource owner authorizes the set that third-party application may have access to its related resource, may include user name, the account of resource owner
Number, ID, head portrait, cell-phone number or identity information permission etc..
Specifically, including by what third-party application node was sent when local resource service node receives third-party application
When the resource transfer request of access token, the block address for including in access token is obtained by access token and to be called
Resource;It is searched in block chain according to the block address, obtains the target authority record of third-party application;To target mandate
Record be decrypted etc. in the authorized record of processing include authorize permission set, to authorizing permission set and to be called
Resource seeks common ground operation, if result is equal to the resource to be called, illustrates that third-party application has the resource to be called
Operating right;If empty set or less than the resource to be called, then illustrate that third-party application is not complete to the resource to be called
Portion's operating right.At this point, local resource service node can be to the information of third-party application node feeding back malloc failure malloc.
The mandate block address of a certain third-party application is intercepted and captured by other third-party application in order to prevent, ensures that resource is gathered around
The safety of the person's of having resource only authorizes the third-party application of permission in all third-party applications that third-party application node is supported
It just may have access to related resource.Optionally, before being verified to access token according to target authority record, can also include:Really
Determine access token whether the third-party application specified by the target authority record.
Illustratively, it in access token may include third-party application node identification, block address and third-party application section
The signature etc. of point.Wherein, third-party application node identification can be the asymmetric encryption public key of third-party application node;Third party
The signature of application node refers to the asymmetric encryption private key using third-party application node, to element included in access token
It is digitally signed.
It should be noted that even if a certain third-party application corresponds to the mandate block address of a certain resource owner by addition
Third-party application intercepted and captured, but the third-party application for intercepting and capturing the mandate block address can not also simulate original third-party application
Sign to element in access token.Therefore, can be used asymmetric encryption public key to the signature of third-party application node into
Row decryption, it is compared with element in access token, if unanimously, illustrating that access token is belonging to the block address
Third-party application;Otherwise it is not.
Further, since authority record is can be newer, therefore, determining that access token is belonging to the block address
After third-party application, after needing to avoid the occurrence of and cancelling to the mandate of third-party application such as resource owner, the third-party application
Also phenomena such as access token accesses to the resource of the resource owner is generated according to original authority record.Illustratively,
Carrying out verification to access token according to target authority record may include:Determine whether target authority record is third-party application
Latest authorization records;If latest authorization records, then access token is verified according to target authority record.
Specifically, when local resource service node obtains the target of third-party application according to the block address in access token
After authority record, all authority records that the third-party application is stored in the block chain can be searched in block chain, screened
Obtain the authority record between third-party application and corresponding resource owner in resource transfer request;Each authority record is deposited
Storage is compared in the time of block, obtains newest authority record;By newest authority record block address and target mandate
Record block address is compared, if identical, illustrates that target authority record is newest authority record;If it is different, then using
Newest authority record verifies access token.
S130, if verification passes through, to third-party application feedback resources.
Specifically, after local resource service node passes through the verification of access token by target authority record, then to
Corresponding third-party application feeds back the resource of its resources to be accessed owner.
Technical solution provided in an embodiment of the present invention, the resource service node in block catenary system receive third-party application hair
The resource of the access token generated comprising the block address that the authority record according to third-party application stores in block chain sent
Call request, and the target authority record of third-party application is obtained according to the block address in access token, and according to target
Authority record verifies access token.Since authority record and access token are stored in block chain, to third party
Using and resource service node be all transparent, can not distort, it is ensured that the accuracy and public affairs of authority record and access token
Believe power, correspondingly, also improves the accuracy that resource service node verifies access token according to authority record.
Embodiment two
Fig. 2 is a kind of flow chart of resource access method provided by Embodiment 2 of the present invention.The present embodiment is in above-mentioned implementation
Example on the basis of, further to according to target authority record access token is verified the step for optimize.Referring to
Fig. 2, this method specifically include:
S210 receives the resource transfer request including access token that third-party application is sent.
S220 obtains the target authority record of third-party application according to block address.
S230 traverses the authority record stored in block chain, obtains each authority record of third-party application.
Specifically, local resource service node can according to the mark of third-party application and/or the mark of resource owner, time
Entire block chain is gone through, all authority records of third-party application are found.
S240 determines that target authority record is according to the timestamp of each authority record and the timestamp of target authority record
The no latest authorization for third-party application records.
Wherein, the timestamp of authority record can be block generate nodes records by authority record be written block when
Between, can also be the mandate time for including in authority record.
Specifically, if local resource service node is according to the mark of third-party application and the mark of resource owner, whole
Searched in a block chain, then obtain be resource transfer request between third-party application and corresponding resource owner
All authority records;Each authority record can be ranked up according to the time, screening obtains time newest authority record;Only will
The timestamp of time newest authority record is compared with the timestamp of target authority record, if unanimously, it is determined that target is awarded
Power record is latest authorization record.In order to ensure accuracy, can by time newest authority record block address and it is corresponding when
Between stab and be compared respectively with target authority record block address and corresponding timestamp, if consistent, it is determined that target mandate
Record is latest authorization record.
It is also possible that each authority record and target mandate time are ranked up according to chronological order, if target is awarded
Power record is arranged in finally, then illustrates that target authority record is latest authorization record.
S250 then verifies access token according to target authority record if latest authorization records.
S260, if verification passes through, to third-party application feedback resources.
Technical solution provided in an embodiment of the present invention, the resource service node in block catenary system are remembered according to target mandate
When record verifies access token, by traversing the authority record stored in block chain, each mandate of third-party application is obtained
Record, and the timestamp of the timestamp and target authority record according to each authority record determines whether target authority record is newest
Authority record;And access token is verified using latest authorization record, it ensure that the safety of resource owner resource,
Improve the accuracy that resource service node verifies access token according to authority record.
Embodiment three
Fig. 3 is a kind of flow chart for resource access method that the embodiment of the present invention three provides, and the present embodiment is in above-mentioned implementation
It is optimized on the basis of example.Referring to Fig. 3, this method specifically includes:
S310 receives the resource transfer request including access token that third-party application is sent.
S320 obtains the target authority record of third-party application according to block address.
S330 is generated according to the latest authorization record in block chain between the third-party application stored and resource owner
And safeguard that authority record searches index.
Since resource service node is by traversing entire block chain, examine whether authority record is newest, this process
And efficiency higher to the consumption of performance is low.Therefore, in order to further increase verification efficiency, local resource service node is as block
A node in chain can search index in one authority record of local maintenance, borrow if receiving new authority record data
Helping authority record to search index can check whether current grant record was subsequently occurring change.
Wherein, authority record search index can be an authority record concordance list, for record third-party application with
Latest authorization record between resource owner.Illustratively, it may include third-party application mark that authority record, which is searched in index,
Know, the timestamp etc. of resource owner mark, latest authorization record and latest authorization record.
Illustratively, it includes at least one key-value pair (Key-Value), each key-value pair packet that authority record, which searches index,
It includes and the keyword (Key) formed and an area is identified by authorization service node identification, resource owner mark and third-party application
The value (Value) of block address composition.Wherein, authorization service node identification can be that the asymmetric encryption of authorization service node is public
Key.Specifically, the authority record in the present embodiment is searched in index, all need to call on local resource service node is had recorded
The authority record information of the third-party application of resource, the authority record information of each third-party application is in the form of a key-value pair
Storage.
Illustratively, it is recorded according to the latest authorization in block chain between the third-party application stored and resource owner,
Safeguard that authority record searches index and may include:It is gathered around with any resource if detecting and being stored with any third-party application in block chain
Between the person of having latest authorization record, then authority record search index in latest authorization record replace the third-party application with
History authority record between the resource owner.
Specifically, being stored with any third-party application and any resource in block chain when local resource service node detects
When latest authorization between owner records, latest authorization record can be obtained from block chain, latest authorization is used in combination to record
It updates authority record and searches index.Can also be to update the authority record information of the third-party application in authority record lookup index
In key-value pair in block address.
S340 is identified as keyword, in authority record searches index with third-party application mark and resource owner
Retrieval obtains latest authorization record.
Due to be between third-party application and resource owner it is corresponding, can with third-party application identify with
And resource owner is identified as keyword, such as using the public key of third-party application and the ID of resource owner as keyword, input
It searches in index and is retrieved to authority record, obtain the corresponding latest authorization record of the third-party application.
S350, determine target authority record with retrieval obtain latest authorization record it is whether identical.If identical, step is executed
Rapid S360;If differing, S370 is thened follow the steps.
Specifically, by target authority record block address with authority record search index in retrieval obtain latest authorization note
Record block address is compared, if the two is consistent, illustrates that target authority record is newest authority record;If inconsistent,
Illustrate that target authority record is history authority record, is not the latest authorization record of third-party application.
S360 verifies access token according to target authority record.
S370 verifies access token according to latest authorization record.
Technical solution provided in an embodiment of the present invention authorizes note by the way that one is generated and safeguarded in local resource server
Index is searched in record, can quickly retrieve to obtain latest authorization record, latest authorization is recorded and is compared with target authority record,
It can determine whether target authority record is latest authorization record, is verified to access token according to latest authorization record.It should
Method can improve verification efficiency, while ensure that the safety of resource owner resource, also improve resource service node foundation
The accuracy that authority record verifies access token.
Example IV
Fig. 4 is a kind of flow chart for resource access method that the embodiment of the present invention four provides.Complete Set of Resources access method is logical
Often executed with the resource service node in block catenary system, third-party application node and authorization service node.The present invention is real
The scheme of example is applied applied to the third-party application node in block catenary system, this method can be by money provided in an embodiment of the present invention
Source access mechanism executes, which can be used software and/or the mode of hardware is realized, and can be integrated in carrying block catenary system
In the computing device of node.Referring to Fig. 4, this method specifically includes:
S410, the authority record for receiving the machine third-party application node that authorization service node is sent in block catenary system exist
The block address stored in block chain.
Specifically, in order to ensure authority record the machine authorization service node, resource service node and third-party application it
Between be open and clear, can not distort, if so that the follow-up one-sided refusal third-party application of resource service node is to resource
When calling, third-party application can obtain the authority record stored on block chain to carry out by the third-party application node belonging to it
Put to the proof, authorization service node receive block generate the authority record that node returns be stored in block address in block chain it
Afterwards, authorization service node will feed back the block address that the authority record of the machine third-party application node stores in block chain
To the machine third-party application node.
S420 generates access token according to block address, and the transmission of resource service node includes visiting into block catenary system
Ask the resource transfer request of token.
Wherein, access token refers to the foundation that third-party application carries out resource access;Optionally, it can be wrapped in access token
Include block address and the machine third-party application node identification etc..
Specifically, when the machine third-party application node receives the machine of the transmission of the authorization service node in block catenary system
After the block address that the authority record of third-party application node stores in block chain, the machine third-party application node will be according to this
Block address, the machine third-party application node identification etc. carry out signature and generate access token, the money being sent in block catenary system
Source service node carries out resource access.
Illustratively, generating access token according to block address may include:According to the non-of the machine third-party application node
Symmetric cryptography public key and block address generate access token.Can be specifically:According to the asymmetric of the machine third-party application node
Encrypted public key and block address generate access token main body;Using the asymmetric encryption private key of the machine third-party application node to visiting
Ask that token body is digitally signed.
Wherein, asymmetric encryption public key and asymmetric encryption private key occur in pairs, if using non-right when encryption
Claim encryption key, then needs to be decrypted using asymmetric encryption public key.Specifically, the main body of access token is { third party
The asymmetric encryption public key of application node, block address }, corresponding, it is Sign (blocks to carry out signature to the main body of access token
Address, the asymmetric encryption private key of third-party application node), access token is:{ asymmetric encryption of third-party application node is public
Key, block address, Sign (block address, the asymmetric encryption private key of third-party application) }.
Unilaterally access token is verified in order to avoid there is resource service node, causes public credibility insufficient existing
As, and reduce the probability that resource service node is played tricks.Illustratively, after generating access token according to block address, may be used also
To include:Into block catenary system, supervisory node transmission includes the mandate verification request of access token, wherein verification is authorized to ask
It is used to indicate supervisory node and obtains the authority record of third-party application according to block address, and remember according to the mandate of third-party application
Record verifies access token.
Wherein, supervisory node refers to that public credibility is stronger, for ensureing the authoritative third party's node of access token.It can be with
It is independent node in block chain, block chain applications client is also configured in supervisory node.Optionally, it authorizes in verification request
It may include access token to be verified.
In order to ensure that the equity of third-party application, and the power of reduction resource service node, the present embodiment are believed using public
The stronger third-party monitoring node of power is unilaterally refused to resource in any third-party application by resource service node as arbitration
Calling when access token is verified again.If specifically, any third-party application that third-party application node is supported,
When unilaterally being refused the calling to resource by resource service node, it can be sent to supervisory node and authorize verification request.Supervisory node
Checking process identical with resource service node is carried out to access token after receiving the request, detailed process is:First verification is visited
Ask token whether the third-party application belonging to the block address, determining that access token is the third belonging to the block address
After Fang Yingyong, the authority record according to third-party application verifies access token.
S430 receives the resource information that resource service node is fed back according to resource response call request.
Wherein, resource information can be third-party application resources to be accessed itself or the corresponding link of resource.
, will be to specifically, the access token during if resource service node asks resource transfer carries out after verification passes through
Third party should node feeding back its resources to be accessed owner resource;Third party should node receive resource service section
After the resource information of point feedback, resource access is carried out according to the resource information.
Technical solution provided in an embodiment of the present invention, third-party application node are remembered by the mandate that authorization service node is sent
The block address stored in block chain is recorded, generates access token according to block address, and include to the transmission of resource service node
The resource transfer of access token asks to carry out resource transfer.Since authority record and access token are stored in block chain
, all it is transparent to third-party application and resource service node, can not distorts, it is ensured that authority record and access token
Accuracy and public credibility, also, other nodes in block catenary system is also allowed to carry out authentication process to access token, compared to existing
There is the authentication server that a centralization is relied in technology, it can be with improving performance and Fault Tolerance.
Embodiment five
Fig. 5 is a kind of flow chart for resource access method that the embodiment of the present invention five provides, this implementation is in above-described embodiment
On the basis of, provide third-party application node, authorization service node and resource service node in a kind of block catenary system into
The preferable example of row interaction.Referring to Fig. 5, this method specifically includes:
S510, authorization service node send authority record with being stored in the block in block chain to third-party application node
Location.
S520, third-party application node receive the machine third-party application section that authorization service node is sent in block catenary system
The block address that the authority record of point stores in block chain.
S530, third-party application node generate access token, and the resource service into block catenary system according to block address
Node transmission includes the resource transfer request of access token.
S540, resource service node receive the resource transfer request including access token that third-party application is sent.
S550, resource service node obtain the target authority record of third-party application according to block address, and according to target
Authority record verifies access token.
S560, if verification passes through, resource service node is to third-party application feedback resources.
Illustratively, if verification does not pass through, resource service node is to third-party application feedback check failure information.
S570, third-party application node receive the resource letter that resource service node is fed back according to resource response call request
Breath.
Technical solution provided in an embodiment of the present invention, the resource service node in block catenary system receive third-party application hair
The resource of the access token generated comprising the block address that the authority record according to third-party application stores in block chain sent
Call request, and the target authority record of third-party application is obtained according to the block address in access token, and according to target
Authority record verifies access token.Since authority record and access token are stored in block chain, to third party
Using and resource service node be all transparent, can not distort, it is ensured that the accuracy and public affairs of authority record and access token
Believe power, correspondingly, also improves the accuracy that resource service node verifies access token according to authority record.
Embodiment six
Fig. 6 is a kind of structure diagram for resource access device that the embodiment of the present invention six provides, which is configured at block
In node in catenary system, the resource access method that the executable embodiment of the present invention one, embodiment two and embodiment three are provided,
Have the corresponding function module of execution method and advantageous effect.As shown in fig. 6, the device may include:
Call request receiving module 610, the resource transfer including access token for receiving third-party application transmission are asked
It asks, wherein access token is that the block address stored in block chain according to the authority record of third-party application generates;
Correction verification module 620 for obtaining the target authority record of third-party application according to block address, and is awarded according to target
Power record verifies access token;
Feedback module 630, if passing through for verifying, to third-party application feedback resources.
Technical solution provided in an embodiment of the present invention, the resource service node in block catenary system receive third-party application hair
The resource of the access token generated comprising the block address that the authority record according to third-party application stores in block chain sent
Call request, and the target authority record of third-party application is obtained according to the block address in access token, and according to target
Authority record verifies access token.Since authority record and access token are stored in block chain, to third party
Using and resource service node be all transparent, can not distort, it is ensured that the accuracy and public affairs of authority record and access token
Believe power, correspondingly, also improves the accuracy that resource service node verifies access token according to authority record.
Illustratively, correction verification module 620 may include:
State-of-the-art record determination unit, for determine target authority record whether be third-party application latest authorization record;
Verification unit, if being the latest authorization record of third-party application for target authority record, according to target mandate
Record verifies access token.
Optionally, state-of-the-art record determination unit specifically can be used for:
The authority record stored in traversal block chain, obtains each authority record of third-party application;According to each authority record
Timestamp and target authority record timestamp determine target authority record whether be third-party application latest authorization note
Record.
Illustratively, above-mentioned apparatus can also include:
Index generates maintenance module, for according in block chain between the third-party application stored and resource owner most
New authority record generates and safeguards that authority record searches index.
Illustratively, index generates maintenance module and specifically can be used for:
If detecting the latest authorization note being stored in block chain between any third-party application and any resource owner
Record is then recorded with latest authorization in authority record searches index and replaces going through between the third-party application and the resource owner
History authority record.
Illustratively, state-of-the-art record determination unit specifically can be also used for:
It is identified as keyword with third-party application mark and resource owner, is retrieved in authority record searches index
It is recorded to latest authorization;Determine target authority record with retrieval obtain latest authorization record it is whether identical.
Illustratively, above-mentioned apparatus can also include:
Determining module, for determine access token whether the third-party application specified by the target authority record.
Embodiment seven
Fig. 7 is a kind of structure diagram for resource access device that the embodiment of the present invention seven provides, which is configured at block
In node in catenary system, it is corresponding to have execution method for the resource access method that the executable embodiment of the present invention four is provided
Function module and advantageous effect.As shown in fig. 7, the device may include:
Address receiving module 710, for receiving the machine third-party application that authorization service node is sent in block catenary system
The block address that the authority record of node stores in block chain;
Access token generation module 720, for generating access token according to block address;
Call request sending module 730 includes access token for into block catenary system, resource service node to be sent
Resource transfer is asked;
Feedback information receiving module 740 is fed back according to resource response call request for receiving resource service node
Resource information.
Technical solution provided in an embodiment of the present invention, third-party application node are remembered by the mandate that authorization service node is sent
The block address stored in block chain is recorded, generates access token according to block address, and include to the transmission of resource service node
The resource transfer of access token asks to carry out resource transfer.Since authority record and access token are stored in block chain
, all it is transparent to third-party application and resource service node, can not distorts, it is ensured that authority record and access token
Accuracy and public credibility, also, other nodes in block catenary system is also allowed to carry out authentication process to access token, compared to existing
There is the authentication server that a centralization is relied in technology, it can be with improving performance and Fault Tolerance.
Illustratively, access token generation module 720 specifically can be used for:According to the non-right of the machine third-party application node
Encrypted public key and block address is claimed to generate access token.
Illustratively, access token generation module 720 specifically can be also used for:According to the non-of the machine third-party application node
Symmetric cryptography public key and block address generate access token main body;Using the asymmetric encryption private key of the machine third-party application node
Access token main body is digitally signed.
Illustratively, above-mentioned apparatus can also include:
Request sending module is verified, for after generating access token according to block address, being supervised into block catenary system
Pipe node transmission includes the mandate verification request of access token, wherein verification is authorized to ask to be used to indicate supervisory node according to block
Address obtains the authority record of third-party application, and the authority record according to third-party application verifies access token.
Embodiment eight
Fig. 8 is a kind of structural schematic diagram for equipment that the embodiment of the present invention eight provides, and Fig. 8 is shown suitable for being used for realizing this
The block diagram of the example devices 12 of inventive embodiments embodiment.The equipment 12 that Fig. 8 is shown is only an example, should not be to this
The function and use scope of inventive embodiments bring any restrictions.Equipment 12 typically undertakes block catenary system nodal function
Computing device.
As shown in figure 8, equipment 12 is showed in the form of universal computing device.The component of equipment 12 may include but unlimited
In:One or more processor or processing unit 16, system storage 28, connection different system component (including system is deposited
Reservoir 28 and processing unit 16) bus 18.
Bus 18 indicates one or more in a few class bus structures, including memory bus or Memory Controller,
Peripheral bus, graphics acceleration port, processor or the local bus using the arbitrary bus structures in a variety of bus structures.It lifts
For example, these architectures include but not limited to industry standard architecture (ISA) bus, microchannel architecture (MAC)
Bus, enhanced isa bus, Video Electronics Standards Association (VESA) local bus and peripheral component interconnection (PCI) bus.
Equipment 12 typically comprises a variety of computer system readable media.These media can be it is any can be by equipment 12
The usable medium of access, including volatile and non-volatile media, moveable and immovable medium.
System storage 28 may include the computer system readable media of form of volatile memory, such as arbitrary access
Memory (RAM) 30 and/or cache memory 32.Equipment 12 may further include it is other it is removable/nonremovable,
Volatile/non-volatile computer system storage medium.Only as an example, storage system 34 can be used for reading and writing irremovable
, non-volatile magnetic media (Fig. 8 do not show, commonly referred to as " hard disk drive ").Although being not shown in Fig. 8, use can be provided
In the disc driver to moving non-volatile magnetic disk (such as " floppy disk ") read-write, and to moving anonvolatile optical disk
The CD drive of (such as CD-ROM, DVD-ROM or other optical mediums) read-write.In these cases, each driver can
To be connected with bus 18 by one or more data media interfaces.System storage 28 may include at least one program production
There is one group of (for example, at least one) program module, these program modules to be configured to perform of the invention real for product, the program product
Apply the function of each embodiment of example.
Program/utility 40 with one group of (at least one) program module 42 can be stored in such as system storage
In device 28, such program module 42 includes but not limited to operating system, one or more application program, other program modules
And program data, the realization of network environment may be included in each or certain combination in these examples.Program module 42
Usually execute the function and/or method in described embodiment of the embodiment of the present invention.
Equipment 12 can also be communicated with one or more external equipments 14 (such as keyboard, sensing equipment, display 24 etc.),
Can also be enabled a user to one or more equipment interacted with the equipment 12 communication, and/or with enable the equipment 12 with
Any equipment (such as network interface card, modem etc.) communication that one or more of the other computing device is communicated.It is this logical
Letter can be carried out by input/output (I/O) interface 22.Also, equipment 12 can also by network adapter 20 and one or
The multiple networks of person (such as LAN (LAN), wide area network (WAN) and/or public network, such as internet) communication.As shown,
Network adapter 20 is communicated by bus 18 with other modules of equipment 12.It should be understood that although not shown in the drawings, can combine
Equipment 12 uses other hardware and/or software module, including but not limited to:Microcode, device driver, redundant processing unit,
External disk drive array, RAID system, tape drive and data backup storage system etc..
Processing unit 16 is stored in program in system storage 28 by operation, to perform various functions application and
Data processing, such as realize the resource access method that the embodiment of the present invention is provided.
Embodiment nine
The embodiment of the present invention nine also provides a kind of computer readable storage medium, be stored thereon with computer program (or
For computer executable instructions), arbitrary resource access method in above-described embodiment can be realized when which is executed by processor.
The computer readable storage medium, can be configured on the node in block catenary system, can such as be configured at resource service node,
On third-party application node and authorization service node.
The arbitrary of one or more computer-readable media may be used in the computer storage media of the embodiment of the present invention
Combination.Computer-readable medium can be computer-readable signal media or computer readable storage medium.It is computer-readable
Storage medium for example may be-but not limited to-the system of electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, device or
Device, or the arbitrary above combination.The more specific example (non exhaustive list) of computer readable storage medium includes:Tool
There are one or the electrical connection of multiple conducting wires, portable computer diskette, hard disk, random access memory (RAM), read-only memory
(ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-
ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.In this document, computer-readable storage
Medium, which can be any, includes or the tangible medium of storage program, which can be commanded execution system, device or device
Using or it is in connection.
Computer-readable signal media may include in a base band or as the data-signal that a carrier wave part is propagated,
Wherein carry computer-readable program code.Diversified forms may be used in the data-signal of this propagation, including but unlimited
In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can
Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for
By instruction execution system, device either device use or program in connection.
The program code for including on computer-readable medium can transmit with any suitable medium, including --- but it is unlimited
In wireless, electric wire, optical cable, RF etc. or above-mentioned any appropriate combination.
Can with one or more programming languages or combinations thereof come write for execute the embodiment of the present invention operation
Computer program code, described program design language include object oriented program language-such as Java,
Smalltalk, C++, further include conventional procedural programming language-such as " C " language or similar program design language
Speech.Program code can be executed fully, partly be executed on the user computer, as an independence on the user computer
Software package execute, part on the user computer part execute on the remote computer or completely in remote computer or
It is executed on server.In situations involving remote computers, remote computer can pass through the network of any kind --- packet
It includes LAN (LAN) or wide area network (WAN)-is connected to subscriber computer, or, it may be connected to outer computer (such as profit
It is connected by internet with ISP).
Note that above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that
The present invention is not limited to specific embodiments described here, can carry out for a person skilled in the art it is various it is apparent variation,
It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being implemented to the present invention by above example
Example is described in further detail, but the embodiment of the present invention is not limited only to above example, is not departing from structure of the present invention
Can also include other more equivalent embodiments in the case of think of, and the scope of the present invention is determined by scope of the appended claims
It is fixed.
Claims (15)
1. a kind of resource access method, which is characterized in that it is executed by the node in block catenary system, the method includes:
The resource transfer request including access token that third-party application is sent is received, wherein the access token is according to third
What the block address that the authority record of Fang Yingyong stores in block chain generated;
The target authority record of third-party application is obtained according to the block address, and according to the target authority record to described
Access token is verified;
If verification passes through, to third-party application feedback resources.
2. according to the method described in claim 1, it is characterized in that, according to the target authority record to the access token into
Row verification, including:
Determine the target authority record whether be third-party application latest authorization record;
If latest authorization records, then the access token is verified according to the target authority record.
3. according to the method described in claim 2, it is characterized in that, determining whether the target authority record is third-party application
Latest authorization record, including:
The authority record stored in traversal block chain, obtains each authority record of the third-party application;
Determine that the target authority record is according to the timestamp of each authority record and the timestamp of the target authority record
The no latest authorization for third-party application records.
4. according to the method described in claim 2, it is characterized in that, further including:
According to the latest authorization record in block chain between the third-party application stored and resource owner, generates and safeguard mandate
Record search indexes.
5. according to the method described in claim 4, it is characterized in that, being gathered around with resource according to the third-party application stored in block chain
Latest authorization record between the person of having safeguards that authority record searches index, including:
If detecting the latest authorization record being stored in block chain between any third-party application and any resource owner,
It is recorded with latest authorization in the authority record searches index and replaces going through between the third-party application and the resource owner
History authority record.
6. according to the method described in claim 4, it is characterized in that, determining whether the target authority record is third-party application
Latest authorization record, including:
It is identified as keyword with third-party application mark and resource owner, is retrieved in the authority record searches index
It is recorded to latest authorization;
Determine the target authority record with retrieval obtain latest authorization record it is whether identical.
7. according to the method described in claim 1, it is characterized in that, according to the target authority record to the access token into
Before row verification, further include:
Determine the access token whether the third-party application specified by the target authority record.
8. a kind of resource access method, which is characterized in that it is executed by the node in block catenary system, the method includes:
The authority record for the machine third-party application node that authorization service node is sent in block catenary system is received in block chain
The block address of storage;
Access token is generated according to the block address, and the transmission of resource service node includes the access into block catenary system
The resource transfer of token is asked;
It receives the resource service node and asks fed back resource information according to the resource transfer is responded.
9. according to the method described in claim 8, it is characterized in that, according to the block address generate access token, including:
The access token is generated according to the asymmetric encryption public key of the machine third-party application node and the block address.
10. according to the method described in claim 9, it is characterized in that, asymmetric encryption according to the machine third-party application node
Public key and the block address generate the access token, including:
Access token main body is generated according to the asymmetric encryption public key of the machine third-party application node and the block address;
The access token main body is digitally signed using the asymmetric encryption private key of the machine third-party application node.
11. according to the method described in claim 8, it is characterized in that, after generating access token according to the block address, go back
Including:
Into block catenary system, supervisory node transmission includes the mandate verification request of the access token, wherein the mandate verifies
Request is used to indicate supervisory node and obtains the authority record of third-party application according to the block address, and according to the third party
The authority record of application verifies the access token.
12. a kind of resource access device, which is characterized in that be configured in the node in block catenary system, described device includes:
Call request receiving module, the resource transfer request including access token for receiving third-party application transmission, wherein
The access token is that the block address stored in block chain according to the authority record of third-party application generates;
Correction verification module, the target authority record for obtaining third-party application according to the block address, and according to the target
Authority record verifies the access token;
Feedback module, if passing through for verifying, to third-party application feedback resources.
13. a kind of resource access device, which is characterized in that be configured in the node in block catenary system, described device includes:
Address receiving module, for receiving awarding for the machine third-party application node that authorization service node in block catenary system is sent
Power is recorded in the block address stored in block chain;
Access token generation module, for generating access token according to the block address;
Call request sending module is used for the resource that the resource service node transmission into block catenary system includes the access token
Call request;
Feedback information receiving module responds what the resource transfer request was fed back for receiving the resource service node foundation
Resource information.
14. a kind of equipment, which is characterized in that the equipment includes:
One or more processors;
Storage device, for storing one or more programs;
When one or more of programs are executed by one or more of processors so that one or more of processors are real
Now the resource access method as described in any one of claim 1-7 or realization are as described in any one of claim 8-11
Resource access method.
15. a kind of storage medium, is stored thereon with computer program, which is characterized in that the program is realized when being executed by processor
The money of resource access method or realization as described in any one of claim 8-11 as described in any one of claim 1-7
Source access method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810662712.8A CN108810006B (en) | 2018-06-25 | 2018-06-25 | Resource access method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810662712.8A CN108810006B (en) | 2018-06-25 | 2018-06-25 | Resource access method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108810006A true CN108810006A (en) | 2018-11-13 |
| CN108810006B CN108810006B (en) | 2021-08-10 |
Family
ID=64071043
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810662712.8A Active CN108810006B (en) | 2018-06-25 | 2018-06-25 | Resource access method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108810006B (en) |
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109639711A (en) * | 2018-12-29 | 2019-04-16 | 成都康赛信息技术有限公司 | A kind of Distributed C AS authentication method based on privately owned chain session id |
| CN109886675A (en) * | 2019-02-01 | 2019-06-14 | 杭州电子科技大学 | Blockchain-based resource access token distribution and resource usage monitoring method |
| CN109902499A (en) * | 2019-03-13 | 2019-06-18 | 广州市网星信息技术有限公司 | A kind of resource authorization and access method, device, system, equipment and storage medium |
| CN110008690A (en) * | 2019-04-04 | 2019-07-12 | 百度在线网络技术(北京)有限公司 | Right management method, device, equipment and the medium of terminal applies |
| CN110011996A (en) * | 2019-03-26 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Application authorization method and device and electronic equipment based on block chain |
| CN110069908A (en) * | 2019-04-11 | 2019-07-30 | 深圳前海微众银行股份有限公司 | A kind of authority control method and device of block chain |
| CN110263579A (en) * | 2018-11-16 | 2019-09-20 | 腾讯科技(深圳)有限公司 | A kind of data processing method, system and relevant device |
| CN110619222A (en) * | 2019-08-21 | 2019-12-27 | 上海唯链信息科技有限公司 | Authorization processing method, device, system and medium based on block chain |
| CN110837652A (en) * | 2019-11-07 | 2020-02-25 | 山东爱城市网信息技术有限公司 | Data resource authorization method and system based on block chain |
| CN110910110A (en) * | 2019-12-04 | 2020-03-24 | 腾讯科技(深圳)有限公司 | A data processing method, device and computer storage medium |
| CN111164948A (en) * | 2019-06-27 | 2020-05-15 | 阿里巴巴集团控股有限公司 | Managing network security vulnerabilities using blockchain networks |
| CN111371881A (en) * | 2020-02-28 | 2020-07-03 | 北京字节跳动网络技术有限公司 | Service calling method and device |
| CN111400000A (en) * | 2020-03-09 | 2020-07-10 | 百度在线网络技术(北京)有限公司 | Network request processing method, device, equipment and storage medium |
| CN111414647A (en) * | 2020-03-23 | 2020-07-14 | 深圳市闪联信息技术有限公司 | Tamper-proof data sharing system and method based on block chain technology |
| CN111680274A (en) * | 2020-03-03 | 2020-09-18 | 支付宝(杭州)信息技术有限公司 | Resource access method, device and equipment |
| CN111737752A (en) * | 2020-07-23 | 2020-10-02 | 杭州海康威视数字技术股份有限公司 | Monitoring data access control method, device and equipment and storage medium |
| CN111861740A (en) * | 2019-05-19 | 2020-10-30 | 北京骑胜科技有限公司 | Resource distribution method, device and system |
| CN112650954A (en) * | 2020-12-30 | 2021-04-13 | 杭州趣链科技有限公司 | Block chain data sharing method, device, equipment and storage medium |
| CN113572759A (en) * | 2021-07-21 | 2021-10-29 | 华控清交信息科技(北京)有限公司 | Data management method and device, electronic equipment and storage medium |
| CN113742711A (en) * | 2020-10-20 | 2021-12-03 | 北京沃东天骏信息技术有限公司 | Container access method and device |
| CN113792301A (en) * | 2021-03-08 | 2021-12-14 | 北京沃东天骏信息技术有限公司 | Internet of Things data access method and device based on blockchain |
| CN114124428A (en) * | 2021-07-21 | 2022-03-01 | 远光软件股份有限公司 | Access method and device of Internet of things equipment based on block chain |
| CN114117357A (en) * | 2021-11-16 | 2022-03-01 | 支付宝(杭州)信息技术有限公司 | Blockchain-based content authorization distribution method and device and electronic device |
| CN114223233A (en) * | 2019-08-13 | 2022-03-22 | 上海诺基亚贝尔股份有限公司 | Data security for network slice management |
| CN114327956A (en) * | 2021-12-28 | 2022-04-12 | 阿波罗智联(北京)科技有限公司 | Request processing method and device for vehicle-mounted application, electronic equipment and storage medium |
| TWI766430B (en) * | 2020-11-10 | 2022-06-01 | 林庠序 | De-centralized data authorization control system capable of dynamically adjusting data authorization policy |
| CN115766024A (en) * | 2022-11-02 | 2023-03-07 | 北京中百信软件技术有限公司 | Method for acquiring information of real transaction submitter in block chain intelligent contract |
| CN116980233A (en) * | 2023-09-21 | 2023-10-31 | 宝略科技(浙江)有限公司 | Authorization verification method, system and medium for discrete data high-frequency access |
| TWI829221B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of allowing data requestetr device to inspect correctness of data authorization policy stored in block chain subsystem |
| TWI829216B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of forwarding token request through third-party service subsystem |
| TWI829215B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token |
| TWI829217B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of flexibly adjusting data authorization policy |
| TWI829219B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device |
| TWI829222B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing third-party service subsystem to provide accessible data list to data requester device |
| TWI829220B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing smart contract to generate and transfer authorization token |
| TWI829218B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320262A (en) * | 2014-11-05 | 2015-01-28 | 中国科学院合肥物质科学研究院 | User public key address binding, searching and verifying method and system based on crypto currency open account book technology |
| CN106911641A (en) * | 2015-12-23 | 2017-06-30 | 索尼公司 | For authorizing the client terminal device for accessing, server unit and access control system |
| CN106973036A (en) * | 2017-02-07 | 2017-07-21 | 杭州云象网络技术有限公司 | A kind of block chain method for secret protection based on asymmetric encryption |
| US20170364936A1 (en) * | 2016-06-15 | 2017-12-21 | CouponCo Ltd. | Computer-implemented electronic coupon system and methods using a blockchain |
| CN107682331A (en) * | 2017-09-28 | 2018-02-09 | 复旦大学 | Internet of Things identity identifying method based on block chain |
| CN108173850A (en) * | 2017-12-28 | 2018-06-15 | 杭州趣链科技有限公司 | A kind of identity authorization system and identity identifying method based on block chain intelligence contract |
-
2018
- 2018-06-25 CN CN201810662712.8A patent/CN108810006B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320262A (en) * | 2014-11-05 | 2015-01-28 | 中国科学院合肥物质科学研究院 | User public key address binding, searching and verifying method and system based on crypto currency open account book technology |
| CN106911641A (en) * | 2015-12-23 | 2017-06-30 | 索尼公司 | For authorizing the client terminal device for accessing, server unit and access control system |
| US20170364936A1 (en) * | 2016-06-15 | 2017-12-21 | CouponCo Ltd. | Computer-implemented electronic coupon system and methods using a blockchain |
| CN106973036A (en) * | 2017-02-07 | 2017-07-21 | 杭州云象网络技术有限公司 | A kind of block chain method for secret protection based on asymmetric encryption |
| CN107682331A (en) * | 2017-09-28 | 2018-02-09 | 复旦大学 | Internet of Things identity identifying method based on block chain |
| CN108173850A (en) * | 2017-12-28 | 2018-06-15 | 杭州趣链科技有限公司 | A kind of identity authorization system and identity identifying method based on block chain intelligence contract |
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110263579A (en) * | 2018-11-16 | 2019-09-20 | 腾讯科技(深圳)有限公司 | A kind of data processing method, system and relevant device |
| CN109639711A (en) * | 2018-12-29 | 2019-04-16 | 成都康赛信息技术有限公司 | A kind of Distributed C AS authentication method based on privately owned chain session id |
| CN109886675B (en) * | 2019-02-01 | 2021-03-30 | 杭州电子科技大学 | Resource access token distribution and resource use monitoring method based on block chain |
| CN109886675A (en) * | 2019-02-01 | 2019-06-14 | 杭州电子科技大学 | Blockchain-based resource access token distribution and resource usage monitoring method |
| CN109902499A (en) * | 2019-03-13 | 2019-06-18 | 广州市网星信息技术有限公司 | A kind of resource authorization and access method, device, system, equipment and storage medium |
| CN110011996A (en) * | 2019-03-26 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Application authorization method and device and electronic equipment based on block chain |
| CN110008690B (en) * | 2019-04-04 | 2023-12-12 | 百度在线网络技术(北京)有限公司 | Authority management method, device, equipment and medium for terminal application |
| CN110008690A (en) * | 2019-04-04 | 2019-07-12 | 百度在线网络技术(北京)有限公司 | Right management method, device, equipment and the medium of terminal applies |
| CN110069908A (en) * | 2019-04-11 | 2019-07-30 | 深圳前海微众银行股份有限公司 | A kind of authority control method and device of block chain |
| CN111861740A (en) * | 2019-05-19 | 2020-10-30 | 北京骑胜科技有限公司 | Resource distribution method, device and system |
| CN111164948A (en) * | 2019-06-27 | 2020-05-15 | 阿里巴巴集团控股有限公司 | Managing network security vulnerabilities using blockchain networks |
| CN114223233A (en) * | 2019-08-13 | 2022-03-22 | 上海诺基亚贝尔股份有限公司 | Data security for network slice management |
| CN110619222A (en) * | 2019-08-21 | 2019-12-27 | 上海唯链信息科技有限公司 | Authorization processing method, device, system and medium based on block chain |
| CN110837652A (en) * | 2019-11-07 | 2020-02-25 | 山东爱城市网信息技术有限公司 | Data resource authorization method and system based on block chain |
| CN110910110B (en) * | 2019-12-04 | 2024-05-28 | 腾讯科技(深圳)有限公司 | Data processing method and device and computer storage medium |
| CN110910110A (en) * | 2019-12-04 | 2020-03-24 | 腾讯科技(深圳)有限公司 | A data processing method, device and computer storage medium |
| CN111371881A (en) * | 2020-02-28 | 2020-07-03 | 北京字节跳动网络技术有限公司 | Service calling method and device |
| CN111680274A (en) * | 2020-03-03 | 2020-09-18 | 支付宝(杭州)信息技术有限公司 | Resource access method, device and equipment |
| CN111680274B (en) * | 2020-03-03 | 2022-11-22 | 支付宝(杭州)信息技术有限公司 | Resource access method, device and equipment |
| CN111400000A (en) * | 2020-03-09 | 2020-07-10 | 百度在线网络技术(北京)有限公司 | Network request processing method, device, equipment and storage medium |
| CN111414647A (en) * | 2020-03-23 | 2020-07-14 | 深圳市闪联信息技术有限公司 | Tamper-proof data sharing system and method based on block chain technology |
| CN111737752A (en) * | 2020-07-23 | 2020-10-02 | 杭州海康威视数字技术股份有限公司 | Monitoring data access control method, device and equipment and storage medium |
| CN111737752B (en) * | 2020-07-23 | 2021-02-26 | 杭州海康威视数字技术股份有限公司 | Monitoring data access control method, device and equipment and storage medium |
| CN113742711A (en) * | 2020-10-20 | 2021-12-03 | 北京沃东天骏信息技术有限公司 | Container access method and device |
| TWI829221B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of allowing data requestetr device to inspect correctness of data authorization policy stored in block chain subsystem |
| TWI829217B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of flexibly adjusting data authorization policy |
| TWI766430B (en) * | 2020-11-10 | 2022-06-01 | 林庠序 | De-centralized data authorization control system capable of dynamically adjusting data authorization policy |
| TWI829218B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of indirectly transferring read token through third-party service subsystem |
| TWI829220B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing smart contract to generate and transfer authorization token |
| TWI829222B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of utilizing third-party service subsystem to provide accessible data list to data requester device |
| TWI829219B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device |
| TWI829216B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of forwarding token request through third-party service subsystem |
| TWI829215B (en) * | 2020-11-10 | 2024-01-11 | 林庠序 | De-centralized data authorization control system capable of inspecting transfer history of read token to verify activity of read token |
| CN112650954A (en) * | 2020-12-30 | 2021-04-13 | 杭州趣链科技有限公司 | Block chain data sharing method, device, equipment and storage medium |
| CN112650954B (en) * | 2020-12-30 | 2023-09-22 | 杭州趣链科技有限公司 | Blockchain data sharing methods, devices, equipment and storage media |
| CN113792301A (en) * | 2021-03-08 | 2021-12-14 | 北京沃东天骏信息技术有限公司 | Internet of Things data access method and device based on blockchain |
| CN113572759A (en) * | 2021-07-21 | 2021-10-29 | 华控清交信息科技(北京)有限公司 | Data management method and device, electronic equipment and storage medium |
| CN114124428A (en) * | 2021-07-21 | 2022-03-01 | 远光软件股份有限公司 | Access method and device of Internet of things equipment based on block chain |
| CN114124428B (en) * | 2021-07-21 | 2024-01-12 | 远光软件股份有限公司 | Block chain-based access method and device for Internet of things equipment |
| CN114117357A (en) * | 2021-11-16 | 2022-03-01 | 支付宝(杭州)信息技术有限公司 | Blockchain-based content authorization distribution method and device and electronic device |
| CN114327956A (en) * | 2021-12-28 | 2022-04-12 | 阿波罗智联(北京)科技有限公司 | Request processing method and device for vehicle-mounted application, electronic equipment and storage medium |
| CN115766024A (en) * | 2022-11-02 | 2023-03-07 | 北京中百信软件技术有限公司 | Method for acquiring information of real transaction submitter in block chain intelligent contract |
| CN116980233A (en) * | 2023-09-21 | 2023-10-31 | 宝略科技(浙江)有限公司 | Authorization verification method, system and medium for discrete data high-frequency access |
| CN116980233B (en) * | 2023-09-21 | 2024-01-30 | 宝略科技(浙江)有限公司 | Authorization verification method and system for discrete data during high-frequency access |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108810006B (en) | 2021-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108810006A (en) | resource access method, device, equipment and storage medium | |
| CN108923908A (en) | authorization processing method, device, equipment and storage medium | |
| CN110046998B (en) | Cross-chain right using system, method, device, electronic equipment and storage medium | |
| US11303626B2 (en) | Secure token passing via hash chains | |
| JP4039632B2 (en) | Authentication system, server, authentication method and program | |
| US11044261B2 (en) | Detecting compromised credentials in a credential stuffing attack | |
| CN105659559B (en) | Verifying security of a remote server | |
| WO2018012871A1 (en) | Method for providing recording and verification service for data received and transmitted by messenger service, and server using method | |
| CN108305170A (en) | External service access method, system, equipment and storage medium based on block chain | |
| CN110297689A (en) | Intelligent contract executes method, apparatus, equipment and medium | |
| CN112308236B (en) | Method, device, electronic device and storage medium for processing user request | |
| CN108259438A (en) | A kind of method and apparatus of the certification based on block chain technology | |
| WO2019242508A1 (en) | Blockchain system and routing method of routing node applied to blockchain system | |
| CN110268406B (en) | Password security | |
| JP2019145095A (en) | Methods and devices for detecting denial-of-service attacks in secure interactions | |
| CN104937904B (en) | Method, system and computer storage media for unloading | |
| CN110866755A (en) | A method, device and medium for processing bill data | |
| CN113271311A (en) | Digital identity management method and system in cross-link network | |
| CN105338016B (en) | Data high-speed caching method and device and resource request response method and device | |
| CN112287379A (en) | Service data using method, device, equipment, storage medium and program product | |
| CN110084600B (en) | Processing and verifying method, device, equipment and medium for resolution transaction request | |
| CN115102744B (en) | Data access method and device | |
| CN113806443A (en) | A data trusted storage method, system, medium, device and terminal | |
| CN110096542A (en) | Data verification processing method, device, system and the medium of decentralization | |
| CN110324416A (en) | Download path tracking, device, server, terminal and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |