[go: up one dir, main page]

CN110008665B - Authority control method and device for blockchain - Google Patents

Authority control method and device for blockchain Download PDF

Info

Publication number
CN110008665B
CN110008665B CN201910163011.4A CN201910163011A CN110008665B CN 110008665 B CN110008665 B CN 110008665B CN 201910163011 A CN201910163011 A CN 201910163011A CN 110008665 B CN110008665 B CN 110008665B
Authority
CN
China
Prior art keywords
authority
account
operated
blockchain
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910163011.4A
Other languages
Chinese (zh)
Other versions
CN110008665A (en
Inventor
莫楠
廖飞强
白兴强
李辉忠
张开翔
范瑞彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201910163011.4A priority Critical patent/CN110008665B/en
Publication of CN110008665A publication Critical patent/CN110008665A/en
Priority to PCT/CN2020/076086 priority patent/WO2020177548A1/en
Application granted granted Critical
Publication of CN110008665B publication Critical patent/CN110008665B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a block chain authority control method and device, and relates to the technical field of science and technology finance, wherein the method comprises the following steps: and acquiring a transaction request, wherein the transaction request comprises transaction information and a transaction account, and determining a table to be operated and operation contents according to the transaction information. And determining a right account corresponding to the table to be operated from a preset right table, and executing operation content in the table to be operated when determining that the transaction account is matched with the right account corresponding to the table to be operated. Because the authority of each account to the table in the blockchain is stored in the authority table in advance, when the transaction account initiates the transaction and needs to operate the table in the blockchain, the authority table can be queried to determine the operation authority and perform the operation on the table, so that the authority control on the blockchain is realized. Because the authority of the account can be freely set in the authority table, and the account authority is added and deleted based on the requirement, compared with the authority control based on roles, the authority control of the account is finer, and the account authority is convenient to manage.

Description

Authority control method and device for blockchain
Technical Field
The embodiment of the invention relates to the technical field of science and technology finance, in particular to a block chain authority control method and device.
Background
The blockchain is a brand new distributed infrastructure and computing mode which uses a block chain data structure to verify and store data, uses a distributed node consensus algorithm to generate and update data, uses a cryptography mode to ensure the safety of data transmission and access, and uses an intelligent contract formed by an automatic script code to program and operate the data. For public chains in the blockchain, node addition is not limited, and data on the chains is completely open, so that the method is suitable for some publicization and does not relate to private information storage. But for private chains as well as alliance chains, the rights of blockchains need to be controlled due to the data storage involved in some privacy. At present, when authority control is performed on a alliance chain, determining a role corresponding to an account through a preset first association relation, determining the authority of the account according to the preset authority of the role, and then calling a corresponding interface to operate a Merkle tree of a block main body in the blockchain based on the authority of the account to complete transaction. In the method, the corresponding relation between the roles and the authorities needs to be saved in advance, and meanwhile, the account authorities are limited by the preset authorities of the roles, so that the account authorities are not controlled in fine granularity.
Disclosure of Invention
Because account rights are limited by preset rights of roles in the current role-based rights control method, and the problem of insufficient fine granularity of control of the account rights is solved, the embodiment of the invention provides a blockchain rights control method and a blockchain rights control device.
In one aspect, an embodiment of the present invention provides a method for controlling authority of a blockchain, where each block in the blockchain stores an account book in a table form, the method includes:
acquiring a transaction request, wherein the transaction request comprises transaction information and a transaction account;
determining a table to be operated and operation contents in the table to be operated according to the transaction information, wherein the table to be operated is located in a block of a block chain;
determining a right account corresponding to the table to be operated from a preset right table;
and executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table.
Because the authority list is preset, the authority of each account to the blockchain table is stored in the authority list, when the transaction account initiates the transaction and needs to operate the list in the blockchain, the authority control on the blockchain can be realized by inquiring the authority list to determine the operation authority and operating the list. Because the specific authority of the account can be freely set in the authority table, and the account authority is added and deleted based on actual needs, compared with the authority control based on roles, the control of the account authority is finer, and meanwhile the account authority is convenient to manage. Second, because the data in the blockchain is stored in a table form rather than a Merkle tree-based form, the method of operating the blockchain table according to the account permissions in the permission table is better than the method of directly operating the blockchain table based on the role-based permission control method.
Optionally, the table to be operated is a system table or a user table, where the system table is used to control a system function of the blockchain, and the user table is used to control a service function of the blockchain.
Optionally, before determining the authority account corresponding to the table to be operated from the preset authority table, the method includes:
and determining the operation content as write operation.
Optionally, after the operation content is executed in the table to be operated, the method further includes:
generating an operation record of the to-be-operated table, wherein the operation record comprises an identification of the to-be-operated table, operation content and a transaction account;
and sending the operation record of the to-be-operated table to other network nodes in a blockchain network so that the other network nodes determine the authority account corresponding to the to-be-operated table from the authority table according to the to-be-operated table identification, and executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table.
The operation records of the to-be-operated table are sent to other network nodes, so that the other network nodes execute operation contents after verifying the legality of the operation records of the to-be-operated table, thereby realizing the synchronization of the table contents in the blockchain network and ensuring the consistency and the safety of the blockchain table.
Optionally, the method further comprises:
the permission table is positioned in a block of the block chain;
and when the authority table is updated, the updated authority table takes effect in the next block of the current block.
In one aspect, an embodiment of the present invention provides a rights control apparatus for a blockchain, where each block in the blockchain stores an account book in a table format, the apparatus includes:
the system comprises an acquisition module, a transaction module and a transaction module, wherein the acquisition module is used for acquiring a transaction request, and the transaction request comprises transaction information and a transaction account;
the analysis module is used for determining a table to be operated and operation contents in the table to be operated according to the transaction information, wherein the table to be operated is located in a block of a block chain;
the screening module is used for determining a right account corresponding to the table to be operated from a preset right table;
and the control module is used for executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table.
Optionally, the table to be operated is a system table or a user table, where the system table is used to control a system function of the blockchain, and the user table is used to control a service function of the blockchain.
Optionally, the screening module is further configured to:
and before determining the authority account corresponding to the table to be operated from a preset authority table, determining the operation content as writing operation.
Optionally, the control module is further configured to:
after the operation content is executed in the to-be-operated table, generating an operation record of the to-be-operated table, wherein the operation record comprises an to-be-operated table identifier, the operation content and a transaction account;
and sending the operation record of the to-be-operated table to other network nodes in a blockchain network so that the other network nodes determine the authority account corresponding to the to-be-operated table from the authority table according to the to-be-operated table identification, and executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table.
Optionally, the screening module is further configured to:
and when the authority table is updated, the updated authority table takes effect in the next block of the current block, and the authority table is positioned in the block of the block chain.
In one aspect, an embodiment of the present invention provides a terminal device, including at least one processing unit, and at least one storage unit, where the storage unit stores a computer program, and when the program is executed by the processing unit, causes the processing unit to execute steps of a method for controlling rights of a blockchain.
In one aspect, embodiments of the present invention provide a computer readable medium storing a computer program executable by a terminal device, which when run on the terminal device, causes the terminal device to perform steps of a blockchain entitlement control method.
In the embodiment of the invention, as the permission table is preset, the permissions of each account to the blockchain table are stored in the permission table, when the transaction account initiates the transaction and needs to operate the table in the blockchain, the permission control of the blockchain can be realized by inquiring the permission table to determine the operation permission and executing the operation on the table. Because the specific authority of the account can be freely set in the authority table, and the account authority is added and deleted based on actual needs, compared with the authority control based on roles, the control of the account authority is finer, and meanwhile the account authority is convenient to manage. Second, because the data in the blockchain is stored in a table form rather than a Merkle tree-based form, the method of operating the blockchain table according to the account permissions in the permission table is better than the method of directly operating the blockchain table based on the role-based permission control method.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it will be apparent that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present invention;
FIG. 2 is a flowchart of a method for controlling authority of a blockchain according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for controlling authority of a blockchain according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for controlling authority of a blockchain according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a block chain authority control device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantageous effects of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
For ease of understanding, the terms involved in the embodiments of the present invention are explained below.
Blockchain: the blockchain is a brand new distributed infrastructure and computing mode which uses a block chain data structure to verify and store data, uses a distributed node consensus algorithm to generate and update data, uses a cryptography mode to ensure the safety of data transmission and access, and uses an intelligent contract formed by an automatic script code to program and operate the data.
Alliance chain: the alliance chain is between public and private chains, a block chain is commonly maintained by a plurality of organizations, an admission mechanism is provided, and the generation of each block is determined by a preselected node.
Intelligent contract: the intelligent contract is a service program written in the solubility language and realizing specific logic, and is issued on the alliance chain in a binary mode, so that contract participants can execute calling on the alliance chain.
And (3) authority control: a control mechanism for accessing the blockchain function is realized by controlling the authority of accessing the blockchain, for example, the access of the blockchain function is realized by controlling the authority of accessing a table in the blockchain by taking the distributed storage of a FISCO BCOS alliance chain platform as the background.
The authority control method of the blockchain in the embodiment of the invention can be applied to a blockchain network scene, for example, in a coalition chain network as shown in fig. 1, the coalition chain network comprises a plurality of network nodes 101, the network nodes 101 comprise authority control devices of the blockchain, the network nodes 101 can be a server or a server cluster formed by a plurality of servers, and the network nodes 101 are connected through a wireless network. In an organization maintaining a federation chain, each organization corresponds to one or more network nodes 101, tables in the network nodes 101 in the federation chain are synchronized in real time. For each network node, the institution initiates a transaction request through a transaction account in the network node 101, and after receiving the transaction request, the network node 101 determines a table to be operated and operation contents in the table to be operated according to the transaction information. And then determining a right account corresponding to the table to be operated from a preset right table, and executing operation content in the table to be operated when determining that the transaction account is matched with the right account corresponding to the table to be operated. The network node 101 then generates an operation record of the table to be operated and sends the operation record of the table to be operated to other network nodes 101 in the blockchain network, the operation record including the table to be operated identification, the operation content and the transaction account. And the other network nodes 101 determine authority accounts corresponding to the tables to be operated from the authority tables according to the identifiers of the tables to be operated, and execute operation contents in the tables to be operated when determining that the transaction accounts are matched with the authority accounts corresponding to the tables to be operated.
Based on the application scenario diagram shown in fig. 1, the embodiment of the invention provides a flow of a blockchain authority control method, and the flow of the method can be executed by a blockchain authority control device, as shown in fig. 2, and comprises the following steps:
step S201, a transaction request is acquired.
Specifically, a transaction request is initiated by a transaction account, the transaction request including transaction information and the transaction account. The transaction information corresponding to different transactions is different, for example, when the transaction request is to deploy a contract, the transaction information is the name of a table involved in deploying the contract, contract-related data, and the like.
Step S202, determining a table to be operated and operation contents in the table to be operated according to the transaction information.
The tables to be operated are in blocks of the blockchain, and different transaction information corresponds to different tables to be operated. The table to be operated may be a system table or a user table, where the system table is used to control the system functions of the blockchain, the user table is used to control the service functions of the blockchain, specifically as shown in fig. 3, the transaction account operates the system table of the blockchain according to the authority in the authority table, controls the system functions of the blockchain, and the transaction account operates the user table of the blockchain according to the authority in the authority table, and controls the service functions of the blockchain.
Specifically, the system tables include a_sys_tables_table, a_sys_cns_table, a_sys_mins_table, a_sys_config_table, a_sys_table_access_table, and the like.
The sys tables stores the table-building field information of all tables in the blockchain system, and the field information of all created tables needs to be stored in the sys tables to enable the table creation. Deploying a contract requires building a contract table, and a contract operation user table requires first creating a user table, so that rights control actions on the_sys_tables_table can control the deployment of the contract and the creation of the user table.
The _sys_cns_table holds CNS information for contracts deployed in blockchain using a contract naming service (Contract Name Service, CNS for short). CNS information includes contract name, contract version number, address of contract deployment, and contract application binary interface (Application Binary Interfac, ABI for short). Utilizing CNS deployment contracts requires that CNS information be written to the sys CNS table. Thus, the entitlement control effort_sys_cns_table may control whether an account has the entitlement to utilize CNS deployment contracts.
The_sys_miners_table holds information of all node types in the blockchain, and there are three types of nodes in the blockchain network, namely accounting nodes, observation nodes and free nodes. The conversion of these three types of node types may be accomplished by operating the sys miners table. Thus, the entitlement control effect_sys_miners_table can control block link point type transitions.
The_sys_config_table holds system configuration information in the blockchain, such as setting tx_count_limit (upper limit of number of transactions in a block) and tx_gas_limit (upper limit of gas for transactions). Accordingly, the authority control acting on the_sys_config_table can control the setting authority of the system configuration information.
The user tables are tables related to services, and authority control acts on each user table to finely control related service functions. Illustratively, user table 1 is an operating user table of contract a, which includes a list of users that can operate contract a. Illustratively, user table 2 is a user table of loan transactions, including a list of users that may be loaned.
Step S203, determining a right account corresponding to the table to be operated from a preset right table.
Specifically, the permission table is used for storing permission setting information, the permission table also belongs to a system table, and a permission control use rule is determined before the alliance chain is established. For example, the management node may be selected from the blockchain network, and then the account corresponding to the management node is taken as the manager account, only the manager account may use the authority setting function, and the non-manager account has no authority setting function. When the authority of an account to a certain table is set, the authority record corresponding to the account is added in the authority table. Optionally, the authority table is located in a block of the blockchain, and when the authority table is updated, the updated authority table is validated in a next block of the current block, for example, when a new authority record is added in the authority table, a new block is generated after the current block, and the new authority record is stored in a block body of the new block. For example, when modifying the authority record a in the authority table, a new block is generated after the current block, and the modified authority record a is stored in the block main body of the new block.
Illustratively, the embodiments of the present invention provide an example of a rights table, as shown in Table 1:
table 1.
Fields Type(s) Whether or not it is empty Main key Description of the invention
table_name string Whether or not Is that Table name
address string Whether or not Account address
enable_num string Whether or not Effective block height
_status_ string Whether or not Status field
As can be seen from table 1, in the authority table, one authority record includes a table name, an account name, an effective block height and a status field, wherein the effective block height is a block position of the authority record in effect in the blockchain, and when the status field is "0", the authority record is in a normal effective state, and when the status field is "1", the authority record is in a failure state.
In specific implementation, a preset authority contract interface can be adopted to operate the authority table. Rights contract interfaces include insert interfaces, remove interfaces, queryByName interfaces, and the like. And setting authority records through the table names and the account addresses by the insert interfaces, and returning the set record numbers. The set record is stored in the permission table, and the repeated setting of the same permission record is refused, namely, the record is returned to 0 directly. The remove interface removes the set authority record through the table name and the account address, and returns the removed record number. Removal of a record the status field of the record is set from "0" to "1", refusing to repeatedly remove the same rights record, i.e. returning to 0 directly. The queryByName interface queries the set authority record through the table name, the record returns in the form of json character strings, and the interface is used for querying the authority record.
For users, providing a right control API of a Java sdk end of the blockchain adaptation for developers to use. A command line tool is provided for use by the operator. The Java sdk side API and command line tool commands are as follows:
string add: the API calls an insert interface of the rights contract, and rights information can be set. The corresponding command is addmethod (abbreviated as aa), and the parameters are table name and account address.
String remove-the API calls the remove interface of the rights contract, which can remove the rights record. The corresponding command is removeAuthority (abbreviated command ra), and the parameters are table name and account address.
List query: the API calls the queryByName interface of the authority contract and can inquire the authority information. The corresponding command is queryAuthority (abbreviated command is qa) and the parameter is the table name.
Step S204, when the transaction account is matched with the authority account corresponding to the table to be operated, the operation content is executed in the table to be operated.
In a possible implementation manner, when the operation content is writing operation, determining a permission account corresponding to the table to be operated from a preset permission table, and when determining that the transaction account matches with the permission account corresponding to the table to be operated, executing writing operation in the table to be operated. And when the operation content is a read operation, executing the read operation in the table to be operated. Illustratively, setting transaction account 1 requires deployment of a HelloWorld contract, and the network node receives a transaction request, where the transaction request includes contents of transaction account 1 and the HelloWorld contract. When the network node determines that the transaction account 1 needs to write the content of the HelloWorld contract into the_sys_tables_table according to the transaction information, the authority record of the_sys_tables_table is queried from the authority table, and the authority account of the_sys_tables_table is determined. If transaction account 1 is included in the rights account, the contents of the HelloWord contract are written into the_sys_tables, otherwise, the contents of the HelloWord contract are refused to be written into the_sys_tables. When the network node determines that the transaction account 1 needs to read the content of the sys_tables according to the transaction information, the content of the sys_tables is directly read.
In one possible implementation manner, when the operation content is write operation or read operation, determining a permission account corresponding to the table to be operated from a preset permission table, and when the transaction account is determined to be matched with the permission account corresponding to the table to be operated, executing write operation or read operation in the table to be operated. Specifically, a permission table corresponding to the read operation and a permission table corresponding to the write operation may be preset. When the operation content is writing operation, determining a right account corresponding to the table to be operated from a right table corresponding to the writing operation, and executing the writing operation in the table to be operated when determining that the transaction account is matched with the right account corresponding to the table to be operated. When the operation content is read operation, determining a right account corresponding to the table to be operated from a right table corresponding to the read operation, and executing the read operation in the table to be operated when determining that the transaction account is matched with the right account corresponding to the table to be operated.
Because the authority list is preset, the authority of each account to the blockchain table is stored in the authority list, when the transaction account initiates the transaction and needs to operate the list in the blockchain, the authority control on the blockchain can be realized by inquiring the authority list to determine the operation authority and operating the list. Because the specific authority of the account can be freely set in the authority table, and the account authority is added and deleted based on actual needs, compared with the authority control based on roles, the control of the account authority is finer, and meanwhile the account authority is convenient to manage. Second, because the data in the blockchain is stored in a table form rather than a Merkle tree-based form, the method of operating the blockchain table according to the account permissions in the permission table is better than the method of directly operating the blockchain table based on the role-based permission control method.
Optionally, after executing the operation content in the to-be-operated table, generating an operation record of the to-be-operated table, wherein the operation record comprises the to-be-operated table identifier, the operation content and the transaction account, sending the operation record of the to-be-operated table to other network nodes in the blockchain network, determining the authority account corresponding to the to-be-operated table from the authority table according to the to-be-operated table identifier by the other network nodes, and executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table.
In particular implementations, tables of various network nodes in a blockchain network are synchronized in real-time. When one network node performs a write operation in the table to be operated and changes the contents in the table to be operated, the changed contents in the table to be operated need to be synchronized to other network nodes in the blockchain network. When other network nodes receive the operation records of the operation table, the legality of the operation records of the operation table is required to be verified firstly, specifically, the authority account corresponding to the operation table is determined from the authority table according to the identification of the operation table to be operated in the operation records, when the transaction account is determined to be matched with the authority account corresponding to the operation table, the operation records are determined to be legal, and then the operation content is executed in the operation table, so that the content of the block chain network synchronization table is realized, and the consistency and the safety of the block chain table are ensured.
In order to better explain the embodiment of the present invention, the following describes a blockchain authority control method provided by the embodiment of the present invention in combination with a specific implementation scenario, where the method is executed by a network node, as shown in fig. 4, and the method includes the following steps:
step S401, a transaction request of a transaction account is acquired.
Step S402, determining a table to be operated and operation contents according to the transaction request.
The table to be operated may be a system table or a user table.
Step S403, determining whether the operation content is a write operation, if not, executing step S404, otherwise executing step S405.
Step S404, obtaining a query result.
Step S405, judging whether the permission record cache exists, if yes, executing step S406, otherwise executing step S409.
Specifically, when a permission record is queried in the permission table before, the permission record can be cached, so when a request for querying the permission record is received, the cache can be queried directly without querying the permission table every time, thereby improving the query efficiency.
Step S406, judging whether the transaction account has authority, if yes, executing step S407, otherwise, executing step S408.
Step S407, a write operation is performed.
In step S408, the write operation is rejected.
Step S409, consulting the authority table.
In the following, with reference to a specific implementation scenario, the system table is set to have write permission to_sys_tables by the command tool aa in advance for the transaction account 1. The network node receives a transaction request to deploy a HelloWorld contract for transaction account 1, the transaction deploying the contract requiring a write operation to the_sys_tables_table. The network node queries the rights record of the_sys_tables_table in the rights table, and determines the rights account of the_sys_tables_table from the rights record. And then comparing the transaction account 1 with the authority account of the_sys_tables, and writing the related content of the HelloWord contract into the_sys_tables when the comparison result is that the transaction account 1 is the authority account of the_sys_tables, so that the contract deployment is successful. When the network node receives a transaction request to deploy a HelloWorld contract for transaction account 2, the transaction deploying the contract requires a write operation to the_sys_tables. The network node queries the rights record of the_sys_tables_table in the rights table, and determines the rights account of the_sys_tables_table from the rights record. And then comparing the transaction account 2 with the authority account of the_sys_tables, and when the comparison result is that the transaction account 2 is not the authority account of the_sys_tables, not allowing the transaction account 2 to write the related content of the HelloWord contract into the_sys_tables, thereby failing to deploy the contract.
For the user table, a user table is set, wherein the transaction account 2 is preset to have write authority to the user table A through the command tool aa, and the user table A is an operation user table of the HelloWord contract. The network node receives a transaction request for adding to transaction account 2 the operating user mm of the HelloWorld contract, requiring a write operation to user table a. The network node queries the authority records of the user table A in the authority table, and determines the authority account of the user table A from the authority records. And then comparing the transaction account 2 with the authority account of the user table A, and writing the related information of the user mm into the user table A when the comparison result is that the transaction account 2 is the authority account of the user table A. When the network node receives a transaction request for adding the operating user nn of the HelloWorld contract to the transaction account 3, a write operation to the user table a is required. The network node queries the authority records of the user table A in the authority table, and determines the authority account of the user table A from the authority records. And then comparing the transaction account 3 with the authority account of the user table A, and if the comparison result is that the transaction account 3 is not the authority account of the user table A, adding fails.
In the embodiment of the invention, as the permission table is preset, the permissions of each account to the blockchain table are stored in the permission table, when the transaction account initiates the transaction and needs to operate the table in the blockchain, the permission control of the blockchain can be realized by inquiring the permission table to determine the operation permission and executing the operation on the table. Because the specific authority of the account can be freely set in the authority table, and the account authority is added and deleted based on actual needs, compared with the authority control based on roles, the control of the account authority is finer, and meanwhile the account authority is convenient to manage. Second, because the data in the blockchain is stored in a table form rather than a Merkle tree-based form, the method of operating the blockchain table according to the account permissions in the permission table is better than the method of directly operating the blockchain table based on the role-based permission control method.
Based on the same technical concept, an embodiment of the present invention provides a block chain authority control device, as shown in fig. 5, the device 500 includes:
an obtaining module 501, configured to obtain a transaction request, where the transaction request includes transaction information and a transaction account;
an analysis module 502, configured to determine a table to be operated and operation contents in the table to be operated according to the transaction information, where the table to be operated is located in a block of a blockchain;
a screening module 503, configured to determine a rights account corresponding to the table to be operated from a preset rights table;
and the control module 504 is configured to execute the operation content in the to-be-operated table when it is determined that the transaction account matches with the authority account corresponding to the to-be-operated table.
Optionally, the table to be operated is a system table or a user table, where the system table is used to control a system function of the blockchain, and the user table is used to control a service function of the blockchain.
Optionally, the screening module 503 is further configured to:
and before determining the authority account corresponding to the table to be operated from a preset authority table, determining the operation content as writing operation.
Optionally, the control module 504 is further configured to:
after the operation content is executed in the to-be-operated table, generating an operation record of the to-be-operated table, wherein the operation record comprises an to-be-operated table identifier, the operation content and a transaction account;
and sending the operation record of the to-be-operated table to other network nodes in a blockchain network so that the other network nodes determine the authority account corresponding to the to-be-operated table from the authority table according to the to-be-operated table identification, and executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table.
Optionally, the screening module 503 is further configured to:
and when the authority table is updated, the updated authority table takes effect in the next block of the current block, and the authority table is positioned in the block of the block chain.
Based on the same technical concept, the embodiment of the present invention provides a terminal device, as shown in fig. 6, including at least one processor 601 and a memory 602 connected to the at least one processor, where in the embodiment of the present invention, a specific connection medium between the processor 601 and the memory 602 is not limited, and in fig. 6, the processor 601 and the memory 602 are connected by a bus as an example. The buses may be divided into address buses, data buses, control buses, etc.
In the embodiment of the present invention, the memory 602 stores instructions executable by the at least one processor 601, and the at least one processor 601 may perform the steps included in the above-described blockchain authority control method by executing the instructions stored in the memory 602.
The processor 601 is a control center of the terminal device, and may control rights by running or executing instructions stored in the memory 602 and invoking data stored in the memory 602 by connecting various interfaces and lines to various parts of the terminal device. Alternatively, the processor 601 may include one or more processing units, and the processor 601 may integrate an application processor and a modem processor, wherein the application processor primarily processes operating systems, user interfaces, application programs, and the like, and the modem processor primarily processes wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 601. In some embodiments, processor 601 and memory 602 may be implemented on the same chip, or they may be implemented separately on separate chips in some embodiments.
The processor 601 may be a general purpose processor such as a Central Processing Unit (CPU), digital signal processor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, capable of implementing or executing the methods, steps and logic blocks disclosed in embodiments of the present invention. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present invention may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in the processor for execution.
The memory 602 is a non-volatile computer readable storage medium that can be used to store non-volatile software programs, non-volatile computer executable programs, and modules. The Memory 602 may include at least one type of storage medium, which may include, for example, flash Memory, hard disk, multimedia card, card Memory, random access Memory (Random Access Memory, RAM), static random access Memory (Static Random Access Memory, SRAM), programmable Read-Only Memory (Programmable Read Only Memory, PROM), read-Only Memory (ROM), charged erasable programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory), magnetic Memory, magnetic disk, optical disk, and the like. Memory 602 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 602 in embodiments of the present invention may also be circuitry or any other device capable of performing storage functions for storing program instructions and/or data.
Based on the same inventive concept, an embodiment of the present invention provides a computer readable medium storing a computer program executable by a terminal device, which when run on the terminal device, causes the terminal device to perform the steps of a blockchain authority control method.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, or as a computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (9)

1. A method for controlling authority of a blockchain, wherein each block in the blockchain stores an account book in a table form, the method comprising:
acquiring a transaction request, wherein the transaction request comprises transaction information and a transaction account;
determining a table to be operated and operation contents in the table to be operated according to the transaction information, wherein the table to be operated is located in a block of a block chain;
determining authority accounts corresponding to the to-be-operated table from a preset authority table, wherein the authority table stores the authority of each account to the blockchain table, the authority table is operated through an authority contract interface, and the authority control using rule corresponding to the authority table comprises the following steps: selecting a management node from a blockchain network, and taking an account corresponding to the management node as an administrator account, wherein the administrator account has a permission setting function, and a non-administrator account does not have the permission setting function; when setting the authority of one account to one table, the administrator account adds an authority record corresponding to the one account in the authority table;
executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table;
generating an operation record of the to-be-operated table, wherein the operation record comprises an identification of the to-be-operated table, operation content and a transaction account;
and sending the operation record of the to-be-operated table to other network nodes in a blockchain network so that the other network nodes determine the authority account corresponding to the to-be-operated table from the authority table according to the to-be-operated table identification, and executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table.
2. The method of claim 1, wherein the table to be operated is a system table or a user table, the system table to control system functions of the blockchain, and the user table to control business functions of the blockchain.
3. The method of claim 1, wherein before determining the authority account corresponding to the table to be operated from the preset authority table, the method comprises:
and determining the operation content as write operation.
4. A method as claimed in any one of claims 1 to 3, further comprising:
the permission table is positioned in a block of the block chain;
and when the authority table is updated, the updated authority table takes effect in the next block of the current block.
5. A rights control apparatus for a blockchain, wherein blocks in the blockchain store an account book in tabular form, the apparatus comprising:
the system comprises an acquisition module, a transaction module and a transaction module, wherein the acquisition module is used for acquiring a transaction request, and the transaction request comprises transaction information and a transaction account;
the analysis module is used for determining a table to be operated and operation contents in the table to be operated according to the transaction information, wherein the table to be operated is located in a block of a block chain;
the screening module is used for determining authority accounts corresponding to the to-be-operated table from a preset authority table, wherein the authority table stores the authority of each account to the blockchain table, the authority table is operated through an authority contract interface, and the authority control using rule corresponding to the authority table comprises the following steps: selecting a management node from a blockchain network, and taking an account corresponding to the management node as an administrator account, wherein the administrator account has a permission setting function, and a non-administrator account does not have the permission setting function; when setting the authority of one account to one table, the administrator account adds an authority record corresponding to the one account in the authority table;
the control module is used for executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table; generating an operation record of the to-be-operated table, wherein the operation record comprises an identification of the to-be-operated table, operation content and a transaction account;
and sending the operation record of the to-be-operated table to other network nodes in a blockchain network so that the other network nodes determine the authority account corresponding to the to-be-operated table from the authority table according to the to-be-operated table identification, and executing the operation content in the to-be-operated table when the transaction account is determined to be matched with the authority account corresponding to the to-be-operated table.
6. The apparatus of claim 5, wherein the table to be operated is a system table or a user table, the system table to control system functions of the blockchain, the user table to control business functions of the blockchain.
7. The apparatus of claim 5, wherein the screening module is further to:
and before determining the authority account corresponding to the table to be operated from a preset authority table, determining the operation content as writing operation.
8. A terminal device comprising at least one processing unit and at least one storage unit, wherein the storage unit stores a computer program which, when executed by the processing unit, causes the processing unit to perform the steps of the method of any of claims 1-4.
9. A computer readable medium, characterized in that it stores a computer program executable by a terminal device, which program, when run on the terminal device, causes the terminal device to perform the steps of the method according to any of claims 1-4.
CN201910163011.4A 2019-03-05 2019-03-05 Authority control method and device for blockchain Active CN110008665B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910163011.4A CN110008665B (en) 2019-03-05 2019-03-05 Authority control method and device for blockchain
PCT/CN2020/076086 WO2020177548A1 (en) 2019-03-05 2020-02-20 Blockchain authority control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910163011.4A CN110008665B (en) 2019-03-05 2019-03-05 Authority control method and device for blockchain

Publications (2)

Publication Number Publication Date
CN110008665A CN110008665A (en) 2019-07-12
CN110008665B true CN110008665B (en) 2024-02-06

Family

ID=67166331

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910163011.4A Active CN110008665B (en) 2019-03-05 2019-03-05 Authority control method and device for blockchain

Country Status (2)

Country Link
CN (1) CN110008665B (en)
WO (1) WO2020177548A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110008665B (en) * 2019-03-05 2024-02-06 深圳前海微众银行股份有限公司 Authority control method and device for blockchain
CN112468525B (en) * 2019-09-06 2022-06-28 傲为有限公司 Domain name management system based on block chain
CN111222109B (en) * 2019-11-21 2025-08-26 腾讯科技(深圳)有限公司 A blockchain account operation method, node device and storage medium
CN113761581A (en) * 2021-09-24 2021-12-07 支付宝(杭州)信息技术有限公司 Authority control method and device in block chain and electronic equipment
CN114298711A (en) * 2021-12-21 2022-04-08 蚂蚁区块链科技(上海)有限公司 Industrial control equipment control method, device and system based on block chain
CN115063243A (en) * 2022-06-27 2022-09-16 上海加密原生科技有限公司 Business processing method and device based on alliance chain
CN115001718B (en) * 2022-08-04 2023-01-20 树根格致科技(湖南)有限公司 Data processing method and device, computer equipment and readable storage medium
CN115797031B (en) * 2022-11-01 2024-08-23 中电金信软件(上海)有限公司 Freezing control method and device for business transaction, computer equipment and storage medium
CN117709947B (en) * 2024-02-05 2024-04-19 广东通莞科技股份有限公司 POS machine settlement authority management method based on blockchain

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106796685A (en) * 2016-12-30 2017-05-31 深圳前海达闼云端智能科技有限公司 Block chain authority control method and device and node equipment
CN107911373A (en) * 2017-11-24 2018-04-13 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of block chain right management method and system
CN109087214A (en) * 2018-07-23 2018-12-25 江苏恒宝智能系统技术有限公司 A kind of natural gas life payment management system based on block chain
CN109241365A (en) * 2018-08-23 2019-01-18 泰链(厦门)科技有限公司 Building method, medium, computer equipment and the block catenary system of block catenary system
CN109344631A (en) * 2018-09-18 2019-02-15 百度在线网络技术(北京)有限公司 The data modification and block verification method, device, equipment and medium of block chain

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108012582B (en) * 2017-08-18 2019-08-23 达闼科技成都有限公司 block chain system and authority management method thereof
CN110008665B (en) * 2019-03-05 2024-02-06 深圳前海微众银行股份有限公司 Authority control method and device for blockchain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106796685A (en) * 2016-12-30 2017-05-31 深圳前海达闼云端智能科技有限公司 Block chain authority control method and device and node equipment
CN107911373A (en) * 2017-11-24 2018-04-13 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of block chain right management method and system
CN109087214A (en) * 2018-07-23 2018-12-25 江苏恒宝智能系统技术有限公司 A kind of natural gas life payment management system based on block chain
CN109241365A (en) * 2018-08-23 2019-01-18 泰链(厦门)科技有限公司 Building method, medium, computer equipment and the block catenary system of block catenary system
CN109344631A (en) * 2018-09-18 2019-02-15 百度在线网络技术(北京)有限公司 The data modification and block verification method, device, equipment and medium of block chain

Also Published As

Publication number Publication date
CN110008665A (en) 2019-07-12
WO2020177548A1 (en) 2020-09-10

Similar Documents

Publication Publication Date Title
CN110008665B (en) Authority control method and device for blockchain
CN107562513B (en) Intelligent contract life cycle management method based on JAVA
CN114239060B (en) Data acquisition method and device, electronic equipment and storage medium
CN110941679A (en) Contract data processing method, related equipment and medium
CN107315786A (en) Business data storage method and device
CN110532025B (en) Data processing method, device and equipment based on micro-service architecture and storage medium
CN111447069B (en) Low-frequency access data processing method based on block chain
CN112363997B (en) Data version management method, device and storage medium
CN110955448A (en) Intelligent contract separation method, contract processing method, apparatus, device and medium
CN110213392B (en) Data distribution method and device, computer equipment and storage medium
WO2023056797A1 (en) Blockchain-based data processing method, apparatus, and device, and storage medium
CN113469811B (en) Blockchain transaction processing method and device
CN112650812A (en) Data fragment storage method and device, computer equipment and storage medium
CN112651001A (en) Access request authentication method, device, equipment and readable storage medium
CN111177701A (en) Method and equipment for realizing cryptographic function service based on trusted execution environment and security chip
CN103514412B (en) Method and cloud server for constructing role-based access control system
CN110879900B (en) A data processing method and device based on blockchain system
CN118797687A (en) A method, system and terminal for encrypting Internet of Vehicles data
WO2025007511A1 (en) Method for allocating network slices, data processing method and system, and electronic device
CN117014175A (en) Permission processing method and device of cloud system, electronic equipment and storage medium
CN104753902A (en) Service system verification method and device
CN117272278B (en) Decentralization management method and device for digital asset platform
CN113076318A (en) User ID distribution method and device, computer equipment and storage medium
CN112541756B (en) Block chain contract upgrading method and device, computer equipment and readable storage medium
CN114756387B (en) Control methods and devices that call application programming interfaces, storage media, electronic devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant