[go: up one dir, main page]

CN107911373B - A blockchain rights management method and system - Google Patents

A blockchain rights management method and system Download PDF

Info

Publication number
CN107911373B
CN107911373B CN201711193847.6A CN201711193847A CN107911373B CN 107911373 B CN107911373 B CN 107911373B CN 201711193847 A CN201711193847 A CN 201711193847A CN 107911373 B CN107911373 B CN 107911373B
Authority
CN
China
Prior art keywords
authority
change
permission
block
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711193847.6A
Other languages
Chinese (zh)
Other versions
CN107911373A (en
Inventor
王加楠
张一锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongchao Digital Information Technology (Beijing) Co., Ltd. Hangzhou Blockchain Technology Research Institute
Original Assignee
Zhongchao Credit Card Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongchao Credit Card Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute filed Critical Zhongchao Credit Card Industry Development Co Ltd Hangzhou Blockchain Technology Research Institute
Priority to CN201711193847.6A priority Critical patent/CN107911373B/en
Publication of CN107911373A publication Critical patent/CN107911373A/en
Application granted granted Critical
Publication of CN107911373B publication Critical patent/CN107911373B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/90Buffering arrangements
    • H04L49/9015Buffering arrangements for supporting a linked list
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种区块链权限管理方法及系统,该方法包括:识别用户发送的权限变更交易;其中,权限变更交易的内容包括发起者、变更权限用户、需变更权限以及对应的变更权限值;判断权限变更交易中的发起者是否具有权限变更权限;若发起者具有权限变更权限,则将变更权限用户的每个需变更权限的权限值修改为对应的变更权限值,并将执行后的权限变更交易记录到区块中;对区块中的交易进行共识,当共识通过后区块中对应的权限变更交易生效。该方法的权限管理直接在区块链中进行,无需借助外部设施,且深度集成到区块链中,能够对区块链进行全方位的权限控制,对权限的变更需经过全网共识,并记录在区块链中,使变更记录不可篡改,便于审计。

The invention discloses a block chain authority management method and system. The method includes: identifying the authority change transaction sent by the user; wherein, the content of the authority change transaction includes the initiator, the user who changes the authority, the authority to be changed, and the corresponding change authority value; determine whether the initiator in the authority change transaction has authority change authority; if the initiator has authority change authority, modify the authority value of each user who needs to change authority to the corresponding change authority value, and execute the The permission change transaction of the block is recorded in the block; the transaction in the block is consensused, and the corresponding permission change transaction in the block takes effect after the consensus is passed. The authority management of this method is carried out directly in the blockchain without the need for external facilities, and is deeply integrated into the blockchain, which can perform all-round authority control on the blockchain. The change of authority needs to go through the consensus of the whole network, and Recorded in the blockchain, making the change record immutable and easy to audit.

Description

一种区块链权限管理方法及系统A blockchain rights management method and system

技术领域technical field

本发明涉及区块链技术领域,特别涉及一种区块链权限管理方法及系统。The present invention relates to the technical field of block chains, in particular to a block chain rights management method and system.

背景技术Background technique

区块链通过密码学的手段为每个参与者建立对应的数字身份。每个参与者的数字身份由一对非对称公私钥对构成,其中公钥可通过私钥生成。参与者利用私钥对信息签名后发送至区块链,区块链根据签名恢复出公钥,并基于公钥(或者其摘要)识别参与者,进一步对参与者的操作进行鉴权。The blockchain establishes a corresponding digital identity for each participant through cryptography. The digital identity of each participant consists of a pair of asymmetric public-private key pairs, where the public key can be generated through the private key. Participants use the private key to sign the information and send it to the blockchain. The blockchain recovers the public key based on the signature, and identifies the participant based on the public key (or its abstract), and further authenticates the participant's operation.

公有区块链在处理参与者提供的信息时,需要消耗一定的手续费,通常是区块链中的代币。只有参与者具有足额的代币储备,才能够将信息记入区块链。然而,上述限制过于简单,无法适应更复杂的应用场景。当区块链技术被应用于特定行业中时,其参与者往往是行业中的企业、机构等。出于安全性、性能等因素,需要对区块链中参与者的权限进行更为细致的管理。When the public blockchain processes the information provided by the participants, it needs to consume a certain fee, which is usually a token in the blockchain. Information can only be entered into the blockchain if the participant has a sufficient reserve of tokens. However, the above limitations are too simplistic to adapt to more complex application scenarios. When blockchain technology is applied to a specific industry, its participants are often enterprises and institutions in the industry. Due to factors such as security and performance, more detailed management of the rights of participants in the blockchain is required.

目前,针对上述应用场景,已提出一些权限管理方案。现有方案的种类及不足之处如下:At present, for the above application scenarios, some rights management schemes have been proposed. The types and deficiencies of existing schemes are as follows:

第一、通过隔离的方式实现访问权限的控制。具体的实施方法包括但不限于:建立虚拟专用网络,能够连接到网络内节点的参与者则具有权限;在区块链外围建立网关,只有通过网关才能连接到区块链网络中,并在网关进行权限管理。此类方案的关键之处是,权限管理由外部设施承担,不直接在区块链中进行。应用此类方案需要承担外部设施失效、作恶等风险,因此此类方案大多用于参与者之间的信任度较高的场景中。First, access control is achieved through isolation. The specific implementation methods include but are not limited to: establish a virtual private network, and participants who can connect to nodes in the network have permissions; Perform rights management. The key point of such schemes is that rights management is undertaken by external facilities, not directly in the blockchain. The application of such schemes needs to bear the risks of external facility failure and evil, so such schemes are mostly used in scenarios with a high degree of trust between participants.

第二、使用智能合约进行权限管理。此方案的关键是权限管理智能合约。该智能合约中保存了身份及权限信息,其他智能合约在执行的过程中通过调用该智能合约的接口,实现权限的鉴定。此方案中的权限信息和鉴权逻辑均在智能合约层面实现,因此无法对低于智能合约层面的权限(例如发送交易、获取区块链状态等)进行控制。应用此类方案需要承担交易洪水攻击(记录大量无用交易在区块链中)等风险。Second, use smart contracts for authority management. The key to this scheme is the authority management smart contract. The smart contract saves the identity and authority information, and other smart contracts realize the authentication of authority by calling the interface of the smart contract during the execution process. The permission information and authentication logic in this scheme are all implemented at the smart contract level, so it is impossible to control the permissions below the smart contract level (such as sending transactions, obtaining blockchain status, etc.). Applying this kind of scheme needs to bear the risk of transaction flood attack (recording a large number of useless transactions in the blockchain).

因此,如何解决上述问题,实现对区块链中的权限进行全方位的配置,不仅限于智能合约层面,也不需要借助外部设施,是本领域技术人员需要解决的技术问题。Therefore, how to solve the above problems and realize the all-round configuration of the permissions in the blockchain is not limited to the level of smart contracts and does not require external facilities, which is a technical problem that technicians in the field need to solve.

发明内容Contents of the invention

本发明的目的是提供一种区块链权限管理方法及系统,实现对区块链中的权限进行全方位的配置,不仅限于智能合约层面,也不需要借助外部设施。The purpose of the present invention is to provide a block chain rights management method and system to realize all-round configuration of the rights in the block chain, not only limited to the smart contract level, but also without external facilities.

为解决上述技术问题,本发明提供一种区块链权限管理方法,所述方法包括:In order to solve the above technical problems, the present invention provides a block chain rights management method, the method comprising:

识别用户发送的权限变更交易;其中,所述权限变更交易的内容包括发起者、变更权限用户、需变更权限以及对应的变更权限值;Identify the authority change transaction sent by the user; wherein, the content of the authority change transaction includes the initiator, the user who changes the authority, the authority to be changed, and the corresponding change authority value;

判断所述权限变更交易中的所述发起者是否具有权限变更权限;judging whether the initiator in the authority change transaction has authority change authority;

若所述发起者具有权限变更权限,则将所述变更权限用户的每个需变更权限的权限值修改为对应的变更权限值,并将执行后的所述权限变更交易记录到区块中;If the initiator has permission to change the permission, modify the permission value of each permission change user who needs to change permission to the corresponding permission change value, and record the permission change transaction after execution into the block;

对所述区块中的交易进行共识,当所述共识通过后所述区块中对应的权限变更交易生效。Consensus is carried out on the transactions in the block, and the corresponding permission change transaction in the block takes effect after the consensus is passed.

可选的,所述判断所述权限变更交易中的所述发起者是否具有权限变更权限,包括:Optionally, the judging whether the initiator in the authority change transaction has authority change authority includes:

从区块链中获取最新区块,并从所述最新区块中获取校验信息作为MPT树的根;Obtain the latest block from the blockchain, and obtain verification information from the latest block as the root of the MPT tree;

利用所述MPT树的根构造MPT树,并从所述MPT树中获取所述发起者对应的权限信息;Constructing an MPT tree by using the root of the MPT tree, and obtaining permission information corresponding to the initiator from the MPT tree;

根据所述权限信息判断所述权限变更交易中的所述发起者是否具有权限变更权限。It is judged according to the authority information whether the initiator in the authority change transaction has the authority to change the authority.

可选的,所述判断所述权限变更交易中的所述发起者是否具有权限变更权限,包括:Optionally, the judging whether the initiator in the authority change transaction has authority change authority includes:

调用智能合约接口从数据库中获取所述发起者对应的权限信息;Call the smart contract interface to obtain the permission information corresponding to the initiator from the database;

根据所述权限信息判断所述权限变更交易中的所述发起者是否具有权限变更权限。It is judged according to the authority information whether the initiator in the authority change transaction has the authority to change the authority.

可选的,所述对区块中的交易进行共识,当所述共识通过后所述区块中对应的权限变更交易生效,包括:Optionally, the consensus on the transactions in the block is carried out, and the corresponding permission change transaction in the block takes effect after the consensus is passed, including:

接收到所述区块时,提取所述区块中的全部交易;When the block is received, extract all transactions in the block;

在接收到的所述区块的父区块的基础上构建临时区块,并在所述临时区块中依次执行各所述交易;Constructing a temporary block on the basis of the received parent block of the block, and sequentially executing each of the transactions in the temporary block;

当全部所述交易执行完成后,判断所述临时区块中的权限校验信息是否与接收到的所述区块中的权限校验信息一致;After all the transactions are executed, it is judged whether the permission verification information in the temporary block is consistent with the received permission verification information in the block;

若一致,则所述区块中的交易校验通过,并进行共识,当所述共识通过,所述区块中对应的权限变更交易生效。If they are consistent, the transaction verification in the block is passed, and a consensus is carried out, and when the consensus is passed, the corresponding authority change transaction in the block takes effect.

可选的,所述识别用户发送的权限变更交易,包括:Optionally, the authorization change transaction sent by the identification user includes:

接收用户发送的交易;Receive transactions sent by users;

判断所述交易是否具有权限变更交易设定标识;Judging whether the transaction has an authority change transaction setting identifier;

若具有,则确定所述交易为权限变更交易。If so, determine that the transaction is a permission change transaction.

可选的,区块链中权限保存的方式,包括:Optionally, the way to save permissions in the blockchain includes:

利用数据摘要算法对每个权限信息进行处理,生成每个所述权限信息对应的校验信息;Processing each authority information by using a data digest algorithm to generate verification information corresponding to each authority information;

在区块结构中增加所述校验信息的关键字段,用于记录每个区块对应的权限信息。A key field of the verification information is added in the block structure to record the permission information corresponding to each block.

可选的,该方法还包括:Optionally, the method also includes:

识别用户发送的操作;Identify actions sent by users;

判断所述操作的发起者是否具执行所述操作的权限;Determine whether the initiator of the operation has the authority to perform the operation;

若所述操作的发起者具有执行所述操作的权限,则执行所述操作。If the initiator of the operation has the authority to execute the operation, execute the operation.

本发明还提供一种区块链权限管理系统,所述系统包括:The present invention also provides a blockchain authority management system, the system comprising:

识别模块,用于识别用户发送的权限变更交易;其中,所述权限变更交易的内容包括发起者、变更权限用户、需变更权限以及对应的变更权限值;The identification module is used to identify the authority change transaction sent by the user; wherein, the content of the authority change transaction includes the initiator, the user who changes the authority, the authority to be changed, and the corresponding change authority value;

判断模块,用于判断所述权限变更交易中的所述发起者是否具有权限变更权限;A judging module, configured to judge whether the initiator in the authority change transaction has authority change authority;

权限变更执行模块,用于若所述发起者具有权限变更权限,则将所述变更权限用户的每个需变更权限的权限值修改为对应的变更权限值,并将执行后的所述权限变更交易记录到区块中;A permission change execution module, configured to modify the permission value of each user whose permission needs to be changed to a corresponding permission value if the initiator has permission to change the permission, and change the permission after execution The transaction is recorded in the block;

共识模块,用于对所述区块中的交易进行共识,当所述共识通过后所述区块中对应的权限变更交易生效。The consensus module is configured to perform consensus on the transactions in the block, and the corresponding authority change transaction in the block takes effect after the consensus is passed.

可选的,所述判断模块,包括:Optionally, the judging module includes:

权限读取单元,用于从区块链中获取最新区块;The permission reading unit is used to obtain the latest block from the blockchain;

校验信息获取单元,用于从所述最新区块中获取校验信息作为MPT树的根;A verification information acquisition unit, configured to obtain verification information from the latest block as the root of the MPT tree;

第一权限信息获取单元,用于利用所述MPT树的根构造MPT树,并从所述MPT树中获取所述发起者对应的权限信息;A first authority information acquisition unit, configured to use the root of the MPT tree to construct an MPT tree, and acquire authority information corresponding to the initiator from the MPT tree;

第一判断单元,用于根据所述权限信息判断所述权限变更交易中的所述发起者是否具有权限变更权限。A first judging unit, configured to judge whether the initiator in the authority change transaction has authority change authority according to the authority information.

可选的,所述判断模块,包括:Optionally, the judging module includes:

第二权限信息获取单元,用于调用智能合约接口从数据库中获取所述发起者对应的权限信息;The second permission information acquisition unit is used to call the smart contract interface to obtain the permission information corresponding to the initiator from the database;

第二判断单元,用于根据所述权限信息判断所述权限变更交易中的所述发起者是否具有权限变更权限。A second judging unit, configured to judge whether the initiator in the authority change transaction has authority change authority according to the authority information.

本发明所提供的一种区块链权限管理方法将权限管理深度集成在区块链中。每一次对权限进行的操作,均需要全网达成共识才会生效。每一次操作均会打包记录在区块链中,便于审计。由于深度集成在区块链中,因此在实施的过程中,能够对区块链中的权限进行全方位的配置,不仅限于智能合约层面,也不需要借助外部设施。本发明还提供一种区块链权限管理系统,具有上述有益效果,在此不再赘述。A block chain authority management method provided by the present invention deeply integrates authority management into the block chain. Every operation on permissions requires a consensus from the entire network to take effect. Every operation will be packaged and recorded in the blockchain for easy auditing. Due to the deep integration in the blockchain, during the implementation process, the permissions in the blockchain can be fully configured, not limited to the smart contract level, and no external facilities are required. The present invention also provides a block chain authority management system, which has the above beneficial effects, and will not be repeated here.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1为本发明实施例所提供的区块链权限管理方法的流程图;Fig. 1 is a flow chart of the block chain rights management method provided by the embodiment of the present invention;

图2为本发明实施例所提供的区块链权限管理系统的结构框图。Fig. 2 is a structural block diagram of a blockchain authority management system provided by an embodiment of the present invention.

具体实施方式Detailed ways

本发明的核心是提供一种区块链权限管理方法及系统,其权限管理直接在区块链中进行,无需借助外部设施,且深度集成到区块链中,能够对区块链进行全方位的权限控制,对权限的变更需经过全网共识,并记录在区块链中,使变更记录不可篡改,便于审计。The core of the present invention is to provide a block chain authority management method and system, the authority management of which is carried out directly in the block chain, without the need for external facilities, and deeply integrated into the block chain, which can comprehensively control the block chain Permission control, the change of authority needs to go through the consensus of the whole network and be recorded in the blockchain, so that the change record cannot be tampered with and is convenient for auditing.

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

请参考图1,图1为本发明实施例所提供的区块链权限管理方法的流程图;该方法可以包括:Please refer to Fig. 1, Fig. 1 is a flow chart of the blockchain rights management method provided by the embodiment of the present invention; the method may include:

S100、识别用户发送的权限变更交易;其中,权限变更交易的内容包括发起者、变更权限用户、需变更权限以及对应的变更权限值。S100. Identify a permission change transaction sent by a user; wherein, the content of the permission change transaction includes an initiator, a user who changes permission, a permission to be changed, and a corresponding change permission value.

由于本实施例提供的区块链权限管理方法要求深度集成到区块链中,能够对区块链进行全方位的权限控制,以便克服现有技术中仅能在智能合约层面实现区块链权限管理(即无法对低于智能合约层面的权限,例如发送交易、获取区块链状态等进行控制)或者是依靠外部设施。因此本实施例在区块链中增加了一种新的交易类型即权限变更交易,对应于权限的操作。每当区块链收到权限的变更请求时,会产生对应的权限变更交易。该权限变更交易可以与普通交易类似,在执行之后会记录在区块中即将权限信息的更改历史记录在区块链中,以便审计。同时可以像普通交易那样产生回执(Receipt),以便用户可以根据回执确定权限变更交易是否成功,即该回执可以使用户及时了解到权限变更交易的执行情况。本实施例通过权限变更交易实现权限信息的改动操作包括:增加、删除、修改等。实施例中涉及到的权限可以包括权限管理、部署合约以及发送普通交易,实际并不局限于上述三种,甚至可以包括具有限制(如有效期)的复杂权限。Since the block chain authority management method provided in this embodiment requires deep integration into the block chain, it can carry out all-round authority control on the block chain, so as to overcome the block chain authority that can only be realized at the smart contract level in the prior art. Governance (that is, inability to control permissions below the smart contract level, such as sending transactions, obtaining blockchain status, etc.) or relying on external facilities. Therefore, this embodiment adds a new transaction type in the blockchain, that is, authority change transaction, which corresponds to the operation of authority. Whenever the blockchain receives a permission change request, a corresponding permission change transaction will be generated. The permission change transaction can be similar to ordinary transactions, and will be recorded in the block after execution, that is, the change history of permission information will be recorded in the blockchain for auditing. At the same time, a receipt (Receipt) can be generated like a normal transaction, so that the user can determine whether the authority change transaction is successful according to the receipt, that is, the receipt can enable the user to know the execution status of the authority change transaction in time. In this embodiment, the modification operations of the authorization information through the authorization modification transaction include: adding, deleting, modifying, and so on. The rights involved in the embodiments may include rights management, contract deployment, and sending ordinary transactions. Actually, they are not limited to the above three types, and may even include complex rights with restrictions (such as validity period).

进一步,本实施例并不限定通过向区块链中发送该权限变更交易的方式,例如可以是通过外部调用接口发送权限变更交易,或者是通过智能合约接口发送权限变更交易。具体的,用户可通过调用该外部接口来操作权限信息。或者是用户通过调用智能合约接口,使智能合约在执行的过程中,由智能合约虚拟机来操作权限信息。借助智能合约接口,可实现利用智能合约进行权限的自动化配置。当然如无需自动化配置,也可不提供具有该功能的智能合约接口。区块链上的其他智能合约,可通过合约间的消息调用,直接变更、获取权限信息。外部用户的访问接口可以为JSONRPC。以下以JSONRPC接口为例说明权限变更交易请求的具体形式。Further, this embodiment does not limit the way of sending the authority change transaction to the blockchain, for example, it may send the authority change transaction through the external call interface, or send the authority change transaction through the smart contract interface. Specifically, the user can operate the permission information by calling the external interface. Or the user calls the smart contract interface, so that the smart contract virtual machine operates the permission information during the execution of the smart contract. With the help of the smart contract interface, automatic configuration of permissions using smart contracts can be realized. Of course, if automatic configuration is not required, the smart contract interface with this function may not be provided. Other smart contracts on the blockchain can directly change and obtain permission information through message calls between contracts. The access interface for external users can be JSONRPC. The following takes the JSONRPC interface as an example to illustrate the specific form of permission change transaction requests.

JSONRPC接口请求示例:Example JSONRPC interface request:

{"jsonrpc":"2.0","method":"get_permission","params":["0x1234567890123456789012345678901234567890"],"id":1}{"jsonrpc":"2.0","method":"get_permission","params":["0x1234567890123456789012345678901234567890"],"id":1}

JSONRPC接口响应示例:Example JSONRPC interface response:

{"jsonrpc":"2.0","id":1,"result":{"change_permission":false,"deploy_contract":true,"send_transaction":false}}{"jsonrpc":"2.0","id":1,"result":{"change_permission":false,"deploy_contract":true,"send_transaction":false}}

由于该权限变更交易与其它普通交易类似,因此需要使得区块链能够识别出该权限变更交易。本实施例并不限定具体的识别方法。例如可以通过在权限变更交易中添加特殊的标识使之与普通交易进行区分,也可以是通过发送该权限变更交易对应的特定接口的地址等唯一标识信息使之与普通交易进行区分。本实施例并不限定标识的种类和形式,只要是可以与权限变更交易具有唯一对应关系即可。即可选的,识别用户发送的权限变更交易可以包括:Since the authority change transaction is similar to other ordinary transactions, it is necessary to enable the blockchain to identify the authority change transaction. This embodiment does not limit a specific identification method. For example, it can be distinguished from ordinary transactions by adding a special identifier to the authority change transaction, or by sending unique identification information such as the address of the specific interface corresponding to the authority change transaction to distinguish it from ordinary transactions. This embodiment does not limit the type and form of the identification, as long as it can have a unique correspondence with the authority change transaction. That is, optionally, identifying a permission change transaction sent by a user may include:

接收用户发送的交易;Receive transactions sent by users;

判断交易是否具有权限变更交易设定标识;Determine whether the transaction has permission to change the transaction setting flag;

若具有,则确定交易为权限变更交易。If yes, determine that the transaction is a permission change transaction.

具体的,本实施例并不限定权限变更交易设定标识的形式。例如可以是在交易中添加特殊标识位;或者是根据调用的智能合约的地址等。例如,用户可直接发送交易,调用权限智能合约中的接口。可根据调用合约的地址,区分该交易是否是权限变更交易。或用户发送权限变更交易到区块链,该交易有特殊的标识,从而区块链能够识别出该交易的操作为权限变更。Specifically, this embodiment does not limit the form of the authority change transaction setting identifier. For example, it can be to add a special identification bit in the transaction; or according to the address of the smart contract called. For example, users can directly send transactions and call interfaces in permission smart contracts. According to the address of the calling contract, it can be distinguished whether the transaction is a permission change transaction. Or the user sends a permission change transaction to the blockchain, which has a special identifier, so that the blockchain can recognize that the operation of the transaction is a permission change.

本实施例并不对权限变更交易中包含的内容以及内容格式等进行限定,用户可以根据实际情况进行设定。但是该权限变更交易至少需要包含,权限变更交易的发起者,变更权限用户(即要变更的用户,可以使用外部账户地址来表示),需变更权限(即要变更的权限的项目,例如部署合约、发送交易等),变更权限值(即要变更的权限的值,例如可以用True或False表示)。This embodiment does not limit the content and format of the content contained in the authority change transaction, and the user can set it according to the actual situation. However, the authority change transaction needs to include at least the initiator of the authority change transaction, the authority change user (that is, the user to be changed, which can be represented by an external account address), and the authority to be changed (that is, the item to be changed authority, such as a deployment contract , send transactions, etc.), change the authority value (that is, the value of the authority to be changed, for example, it can be represented by True or False).

S110、判断权限变更交易中的发起者是否具有权限变更权限。S110. Determine whether the initiator in the authority change transaction has authority change authority.

具体的,步骤S110和S120为对权限变更交易具体的执行过程。其中步骤S110主要是判断权限变更交易发起者是否合法,即发起者是否有权限执行区块链权限的变更修改操作。仅仅当权限变更交易发起者合法时,才会执行具体的变更操作。当权限变更交易发起者不合法时,则权限变更交易失败。本实施例并不限定具体的判断过程,该过程与权限信息的保存形式等有关。即在区块链这样一个应用场景中如何对权限进行保存,例如如何维持一个权限表。为了进一步保证权限管理的可靠性,可以对权限信息的变更记录通过密码学手段进行保护,无法被篡改。也便于对审计。例如使用一种密码学的可验证的数据结构来保存权限信息。该数据结构在保存原始数据之外,提供了校验信息。校验信息具有如下特性:Specifically, steps S110 and S120 are the specific execution process of the authority change transaction. The step S110 is mainly to judge whether the originator of the authority change transaction is legal, that is, whether the originator has the authority to perform the change and modification operation of the blockchain authority. Only when the authority change transaction initiator is legal, the specific change operation will be executed. When the authority change transaction initiator is illegal, the authority change transaction fails. This embodiment does not limit the specific determination process, which is related to the storage form of the authority information and the like. That is, how to save permissions in an application scenario such as blockchain, such as how to maintain a permission table. In order to further ensure the reliability of authority management, the change record of authority information can be protected by cryptographic means, which cannot be tampered with. It is also convenient for auditing. For example, use a cryptographically verifiable data structure to store permission information. This data structure provides verification information in addition to saving the original data. The verification information has the following characteristics:

第一:相同的原始数据具有相同的校验信息;First: the same original data has the same verification information;

第二:难以根据校验信息构造出与之匹配的原始数据。Second: It is difficult to construct matching original data based on the verification information.

其中,信息字段通常使用密码学中的摘要算法来产生。权限信息的校验信息作为关键字段,包括在区块结构中。关键字段的意义是:该字段会被编码到区块数据中,并用于产生区块的哈希。通过上述设计,权限信息的变化会导致其校验信息的变化,校验信息的变化会导致区块数据及其哈希的变化。因此,可通过区块哈希快速检查权限信息是否正确,使权限信息难以被篡改。可使用任何能够导致区块哈希发生确定性改变的方法来实现,例如通过Trie来实现。优选的,区块链中权限保存的方式可以包括:Among them, the information field is usually generated using a digest algorithm in cryptography. The verification information of the permission information is included in the block structure as a key field. The meaning of the key field is: this field will be encoded into the block data and used to generate the hash of the block. Through the above design, the change of authority information will lead to the change of its verification information, and the change of verification information will lead to the change of block data and its hash. Therefore, the correctness of the permission information can be quickly checked through the block hash, making it difficult for the permission information to be tampered with. This can be achieved using any method that can cause a deterministic change in the block hash, such as through a Trie. Preferably, the way to save permissions in the blockchain can include:

利用数据摘要算法对每个权限信息进行处理,生成每个权限信息对应的校验信息;在区块结构中增加所述校验信息的关键字段,用于记录每个区块对应的权限信息。这样每个区块中对应的校验信息(即该区块对应关键字段的数据)的变化会导致该区块数据及其哈希的变化。因此,可通过区块哈希快速检查权限信息是否正确,使权限信息难以被篡改。下面列举两种可选的实施例。Use the data digest algorithm to process each authority information to generate the verification information corresponding to each authority information; add the key field of the verification information in the block structure to record the authority information corresponding to each block . In this way, the change of the corresponding verification information in each block (that is, the data corresponding to the key field of the block) will cause the change of the block data and its hash. Therefore, the correctness of the permission information can be quickly checked through the block hash, making it difficult for the permission information to be tampered with. Two optional embodiments are listed below.

第一种,可选的,判断权限变更交易中的发起者是否具有权限变更权限可以包括:The first, optional, judging whether the initiator in the authority change transaction has the authority to change may include:

从区块链中获取最新区块,并从最新区块中获取校验信息作为MPT树的根;Obtain the latest block from the blockchain, and obtain the verification information from the latest block as the root of the MPT tree;

利用MPT树的根构造MPT树,并从MPT树中获取发起者对应的权限信息;Use the root of the MPT tree to construct the MPT tree, and obtain the permission information corresponding to the initiator from the MPT tree;

根据权限信息判断权限变更交易中的发起者是否具有权限变更权限。According to the authority information, it is judged whether the initiator in the authority change transaction has the authority to change the authority.

其中,该种判断方式对应的权限信息的保存形式可以如下:Wherein, the storage form of the permission information corresponding to this judgment method may be as follows:

使用MPT(Merkle Patricia Trie)树保存权限数据,并使用其根节点的哈希作为权限数据的校验信息。在区块结构中新增区块字段(例如permissions字段),用于保存权限数据的校验信息。权限数据的结构可以是基于用户的列表、基于组的列表等,在此不做限制。涉及到的权限可以根据区块链的特性进行配置,如发送交易、部署合约、调用只读接口等,具体不做限制。此时按照区块链的特性,可获取在某一区块中的权限信息,具体步骤如下:Use the MPT (Merkle Patricia Trie) tree to save the authority data, and use the hash of its root node as the verification information of the authority data. Add a new block field (such as the permissions field) in the block structure to save the verification information of the permission data. The structure of the authority data may be a user-based list, a group-based list, etc., which is not limited here. The permissions involved can be configured according to the characteristics of the blockchain, such as sending transactions, deploying contracts, calling read-only interfaces, etc., without specific restrictions. At this time, according to the characteristics of the blockchain, the permission information in a certain block can be obtained. The specific steps are as follows:

1、从数据库中获取指定的区块(可以根据区块编号或区块哈希来确定指定的区块,这里的指定的区块可以是最新区块)。1. Obtain the specified block from the database (the specified block can be determined according to the block number or block hash, and the specified block here can be the latest block).

2、从区块关键字段中得到permissions字段的值。2. Obtain the value of the permissions field from the key field of the block.

3、根据permissions的值构造一棵Merkle Patricia Trie树。3. Construct a Merkle Patricia Trie tree according to the value of permissions.

4、从Merkle Patricia Trie树中获取发起者对应的权限信息。4. Obtain the permission information corresponding to the initiator from the Merkle Patricia Trie tree.

第二种,可选的,判断权限变更交易中的发起者是否具有权限变更权限可以包括:The second, optional, judging whether the initiator in the authority change transaction has the authority to change may include:

调用智能合约接口从数据库中获取发起者对应的权限信息;Call the smart contract interface to obtain the permission information corresponding to the initiator from the database;

根据权限信息判断权限变更交易中的发起者是否具有权限变更权限。According to the authority information, it is judged whether the initiator in the authority change transaction has the authority to change the authority.

其中,该种判断方式对应的权限信息的保存在智能合约中。具体的实施方式如下:Among them, the permission information corresponding to this judgment method is stored in the smart contract. The specific implementation is as follows:

1、编写智能合约称之为权限智能合约。1. Writing a smart contract is called a permission smart contract.

2、将权限智能合约写入到创世块中。2. Write the permission smart contract into the genesis block.

3、为权限智能合约分配特定的地址。3. Assign a specific address to the permission smart contract.

经过上述步骤后,权限信息将被保存至权限智能合约的存储区(storage)中。对权限信息的变更会导致该合约存储区的变更,使状态树(State Trie)发生变化,从而导致区块的哈希改变。在本实施例中,状态树可作为权限的校验信息。由于采用了智能合约的形式,外部用户查询权限信息,可直接调用权限智能合约中的接口。与普通的智能合约查询方式完全一致,在此不再赘述。区块链内部获取权限信息用于对操作进行控制时,可使用以下两种方式来进行。After the above steps, the permission information will be saved in the storage area (storage) of the permission smart contract. Changes to permission information will result in changes to the contract storage area, resulting in changes to the State Trie, resulting in changes to the hash of the block. In this embodiment, the state tree can be used as verification information of permissions. Due to the adoption of the smart contract, external users can directly call the interface in the smart contract to query the permission information. It is exactly the same as the ordinary smart contract query method, so I won't repeat it here. The following two methods can be used to obtain permission information inside the blockchain to control operations.

第一:在区块链内部模拟call的执行,调用智能合约接口得到权限值。First: Simulate the execution of the call inside the blockchain, and call the smart contract interface to obtain the authority value.

第二:模拟智能合约的执行,直接从数据库中获取权限值。Second: Simulate the execution of the smart contract and obtain the authority value directly from the database.

S120、若发起者具有权限变更权限,则将变更权限用户的每个需变更权限的权限值修改为对应的变更权限值,并将执行后的权限变更交易记录到区块中。S120. If the initiator has permission to change the permission, modify the permission value of each permission change user who needs to change permission to the corresponding permission change value, and record the permission change transaction after execution in the block.

具体的,此时若发起者不具有权限变更权限,则权限变更交易失败,为了完整记录权限修改的过程,此时也需要将该权限变更交易记录到区块中。进一步若发起者具有权限变更权限,则将变更权限用户的每个需变更权限的权限值修改为对应的变更权限值,无论修改是否成功均将执行后的权限变更交易记录到区块中。Specifically, if the initiator does not have permission to change permissions at this time, the permission change transaction will fail. In order to completely record the process of permission modification, it is also necessary to record the permission change transaction in the block at this time. Further, if the initiator has permission to change the permission, the permission value of each permission change user who needs to change permission is modified to the corresponding permission change value, and the executed permission change transaction is recorded in the block no matter whether the modification is successful or not.

这两种方式中执行交易的方式也不同。第一种,先从临时区块中获取校验信息,并以其为根构建MPT树。将变更后的权限信息更新到MPT树。获取更新后的MPT树的根,作为区块的新的权限校验信息。第二种,直接调用智能合约接口执行该交易即可,智能合约执行之后会自动更新区块中的校验信息。The way transactions are executed in these two methods is also different. The first method is to first obtain the verification information from the temporary block, and use it as the root to build an MPT tree. Update the changed permission information to the MPT tree. Obtain the root of the updated MPT tree as the new permission verification information of the block. The second is to directly call the smart contract interface to execute the transaction. After the smart contract is executed, the verification information in the block will be automatically updated.

无论哪种情况下都可以产生回执,使得发起者可以通过回执的具体内容判断出权限变更交易的具体执行情况。In any case, a receipt can be generated, so that the initiator can judge the specific execution of the authority change transaction through the specific content of the receipt.

S130、对区块中的交易进行共识,当共识通过后区块中对应的权限变更交易生效。S130. Consensus is carried out on the transactions in the block, and the corresponding authority change transaction in the block takes effect after the consensus is passed.

具体的,本实施例为了保证权限变更的合法性和有效性,权限交易需要在全网达成共识后,才会记录到区块链中,所做的权限变更才会生效。即可以理解为步骤S130是区块链在共识的过程,其中包括了对权限信息的变化进行校验的过程。本实施例并不限定全网共识通过的具体条件。例如可以是全网超过三分之二的用户共识通过即认为该权限变更交易实现了全网共识。此时共识通过后区块中对应的权限变更交易生效。即可选的,对区块中的交易进行共识,当共识通过后区块中对应的权限变更交易生效可以包括:Specifically, in order to ensure the legitimacy and effectiveness of permission changes in this embodiment, permission transactions need to be recorded in the blockchain only after the entire network reaches a consensus, and the permission changes will take effect. That is, it can be understood that step S130 is the consensus process of the blockchain, which includes the process of verifying changes in permission information. This embodiment does not limit the specific conditions for passing the consensus of the whole network. For example, if more than two-thirds of the user consensus of the entire network is passed, it is considered that the authority change transaction has achieved the consensus of the entire network. At this time, after the consensus is passed, the corresponding permission change transaction in the block will take effect. That is, it is optional to carry out a consensus on the transactions in the block. When the consensus is passed, the corresponding authority change transaction in the block will take effect, which can include:

接收到区块时,提取区块中的全部交易;When a block is received, extract all transactions in the block;

在接收到的区块的父区块的基础上构建临时区块,并在临时区块中依次执行各交易;Construct a temporary block based on the parent block of the received block, and execute each transaction in sequence in the temporary block;

当全部交易执行完成后,判断临时区块中的权限校验信息是否与接收到的区块中的权限校验信息一致;When all transactions are executed, it is judged whether the permission verification information in the temporary block is consistent with the permission verification information in the received block;

若一致,则所述区块中的交易校验通过,并进行共识,当所述共识通过,所述区块中对应的权限变更交易生效。If they are consistent, the transaction verification in the block is passed, and a consensus is carried out, and when the consensus is passed, the corresponding authority change transaction in the block takes effect.

其中,在临时区块中依次执行各交易的具体执行形式,即权限变更交易的执行方式根据权限获取形式的不同而有所不同。例如当利用MPT树形式获取权限信息时,对应的权限变更交易的执行方式为:先从临时区块中获取校验信息并以其为根构建MPT树。将变更后的权限信息更新到MPT树。获取更新后的MPT树的根,作为区块的新的权限校验信息。当利用智能合约接口形式获取权限信息时,对应的权限变更交易的执行方式为:直接调用智能合约接口执行该交易即可,智能合约执行之后会自动更新区块中的校验信息。Among them, the specific execution form of each transaction is executed sequentially in the temporary block, that is, the execution method of the permission change transaction is different according to the different permission acquisition forms. For example, when permission information is obtained in the form of an MPT tree, the execution method of the corresponding permission change transaction is: first obtain the verification information from the temporary block and use it as the root to build the MPT tree. Update the changed permission information to the MPT tree. Obtain the root of the updated MPT tree as the new permission verification information of the block. When using the smart contract interface to obtain permission information, the execution method of the corresponding permission change transaction is: directly call the smart contract interface to execute the transaction, and the verification information in the block will be automatically updated after the smart contract is executed.

其中,本实施例中并不对共识通过的条件进行限定,具体条件因所使用的共识算法而异。Wherein, in this embodiment, the conditions for passing the consensus are not limited, and the specific conditions vary according to the consensus algorithm used.

具体的,此时区块中的全部交易包括权限变更交易也包括普通交易,即对权限信息更改的验证通常与普通交易的验证同时进行。每个区块链用户都会执行上述验证过程,当共识过程完成且结果正确时,区块中对应的权限变更交易生效。本实施例并不对共识过程所使用的具体算法进行限定。Specifically, all transactions in the block at this time include authority change transactions and ordinary transactions, that is, the verification of authority information changes is usually performed at the same time as the verification of ordinary transactions. Each blockchain user will perform the above verification process. When the consensus process is completed and the result is correct, the corresponding permission change transaction in the block will take effect. This embodiment does not limit the specific algorithm used in the consensus process.

基于上述技术方案,本发明实施例提供的区块链权限管理方法将权限管理深度集成在区块链中。区块链提供权限的操作接口,包括增、删、改、查等。每一次对权限进行的操作,均需要全网达成共识才会生效,共识及生效的过程无需人工干预。每一次操作均会记录在区块链中,便于审计。权限信息以及操作的历史记录通过密码学的手段进行保护,无法被恶意篡改。由于深度集成在区块链中,本方案在实施的过程中,能够对区块链中的权限进行全方位的配置,不仅限于智能合约层面,也不需要借助外部设施。Based on the above technical solution, the block chain rights management method provided by the embodiment of the present invention deeply integrates the rights management into the block chain. The blockchain provides an operation interface for permissions, including adding, deleting, modifying, and checking. Every operation on permissions requires a consensus on the entire network to take effect, and the process of consensus and entry into force does not require manual intervention. Every operation will be recorded in the blockchain for easy auditing. Permission information and historical records of operations are protected by cryptography and cannot be tampered with maliciously. Due to the deep integration in the blockchain, this solution can fully configure the permissions in the blockchain during the implementation process, not limited to the level of smart contracts, and does not require external facilities.

在区块链运行的过程中,每当遇到需要判断权限的场景时,无论发起者是通过什么形式发起的交易(例如通过智能合约接口发起的交易),无论该交易中涉及到什么种类的权限,都会对发起者是否具有该操作的权限进行验证,仅当发起者具有该种权限时,才会允许其执行对应的操作。甚至用户可能没有发起交易,只是发了一个普通的请求。例如当用户通过智能合约接口发起的交易时,会判断部署智能合约交易中的发起者是否具有部署智能合约的权限。因此,基于上述任意实施例,该方法还可以包括:During the operation of the blockchain, whenever a scene that requires judging permissions is encountered, no matter what form the initiator initiates the transaction (such as a transaction initiated through a smart contract interface), no matter what type of transaction is involved in the transaction Permission will verify whether the initiator has the permission of the operation, and only if the initiator has the permission, it will be allowed to perform the corresponding operation. Even the user may not have initiated a transaction, but just sent a normal request. For example, when a user initiates a transaction through the smart contract interface, it will be judged whether the initiator in the deployment smart contract transaction has the authority to deploy the smart contract. Therefore, based on any of the above embodiments, the method may further include:

识别用户发送的操作;Identify actions sent by users;

判断所述操作的发起者是否具执行所述操作的权限;Determine whether the initiator of the operation has the authority to perform the operation;

若所述操作的发起者具有执行所述操作的权限,则执行所述操作。If the initiator of the operation has the authority to execute the operation, execute the operation.

基于上述技术方案,本发明实施例提供的区块链权限管理方法不仅能够将将权限管理深度集成在区块链中,能够对区块链中的权限进行全方位的配置,不仅限于智能合约层面,也不需要借助外部设施。还能够对区块链中各种形式的操作的权限进行验证,保证操作的可靠性。Based on the above technical solution, the blockchain authority management method provided by the embodiment of the present invention can not only deeply integrate the authority management into the blockchain, but also can perform all-round configuration of the authority in the blockchain, not limited to the smart contract level , without the need for external facilities. It can also verify the permissions of various forms of operations in the blockchain to ensure the reliability of operations.

下面对本发明实施例提供的区块链权限管理系统进行介绍,下文描述的区块链权限管理系统与上文描述的区块链权限管理方法可相互对应参照。The following is an introduction to the blockchain authority management system provided by the embodiment of the present invention. The blockchain authority management system described below and the blockchain authority management method described above can be referred to each other.

请参考图2,图2为本发明实施例所提供的区块链权限管理系统的结构框图;该系统可以包括:Please refer to Fig. 2, Fig. 2 is a structural block diagram of the blockchain rights management system provided by the embodiment of the present invention; the system may include:

识别模块100,用于识别用户发送的权限变更交易;其中,权限变更交易的内容包括发起者、变更权限用户、需变更权限以及对应的变更权限值;The identification module 100 is used to identify the authority change transaction sent by the user; wherein, the content of the authority change transaction includes the initiator, the user who changes the authority, the authority to be changed, and the corresponding change authority value;

判断模块200,用于判断权限变更交易中的发起者是否具有权限变更权限;Judging module 200, used to judge whether the initiator in the authority change transaction has authority change authority;

权限变更执行模块300,用于若发起者具有权限变更权限,则将变更权限用户的每个需变更权限的权限值修改为对应的变更权限值,并将执行后的权限变更交易记录到区块中;The permission change execution module 300 is used to modify the permission value of each permission change user who needs to change permission to the corresponding change permission value if the initiator has permission change permission, and record the permission change transaction after execution to the block middle;

共识模块400,用于对区块中的交易进行共识,当共识通过后区块中对应的权限变更交易生效。The consensus module 400 is used to carry out consensus on the transactions in the block, and when the consensus is passed, the corresponding authority change transaction in the block takes effect.

基于上述实施例,判断模块200可以包括:Based on the above-mentioned embodiments, the judging module 200 may include:

权限读取单元,用于从区块链中获取最新区块;The permission reading unit is used to obtain the latest block from the blockchain;

校验信息获取单元,用于从最新区块中获取校验信息作为MPT树的根;The verification information acquisition unit is used to obtain the verification information from the latest block as the root of the MPT tree;

第一权限信息获取单元,用于利用所述MPT树的根构造MPT树,并从所述MPT树中获取所述发起者对应的权限信息;A first authority information acquisition unit, configured to use the root of the MPT tree to construct an MPT tree, and acquire authority information corresponding to the initiator from the MPT tree;

第一判断单元,用于根据权限信息判断权限变更交易中的发起者是否具有权限变更权限。The first judging unit is configured to judge whether the initiator in the authority change transaction has the authority to change according to the authority information.

基于上述实施例,判断模块200可以包括:Based on the above-mentioned embodiments, the judging module 200 may include:

第二权限信息获取单元,用于调用智能合约接口从数据库中获取发起者对应的权限信息;The second permission information acquisition unit is used to call the smart contract interface to obtain the permission information corresponding to the initiator from the database;

第二判断单元,用于根据权限信息判断权限变更交易中的发起者是否具有权限变更权限。The second judging unit is configured to judge whether the initiator in the authority change transaction has the authority to change according to the authority information.

基于上述任意实施例,识别模块100可以包括:Based on any of the above embodiments, the identification module 100 may include:

接收单元,用于接收用户发送的交易;The receiving unit is used to receive the transaction sent by the user;

标识判断单元,用于判断交易是否具有权限变更交易设定标识;An identification judging unit, configured to determine whether the transaction has an authority change transaction setting identification;

识别单元,用于若具有权限变更交易设定标识,则确定交易为权限变更交易。The identification unit is configured to determine that the transaction is an authority change transaction if it has an authority change transaction setting flag.

基于上述任意实施例,该系统还可以包括:Based on any of the above embodiments, the system may also include:

操作识别模块,用于识别用户发送的操作;An operation identification module, used to identify the operation sent by the user;

操作权限判断模块,用于判断所述操作的发起者是否具执行所述操作的权限;An operation authority judging module, configured to determine whether the initiator of the operation has the authority to perform the operation;

操作执行模块,用于若所述操作的发起者具有执行所述操作的权限,则执行所述操作。An operation executing module, configured to execute the operation if the initiator of the operation has the authority to execute the operation.

说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in the description is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for the related information, please refer to the description of the method part.

专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

以上对本发明所提供的一种区块链权限管理方法及系统进行了详细介绍。本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。The above has introduced in detail a blockchain rights management method and system provided by the present invention. In this paper, specific examples are used to illustrate the principle and implementation of the present invention, and the descriptions of the above embodiments are only used to help understand the method and core idea of the present invention. It should be pointed out that for those skilled in the art, without departing from the principles of the present invention, some improvements and modifications can be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.

Claims (9)

1.一种区块链权限管理方法,其特征在于,所述方法包括:1. A block chain authority management method, is characterized in that, described method comprises: 识别用户发送的权限变更交易;其中,所述权限变更交易的内容包括发起者、变更权限用户、需变更权限以及对应的变更权限值;且所述权限变更交易与区块链中普通交易类似;涉及的权限包括权限管理、部署合约、发送普通交易;通过智能合约接口发送所述权限变更交易;Identify the authority change transaction sent by the user; wherein, the content of the authority change transaction includes the initiator, the user who needs to change the authority, the authority to be changed, and the corresponding change authority value; and the authority change transaction is similar to ordinary transactions in the blockchain; The involved permissions include authority management, deploying contracts, and sending ordinary transactions; sending the authority change transactions through the smart contract interface; 判断所述权限变更交易中的所述发起者是否具有权限变更权限;judging whether the initiator in the authority change transaction has authority change authority; 若所述发起者具有权限变更权限,则将所述变更权限用户的每个需变更权限的权限值修改为对应的变更权限值,并将执行后的所述权限变更交易记录到区块中;利用所述智能合约接口进行权限的自动化配置;If the initiator has permission to change the permission, modify the permission value of each permission change user who needs to change permission to the corresponding permission change value, and record the permission change transaction after execution into the block; Use the smart contract interface to automate the configuration of permissions; 对所述区块中的交易进行共识,当所述共识通过后所述区块中对应的权限变更交易生效;Consensus is carried out on the transactions in the block, and the corresponding permission change transaction in the block takes effect after the consensus is passed; 还包括:Also includes: 识别用户发送的操作;Identify actions sent by users; 通过直接或模拟调用所述智能合约接口判断所述操作的发起者是否具执行所述操作的权限;其中,直接调用是指在区块链内部模拟call的执行,调用智能合约接口得到权限值,模拟调用是指模拟智能合约的执行,直接从数据库中获取权限值;Determine whether the initiator of the operation has the authority to perform the operation by directly or simulated calling the smart contract interface; wherein, direct calling refers to simulating the execution of the call inside the blockchain, calling the smart contract interface to obtain the authority value, Simulated calling refers to simulating the execution of the smart contract and obtaining the authority value directly from the database; 若所述操作的发起者具有执行所述操作的权限,则执行所述操作。If the initiator of the operation has the authority to execute the operation, execute the operation. 2.根据权利要求1所述的方法,其特征在于,所述判断所述权限变更交易中的所述发起者是否具有权限变更权限,包括:2. The method according to claim 1, wherein the judging whether the initiator in the authority change transaction has authority to change comprises: 从区块链中获取最新区块,并从所述最新区块中获取校验信息作为MPT树的根;Obtain the latest block from the blockchain, and obtain verification information from the latest block as the root of the MPT tree; 利用所述MPT树的根构造MPT树,并从所述MPT树中获取所述发起者对应的权限信息;Constructing an MPT tree by using the root of the MPT tree, and obtaining permission information corresponding to the initiator from the MPT tree; 根据所述权限信息判断所述权限变更交易中的所述发起者是否具有权限变更权限。It is judged according to the authority information whether the initiator in the authority change transaction has the authority to change the authority. 3.根据权利要求1所述的方法,其特征在于,所述判断所述权限变更交易中的所述发起者是否具有权限变更权限,包括:3. The method according to claim 1, wherein the judging whether the initiator in the authority change transaction has authority to change comprises: 调用智能合约接口从数据库中获取所述发起者对应的权限信息;Call the smart contract interface to obtain the permission information corresponding to the initiator from the database; 根据所述权限信息判断所述权限变更交易中的所述发起者是否具有权限变更权限。It is judged according to the authority information whether the initiator in the authority change transaction has the authority to change the authority. 4.根据权利要求1所述的方法,其特征在于,所述对区块中的交易进行共识,当所述共识通过后所述区块中对应的权限变更交易生效,包括:4. The method according to claim 1, wherein the consensus on the transactions in the block is carried out, and when the consensus is passed, the corresponding permission change transaction in the block takes effect, including: 接收到所述区块时,提取所述区块中的全部交易;When the block is received, extract all transactions in the block; 在接收到的所述区块的父区块的基础上构建临时区块,并在所述临时区块中依次执行各所述交易;Constructing a temporary block on the basis of the received parent block of the block, and sequentially executing each of the transactions in the temporary block; 当全部所述交易执行完成后,判断所述临时区块中的权限校验信息是否与接收到的所述区块中的权限校验信息一致;After all the transactions are executed, it is judged whether the permission verification information in the temporary block is consistent with the received permission verification information in the block; 若一致,则所述区块中的交易校验通过,并进行共识,当所述共识通过,所述区块中对应的权限变更交易生效。If they are consistent, the transaction verification in the block is passed, and a consensus is carried out, and when the consensus is passed, the corresponding authority change transaction in the block takes effect. 5.根据权利要求4所述的方法,其特征在于,所述识别用户发送的权限变更交易,包括:5. The method according to claim 4, wherein the identifying the authority change transaction sent by the user comprises: 接收用户发送的交易;Receive transactions sent by users; 判断所述交易是否具有权限变更交易设定标识;Judging whether the transaction has an authority change transaction setting identifier; 若具有,则确定所述交易为权限变更交易。If so, determine that the transaction is a permission change transaction. 6.根据权利要求1-5任一项所述的方法,其特征在于,区块链中权限保存的方式,包括:6. The method according to any one of claims 1-5, characterized in that, the way of saving rights in the blockchain includes: 利用数据摘要算法对每个权限信息进行处理,生成每个所述权限信息对应的校验信息;Processing each authority information by using a data digest algorithm to generate verification information corresponding to each authority information; 在区块结构中增加所述校验信息的关键字段,用于记录每个区块对应的权限信息。A key field of the verification information is added in the block structure to record the permission information corresponding to each block. 7.一种区块链权限管理系统,其特征在于,所述系统包括:7. A blockchain authority management system, characterized in that the system comprises: 识别模块,用于识别用户发送的权限变更交易;其中,所述权限变更交易的内容包括发起者、变更权限用户、需变更权限以及对应的变更权限值;且所述权限变更交易与区块链中普通交易类似;涉及的权限包括权限管理、部署合约、发送普通交易;通过智能合约接口发送所述权限变更交易;The identification module is used to identify the authority change transaction sent by the user; wherein, the content of the authority change transaction includes the initiator, the user who needs to change the authority, the authority to be changed, and the corresponding change authority value; and the authority change transaction is related to the block chain Similar to ordinary transactions; the involved permissions include authority management, contract deployment, and sending ordinary transactions; sending the authority change transactions through the smart contract interface; 判断模块,用于判断所述权限变更交易中的所述发起者是否具有权限变更权限;A judging module, configured to judge whether the initiator in the authority change transaction has authority change authority; 权限变更执行模块,用于若所述发起者具有权限变更权限,则将所述变更权限用户的每个需变更权限的权限值修改为对应的变更权限值,并将执行后的所述权限变更交易记录到区块中;利用所述智能合约接口进行权限的自动化配置;A permission change execution module, configured to modify the permission value of each user whose permission needs to be changed to a corresponding permission value if the initiator has permission to change the permission, and change the permission after execution The transaction is recorded in the block; the automatic configuration of permissions is performed using the smart contract interface; 共识模块,用于对所述区块中的交易进行共识,当所述共识通过后所述区块中对应的权限变更交易生效;A consensus module, configured to perform consensus on transactions in the block, and when the consensus is passed, the corresponding authority change transaction in the block takes effect; 还包括:Also includes: 操作识别模块,用于识别用户发送的操作;An operation identification module, used to identify the operation sent by the user; 操作权限判断模块,用于通过直接或模拟调用所述智能合约接口判断所述操作的发起者是否具执行所述操作的权限;其中,直接调用是指在区块链内部模拟call的执行,调用智能合约接口得到权限值,模拟调用是指模拟智能合约的执行,直接从数据库中获取权限值;The operation authority judging module is used to judge whether the initiator of the operation has the authority to perform the operation by directly or simulated calling the smart contract interface; wherein, the direct call refers to the execution of the simulated call inside the block chain, and the call The smart contract interface gets the permission value, and the simulated call refers to simulating the execution of the smart contract, directly obtaining the permission value from the database; 操作执行模块,用于若所述操作的发起者具有执行所述操作的权限,则执行所述操作。An operation executing module, configured to execute the operation if the initiator of the operation has the authority to execute the operation. 8.根据权利要求7所述的系统,其特征在于,所述判断模块,包括:8. The system according to claim 7, wherein the judging module comprises: 权限读取单元,用于从区块链中获取最新区块;The permission reading unit is used to obtain the latest block from the blockchain; 校验信息获取单元,用于从所述最新区块中获取校验信息作为MPT树的根;A verification information acquisition unit, configured to obtain verification information from the latest block as the root of the MPT tree; 第一权限信息获取单元,用于利用所述MPT树的根构造MPT树,并从所述MPT树中获取所述发起者对应的权限信息;A first authority information acquisition unit, configured to use the root of the MPT tree to construct an MPT tree, and acquire authority information corresponding to the initiator from the MPT tree; 第一判断单元,用于根据所述权限信息判断所述权限变更交易中的所述发起者是否具有权限变更权限。A first judging unit, configured to judge whether the initiator in the authority change transaction has authority change authority according to the authority information. 9.根据权利要求7所述的系统,其特征在于,所述判断模块,包括:9. The system according to claim 7, wherein the judging module comprises: 第二权限信息获取单元,用于调用智能合约接口从数据库中获取所述发起者对应的权限信息;The second permission information acquisition unit is used to call the smart contract interface to obtain the permission information corresponding to the initiator from the database; 第二判断单元,用于根据所述权限信息判断所述权限变更交易中的所述发起者是否具有权限变更权限。A second judging unit, configured to judge whether the initiator in the authority change transaction has authority change authority according to the authority information.
CN201711193847.6A 2017-11-24 2017-11-24 A blockchain rights management method and system Active CN107911373B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711193847.6A CN107911373B (en) 2017-11-24 2017-11-24 A blockchain rights management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711193847.6A CN107911373B (en) 2017-11-24 2017-11-24 A blockchain rights management method and system

Publications (2)

Publication Number Publication Date
CN107911373A CN107911373A (en) 2018-04-13
CN107911373B true CN107911373B (en) 2019-09-06

Family

ID=61848018

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711193847.6A Active CN107911373B (en) 2017-11-24 2017-11-24 A blockchain rights management method and system

Country Status (1)

Country Link
CN (1) CN107911373B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11599668B2 (en) 2018-05-29 2023-03-07 Oracle International Corporation Securing access to confidential data using a blockchain ledger

Families Citing this family (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712423A (en) * 2018-05-18 2018-10-26 北京三六五八网络科技有限公司 Right management method and device
CN108846755A (en) * 2018-06-22 2018-11-20 中链科技有限公司 A kind of right management method and device based on intelligent contract
CN109003185B (en) * 2018-06-29 2022-03-22 中国银联股份有限公司 Intelligent contract establishing method and device, computing equipment and storage medium
CN113408009B (en) * 2018-07-05 2022-12-06 腾讯科技(深圳)有限公司 Data processing method, device, equipment and medium
CN109002729B (en) * 2018-07-09 2021-11-23 福建省农村信用社联合社 Client privacy data management method based on financial block chain
CN109102261A (en) * 2018-08-02 2018-12-28 刘卓 Based on the encryption currency for matching the decentralization for winning banknote, safety, power saving
CN109345251A (en) * 2018-08-24 2019-02-15 深圳壹账通智能科技有限公司 Negotiable block chain method of commerce, device, equipment and storage medium
CN109286616B (en) * 2018-09-10 2021-04-16 湖南智慧政务区块链科技有限公司 Permission verification method and device based on block chain technology
CN109391617B (en) * 2018-10-15 2021-01-12 天津理工大学 Block chain-based network equipment configuration management method and client
CN109508561A (en) * 2018-10-18 2019-03-22 中钞信用卡产业发展有限公司杭州区块链技术研究院 Block chain network and right management method
CN110046522A (en) * 2018-11-28 2019-07-23 阿里巴巴集团控股有限公司 Method for processing business and device, electronic equipment based on block chain
CN110032846B (en) * 2018-11-30 2021-11-02 创新先进技术有限公司 Method and device for preventing misuse of identity data, and electronic equipment
CN109711838B (en) * 2018-12-06 2020-12-29 杭州秘猿科技有限公司 System function management method, system and equipment in block chain
CN109885612B (en) * 2018-12-26 2021-04-20 联动优势科技有限公司 Synchronous validation method and device for intelligent contracts of block chains
CN110008665B (en) * 2019-03-05 2024-02-06 深圳前海微众银行股份有限公司 Authority control method and device for blockchain
CN110011978B (en) 2019-03-08 2021-02-12 创新先进技术有限公司 Method, system, device and computer equipment for modifying block chain network configuration
CN110049111A (en) * 2019-03-27 2019-07-23 厦门大学 A kind of industrial control system teleinstruction control method based on block chain technology
CN110598394B (en) * 2019-03-28 2021-12-21 腾讯科技(深圳)有限公司 Authority verification method and device and storage medium
CN110135190B (en) * 2019-04-29 2023-05-05 深圳市元征科技股份有限公司 Data management method, server and computer storage medium
CN110071813B (en) * 2019-04-30 2021-10-01 杭州复杂美科技有限公司 Account permission changing method and system, account platform and user terminal
CN110049066B (en) * 2019-05-23 2020-05-26 中国科学院软件研究所 A Resource Access Authorization Method Based on Digital Signature and Blockchain
CN110290111B (en) * 2019-05-29 2022-11-04 达闼机器人股份有限公司 Operation authority management method, device, block chain node, and storage medium
CN110290144B (en) * 2019-07-01 2022-02-25 深圳市元征科技股份有限公司 User authority information updating method, system, storage medium and electronic equipment
CN110503552A (en) * 2019-08-13 2019-11-26 安徽科技学院 A kind of block chain financial payments management method and system
CN110717172B (en) * 2019-09-25 2021-04-27 蚂蚁区块链科技(上海)有限公司 Permission transfer method, device and equipment in block chain type account book
CN110888935A (en) * 2019-11-12 2020-03-17 北京芯际科技有限公司 Data transaction method based on block chain
CN110807188A (en) * 2019-11-12 2020-02-18 北京芯际科技有限公司 Authority management method and system based on block chain
CN110992027B (en) * 2019-11-29 2022-02-25 支付宝(杭州)信息技术有限公司 Efficient transaction method and device for realizing privacy protection in block chain
CN111046055A (en) * 2019-12-11 2020-04-21 杭州趣链科技有限公司 A method, device and storage medium for changing the global configuration of a blockchain
CN113744852B (en) * 2020-05-28 2024-01-30 陕西尚品信息科技有限公司 Medical data management system, method, server and client device
CN111385103B (en) * 2020-05-29 2020-09-25 腾讯科技(深圳)有限公司 Authority processing method, system and device and electronic equipment
CN112487484A (en) * 2020-12-15 2021-03-12 深圳壹账通智能科技有限公司 Dynamic configuration method and device for node permission in block chain network
CN113988849B (en) * 2021-11-02 2024-05-17 山东大学 System and method for modifying traceable modifiable blockchain

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105488431A (en) * 2015-11-30 2016-04-13 布比(北京)网络技术有限公司 Authority management method and device for block chain system
CN105976232A (en) * 2016-06-24 2016-09-28 深圳前海微众银行股份有限公司 Asset transaction method and device
CN106250721A (en) * 2016-07-28 2016-12-21 杭州云象网络技术有限公司 A kind of electronic copyright protection method based on block chain
CN106534085A (en) * 2016-10-25 2017-03-22 杭州云象网络技术有限公司 Privacy protection method based on block chain technology
CN106796685A (en) * 2016-12-30 2017-05-31 深圳前海达闼云端智能科技有限公司 Block chain authority control method and device and node equipment
CN106796688A (en) * 2016-12-26 2017-05-31 深圳前海达闼云端智能科技有限公司 Permission control method, device and system of block chain and node equipment
CN106992990A (en) * 2017-05-19 2017-07-28 北京牛链科技有限公司 Data sharing method and system and block catenary system and computing device
CN107018125A (en) * 2017-02-17 2017-08-04 阿里巴巴集团控股有限公司 A kind of block catenary system, date storage method and device
CN107273760A (en) * 2017-06-09 2017-10-20 济南浪潮高新科技投资发展有限公司 One kind is based on many CA application authentication methods of block chain
CN107332701A (en) * 2017-06-26 2017-11-07 中国人民银行数字货币研究所 The method and system of management node

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105488431A (en) * 2015-11-30 2016-04-13 布比(北京)网络技术有限公司 Authority management method and device for block chain system
CN105976232A (en) * 2016-06-24 2016-09-28 深圳前海微众银行股份有限公司 Asset transaction method and device
CN106250721A (en) * 2016-07-28 2016-12-21 杭州云象网络技术有限公司 A kind of electronic copyright protection method based on block chain
CN106534085A (en) * 2016-10-25 2017-03-22 杭州云象网络技术有限公司 Privacy protection method based on block chain technology
CN106796688A (en) * 2016-12-26 2017-05-31 深圳前海达闼云端智能科技有限公司 Permission control method, device and system of block chain and node equipment
CN106796685A (en) * 2016-12-30 2017-05-31 深圳前海达闼云端智能科技有限公司 Block chain authority control method and device and node equipment
CN107018125A (en) * 2017-02-17 2017-08-04 阿里巴巴集团控股有限公司 A kind of block catenary system, date storage method and device
CN106992990A (en) * 2017-05-19 2017-07-28 北京牛链科技有限公司 Data sharing method and system and block catenary system and computing device
CN107273760A (en) * 2017-06-09 2017-10-20 济南浪潮高新科技投资发展有限公司 One kind is based on many CA application authentication methods of block chain
CN107332701A (en) * 2017-06-26 2017-11-07 中国人民银行数字货币研究所 The method and system of management node

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11599668B2 (en) 2018-05-29 2023-03-07 Oracle International Corporation Securing access to confidential data using a blockchain ledger
US12045372B2 (en) 2018-05-29 2024-07-23 Oracle International Corporation Securing access to confidential data using a blockchain ledger

Also Published As

Publication number Publication date
CN107911373A (en) 2018-04-13

Similar Documents

Publication Publication Date Title
CN107911373B (en) A blockchain rights management method and system
US20250021971A1 (en) Systems and methods for avoiding or reducing cryptographically stranded resources on a blockchain network
CN106878000B (en) A Consortium Chain Consensus Method and System
TWI727594B (en) Signature verification method, system, device and equipment in block chain ledger
CN110800254B (en) Systems and methods for generating digital tokens
JP2020511017A (en) System and method for implementing blockchain-based digital certificates
CN115811412B (en) Communication method and device, SIM card, electronic equipment and terminal equipment
CN107483509A (en) A kind of auth method, server and readable storage medium storing program for executing
CN110546604A (en) Secure blockchain transactions based on undetermined data
CN110771120A (en) System and method for blockchain based authentication
CN108830602A (en) A kind of license chain construction and management-control method based on chameleon hash function
CN110851877B (en) Data processing method and device, block chain node equipment and storage medium
CN109388957B (en) Block chain-based information transfer method, device, medium and electronic equipment
CN109447809B (en) Video active identification method combined with block chain
CN113469811B (en) Blockchain transaction processing method and device
CN109388923B (en) A program execution method and device
CN111885057A (en) Message middleware access method, device, equipment and storage medium
CN111177171A (en) Service data authentication and management method and system based on block chain
CN111552985B (en) Information verification method and device
CN110535663B (en) Method and system for realizing trusted timestamp service based on block chain
CN117333178A (en) Data processing method and device based on block chain and related equipment
CN112926956A (en) Block chain financial payment management method and system
CN117040930B (en) Resource processing method, device, product, equipment and medium of block chain network
CN110503552A (en) A kind of block chain financial payments management method and system
CN117061089B (en) Voting management method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: Hangzhou City, Zhejiang province 310013 Xihu District Lingyin ad tower Room 903

Patentee after: Zhongchao Digital Information Technology (Beijing) Co., Ltd. Hangzhou Blockchain Technology Research Institute

Country or region after: China

Address before: Hangzhou City, Zhejiang province 310013 Xihu District Lingyin ad tower Room 903

Patentee before: ZHONGCHAO CREDITCARD INDUSTRY DEVELOPMENT CO., LTD. HANGZHOU BLOCKCHAIN TECHNOLOGY Research Institute

Country or region before: China