CN114547704B

CN114547704B - Data processing method and device based on distributed account book

Info

Publication number: CN114547704B
Application number: CN202210457226.9A
Authority: CN
Inventors: 童世红; 胡慧潘
Original assignee: Hundsun Technologies Inc
Current assignee: Hundsun Technologies Inc
Priority date: 2022-04-28
Filing date: 2022-04-28
Publication date: 2022-08-02
Anticipated expiration: 2042-04-28
Also published as: CN114547704A

Abstract

An embodiment of the present specification provides a data processing method based on a distributed ledger, including: determining a target member role matched with a target member node in preset member roles according to attribute information of the target member node in the distributed account book, wherein the target member node is one of at least two member nodes in the distributed account book, determining a target role attribute value corresponding to the target member node based on a role attribute value corresponding to the target member role, and adding the target role attribute value to the target member node. Role addition is carried out on each member node through adding role attributes and target role attribute values for each member node in the distributed account book, so that each member node in the distributed account book can have different member roles based on the attribute information of the member node, authority control and endorsement verification can be carried out subsequently according to the roles of the member nodes, and usability and safety of the distributed account book are improved.

Description

Data processing method and device based on distributed account book

Technical Field

The embodiment of the specification relates to the technical field of computers, in particular to a data processing method based on a distributed account book.

Background

HyperLegger Fabric is an open-source enterprise-level license distributed ledger technology platform initiated by the Linux foundation and designed for use in an enterprise environment. Fabric has a highly modular and configurable architecture that provides innovativeness, diversity, and optimization for businesses in various industries, including banking, finance, insurance, healthcare, human resources, supply chains, and even digital music distribution, among others.

Distributed accounts developed based on HyperLegger Fabric all face the problems that configuration modification (organization adding, channel strategy modification and the like), chain code installation and the like can be operated only by the cooperation of all organizations. However, for a federation chain, the plurality of member nodes in the chain may not be perfectly equal, i.e., different member nodes may have different administrative rights. In this case, when configuration modification is required, if none of the configuration modification processes helps in cooperative operation, more time is required for information interaction between member nodes, and the probability of error occurrence is increased. Therefore, an effective method is needed to solve such problems.

Disclosure of Invention

In view of this, the embodiments of the present specification provide a data processing method based on a distributed ledger. One or more embodiments of the present specification relate to a data processing apparatus, a computing device, a computer-readable storage medium, and a computer program based on a distributed ledger, so as to solve the technical defects in the prior art.

According to a first aspect of embodiments of the present specification, there is provided a data processing method based on a distributed ledger, including:

determining a target member role matched with a target member node in preset member roles according to attribute information of the target member node in a distributed account book, wherein the target member node is one of at least two member nodes in the distributed account book;

determining a target role attribute value corresponding to the target member node based on the role attribute value corresponding to the target member role;

adding the target role attribute value to the target member node.

Optionally, the adding the target role attribute value to the target member node includes:

and taking the target role attribute value as a key value of the target member node, and adding the target role attribute value to a configuration information storage structure of the distributed account book, wherein the attribute information of the at least two member nodes is stored in the configuration information storage structure in a key value pair mode.

Optionally, the data processing method based on the distributed ledger further includes:

and creating member roles, and determining role attribute values corresponding to the member roles.

Optionally, the determining a target role attribute value corresponding to the target member node based on the role attribute value corresponding to the target member role includes:

and summing the role attribute values respectively corresponding to at least two target member roles to generate a target role attribute value corresponding to the target member node.

and converting the target role attribute value into a target data type, and adding a conversion result as a key value of the target member node to a configuration information storage structure of the distributed account book, wherein the attribute information of the at least two member nodes is stored in the configuration information storage structure in a key value pair mode.

and generating at least one information verification strategy corresponding to the chain code of the distributed account book according to the preset member role.

Optionally, the data processing method based on a distributed ledger further includes:

receiving a modification request submitted by the ledger data of the distributed ledger, wherein the modification request comprises data to be modified;

determining a target information verification strategy corresponding to the data to be modified, and determining voting member nodes meeting preset conditions based on the member role attribute values contained in the target information verification strategy and the target role attribute values respectively corresponding to the member nodes in the distributed account book;

sending a voting request of the data to be modified to the voting member node;

receiving a voting result returned by the voting member node, and verifying the voting result according to the target information verification strategy;

and under the condition that the vote is determined to pass according to the verification result, modifying the ledger data based on the data to be modified to generate a corresponding modification result.

receiving a transaction processing request submitted for a target item;

determining a first item member node related to the target item in the distributed account book, calling a chain code of the distributed account book through the first item member node, executing a transaction processing logic in the chain code, and generating a corresponding transaction processing result.

determining a target information verification strategy corresponding to the target item, and analyzing the target information verification strategy;

determining whether the target information verification strategy contains a role attribute value according to the analysis result;

if yes, determining a second project member node meeting preset conditions according to the role attribute value, the target information verification strategy and a target role attribute value corresponding to each project member node in the distributed account book;

generating a sub-policy set of the target information verification policy based on a target information verification sub-policy of the second project member node;

sending a signature request of the transaction processing result to the second project member node, and verifying the signature result of the second project member node by using the target information verification sub-strategy;

and according to the verification result corresponding to each target information verification sub-strategy in the sub-strategy set, determining the target signature result of the transaction processing result.

and under the condition that the target signature result of the transaction processing result is the number of second item member nodes passing the signature and is larger than or equal to a preset number threshold, calling the chain code of the distributed account book through the first item member node, and executing endorsement logic in the chain code to endorse the transaction processing result.

acquiring a strategy storage structure corresponding to the configuration information storage structure;

and adding the target role attribute value corresponding to the target member node stored in the configuration information structure to the corresponding position of the strategy storage structure according to the position corresponding relationship of the member node in the configuration information storage structure and the strategy storage structure.

According to a second aspect of embodiments of the present specification, there is provided a data processing apparatus based on a distributed ledger, including:

the system comprises a first determining module, a second determining module and a third determining module, wherein the first determining module is configured to determine a target member role matched with a target member node in preset member roles according to attribute information of the target member node in a distributed account book, and the target member node is one of at least two member nodes in the distributed account book;

a second determining module configured to determine a target role attribute value corresponding to the target member node based on the role attribute value corresponding to the target member role;

an adding module configured to add the target role attribute value to the target member node.

According to a third aspect of the embodiments of the present specification, there is provided another data processing method based on a distributed ledger, including:

determining a data modification strategy corresponding to the data to be modified, and determining voting member nodes meeting preset conditions based on role attribute values contained in the data modification strategy and target role attribute values respectively corresponding to the member nodes in the distributed account book;

sending a voting request of the data to be modified to the voting member node;

and receiving a voting result returned by the voting member node, and modifying the ledger data based on the data to be modified under the condition that voting is determined to pass according to the voting result to generate a corresponding modification result.

According to a fourth aspect of the embodiments of the present specification, there is provided another data processing apparatus based on a distributed ledger, including:

the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is configured to receive a modification request submitted by ledger data of a distributed ledger, and the modification request comprises data to be modified;

the determining module is configured to determine a data modification strategy corresponding to the data to be modified, and determine voting member nodes meeting preset conditions based on role attribute values contained in the data modification strategy and target role attribute values respectively corresponding to the member nodes in the distributed account book;

the sending module is configured to send a voting request of the data to be modified to the voting member node;

and the modifying module is configured to receive a voting result returned by the voting member node, modify the ledger data based on the data to be modified under the condition that voting is determined to pass according to the voting result, and generate a corresponding modifying result.

According to a fifth aspect of embodiments herein, there is provided a computing device comprising:

a memory and a processor;

the memory is used for storing computer-executable instructions, and the processor is used for executing the computer-executable instructions to realize any one of the steps of the distributed ledger-based data processing method.

According to a sixth aspect of embodiments herein, there is provided a computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement any one of the steps of the distributed ledger-based data processing method.

According to a seventh aspect of embodiments herein, there is provided a computer program, wherein when the computer program is executed in a computer, the computer is caused to execute the steps of the above-mentioned data processing method based on a distributed ledger.

In an embodiment of the present specification, a target member role matched with a target member node in preset member roles is determined according to attribute information of the target member node in a distributed ledger, where the target member node is one of at least two member nodes in the distributed ledger, a target role attribute value corresponding to the target member node is determined based on a role attribute value corresponding to the target member role, and the target role attribute value is added to the target member node.

In the embodiment of the description, role addition is performed on each member node by adding a role attribute to each member node in the distributed account book and adding a target role attribute value corresponding to the role attribute to each member node, so that each member node in the distributed account book can have different member roles based on the attribute information of the member node, and subsequently, permission control and endorsement verification can be performed according to the roles of the member nodes, thereby being beneficial to improving the availability and the safety of the distributed account book.

Drawings

Fig. 1 is a flowchart of a data processing method based on a distributed ledger according to an embodiment of the present specification;

fig. 2 is a flowchart illustrating a processing procedure of a data processing method based on a distributed ledger according to an embodiment of the present specification;

fig. 3 is a schematic structural diagram of a data processing apparatus based on a distributed ledger according to an embodiment of the present specification;

fig. 4 is a flowchart of another data processing method based on a distributed ledger according to an embodiment of the present specification;

fig. 5 is a schematic structural diagram of another data processing apparatus based on a distributed ledger provided in an embodiment of the present specification;

fig. 6 is a block diagram of a computing device according to an embodiment of the present disclosure.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, as those skilled in the art will be able to make and use the present disclosure without departing from the spirit and scope of the present disclosure.

The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It will be understood that, although the terms first, second, etc. may be used herein in one or more embodiments to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first can also be referred to as a second and, similarly, a second can also be referred to as a first without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

In the present specification, a data processing method based on a distributed ledger is provided, and the present specification relates to a data processing apparatus based on a distributed ledger, a computing device, a computer-readable storage medium, and a computer program, which are described in detail one by one in the following embodiments.

Role-based entitlement control (RBAC) is a fundamental requirement for software security. For a federation chain, the multiple members in the chain are not perfectly equal in the real world, and it is necessary to exercise right control over the respective functions of the different members according to their roles, especially in a federation chain.

The Hyperledger Fabric is created and managed by a Linux foundation and aims to create an enterprise-level and open-source distributed account book framework and a code library.

Fig. 1 shows a flowchart of a data processing method based on a distributed ledger according to an embodiment of the present specification, which specifically includes the following steps.

Step 102, determining a target member role matched with a target member node in preset member roles according to attribute information of the target member node in the distributed account book, wherein the target member node is one of at least two member nodes in the distributed account book.

Specifically, the distributed ledger may be a block chain, specifically, a federation chain, and the distributed ledger is constructed based on Hyperridge Fabric. At least two member nodes in the distributed account book, namely the member nodes joining the same channel; the preset member role is defined or established in advance; and the target member role is one or at least two of the preset member roles.

Since blockchains are generally divided into three types: public chain (Public Block chain), Private chain (Private Block chain) and alliance chain (Consortium Block chain). In addition, there may be various combinations of the above, such as a combination of a private chain and a federation chain, a combination of a federation chain and a public chain, and so on.

The most decentralized degree is the public chain, the next is the private chain, and the alliance chain is between the public chain and the private chain, so that partial decentralized can be realized. Each member node in a federation chain typically has a physical organization or organization corresponding to it; member nodes are authorized to join the network and form a benefit-related alliance, and the operation of the block chain is maintained together.

In a blockchain, a member node is a logical communication entity; the different types of multiple blockchain nodes may run on the same physical server or may run on different physical servers.

For the alliance chain, the blockchain system based on HyperLegendr Fabric is an implementation manner of the alliance chain system.

In HyperLegger Fabric based blockchain systems, the blockchain points can be generally differentiated based on organization. That is, the participants of the HyperLegendr Fabric-based blockchain system may be organizations.

In practice, the organization may be a company, a business, or an association in the real world.

The data storage structure of the blockchain system based on HyperLegendr Fabric can be generally designed into a multi-account book system. To perform data isolation on different distributed ledgers, the Hyperhedger Fabric-based blockchain system may be logically divided into different channels (channels).

The channel can be defined by a block chain account book, a chain code, an organization and a sequencing service node; each channel can be provided with a set of completely independent distributed accounts book and a set of completely independent chain codes; different channels can share the same sequencing service node; the same organization can add different channels through different Peer nodes in the organization; each transaction is performed independently in one of the channels.

Therefore, in the HyperLegger Fabric-based blockchain system, one channel can be considered as one blockchain. That is, the HyperLegger Fabric-based blockchain system may include a plurality of blockchains.

It should be noted that Peer nodes joining in the same channel may maintain the same blockchain ledger, and cannot access blockchain ledgers maintained by Peer nodes joining in other channels. The same Peer node can be added into different channels; the Peer node may maintain blockchain accounts corresponding to each channel, but the Peer node maintains data isolation between the blockchain accounts.

When a member node joining a channel accesses a distributed ledger in the channel, the access control can be performed by using the Fabric, and the access control, the configuration updating authority verification and the transaction validity verification of the Fabric all use an interface named as ' Policy ' (Policy) ', so as to evaluate whether a signer of data meets predefined rules, including an access request, transaction data, configuration updating transaction for updating ledger configuration and the like.

The Policy (Policy) of Fabric has two implementations, Signature rule Policy (Signature Policy) and Implicit rule Policy (Implicit Meta Policy), respectively.

The signature rule is an evaluation rule combination for specifying MSP principles (encrypted identity concept in Fabric), AND supports AND, OR AND OutOf rules. For example, "OR ('Org1.member', 'Org2. member')" indicates that either member signature of Org1 and Org2 needs to be organized; "OutOf (2, 'Org1.admin', 'Org2.admin', 'Org3. admin')" means administrator signatures of at least 2 of Org1, Org2, Org3.

The implicit rule policy is not directly subjected to signature check, but is realized by referring to other sub-policies, and the evaluation result of the referred sub-policies is checked to carry out constraint, so that three rules of ANY, ALL and MAJORITY are supported. For example, "MAJORITY Writers" represents the MAJORITY of sub-policy Writers signatures, and "ALL Admins" represents ALL sub-policy Admins signatures. The implicit rule strategy is related to the context of the account book configuration tree, MSP information of member nodes is defined in the account book configuration tree, and rules such as ' requiring the majority of administrator signatures of alliance members ' can be realized through the privacy rule strategy '.

In addition, the policy of Fabric can be applied to chain code signature endorsement (intelligent contract transaction validity check), access control and configuration updating.

Regarding chain codes, each chain code has an endorsement policy, and the endorsement policy specifies that a group of Peer nodes on a channel must execute the chain code and endorse the execution result, thereby proving that the transaction is effective. These endorsement policies specify the organization that must endorse a transaction proposal.

With respect to access control, Fabric usage rights control lists (ACLs) manage access rights to resources through policies (policies) associated with the resources.

With respect to configuration updates, the key configurations of the Fabric are stored on the ledger, and are presented in a tree-like data structure. Each node and value on the tree has a "mod _ policy" specifying the verification policy that needs to be satisfied to modify that node/value.

At present, member nodes in a federation chain do not have role authority control, but in practical application, an organization that only specifies authority needs to be controlled to access corresponding resources of a block chain, for example: "only members with KYC qualification designated by the alliance can upload certificates", "only operation and maintenance organizations designated by the alliance can install and deploy intelligent contracts", "a regulatory agency can forcibly freeze (deactivate) intelligent contracts in emergency situations".

In addition, when a new member node joins a channel, all endorsement policies in the chain code (intelligent contract of block chain) of the channel need to be modified. If a new member joins the federation chain and needs to participate in the federation chain consensus process, all intelligent contracts already installed in the federation chain need to be updated, which is unacceptable in practical applications.

To solve these problems, in the embodiments of the present specification, a member node "Role" attribute of a Fabric is given, members in a federation chain (channel) are angular, access control and rule verification can be performed according to the Role, and an endorsement policy of an intelligent contract (chain code) can also be configured to be Role-related, for example, the federation agrees that a "core member" participates in a consensus process, and a half of the verification of the "core member" is required for a transaction to be valid.

Therefore, by adding the characteristic with the role attribute to the Policy (Policy) of the Fabric, the intelligent contract does not need to be modified when a new member joins or the role of the member changes, and the authority of the new member can automatically take effect, so that the actual availability and the safety of the Fabric are greatly improved.

Based on this, before adding role information to the member nodes of the distributed ledger, a role needs to be defined, specifically, a member role is created, and a role attribute value corresponding to the member role is determined.

Specifically, member roles may be created for member nodes in the distributed ledger, and each member role is assigned with a corresponding role attribute value, for example: the created member roles are an invalid member, an effective member, a main member, a core member, an operator, an administrator, an auditor and a developer, wherein the role attribute value of the invalid member is 0, the role attribute value of the effective member is 1, the role attribute value of the main member is 2, the role attribute value of the core member is 4, the role attribute value of the operator is 8, the role attribute value of the administrator is 16, the role attribute value of the auditor is 32 and the role attribute value of the developer is 64.

After the member roles are created, one or at least two target member roles matched with each member node in the created member roles can be determined according to the attribute information of each member node in the distributed account book.

For example, if, in the two member nodes, the member node 1 is the head office of the bank a, and the member node 2 is the branch of the bank a, the target member role matched with the member node 1 may be an effective member, an administrator, a core member, and the like, and the target member role matched with the member node 2 may be an effective member; as the member node of the judicial organization, the target member role matched with the member node can be an effective member, an auditor and the like.

In the embodiment of the present specification, a target member node is one of at least two member nodes in a distributed account, and the embodiment of the present specification takes the target member node as an example to describe a role adding process of the target member node, and the role adding processes of other member nodes are similar to the role adding process of the target member node, and refer to the role adding process of the target member node.

And 104, determining a target role attribute value corresponding to the target member node based on the role attribute value corresponding to the target member role.

Specifically, after the target member role matched with the target member node is determined, the target role attribute value corresponding to the target member node can be determined based on the role attribute value corresponding to the target member role.

In specific implementation, the target role attribute value corresponding to the target member node is determined based on the role attribute value corresponding to the target member role, specifically, the role attribute values corresponding to at least two target member roles are summed, and the target role attribute value corresponding to the target member node is generated.

Specifically, when two or more target member roles are matched with the target member node, the role attribute values of the target member roles may be summed, and the summed result is used as the target role attribute value corresponding to the target member node. The role attribute value definition can adopt a binary bit operation mode, and each bit of the binary system represents a role attribute value; if the target member node has a plurality of target member roles, binary or operation processing can be directly adopted, namely, the binary role attribute values of all the target member roles are subjected to OR operation (equal to addition and summation) to obtain the target role attribute values of the target member node.

And 106, adding the target role attribute value to the target member node.

Specifically, after the target role attribute value of the target member node is determined, the target role attribute value can be added to the target member node.

In specific implementation, the target role attribute value is added to the target member node, and specifically, the target role attribute value may be used as a key value of the target member node and added to a configuration information storage structure of the distributed ledger, where the attribute information of the at least two member nodes is stored in the configuration information storage structure in a key value pair manner.

Specifically, the configuration information storage structure may be an account book configuration tree.

Since the key configuration data of the Fabric is stored in the ledger and is displayed in a tree data structure, the tree data structure is called an ledger configuration tree, and the attribute information of each member node in the channel is stored in the tree node in the form of a key-value pair, i.e., a key-value.

In practical applications, the account configuration tree includes three layers, where the first layer is an Application node (Application node), the second layer is a group node (groups node), and the third layer is an organization node (organization node) under each group, i.e., a member node.

Therefore, the target role attribute value is added to the target member node, and specifically, the target role attribute value can be used as a key value of the target member node and added to the target member node in the ledger configuration tree, that is, the target role attribute value corresponding to the role (role) attribute is added to the key value of the member node (the lowest node) in the ledger configuration tree.

In addition, after a target role attribute value is added to a target member node in the account book configuration tree, a policy storage structure corresponding to the configuration information storage structure may also be acquired, and according to the configuration information storage structure and the corresponding relationship of the positions of the member nodes in the policy storage structure, the target role attribute value corresponding to the target member node stored in the configuration information structure is added to the corresponding position of the policy storage structure.

In particular, the policy store structure may be a policy manager tree.

When analyzing the account book configuration information (after starting or updating the account book configuration), the Fabric generates a Policy Manager (Policy Manager) tree according to the account book configuration tree, where the Policy Manager tree is used to store Policy managers of each member node, and nodes in the Policy Manager tree have a one-to-one correspondence with nodes in the account book configuration tree.

Therefore, after adding roles to each member node in the ledger configuration tree, roles can be correspondingly added to each node in the policy manager tree according to the role addition result of each member node in the ledger configuration tree. Specifically, if a certain target node in the policy manager tree is used to represent a policy manager of an organization, a target role attribute value added to a member node corresponding to the organization in the ledger configuration tree may be added to the target node. A "withroll (bolt)" interface may also be added to the target node to determine whether it has a designated role (pm.

Or, the target role attribute value is added to the target member node, specifically, the target role attribute value may be converted into a target data type, and a conversion result is used as a key value of the target member node and added to a configuration information storage structure of the distributed ledger, where attribute information of the at least two member nodes is stored in the configuration information storage structure in a key value pair manner.

Specifically, the target data type may be a binary data type.

As described above, the role attribute value of the invalid member is 0, the role attribute value of the valid member is 1, the role attribute value of the primary member is 2, the role attribute value of the core member is 4, the role attribute value of the operator is 8, the role attribute value of the administrator is 16, the role attribute value of the auditor is 32, and the role attribute value of the developer is 64.

The role attribute value of the binary data type of the invalid member is 00000000, the role attribute value of the binary data type of the valid member is 00000001, and so on, the role attribute value of the binary data type of the developer is 01000000; if the target member role matched with the target member node is the effective member and the administrator, the attribute value of the target role is 17, and the attribute value is 00010001 when the target member role is converted into a binary data type.

And after the conversion result is obtained, the conversion result can be used as a key value of the target member node and added to the account book configuration tree of the distributed account book.

After the target role attribute values of the member nodes are stored in the binary data types, whether the target member nodes have the target member roles or not can be determined in a mode of comparing the binary data in the subsequent role comparison process. For example, if the target role attribute value of the target member node is 00010001 and the role attribute value of the core member is 00000100, if it is required to determine whether the target member node has the role of the core member, it may be determined whether the value of the 6 th bit in the target role attribute value of the target member node is equal to 1, and if the value is equal to 1, it may be determined that the target member role has the role of the core member.

Whether the target member node has a certain role or not is determined through the comparison mode, so that the comparison process is simplified, and the accuracy of the comparison result is improved.

In specific implementation, after configuring roles for each member node, a chain code may be generated according to a predefined member role, so that an information verification policy of the chain code (intelligent contract) may also be configured to be role-related, specifically, at least one information verification policy corresponding to the chain code of the distributed account book is generated according to the preset member role.

Specifically, the information verification policy includes, but is not limited to, an endorsement policy, an access control policy, a configuration update policy, and the like.

When the chain code is instantiated, an information verification policy is set for the chain code, and the information verification policy can be generated according to the member role created in advance, for example, the information verification policy can be: the "core members" may participate in the consensus process, a majority of the "core members" verifying that the passed transaction is valid, etc.

Taking the information verification policy as an endorsement policy as an example, when a chain code (intelligent contract) is instantiated, an implicit rule policy may be referred to as an endorsement policy, for example: assuming that there are 5 MEMBER nodes in the federation chain, where 3 MEMBER nodes have higher trust (such as a large bank) and the other 2 MEMBER nodes are city businesses or small enterprises, the intelligent contract requires that 3 MEMBER nodes with higher trust are required to participate in endorsement and can be set to have the role "CORE _ MEMBER", i.e. CORE MEMBER, and the endorsement policy for configuring the intelligent contract is "MAJORITY CORE _ MEMBER. If a new member node with high trust degree is added, only the role attribute value is required to be distributed to the member node, and the system can automatically add the member node into a set which needs to participate in endorsement.

By adding the characteristic with the role attribute to the Policy (Policy) of the Fabric, the link code (intelligent contract) does not need to be modified when a new member joins or the role of the member changes, and the authority of the new member can automatically take effect, so that the practical usability and the safety of the Fabric are improved.

Further, a modification request submitted by the ledger data of the distributed ledger can be received, wherein the modification request contains data to be modified;

determining a target information verification strategy corresponding to the data to be modified, and determining voting member nodes meeting preset conditions based on the role attribute values of member roles contained in the target information verification strategy and the target role attribute values respectively corresponding to the member nodes in the distributed account book;

sending a voting request of the data to be modified to the voting member node;

Specifically, the data to be modified includes, but is not limited to, adding or deleting a member node, or modifying a key value (value) of the member node, that is, modifying configuration information of the member node.

Because the attribute information of each member node on the ledger configuration tree is stored in the tree nodes in the form of key-value pairs, keys (keys) can be used for representing the identifications of the member nodes, keys (values) can be used for representing the configuration information of the member nodes and can be modified when needed, but each tree node, i.e. a member node, has a "mod _ policy" to specify the verification policy which needs to be satisfied when modifying the member node/key. For example, if the modification policy of the target member node is "/Channel/Application/Admins", the corresponding verification policy is that the majority of administrators on the Channel vote through.

Therefore, after receiving a modification request submitted for ledger data of the distributed ledger, whether member nodes need to be added or deleted or whether configuration information (value) of a target member node needs to be modified can be determined according to data to be modified included in the modification request. If it is determined that the configuration information of the target member node needs to be modified, for example, a target role attribute value is added to the target member node, a modification policy of the target member node needs to be determined first, and the modification policy is used as a target information verification policy corresponding to data to be modified, and then a role attribute value contained in the modification policy can be determined.

Still take the modification policy of the target member node as "/Channel/Application/Admins" as an example, the member role included in the modification policy is Admins, i.e. administrator, and the role attribute value corresponding to the administrator is 16. Since the policy requires that a majority of administrators on a channel vote data to be modified, after determining a role attribute value included in a target information verification policy, the target role attribute value of each member node needs to be acquired, and a voting member node having a member role corresponding to the role attribute value in the member nodes is determined by comparing the role attribute value with the target role attribute value.

In the account book configuration tree, the target role attribute values of the member nodes are stored in binary data types, so that the role attribute values of the member roles in the modification strategy can be converted into binary data, then the positions of the binary data with the value equal to 1 are determined, then whether the values of the positions in the target role attribute values are equal to 1 is determined, if yes, the member nodes can be determined to have the member roles corresponding to the role attribute values, otherwise, the member nodes can be determined not to have the member roles corresponding to the role attribute values.

After the voting member node with the member role corresponding to the role attribute value is determined, a voting request of the data to be modified can be sent to the voting member node, a voting result returned by the voting member node is received, the voting result is verified according to a target information verification strategy, and whether the data to be modified meets the modification strategy of the target member node or not is determined according to the verification result. For example, if the modification policy requires that a majority of administrators on the channel vote for the data to be modified, it can be determined whether the voting result is the number of the administrators passing the vote, which is greater than or equal to one half of the total number of the administrators in the channel, through verification; and if so, determining that the data to be modified is voted to pass.

And under the condition that the vote is determined to pass according to the verification result, modifying the account book data based on the data to be modified to generate a corresponding modification result. For example, the target role attribute value is added as a key to the target member node of the ledger configuration tree.

In the embodiment of the description, the role attribute and the target role attribute value are added to the member node in the distributed account book to realize the verification policy, access control and the like based on the member role, so that the basic security requirements of flexible management control of practical application of the distributed account book and authority control based on the member role are met.

In addition, after the target role attribute value is added to the target member node, a transaction processing request submitted aiming at the target project can be received;

Further, in the embodiment of the present specification, in a case where an implicit rule policy is referred to as an endorsement policy of a chain code, the endorsement policy may be configured to be related to a member role, and therefore, when a transaction processing result is generated and the endorsement is required to be performed on the transaction processing result through a member node in the endorsement policy, a target information verification policy corresponding to the target item may be determined and the target information verification policy may be analyzed;

if yes, determining a second project member node meeting preset conditions according to the role attribute value, the target information verification strategy and a target role attribute value corresponding to each project member node in the distributed account book respectively;

Specifically, each chain code in the distributed account book has an endorsement policy, and the endorsement policy specifies that a group of Peer nodes on a channel must execute the chain code and endorse the execution result, so that the transaction is proved to be effective. These endorsement policies specify the organization that must endorse the transaction proposal, and the member nodes.

In addition, because the implicit rule policy does not directly perform signature check, but is realized by referring to other sub-policies, three rules of ANY, ALL and MAJORITY are supported by performing constraint by checking the signature result of the referred sub-policies. For example, "MAJORITY Writers" represents the MAJORITY of sub-policy Writers signatures, and "ALL Admins" represents ALL sub-policy Admins signatures.

Therefore, after receiving a transaction processing request submitted for a target item, the distributed ledger may determine a target information verification policy, i.e., an endorsement policy, corresponding to the target item, where the target item includes, but is not limited to, a commodity transaction item, a financial item, an insurance item, a healthcare item, and the like; and then, determining a first item member node related to the target item in the distributed account book according to the endorsement policy, calling a chain code of the distributed account book through the first item member node, executing transaction processing logic in the chain code, and generating a corresponding transaction processing result. And then, endorsement is carried out on the transaction processing result through the member nodes specified in the endorsement policy, and under the condition of referring to the implicit rule policy as the endorsement policy of the chain code, the target information verification policy can be analyzed to determine whether the target information verification policy contains a role attribute value, namely whether the target information verification policy is related to the member role.

In practical applications, if the target information verification policy is named as "sub _ policy", a separator "may be added to the policy content of" sub _ policy ", and information before the separator is a role attribute value of a member role, so as to indicate that the target information verification policy is related to the member role.

Based on this, when it is determined that the target information verification policy includes the role attribute value, the second item member node having the member role corresponding to the role attribute value and including the target information verification sub-policy in the lower level member node can be determined.

Specifically, because there is a policy manager tree in the embodiment of this specification, tree nodes in the tree have a one-to-one correspondence relationship with tree nodes of the account configuration tree, and after a target role attribute value is added to a member node in the account configuration tree, a corresponding target role attribute value may also be added to the tree node of the policy manager tree, and a "withrole (role)" interface may also be added thereto, so as to determine whether the node has a specified role (pm. Therefore, when determining the second item member node having the member role corresponding to the role attribute value in the lower level member nodes, it may be determined whether the node where each manager tree is located has the member role corresponding to the role attribute value in a manner of circulating the nodes where all lower level policy managers are located in the policy manager tree; if yes, the target information verification sub-strategy of the second item member node can be added into the sub-strategy set of the target information verification strategy.

If the name of the target information verification policy is sub _ policy, the sub-policy is defined as the policy of the name in the lower member node of the ledger configuration tree.

When the transaction processing result needs to be endorsed based on the target information verification policy, the policy of the name in the second item member node needs to be collected into a sub-policy set, then the second item member node is requested to sign the transaction processing result, then the target information verification sub-policy in the sub-policy set is used for verifying the signature result of the second item member node, and the verification result of the target information verification policy is evaluated according to the condition that the verification in the sub-policy set passes (namely the signature passes).

For example, the text defined by the target information verification policy is described as "MAJORITYs Admins", that is, it indicates that the verification result corresponding to the target information verification sub-policy requiring a MAJORITY of "Admins" is verification pass, and therefore, in a case that it is determined that the target signature result of the transaction processing result is the number of second item member nodes whose signatures pass, and is greater than or equal to a preset number threshold, the chain code of the distributed ledger is called by the first item member node, and the endorsement logic in the chain code is executed, so as to endorse the transaction processing result.

The embodiment of the description adds role attributes to the organization members of the distributed account book, so that the members in the alliance can have different roles, authority control and endorsement verification can be performed according to the roles of the organization members, and the usability and the safety of the distributed account book are improved.

In an embodiment of the present description, a target member role matched with a target member node in preset member roles is determined according to attribute information of the target member node in a distributed ledger, where the target member node is one of at least two member nodes in the distributed ledger, a target role attribute value corresponding to the target member node is determined based on a role attribute value corresponding to the target member role, and the target role attribute value is added to the target member node.

In the following, with reference to fig. 2, taking an application of the data processing method based on the distributed ledger provided in this specification in an actual scene as an example, the data processing method based on the distributed ledger is further described. Fig. 2 shows a processing procedure flowchart of a data processing method based on a distributed ledger according to an embodiment of the present specification, which specifically includes the following steps.

Step 202, at least two member roles are created, and role attribute values corresponding to the at least two member roles are determined.

And 204, determining a target member role matched with the target member node in the at least two member roles according to the attribute information of the at least two member nodes in the distributed account book, wherein the target member node is one of the at least two member nodes.

And step 206, summing the role attribute values respectively corresponding to the at least two target member roles, and generating a target role attribute value corresponding to the target member node.

And 208, converting the target role attribute value into a binary mask, taking the conversion result as a key value of a target member node, and adding the key value into an account book configuration tree of the distributed account book, wherein the attribute information of at least two member nodes is stored in the account book configuration tree in a key value pair mode.

And step 210, generating at least one information verification strategy corresponding to the chain code of the distributed account book according to the created at least two member roles.

At step 212, a transaction processing request submitted for the target item is received.

Step 214, determining a first item member node related to the target item in the distributed ledger, calling a chain code of the distributed ledger through the first item member node, and executing a transaction processing logic in the chain code to generate a corresponding transaction processing result.

And step 216, determining a target information verification strategy corresponding to the target item, and analyzing the target information verification strategy.

In step 218, in a case that it is determined that the target information verification policy includes the role attribute value according to the analysis result, a second item member node that meets a preset condition is determined according to the role attribute value, the target information verification policy, and a target role attribute value corresponding to each item member node in the distributed book.

Step 220, generating a sub-policy set of the target information verification policy based on the target information verification sub-policy of the second item member node.

Step 222, sending a signature request of the transaction processing result to the second item member node, and verifying the signature result of the second item member by using the target information verification sub-policy.

And 224, verifying the verification result corresponding to each target information verification sub-strategy in the sub-strategy set, and determining the target signature result of the transaction processing result.

In step 226, if it is determined that the target signature result of the transaction processing result is the number of the second item member nodes through which the signature passes, and is greater than or equal to the preset number threshold, the chain code of the distributed account book is called through the first item member node, and the endorsement logic in the chain code is executed to endorse the transaction processing result.

In the embodiment of the description, role addition is performed on each member node by adding a role attribute to each member node in the distributed account book and adding a target role attribute value corresponding to the role attribute to each member node, so that each member node in the distributed account book can have different member roles based on the attribute information of the member node, and subsequently, permission control and endorsement verification can be performed according to the roles of the member nodes, thereby being beneficial to improving the availability and the safety of the distributed account book. In addition, by adding the characteristic with the role attribute to the Policy (Policy) of the distributed account book, the link code does not need to be modified when a new member joins or the role of the member changes, and the authority of the new member can automatically take effect, so that the actual availability and the safety of the distributed account book are greatly improved.

Corresponding to the foregoing method embodiment, this specification further provides an embodiment of a data processing apparatus based on a distributed ledger, and fig. 3 shows a schematic structural diagram of a data processing apparatus based on a distributed ledger provided in an embodiment of this specification. As shown in fig. 3, the apparatus includes:

a first determining module 302, configured to determine, according to attribute information of a target member node in a distributed ledger, a target member role that is matched with the target member node, from preset member roles, where the target member node is one of at least two member nodes in the distributed ledger;

a second determining module 304, configured to determine a target role attribute value corresponding to the target member node based on the role attribute value corresponding to the target member role;

an adding module 306 configured to add the target role attribute value to the target member node.

Optionally, the adding module 306 is further configured to:

Optionally, the data processing apparatus based on a distributed ledger further includes a creation module configured to:

Optionally, the second determining module 304 is further configured to:

Optionally, the adding module 306 is further configured to:

Optionally, the data processing apparatus based on a distributed ledger further includes a generation module configured to:

Optionally, the data processing apparatus based on a distributed ledger further includes a receiving module configured to:

sending a voting request of the data to be modified to the voting member node;

Optionally, the data processing apparatus based on the distributed ledger further includes a calling module configured to:

receiving a transaction processing request submitted for a target item;

Optionally, the data processing apparatus based on a distributed ledger further includes a verification module configured to:

Optionally, the data processing apparatus based on a distributed ledger further includes an endorsement module configured to:

Optionally, the data processing apparatus based on the distributed ledger further includes an obtaining module configured to:

The foregoing is a schematic solution of a data processing apparatus based on a distributed ledger of this embodiment. It should be noted that the technical solution of the data processing apparatus based on the distributed ledger is the same as that of the data processing method based on the distributed ledger, and details of the technical solution of the data processing apparatus based on the distributed ledger, which are not described in detail, can be referred to the description of the technical solution of the data processing method based on the distributed ledger.

Fig. 4 is a flowchart illustrating another data processing method based on a distributed ledger according to an embodiment of the present specification, which specifically includes the following steps.

Step 402, receiving a modification request submitted by the ledger data of the distributed ledger, wherein the modification request includes data to be modified.

Step 404, determining a data modification policy corresponding to the data to be modified, and determining voting member nodes meeting preset conditions based on the role attribute values included in the data modification policy and the target role attribute values respectively corresponding to the member nodes in the distributed book.

Step 406, sending the voting request of the data to be modified to the voting member node.

And 408, receiving the voting result returned by the voting member node, and modifying the ledger data based on the data to be modified under the condition that the voting is determined to pass according to the voting result to generate a corresponding modification result.

The foregoing is an illustrative scheme of another data processing method based on a distributed ledger of this embodiment. It should be noted that the technical solution of the data processing method based on the distributed ledger is the same as the technical solution of the data processing method based on the distributed ledger, and details of the technical solution of the data processing method based on the distributed ledger, which are not described in detail, can be referred to the description of the technical solution of the data processing method based on the distributed ledger.

Corresponding to the above method embodiments, the present specification also provides another embodiment of a data processing apparatus based on a distributed ledger, and fig. 5 shows a schematic structural diagram of another data processing apparatus based on a distributed ledger provided in an embodiment of the present specification. As shown in fig. 5, the apparatus includes:

a receiving module 502, configured to receive a modification request submitted by ledger data of a distributed ledger, where the modification request includes data to be modified;

a determining module 504, configured to determine a data modification policy corresponding to the data to be modified, and determine voting member nodes that meet preset conditions based on role attribute values included in the data modification policy and target role attribute values respectively corresponding to the member nodes in the distributed book;

a sending module 506, configured to send a voting request of the data to be modified to the voting member node;

and the modifying module 508 is configured to receive a voting result returned by the voting member node, and modify the ledger data based on the data to be modified to generate a corresponding modification result under the condition that a vote is determined to pass according to the voting result.

The above is another schematic scheme of the data processing apparatus based on the distributed ledger of the present embodiment. It should be noted that the technical solution of the other data processing apparatus based on the distributed ledger is the same as that of the above-mentioned other data processing method based on the distributed ledger, and details of the technical solution of the other data processing apparatus based on the distributed ledger, which are not described in detail, can be referred to the description of the above-mentioned technical solution of the other data processing method based on the distributed ledger.

FIG. 6 illustrates a block diagram of a computing device 600 provided in accordance with one embodiment of the present description. The components of the computing device 600 include, but are not limited to, a memory 610 and a processor 620. The processor 620 is coupled to the memory 610 via a bus 630 and a database 650 is used to store data.

Computing device 600 also includes access device 640, access device 640 enabling computing device 600 to communicate via one or more networks 660. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. Access device 640 may include one or more of any type of network interface (e.g., a Network Interface Card (NIC)) whether wired or wireless, such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.

In one embodiment of the present description, the above-described components of computing device 600, as well as other components not shown in FIG. 6, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device architecture shown in FIG. 6 is for purposes of example only and is not limiting as to the scope of the present description. Those skilled in the art may add or replace other components as desired.

Computing device 600 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smartphone), wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 600 may also be a mobile or stationary server.

Wherein the processor 620 is configured to execute computer-executable instructions, which when executed by the processor, implement the steps of the above-mentioned data processing method based on the distributed ledger.

The above is an illustrative scheme of a computing device of the present embodiment. It should be noted that the technical solution of the computing device and the technical solution of the data processing method based on the distributed ledger belong to the same concept, and details that are not described in detail in the technical solution of the computing device can be referred to the description of the technical solution of the data processing method based on the distributed ledger.

An embodiment of the present specification further provides a computer-readable storage medium, which stores computer-executable instructions, and when the computer-executable instructions are executed by a processor, the steps of the data processing method based on the distributed ledger are implemented.

The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium is the same as that of the data processing method based on the distributed ledger, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the data processing method based on the distributed ledger.

An embodiment of the present specification further provides a computer program, where the computer program is executed in a computer, and causes the computer to execute the steps of the data processing method based on the distributed ledger.

The above is an illustrative scheme of a computer program of the present embodiment. It should be noted that the technical solution of the computer program is the same as that of the data processing method based on the distributed ledger, and details that are not described in detail in the technical solution of the computer program can be referred to the description of the technical solution of the data processing method based on the distributed ledger.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.

It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts, but those skilled in the art should understand that the present embodiment is not limited by the described acts, because some steps may be performed in other sequences or simultaneously according to the present embodiment. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for an embodiment of the specification.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the embodiments. The specification is limited only by the claims and their full scope and equivalents.

Claims

1.A data processing method based on a distributed ledger is characterized by comprising the following steps:

adding the target role attribute value to the target member node;

generating at least one information verification strategy corresponding to the chain code of the distributed account book according to the preset member role;

receiving a transaction processing request submitted for a target item;

determining a first item member node related to the target item in the distributed account book, calling a chain code of the distributed account book through the first item member node, executing a transaction processing logic in the chain code, and generating a corresponding transaction processing result;

determining a target information verification strategy corresponding to the target item, analyzing the target information verification strategy, and determining whether the target information verification strategy contains a role attribute value according to an analysis result;

if yes, determining a second item member node with a member role corresponding to the role attribute value;

sending a signature request of the transaction processing result to the second item member node, and verifying the signature result by using the target information verification sub-strategy;

2. The distributed ledger-based data processing method of claim 1, wherein the adding the target role attribute value to the target member node comprises:

3. The distributed ledger-based data processing method of claim 1, characterized by further comprising:

4. The distributed ledger-based data processing method of claim 1, wherein the determining a target role attribute value corresponding to the target member node based on the role attribute value corresponding to the target member role comprises:

5. The distributed ledger-based data processing method of claim 1 or 4, wherein the adding the target role attribute value to the target member node comprises:

6. The distributed ledger-based data processing method of claim 1, characterized by further comprising:

sending a voting request of the data to be modified to the voting member node;

7. The distributed ledger-based data processing method of claim 1, characterized by further comprising:

8. The distributed ledger-based data processing method of claim 2, characterized by further comprising:

9. A data processing apparatus based on a distributed ledger, comprising:

an adding module configured to add the target role attribute value to the target member node;

the generating module is configured to generate at least one information verification strategy corresponding to the chain code of the distributed account book according to the preset member role;

a calling module configured to receive a transaction processing request submitted for a target item, determine a first item member node in the distributed ledger related to the target item, call a chain code of the distributed ledger through the first item member node, and execute transaction processing logic in the chain code, generate a corresponding transaction processing result, determine a target information verification policy corresponding to the target item, parse the target information verification policy, determine whether the target information verification policy contains a role attribute value according to the parsing result, if so, determine a second item member node having a member role corresponding to the role attribute value, generate a sub-policy set of the target information verification policy based on a target information verification sub-policy of the second item member node, and send a signature request of the transaction processing result to the second item member node, and verifying the signature result by using the target information verification sub-strategy, and determining the target signature result of the transaction processing result according to the verification result corresponding to each target information verification sub-strategy in the sub-strategy set.

10. A computing device, comprising:

a memory and a processor;

the memory is used for storing computer-executable instructions, and the processor is used for executing the computer-executable instructions, and the computer-executable instructions when executed by the processor realize the steps of the data processing method based on the distributed ledger of any one of claims 1 to 8.

11. A computer-readable storage medium, storing computer-executable instructions which, when executed by a processor, implement the steps of the distributed ledger-based data processing method of any one of claims 1 to 8.