CN110765210B - Authentication method, device, equipment and medium based on block chain - Google Patents
Authentication method, device, equipment and medium based on block chain Download PDFInfo
- Publication number
- CN110765210B CN110765210B CN201911046638.8A CN201911046638A CN110765210B CN 110765210 B CN110765210 B CN 110765210B CN 201911046638 A CN201911046638 A CN 201911046638A CN 110765210 B CN110765210 B CN 110765210B
- Authority
- CN
- China
- Prior art keywords
- authentication
- entity
- block chain
- rule
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000015654 memory Effects 0.000 claims description 19
- 238000005516 engineering process Methods 0.000 abstract description 3
- 102100040439 Adenylate kinase 4, mitochondrial Human genes 0.000 description 11
- 230000008901 benefit Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 108050004095 Adenylate kinase 4, mitochondrial Proteins 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 208000019585 progressive encephalomyelitis with rigidity and myoclonus Diseases 0.000 description 2
- 241000270295 Serpentes Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000004138 cluster model Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001151 other effect Effects 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application discloses an authentication method, device, equipment and medium based on a block chain, and relates to the block chain technology in the technical field of computers. The method comprises the following steps: acquiring an authentication request of a target entity; wherein the authentication request includes signature information of at least one blockchain account; inquiring an authentication rule associated with the target entity from the block chain; and determining whether the signature information of at least one block chain account accords with an authentication rule associated with the target entity to obtain an authentication result of the target entity. The embodiment of the application provides an authentication scheme with high flexibility and high safety supporting various authority rule models to realize setting different authentication rules for different entities, thereby increasing the diversity of authentication modes, enabling different authority rules to support self-definition and improving the flexibility and expansibility.
Description
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a block chain technology, and particularly relates to an authentication method, device, equipment and medium based on a block chain.
Background
The blockchain supports account creation, so that operations such as transfer transaction transactions and the like are realized through the created blockchain accounts. At present, when a user account is created, a private key and a public key of a blockchain account are generally generated according to a key generation algorithm, such as an elliptic encryption algorithm, and then the public key is processed by using a hash algorithm to generate address information of the blockchain account. When a user executes a chain transaction, the content of the transaction is signed by using a private key of a block chain account, so that the block chain verifies the signature based on a public key of the account, and whether the content of the transaction is authorized to be executed by the user can be proved. However, the authentication method is single, and the flexibility and the expansibility are poor.
Disclosure of Invention
The embodiment of the application provides an authentication method, an authentication device, authentication equipment and an authentication medium based on a block chain, and the authentication scheme which supports various authority rule models and has high flexibility and high safety is provided to realize setting of different authentication rules for different entities, so that the diversity of authentication modes is increased, different authority rules can support self-definition, and the flexibility and the expansibility are improved.
In a first aspect, an embodiment of the present application provides an authentication method based on a block chain, where the method includes:
acquiring an authentication request of a target entity; wherein the authentication request comprises signature information of at least one block chain account;
inquiring the authentication rule associated with the target entity from the block chain;
and determining whether the signature information of the at least one block chain account conforms to the authentication rule associated with the target entity to obtain the authentication result of the target entity.
According to the embodiment of the application, the authentication rule associated with the target entity is inquired from the block chain based on the signature information of at least one block chain account included in the authentication request of the target entity, and then whether the signature information of at least one block chain account accords with the authentication rule associated with the target entity is determined, so that the authentication result of the target entity is obtained. Therefore, the authentication scheme with high flexibility and high safety supporting various authority rule models is provided to realize setting different authentication rules for different entities, so that the diversity of authentication modes is increased, different authority rules can support self-definition, and the flexibility and the expansibility are improved.
In addition, the authentication method based on the block chain according to the above embodiment of the present application may further have the following additional technical features:
optionally, querying an authentication rule associated with the target entity from the blockchain includes:
inquiring an authentication rule of a target entity from a block chain; the authentication rule of the target entity comprises an authority model of the target entity and authority rule information of at least two sub-entities of the target entity.
Optionally, the querying the authentication rule associated with the target entity from the blockchain further includes:
if the authority rule information is nested with the authentication rules of other entities, the authentication rules of other entities are inquired from the block chain; wherein the authentication rules of the other entities comprise authority models of the other entities and authority rule information of at least two sub-entities of the other entities.
One embodiment in the above application has the following advantages or benefits: different authority rules are nested in the authentication rule of one entity, so that the nesting of the authority rules is realized, and the security is high.
Optionally, determining whether the signature information of the at least one blockchain account meets an authentication rule associated with the target entity to obtain an authentication result of the target entity includes:
constructing child nodes by taking the target entity as a root node and using the parent-child relationship between the entities to obtain an authentication tree;
and determining whether the signature information of the at least one block chain account accords with the authentication rule or not based on the authentication tree so as to obtain the authentication result of the target entity.
Optionally, determining whether the signature information of the at least one block chain account meets the authentication rule based on the authentication tree to obtain an authentication result of the target entity includes:
authenticating leaf nodes in the authentication tree according to the signature information of the at least one block chain account;
authenticating other nodes according to the authentication result of the leaf node, and the authority model and the authority rule information of the entity;
and taking the authentication result of the root node as the authentication result of the target entity.
One embodiment in the above application has the following advantages or benefits: the authentication rule based on the target entity is obtained from the block chain to create an authentication tree, the target entity is authenticated from bottom to top from leaf nodes of the authentication tree to obtain an authentication result, and the permission rule is stored on the complete chain to realize decentralized authentication, so that the authentication performance and the security are better.
Optionally, the method further includes:
when any entity is created, acquiring an authentication rule of the entity; wherein the authentication rule of the entity comprises an authority model of the entity and authority rule information of at least two sub-entities of the entity;
and writing the authentication rule of the entity into the block chain.
Optionally, obtaining the authority model of the entity includes:
selecting a permission model of the entity from the candidate permission models; wherein the candidate permission model is deployed into the block chain in a plug-in form.
One embodiment in the above application has the following advantages or benefits: when an entity is created, a user is supported to customize an individualized authentication rule for the entity according to needs, and the authentication rule is written into a block chain, so that conditions are provided for acquiring a corresponding authentication rule from the block chain and authenticating the authentication when the entity is subsequently authenticated.
In a second aspect, an embodiment of the present application further discloses an authentication device based on a block chain, including:
the acquisition module is used for acquiring an authentication request of a target entity; wherein the authentication request comprises signature information of at least one block chain account;
the query module is used for querying the authentication rule associated with the target entity from the block chain;
and the determining module is used for determining whether the signature information of the at least one block chain account conforms to the authentication rule associated with the target entity so as to obtain the authentication result of the target entity.
In a third aspect, an embodiment of the present application further discloses an electronic device, including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a blockchain based authentication method as described in any of the embodiments of the present application.
In a fourth aspect, embodiments of the present application further disclose a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the method for authentication based on blockchain according to any of the embodiments of the present application.
Other effects of the above alternatives will be described below with reference to specific embodiments.
Drawings
The drawings are included to provide a better understanding of the present solution and are not intended to limit the present application. Wherein:
fig. 1 is a schematic flowchart of an authentication method based on a block chain according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another authentication method based on a block chain according to an embodiment of the present application;
fig. 3 is a schematic diagram of an authentication Tree being a PERM-Tree and authenticating a target entity according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an authentication apparatus based on a block chain according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The embodiment of the application provides an authentication method, an authentication device and an authentication medium based on a block chain, aiming at the problems of single authentication mode and poor flexibility and expansibility when an affair request initiated by a block chain account is authenticated in the related technology.
According to the embodiment of the application, the authentication rule associated with the target entity is inquired from the block chain based on the signature information of at least one block chain account included in the authentication request of the target entity, and then whether the signature information of at least one block chain account accords with the authentication rule associated with the target entity is determined, so that the authentication result of the target entity is obtained. Therefore, the authentication scheme with high flexibility and high safety supporting various authority rule models is provided to realize setting different authentication rules for different entities, so that the diversity of authentication modes is increased, different authority rules can support self-definition, and the flexibility and the expansibility are improved.
To clearly illustrate the process of authenticating the target entity based on the authentication rule associated with the target entity in the authentication method based on the blockchain provided in the embodiment of the present application, first, an entity is created in the blockchain and a corresponding authentication rule is customized for the entity in the embodiment of the present application.
Fig. 1 is a schematic flowchart of an authentication method based on a blockchain according to an embodiment of the present application, where the authentication method based on a blockchain according to the embodiment of the present application can be executed by an authentication apparatus based on a blockchain, where the authentication apparatus can be implemented by software and/or hardware, and can be integrated inside an electronic device, where the electronic device is preferably a blockchain. The method comprises the following steps:
s101, when any entity is created, acquiring an authentication rule of the entity; wherein the authentication rule of the entity comprises an authority model of the entity and authority rule information of at least two sub-entities of the entity.
In this embodiment, the entity refers to an object that has read and write operations on a data element in a chain and is associated with at least two keys, such as a contract account, a contract interface, and the like, which is not specifically limited herein. The child entity may be an object associated with one key or an object associated with at least two keys.
The contract account refers to a contract level account allocated for an intelligent contract in an intelligent contract account model, and is created by calling a basic intelligent contract from one or more user accounts needing to deploy the intelligent contract for deployment and/or management of the intelligent contract. The authentication rule of the entity comprises an authority model and authority rule information of the entity, and the authority rule information comprises rule information of at least two sub-entities.
For example, the present embodiment may first write an intelligent contract based on the language to obtain an entity such as a contract account, a contract interface, etc. through the intelligent contract. Then, the authentication rule of the created entity is obtained. The language in which the intelligent contract is written may be identity, Serpent, etc.
Specifically, the embodiment obtains the authentication rule for creating the entity, including obtaining the authority model of the entity and the authority rule information of at least two sub-entities of the entity.
Wherein, obtaining the authority model of the entity comprises: selecting a permission model of the entity from the candidate permission models; wherein the candidate permission model is deployed into the block chain in a plug-in form.
The candidate permission model in this embodiment may be a logical operation rule based on signature authorization, for example: a threshold model, an Account Key (AK) set model, a CA (Certification Authority, CA) certificate model, a community administration model, and the like.
The threshold model refers to that each entity has a certain weight authority, and when the total weight of the authentication entities reaches a preset threshold, the authentication is passed. The AK set model is used for determining whether authentication is passed through a logical expression of AND or NOT and the like between AK pairs in the set. The CA model is to verify a signature on a certificate to be verified by using a public key of the CA, and the certificate is considered to be valid once the verification is passed.
In specific implementation, one authority model can be selected from candidate authority models deployed in the block chain as required to serve as the authority model of the entity. And setting a specific authentication rule for the acquired authority model while acquiring the authority model of the entity.
It should be noted that, in this embodiment, before deploying the candidate permission model into the blockchain in the plug-in form, a voting proposal transaction is initiated to the blockchain system by using the blockchain in which the candidate permission model is deployed as an initiating direction, so that each blockchain in the blockchain system votes for the proposal transaction, and the blockchain in which the candidate permission model is deployed can perform corresponding operations according to a voting result. And if the vote passes, responding to the candidate authority model deployment operation so as to deploy the candidate authority model in a plug-in mode. And if the vote does not pass, not responding to the candidate weight model deployment operation.
Further, obtaining the authority rule information of at least two sub-entities including the entity can be implemented by the following steps: the first mode is that the authority rule information preset by at least two sub-entities including the entity can be inquired and obtained from the block chain; in the second way, the corresponding permission rule is obtained from the candidate permission rules as needed, and the customized setting of the permission rule information is performed for at least two sub-entities including the entity, which is not specifically limited here.
S102, writing the authentication rule of the entity into the block chain.
For example, after acquiring the authentication rule of any created entity, before writing the authentication rule of the entity into the blockchain, a voting proposal transaction is sent to the blockchain system, so that each blockchain in the blockchain system votes for the proposal transaction, and according to the voting result, if the voting passes, the operation of writing the authentication rule into the blockchain is responded.
When the authentication rule of the entity is written into the block chain, the entity and the corresponding authentication rule may be written according to the corresponding relationship, or the entity may also be written as identification information of the authentication rule, which is not limited herein.
For ease of presentation, objects associated with at least two keys may be referred to as entities of a first type and objects associated with a unique key may be referred to as entities of a second type. It should be noted that the authentication rule of the first type entity is stored in the blockchain, and the authentication rule of the second type entity is not required to be stored in the blockchain, but only stored in the blockchain client.
According to the block chain-based authentication method provided by the embodiment of the application, any entity can be created on the block chain based on actual needs, the authentication rule is obtained for the created entity, and then the obtained authentication rule is written into the block chain, so that when the authentication request sent by the entity is subsequently authenticated, the corresponding authentication rule can be obtained from the block chain, and conditions are provided for authentication.
As can be seen from the above description, in the embodiment of the present application, when any entity is created, the authentication rule can be customized for the entity according to actual needs, and the authentication rule is written into the block chain, so as to provide conditions for subsequently authenticating the entity by using the authentication rule. Based on the above embodiments, a detailed description will be given below of a process of authenticating a target entity (a first type entity) in the authentication method based on a block chain proposed in the embodiments of the present application.
As shown in fig. 2, the method may include:
s201, acquiring an authentication request of a target entity; wherein the authentication request includes signature information of at least one blockchain account.
In this embodiment, the target entity may be a contract account, a contract interface, or the like. In this embodiment, the contract account may be a contract account created by a plurality of users together, or may be a contract account created by a user, which is not limited herein.
Where individuals can prevent loss of keys, resulting in loss of assets, by creating a contract account. For example, when the user a creates a contract account and sets an authentication rule, three keys are used, any two keys can be authenticated, and then after one key is lost, the user a can still pass the authentication through the remaining two keys, so that the asset of the user a is not lost, and the asset security of the user is ensured.
Optionally, when a user needs to perform a transaction such as a fund transaction, the blockchain may perform an authentication operation on a target entity involved in the transaction request based on the received transaction request by sending the transaction request to the blockchain, so as to determine whether the transaction request is authorized.
In specific implementation, the obtained authentication request of the target entity may be analyzed, and signature information of at least one blockchain account included in the request may be obtained. In this embodiment, the signature information may be the transaction content encrypted by the private key of the blockchain account.
S202, inquiring the authentication rule associated with the target entity from the block chain.
Since the obtained target entity has the identification information, the present embodiment may query the authentication rule associated with the target entity from the blockchain based on the identification information of the target entity. The identification information of the target entity refers to information that can uniquely identify the identity of the target entity, such as an entity number or an entity name.
Optionally, based on the foregoing embodiment, it can be seen that when an entity is created, the authentication rule of the entity may be written into the block chain, and for this purpose, querying the authentication rule associated with the target entity from the block chain in this embodiment may include: inquiring the authentication rule of the target entity from the block chain; the authentication rule of the target entity comprises an authority model of the target entity and authority rule information of at least two sub-entities of the target entity. For a specific implementation process, reference may be made to the above embodiments, which are not described in detail herein.
In the practical application process, in order to improve the security of data information, when the authentication rules of the created entities are obtained, the authentication rules of other entities are also nested in the authentication rules corresponding to the entities to form nested rules of the authentication rules. In this embodiment, the querying the authentication rule associated with the target entity from the blockchain further includes: if the authority rule information is nested with the authentication rules of other entities, the authentication rules of other entities are inquired from the block chain; wherein the authentication rules of the other entities comprise authority models of the other entities and authority rule information of at least two sub-entities of the other entities.
S203, determining whether the signature information of the at least one block chain account conforms to the authentication rule associated with the target entity to obtain the authentication result of the target entity.
For example, after querying the authentication rule associated with the target entity from the block chain, in this embodiment, the target entity may be a root node, and a child node is constructed by using at least two child entities and/or other entities included in the authentication rule and a parent-child relationship between the target entity to obtain the authentication tree. And then determining whether the signature information of at least one block chain account accords with the authentication rule or not based on the authentication rule so as to obtain the authentication result of the target entity.
In the authentication tree construction process, a target entity is used as a root node, and a sporocarp is used as a child node to construct an authentication tree from top to bottom.
And after the authentication tree is obtained, traversing the authentication tree in layers, and performing authentication from leaf nodes to top until the node is the root node, so as to obtain the authentication result of the target entity.
The leaf node may determine the entity directly from the input information (e.g., signature information of the blockchain account), such as a signature of an AK address or a signature of a CA integer.
The intermediate node cannot directly judge the entity through the input information, and needs to acquire the authority rules stored on the chain by the entity for judgment. Such as a contract account or a contract interface, etc.
That is, the determining whether the signature information of the at least one blockchain account conforms to the authentication rule based on the authentication tree in the embodiment to obtain the authentication result of the target entity includes:
authenticating leaf nodes in the authentication tree according to the signature information of the at least one block chain account;
authenticating other nodes according to the authentication result of the leaf node, and the authority model and the authority rule information of the entity;
and taking the authentication result of the root node as the authentication result of the target entity.
The following describes, by way of an example, determining whether signature information of at least one blockchain account complies with an authentication rule based on an authentication tree to obtain an authentication result of a target entity.
As shown in fig. 3, the authentication Tree is an Extensible Rule authority Tree Model (PERM-Tree), wherein the target entity is a contract interface a, and the authentication Rule of the contract interface a includes: threshold model, and authority rule information of AK1 and AK2, and the authentication rule of contract account B is nested in the authentication rule of contract interface a: AK cluster model, and authority rule information of AK3 and AK 4. In fig. 3, the contract interface a is judged to pass the authentication by the threshold value of the weight sum being greater than or equal to 0.6, the AK1 has an authority rule of weight 0.3, the AK2 has an authority rule of weight 0.2, and the contract account B has an authority rule of weight 0.5, where the condition for judging the contract account B to pass the authentication is: when any one of AK3 or AK4 passes the verification, the authentication is determined to pass, wherein the authority rules of the AK3 and the AK4 are AK3| | AK 4.
Authenticating the contract interface a based on the authentication tree of fig. 3 may be as follows: firstly, judging whether signature information of block chain users corresponding to AK3 and AK4 respectively accords with an authentication rule, if the signature information of the block chain users corresponding to AK3 accords with the authentication rule, determining that contract account B passes authentication, judging which signature information of the block chain users corresponding to AK1 and AK2 respectively accords with the corresponding authentication rule, if signature information of the block chain users corresponding to AK1 and AK2 accords with the corresponding authentication rule, adding weight 0.5 of the contract account B, weight 0.3 of the AK1 and weight 0.2 of the AK2 to obtain the total weight of 1 which is greater than the authentication passing threshold value of the contract interface A, and determining that the authentication result of the contract interface A passes.
According to the method and the device, the authentication rule associated with the target entity is inquired from the block chain based on the signature information of at least one block chain account included in the authentication request of the target entity, and then whether the signature information of at least one block chain account accords with the authentication rule associated with the target entity is determined, so that the authentication result of the target entity is obtained. Therefore, the authentication scheme with high flexibility and high safety supporting various authority rule models is provided to realize setting different authentication rules for different entities, so that the diversity of authentication modes is increased, different authority rules can support self-definition, and the flexibility and the expansibility are improved.
On the basis of the above embodiment, S203 is followed by: and receiving an authentication rule updating request of the target entity, and updating the authentication rule of the target entity based on the authentication rule updating request.
The updating of the authentication rule of the target entity may be different configurations under the same authority model, or may be updated to an authority model different from the current authority model, and the like, which is not limited herein.
Optionally, before updating the authentication rule of the target entity based on the authentication rule update request, first, according to the existing authentication rule, verifying whether the target entity corresponding to the authentication rule update request has a write permission, if the verification is some, allowing the new permission rule to be written, otherwise, disallowing the new permission rule to be written.
Before the authentication rule of the target entity is updated, whether the target entity has the write permission or not is verified, and if the target entity has the write permission, the authentication rule of the target entity is allowed to be updated, so that the authentication rule of the target entity is prevented from being maliciously tampered, and the safety is improved.
Fig. 4 is a schematic structural diagram of an authentication apparatus based on a block chain according to an embodiment of the present disclosure. The authentication device based on the block chain can be realized in a software and/or hardware mode and can be integrated on the electronic equipment. The electronic device is preferably a blockchain.
As shown in fig. 4, an authentication apparatus 400 based on a block chain disclosed in this embodiment may include an obtaining module 410, a querying module 420, and a determining module 430, where:
an obtaining module 410, configured to obtain an authentication request of a target entity; wherein the authentication request comprises signature information of at least one block chain account;
a query module 420, configured to query the authentication rule associated with the target entity from the blockchain;
the determining module 430 is configured to determine whether the signature information of the at least one blockchain account conforms to an authentication rule associated with the target entity, so as to obtain an authentication result of the target entity.
As an optional implementation form of the present application, the query module 420 is specifically configured to:
inquiring the authentication rule of the target entity from the block chain; the authentication rule of the target entity comprises an authority model of the target entity and authority rule information of at least two sub-entities of the target entity.
As an alternative implementation form of the present application, the query module 420 is further configured to:
if the authority rule information is nested with the authentication rules of other entities, the authentication rules of other entities are inquired from the block chain; wherein the authentication rules of the other entities comprise authority models of the other entities and authority rule information of at least two sub-entities of the other entities.
As an optional implementation form of the present application, the determining module 430 is specifically configured to:
constructing child nodes by taking the target entity as a root node and using the parent-child relationship between the entities to obtain an authentication tree;
and determining whether the signature information of the at least one block chain account accords with the authentication rule or not based on the authentication tree so as to obtain the authentication result of the target entity.
As an alternative implementation form of the present application, the determining module 430 is further configured to:
determining whether the signature information of the at least one blockchain account conforms to the authentication rule based on the authentication tree to obtain an authentication result of the target entity, including:
authenticating leaf nodes in the authentication tree according to the signature information of the at least one block chain account;
authenticating other nodes according to the authentication result of the leaf node, and the authority model and the authority rule information of the entity;
and taking the authentication result of the root node as the authentication result of the target entity.
As an optional implementation form of the present application, the apparatus 400 for authentication based on block chains further includes: a second acquisition module and a write-in module, wherein:
the second acquisition module is used for acquiring the authentication rule of any entity when the entity is created; wherein the authentication rule of the entity comprises an authority model of the entity and authority rule information of at least two sub-entities of the entity;
and the writing module is used for writing the authentication rule of the entity into the block chain.
As an optional implementation form of the present application, the second obtaining module is specifically configured to:
selecting a permission model of the entity from the candidate permission models; wherein the candidate permission model is deployed into the block chain in a plug-in form.
It should be noted that the explanation of the embodiment of the authentication method based on the block chain is also applicable to the authentication device based on the block chain in the embodiment, and the implementation principle is similar, and is not described herein again.
In the authentication apparatus based on a blockchain provided in this embodiment, the signature information of at least one blockchain account included in the authentication request based on the target entity is used to query the authentication rule associated with the target entity from the blockchain, and then it is determined whether the signature information of the at least one blockchain account meets the authentication rule associated with the target entity, so as to obtain the authentication result of the target entity. Therefore, the authentication scheme with high flexibility and high safety supporting various authority rule models is provided to realize setting different authentication rules for different entities, so that the diversity of authentication modes is increased, different authority rules can support self-definition, and the flexibility and the expansibility are improved.
According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.
Fig. 5 is a block diagram of an electronic device according to an embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.
As shown in fig. 5, the electronic apparatus includes: one or more processors 501, memory 502, and interfaces for connecting the various components, including high-speed interfaces and low-speed interfaces. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output apparatus (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). In fig. 5, one processor 501 is taken as an example.
The memory 502, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the block chain based authentication method in the embodiments of the present application (e.g., the obtaining module 410, the querying module 420, and the determining module 430 shown in fig. 4). The processor 501 executes various functional applications of the server and data processing by running non-transitory software programs, instructions and modules stored in the memory 502, that is, implements the block chain based authentication method in the above method embodiments.
The memory 502 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device based on the block chain authentication method, and the like. Further, the memory 502 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 502 optionally includes memory located remotely from processor 501, which may be connected over a network to an electronic device based on a blockchain authentication method. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device of the authentication method based on the block chain may further include: an input device 503 and an output device 504. The processor 501, the memory 502, the input device 503 and the output device 504 may be connected by a bus or other means, and fig. 5 illustrates the connection by a bus as an example.
The input device 503 may receive input numeric or character information and generate key signal input related to user setting and function control of the electronic apparatus based on the block chain authentication method, such as an input device of a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointing stick, one or more mouse buttons, a track ball, a joystick, or the like. The output devices 504 may include a display device, auxiliary lighting devices (e.g., LEDs), and haptic feedback devices (e.g., vibrating motors), among others. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
According to the technical scheme of the embodiment of the application, the authentication rule associated with the target entity is inquired from the block chain based on the signature information of at least one block chain account included in the authentication request of the target entity, and then whether the signature information of at least one block chain account accords with the authentication rule associated with the target entity is determined, so that the authentication result of the target entity is obtained. Therefore, the authentication scheme with high flexibility and high safety supporting various authority rule models is provided to realize setting different authentication rules for different entities, so that the diversity of authentication modes is increased, different authority rules can support self-definition, and the flexibility and the expansibility are improved.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solutions disclosed in the present application can be achieved.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (7)
1. An authentication method based on a block chain is characterized by comprising the following steps:
when any entity is created, acquiring an authentication rule of the entity; wherein, the authentication rule of the entity comprises an authority model of the entity and authority rule information of at least two sub-entities of the entity;
sending a voting proposal transaction to the block chain system, so that each block chain link point in the block chain system votes for the proposal transaction, and if the vote passes, writing the authentication rule of the entity into the block chain;
acquiring an authentication request of a target entity; wherein the authentication request comprises signature information of at least one blockchain account;
inquiring an authentication rule associated with the target entity from the block chain;
constructing child nodes by taking the target entity as a root node and using the parent-child relationship between the entities to obtain an authentication tree;
determining whether the signature information of the at least one block chain account accords with the authentication rule or not based on the authentication tree so as to obtain the authentication result of the target entity;
when any entity is created, acquiring the authentication rule of the entity comprises the following steps:
selecting one authority model from candidate authority models deployed in a block chain as the authority model of the entity, and setting a specific authentication rule for the acquired authority model;
and acquiring corresponding authority rules from the candidate authority rules, and performing customized setting of authority rule information for the at least two sub-entities comprising the entities.
2. The method of claim 1, wherein querying the blockchain for the authentication rule associated with the target entity further comprises: if the authority rule information is nested with the authentication rules of other entities, the authentication rules of other entities are inquired from the block chain; the authentication rules of the other entities comprise authority models of the other entities and authority rule information of at least two sub-entities of the other entities.
3. The method of claim 1, wherein determining whether signature information of the at least one blockchain account complies with the authentication rule based on the authentication tree to obtain an authentication result of a target entity comprises:
authenticating leaf nodes in the authentication tree according to the signature information of the at least one block chain account;
authenticating other nodes according to the authentication result of the leaf node, and the authority model and the authority rule information of the entity;
and taking the authentication result of the root node as the authentication result of the target entity.
4. The method of claim 1, wherein the candidate privilege model is deployed into a blockchain in a plug-in form.
5. An authentication apparatus based on a block chain, comprising:
the second acquisition module is used for acquiring the authentication rule of any entity when the entity is created; wherein, the authentication rule of the entity comprises an authority model of the entity and authority rule information of at least two sub-entities of the entity;
the writing module is used for sending a voting proposal transaction to the block chain system, so that each block chain link point in the block chain system votes for the proposal transaction, and if the votes pass, the authentication rules of the entity are written into the block chain;
the acquisition module is used for acquiring an authentication request of a target entity; wherein the authentication request comprises signature information of at least one blockchain account;
the query module is used for querying the authentication rule associated with the target entity from the block chain;
the determining module is used for taking the target entity as a root node and constructing child nodes by using parent-child relationship among the entities to obtain an authentication tree;
determining whether the signature information of the at least one block chain account accords with the authentication rule or not based on the authentication tree so as to obtain an authentication result of a target entity;
when any entity is created, acquiring the authentication rule of the entity comprises the following steps:
selecting one authority model from candidate authority models deployed in a block chain as the authority model of the entity, and setting a specific authentication rule for the acquired authority model;
and acquiring corresponding authority rules from the candidate authority rules, and performing customized setting of authority rule information for the at least two sub-entities comprising the entities.
6. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the blockchain based authentication method of any one of claims 1-4.
7. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the blockchain-based authentication method of any one of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911046638.8A CN110765210B (en) | 2019-10-30 | 2019-10-30 | Authentication method, device, equipment and medium based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911046638.8A CN110765210B (en) | 2019-10-30 | 2019-10-30 | Authentication method, device, equipment and medium based on block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110765210A CN110765210A (en) | 2020-02-07 |
CN110765210B true CN110765210B (en) | 2022-09-27 |
Family
ID=69334664
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911046638.8A Active CN110765210B (en) | 2019-10-30 | 2019-10-30 | Authentication method, device, equipment and medium based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110765210B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114186205A (en) * | 2021-11-09 | 2022-03-15 | 海南火链科技有限公司 | Signature identification method and device based on block chain and computer equipment |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107679045B (en) * | 2016-08-01 | 2021-08-31 | 华为技术有限公司 | Copyright authorization management method and system |
CN109583887B (en) * | 2018-10-26 | 2024-04-05 | 创新先进技术有限公司 | Block chain transaction method and device |
CN109522735B (en) * | 2018-11-29 | 2021-06-22 | 上海信联信息发展股份有限公司 | Data permission verification method and device based on intelligent contract |
CN110096857B (en) * | 2019-05-07 | 2021-03-19 | 百度在线网络技术(北京)有限公司 | Authority management method, device, equipment and medium for block chain system |
-
2019
- 2019-10-30 CN CN201911046638.8A patent/CN110765210B/en active Active
Non-Patent Citations (2)
Title |
---|
An Identity Management System Based on Blockchain;Yuan Liu 等;《 2017 15th Annual Conference on Privacy, Security and Trust 》;20181001;第44-53页 * |
基于DSL和区块链技术的可编程智能合约设计与实现;朱忠宁;《中国优秀硕士学位论文全文数据库》;20180615;第I138-121页 * |
Also Published As
Publication number | Publication date |
---|---|
CN110765210A (en) | 2020-02-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110958223B (en) | Delegation authorization method, device, equipment and medium based on block chain | |
KR20210049721A (en) | Blockchain-based data processing method and apparatus, device, storage medium and program | |
CN104823207B (en) | The Personal Identification Number for mobile payment application program is protected by combining with random element | |
US10749679B2 (en) | Authentication and authorization using tokens with action identification | |
JP7069286B2 (en) | Privacy data processing methods, privacy data processing devices, devices and media | |
JP2022523595A (en) | Methods, program products, storage media, and systems for splitting and restoring keys | |
CN111666578A (en) | Data management method and device, electronic equipment and computer readable storage medium | |
US10432622B2 (en) | Securing biometric data through template distribution | |
WO2015116998A2 (en) | Electronic transfer and obligation enforcement system | |
US20230037932A1 (en) | Data processing method and apparatus based on blockchain network, and computer device | |
US10397259B2 (en) | Cyber security event detection | |
CN113271211A (en) | Digital identity verification system, method, electronic device and storage medium | |
CN111737365B (en) | Storage certificate processing method, device, equipment and storage medium | |
CN107908979B (en) | Method and electronic device for configuration and endorsement in blockchain | |
CN110866740B (en) | Method, device, electronic equipment and medium for processing block chain transaction request | |
CN110795763B (en) | Electronic certificate processing method, query method, device, equipment, platform and medium | |
CN111310204A (en) | Data processing method and device | |
CN111741015A (en) | Operation processing method, device, equipment and medium in block chain network | |
CN111935318A (en) | Cross-link data verification method, device, equipment and medium | |
US11640450B2 (en) | Authentication using features extracted based on cursor locations | |
CN111741012B (en) | Authorization signature generation method, node management method, device, equipment and medium | |
CN113935070B (en) | Data processing method, device and equipment based on block chain and storage medium | |
CN111352706A (en) | Data access method, device, equipment and storage medium | |
CN111339114A (en) | Data access method, device, equipment and storage medium | |
CN111339193A (en) | Category coding method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |