CN112311779A - Data access control method and device applied to block chain system - Google Patents

Data access control method and device applied to block chain system Download PDF

Info

Publication number
CN112311779A
CN112311779A CN202011144027.XA CN202011144027A CN112311779A CN 112311779 A CN112311779 A CN 112311779A CN 202011144027 A CN202011144027 A CN 202011144027A CN 112311779 A CN112311779 A CN 112311779A
Authority
CN
China
Prior art keywords
user
block chain
identity
main
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011144027.XA
Other languages
Chinese (zh)
Other versions
CN112311779B (en
Inventor
刘友为
郭懿心
韦德志
王兆创
王�章
郑伟涛
乔小强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202011144027.XA priority Critical patent/CN112311779B/en
Publication of CN112311779A publication Critical patent/CN112311779A/en
Application granted granted Critical
Publication of CN112311779B publication Critical patent/CN112311779B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data access control method applied to a block chain system, which comprises the following steps: when a data access request of a user to a target block chain in a block chain system is received, an identity of the user is sent to a main block chain in the block chain system to indicate the main block chain to send identity credential data of the user to the target block chain according to the identity of the user, and the identity credential data is generated on the main block chain after the main block chain passes identity verification on the user; verifying a main chain signature contained in the identity certificate data on the target block chain according to a main chain public key of the main block chain stored on the target block chain; and if the main chain signature contained in the identity certificate data passes the verification on the target block chain, allowing the user to perform data access on the target block chain. According to the technical scheme of the embodiment of the application, the user can access the data on the plurality of block chains only by performing identity authentication once on the main block chain.

Description

Data access control method and device applied to block chain system
Technical Field
The present application relates to the field of blockchain technologies, and in particular, to a data access control method and apparatus, an electronic device, and a computer-readable storage medium for a blockchain system.
Background
When a user needs to access data on a plurality of block chains, user identity authentication needs to be performed on each block chain, and the user is allowed to operate the data on the corresponding block chain only after the user identity is authenticated. However, the greater the number of block chains that a user needs to access, the greater the number and complexity of user authentication.
Disclosure of Invention
In order to solve the foregoing technical problem, embodiments of the present application provide a data access control method and apparatus, an electronic device, and a computer-readable storage medium applied to a blockchain system.
According to an aspect of the embodiments of the present application, there is provided a data access control method applied to a blockchain system, in which a plurality of blockchains are deployed, the method including: when a data access request of a user to a target block chain in the block chain system is received, sending an identity of the user to a main block chain in the block chain system to indicate the main block chain to send identity credential data of the user to the target block chain according to the identity of the user, wherein the identity credential data is generated on the main block chain after the main block chain passes identity verification of the user; according to the main chain public key of the main block chain stored in the target block chain, verifying the main chain signature contained in the identity certificate data on the target block chain; and if the main chain signature contained in the identity certificate data passes verification on the target block chain, allowing the user to perform data access on the target block chain.
According to an aspect of the embodiments of the present application, there is provided a data access control apparatus applied to a blockchain system, in which a plurality of blockchains are deployed, the apparatus including: the request response module is configured to send the identity of the user to a master block chain in the block chain system when a data access request of the user to a target block chain in the block chain system is received, so as to instruct the master block chain to send identity credential data of the user to the target block chain according to the identity of the user, wherein the identity credential data is generated on the master block chain after the master block chain passes identity verification on the user; the data verification module is configured to verify a main chain signature contained in the identity credential data on the target block chain according to a main chain public key of the main block chain stored on the target block chain; an access control module configured to allow the user to access data of the target blockchain if a backbone signature included in the identity credential data is verified on the target blockchain.
According to an aspect of the embodiments of the present application, there is provided an electronic device including a processor and a memory, the memory having stored thereon computer-readable instructions, which when executed by the processor, implement the method as described above.
According to an aspect of embodiments of the present application, there is provided a computer-readable storage medium having stored thereon computer-readable instructions which, when executed by a processor of a computer, cause the computer to execute a data access control method applied to a blockchain system as described above.
According to an aspect of embodiments herein, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device executes the data access control method applied to the blockchain system provided in the above-mentioned various optional embodiments.
In the technical scheme provided by the embodiment of the application, the plurality of blockchains deployed by the blockchain system comprise a main blockchain and sub-blockchains, a main chain public key of the main blockchain is synchronized to each sub-blockchain in advance to be stored, a user performs identity verification on the main blockchain in advance, and after the user identity passes the verification on the main blockchain, the main blockchain correspondingly generates and stores identity credential data of the user. When a user initiates a data request to a target block chain in the block chain system, because the user identity passes verification on the main block chain in advance, the main block chain sends the identity credential data of the user to the target block chain, the target block chain verifies the main chain signature contained in the identity credential data of the user according to the main chain public key of the main block chain, and if the verification passes, the user identity is also verified on the target block chain.
According to the technical scheme of the embodiment of the application, the user can access the data on other sub-block chains and the main block chain only by performing identity verification on the main block chain once, and the efficiency of accessing the data of the block chain by the user is greatly improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
FIG. 1 is a schematic illustration of an implementation environment to which the present application relates;
FIG. 2 is a flow diagram illustrating a method for data access control applied to a blockchain system in accordance with an exemplary embodiment;
FIG. 3 is a schematic flow diagram of verifying the identity of a user on a master tile chain;
FIG. 4 is a flow chart illustrating a method of data access control applied to a blockchain system in accordance with another exemplary embodiment;
fig. 5 is a flowchart of a data access control method applied to a blockchain system in an exemplary application scenario, provided by an embodiment of the present application;
FIG. 6 is a block diagram illustrating a data access control device applied to a blockchain system in accordance with an exemplary embodiment;
fig. 7 is a schematic structural diagram of an electronic device according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It should also be noted that: reference to "a plurality" in this application means two or more. "and/or" describe the association relationship of the associated objects, meaning that there may be three relationships, e.g., A and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Referring to fig. 1, fig. 1 is a schematic diagram of an implementation environment related to the present application.
The implementation environment is embodied as a blockchain system, as shown in fig. 1, the blockchain system includes at least one data server 10, an access server 20, and at least one user terminal 30, and wired or wireless communication connections are respectively established between the data server 10 and the access server 20, and between the access server 20 and the user terminal 30.
At least one blockchain is stored in the data server 10, so that the blockchain system includes a plurality of blockchains, and the plurality of blockchains specifically include a main blockchain and a sub-blockchain, and a communication connection is also established between the main blockchain and each sub-blockchain. The user terminal 30 is used for providing a user interaction function, so that a user can perform data access and other operations on the blockchain stored in the data server 10 by triggering the user terminal 30. The access server 20 is used to implement the control process of the user terminal 30 in the data access process of the blockchain stored in the data server 10.
For example, when the user terminal 30 initiates a data access request for the target block chain, the access server 20 sends the identity of the user to the master block chain, and instructs the master block chain to send the identity credential data of the user to the target block chain according to the identity of the user, and then verifies the main chain signature included in the identity credential data on the target block chain according to the main chain public key of the master block chain stored in the target block chain, and if the main chain signature included in the identity credential data passes the verification on the target block chain, the access server 20 allows the user to perform data access on the target block chain. The identity certificate data of the user is generated after the identity certificate of the user is authenticated in advance by the main block chain.
Based on the control process, the user can access the data of the sub-block chain and the main block chain only by performing identity verification once on the main block chain, and the user only needs to verify the main chain signature in the identity voucher data of the user transmitted by the main block chain when accessing the sub-block chain, so that the process of performing identity verification on data access of the plurality of block chains by the user is simplified, and the user experience of performing data access by the user is improved.
It should be noted that, in the blockchain system shown in fig. 1, the user terminal 30 may be an electronic device such as a smart phone, a tablet, a notebook, a computer, etc.; the data server 10 and the access server 20 may be independent physical servers, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be cloud servers providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, Network services, cloud communication, middleware services, domain name services, security services, a CDN (Content Delivery Network), big data, and artificial intelligence platforms, which are not limited herein.
Referring to fig. 2, fig. 2 is a flowchart illustrating a data access control method applied to a blockchain system according to an exemplary embodiment.
The method may be applied to the implementation environment shown in fig. 1, for example, as specifically performed by the access server 20 in the implementation environment shown in fig. 1. The method can also be applied to other blockchain systems in which a plurality of blockchains are deployed.
It should be understood that the blockchain in the present embodiment refers to a concatenated text record that is cryptographically concatenated and protects content, and each chunk in the blockchain includes the encrypted hash of the previous chunk, the corresponding timestamp, and transaction data (usually represented by the hash value calculated by the merkel tree algorithm).
As shown in fig. 2, the data access control method applied to the blockchain system in the embodiment may include steps S210 to S250, which are described in detail as follows:
step S210, when a data access request of a user for a target block chain in the block chain system is received, sending the identity of the user to a master block chain in the block chain system, so as to instruct the master block chain to send the identity credential data of the user to the target block chain according to the identity of the user.
It should be noted that, in the present embodiment, the plurality of blockchains deployed in the blockchain system are divided into a main blockchain and a sub-blockchain. The master block chain is used as an authoritative block chain in the plurality of block chains and used for verifying the identity of the user, generating identity credential data of the user after the identity of the user passes verification, and storing the identity credential data of the user on the master block chain, so that the identity credential data of the user can prove that the identity of the user passes verification on the master block chain. And the main block chain also generates a main chain private key and a main chain public key which are paired, and the main chain public key is synchronously stored in each sub-block chain.
The target blockchain refers to a blockchain that a user wants to access data, for example, the target blockchain may be specifically a sub-blockchain or a main blockchain, which is not limited herein.
It should be noted that, in order to ensure the security of the blockchain data, a user needs to verify the identity of the user when accessing the blockchain data, and only the user who passes the identity verification can be allowed by the blockchain system to access the data stored in the blockchain.
In this embodiment, the identity of the user is information for uniquely identifying the user identity, for example, each user in the blockchain system has a respective user account, and performs corresponding user operation in the blockchain system through the respective user account, so that the user account of the user in the blockchain system can be used as the identity of the user. When a data access request of a user to a target block chain is received, the identity of the user carried in the data access request can be extracted, and the extracted identity is sent to the master block chain, so that the master block chain sends the identity credential data of the user stored by the master block chain to the target block chain according to the identity of the user.
For example, the identity of the user may be transmitted to the target block chain, so that the target block chain requests the master block chain to acquire the identity credential data of the user according to the identity of the user; and the main block chain responds to the request of the target block chain and returns the self-stored identity certificate data of the user to the target block chain. Or, a request may be sent to the master block chain based on the identity of the user and the chain identity of the target block chain, so as to request the master block chain to send the identity credential data corresponding to the identity of the user to the target block chain corresponding to the chain identity, which is not limited in this embodiment.
In other embodiments, the identity of the user may also be identification information allocated to the user after the master block chain performs authentication on the user, for example, a public key of the user generated by the master block chain for hosting the user, so that the identity of the user may also be used to characterize that the identity of the user passes authentication on the master block chain. Based on this, the block chain system will obtain one or more identity sets, and the identity sets store the identities distributed to the users after the identity verification of the main block chain for different users is passed.
When a data access request of a user for the block chain is received, the identity of the user can be searched in the identity set according to user information carried in the data access request, and then the searched identity of the user is sent to the main block chain, so that the main block chain sends the identity credential data of the user stored by the main block chain to the target block chain according to the identity of the user.
If the user identity is not found in the identity set, it indicates that the user has not performed identity verification on the master block chain, and the master block chain does not store the user identity credential data, so that a data access failure notification needs to be returned to the user, or the user is performed identity verification on the master block chain. It should be noted that the user information may be a user account of the user in the blockchain system, or other information that can be used to identify the user identity, and the detailed process of the user performing identity verification on the blockchain is described in the following embodiments, which is not limited herein.
In addition, considering that the target block chain which the user wants to access data may be the main block chain or the sub-block chain, if the target block chain is the main block chain and the main block chain passes the user identity verification in advance, the user can directly access data of the main block chain. Therefore, in some embodiments, after receiving a data access request of a user for a target block chain, it may be determined whether the target block chain requested by the user for data access is a main block chain according to the received data access request, and if it is determined that the target block chain is a sub-block chain, an identity of the user is sent to the main block chain, so that the main block chain sends user identity credential data stored by the main block chain to a corresponding sub-block chain according to the identity of the user, and the sub-block chain realizes authentication of the sub-block chain on the identity of the user based on authentication of a main chain signature in the user identity credential data. If the backbone signature contained in the user's identity credential data is verified on the sub-blockchain, the user is allowed access to the data in the sub-blockchain.
If the target block chain requested by the user for data access is determined to be the main block chain, whether the identity of the user passes verification on the main block chain is further determined, for example, the identity of the user can be searched in an identity set stored in the block chain system, and if the identity of the user is found, the identity of the user is indicated to pass verification on the main block chain, so that the user is allowed to perform data access on the main block chain. If it is determined that the identity of the user has not been verified on the master block chain, the process of verifying the identity of the user on the master block chain may be performed according to the process described in detail in the following embodiments, which is not described herein again.
Step S230, according to the main chain public key of the main block chain stored in the target block chain, verifying the main chain signature included in the identity credential data on the target block chain.
As described above, the main chain private key and the main chain public key of the main blockchain are generated on the main blockchain, and the main chain public key is synchronized to each of the sub blockchains to be stored, so that the main chain public key of the main blockchain is stored on both the main blockchain and the sub blockchain. It is to be understood that the main chain private key and the main chain public key of the main block chain are often paired, the main chain private key is used for digital signature, and the main chain public key is used for verification of the digital signature.
The identity certificate data of the user is obtained by packaging and combining the identity data of the user and the main chain signature after the main block chain passes the identity verification of the user and the user data is signed based on the main chain private key to obtain the main chain signature, so that the process of verifying the main chain signature contained in the identity certificate data according to the main chain public key stored by the target block chain after the target block chain receives the identity certificate data of the user sent by the main block chain corresponds to the process of signing the user data by the main block chain.
For example, the user data at least includes the identity data of the user, and the identity data of the user may include a face of the user, a short message authentication code received by the smart device of the user, and the like, so as to implement authentication of the user based on the identity data of the user.
In step S250, if the main chain signature included in the identity credential data passes verification on the target block chain, the user is allowed to access the target block chain.
In this embodiment, if the target block chain verifies that the identity credential data of the user contains the backbone signature based on the backbone public key, it indicates that the target block chain obtains the credential that the identity of the user passes the verification on the master block chain.
The identity credential data of the user is directly stored in the blockchain, and the transmission of the identity credential data of the user is also the transmission between the blockchain and the blockchain, so that the identity data of the user can be ensured not to be falsified, and in addition, the main chain public key of the main blockchain is also stored in the blockchain, so that the process of verifying the main chain signature contained in the identity credential data of the user by the target blockchain based on the main chain public key in the embodiment has extremely high reliability, and therefore the target blockchain trusts the identity verification of the main blockchain on the user, which can be equivalent to the verification that the identity of the user passes through the target blockchain, and thus the user is allowed to perform data access on the target blockchain.
According to the above, no matter the target block chain which the user wants to access data is the main block chain or the sub-block chain, the user only needs to perform identity verification once on the main block chain, that is, the user identity can be trusted for many times only through one authentication on a plurality of block chains, and realizes trust transfer, compared with the prior art that the user needs to carry out identity authentication on a plurality of block chains respectively, and the corresponding block chain can be accessed only after the identity authentication is passed, the sub-block chain in the embodiment only performs the authentication by the main chain signature in the user identity credential data sent by the main block chain, can realize simple authentication of the user identity and simultaneously ensure the safety of the user identity authentication, the data access process of a plurality of block chains by a user is simpler, and therefore the data access experience of the user can be improved to the great extent.
FIG. 3 is a flow diagram illustrating the verification of a user's identity over a master tile chain. As shown in fig. 3, the process of authenticating a user on the master block chain may include steps S310 to S350, which are described in detail as follows:
step S310, according to the identity data of the user, the user is authenticated on the master block chain.
As mentioned above, the identity data of the user may include a face of the user, a short message verification code received by the smart device used by the user, and the like.
The process of authenticating the user by the master block chain may be understood as a process of registering the user on the master block chain, for example, after receiving a request that the user registers on the master block chain, the master block chain performs a series of authentication operations on the user according to the user identity data, for example, by performing operations such as face authentication and short message authentication on the user, to verify whether the user identity is valid. If the user's authentication fails, the user cannot register on the master chunk chain.
Step S330, if the user passes the identity verification, the user data corresponding to the user is signed on the master block chain based on the main chain private key of the master block chain, and a main chain signature is obtained.
In this embodiment, the user data corresponding to the user may include not only the identity data of the user, but also the user signature and the user public key. The master block chain signs the identity data of the user, the user signature and the user public key according to the main chain private key of the master block chain, and then the main chain signature can be obtained.
After the identity verification of the user is passed by the main block chain, a user private key and a user public key are generated for the user to host, and the identity data of the user is signed according to the user private key, so that the user signature can be obtained. It should be understood that the user private key and the user public key should also appear in pairs, and a user signature obtained by signing the identity data of the user through the user private key can be correspondingly verified through the user private key.
Step 350, the user data and the main chain signature are used as identity credential data of the user.
And the master block chain packages and combines the user data and the obtained main chain signature, so as to obtain the identity credential data of the user.
After the identity credential data of the user is obtained, the main block chain also chains the identity credential data of the user, so that the identity credential data of the user is stored in the main block chain to ensure that the identity credential data of the user is not tampered.
And the master blockchain also allocates a corresponding identity to the user according to the identity credential data of the user stored in the master blockchain, for example, the identity may be a user public key generated by the master blockchain for hosting the user in the process of performing user identity authentication, and the blockchain system adds the identity allocated to the user by the master blockchain into the identity set to represent that the user has passed identity authentication on the master blockchain based on the identity of the user.
Therefore, after the identity verification of the user is passed according to the identity data of the user, the main block chain in the embodiment signs the identity data, the user signature and the user public key of the user based on the main chain private key to obtain the main chain signature, then packs the identity data, the user signature, the user public key and the main chain signature of the user to generate the identity credential data of the user, and stores the identity credential data of the user in a chain manner, so that the identity credential data of the user is ensured to be reliably transmitted between block chains, and the reliability of the identity credential data of the user is ensured.
In addition, in another embodiment, since the user identity credential data further includes a user signature, after the main chain signature included in the user identity credential data passes the verification on the target block chain, the user signature included in the identity credential data can be verified on the target block chain according to the user public key stored on the target block chain, and if the user signature included in the user identity credential data also passes the verification on the target block chain, the user is allowed to access the target block chain.
It should be noted that the user public key stored in the target block chain is also synchronized from the main block chain to the target block chain for storage, for example, after the main block chain generates a user private key and a user public key for user hosting, the user public key is sent to each sub-block chain for storage, so that the user public keys are stored in both the main block chain and each sub-block chain.
Therefore, the method of the embodiment further verifies the identity credential data of the user according to the user public key, so that the reliability of user identity verification on the target block chain is further ensured, and the security of the user accessing the data in the target block chain is further improved.
In the embodiment shown in fig. 4, before step S210, the data access control method applied to the blockchain system further includes step S410 and step S430, which are described in detail as follows:
step S410, a main chain private key and a main chain public key of the main block chain are generated on the main block chain.
In this embodiment, the main chain private key and the main chain public key of the main blockchain may be generated on the main blockchain after the main blockchain and the sub blockchain included in the blockchain system are determined, or the main chain private key and the main chain public key may be generated by the main blockchain before the user requests registration to the main blockchain, which is not limited in this embodiment.
Step S430, synchronously storing the main chain public key to the sub-block chain.
The master block chain synchronizes the main chain public key of the master block chain to each sub-block chain for storage, so that after the identity credential data sent by the master block chain is received by each sub-block chain, the main chain signature contained in the identity credential data can be verified according to the stored main chain public key, thereby realizing simple verification of the identity of the user on the sub-block chain.
In some embodiments, each blockchain included in the blockchain system is provided with a cross-chain gateway, that is, the main blockchain and each sub-blockchain are provided with cross-chain gateways, and a data transmission channel can be constructed between the cross-chain gateways, so that a data transmission channel between each sub-blockchain and the main blockchain can be constructed based on the cross-chain gateways disposed on each blockchain, so as to transmit the main chain public key generated on the main blockchain to the sub-blockchain for storage.
It should be noted that any data that needs to be transmitted between the master block chain and the sub-block chain may be transmitted based on a data transmission channel constructed between the inter-chain gateways, for example, identity credential data of a user, a user public key, and the like, and is not limited to transmitting only a main chain public key generated on the master block chain.
In other embodiments, the main blockchain may directly transmit the main chain public key to each of the sub blockchains for storage based on a data transmission channel between the sub blockchains and the main blockchain; or, a main chain certificate carrying a main chain public key can be generated on the main block chain, and the main chain certificate is sent to the sub-block chain through a data transmission channel between the sub-block chain and the main block chain, so that the sub-block chain can acquire the main chain public key of the main block chain and store the main chain public key on the chain, and therefore synchronous storage of the main chain public key between the main block chain and the sub-block chain is achieved.
It should be further noted that the inter-chain gateway configured in the blockchain may be understood as a component of the blockchain, and may be used to implement functions of interfacing a specific blockchain and forwarding an inter-chain message, for example, it may provide functions of blockchain adaptation, inter-chain transaction monitoring, inter-chain transaction routing, and the like. Therefore, the cross-chain gateway is a technology for realizing cross-chain data transmission, and can safely and trustfully transfer data on one blockchain to another blockchain.
Therefore, in the embodiment, the data in the main blockchain is transmitted to the sub-blockchain for storage through the cross-chain transmission technology, so that the reliability of the data transmitted between the main blockchain and the sub-blockchain is fully ensured, and the reliability of the authentication of the sub-blockchain in the blockchain system related to the embodiment on the user identity is improved.
Fig. 5 is a flowchart of a data access control method applied to a blockchain system in an exemplary application scenario, according to an embodiment of the present application.
As shown in fig. 5, the exemplary blockchain system includes a user access platform, one main blockchain, and more than two sub-blockchains. The user access platform is a service platform for butting users, the bottom layer is butted with a plurality of block chains, and the users perform information interaction with the block chains on the bottom layer through the platform. And each block chain is provided with a cross-chain gateway, and the cross-chain gateway arranged on each sub-block chain and the cross-chain gateway arranged on the main block chain establish a data transmission channel, so that cross-chain data transmission can be carried out between the main block chain and each sub-block chain based on the data transmission channel.
The master block chain firstly generates self credential information, for example, a main chain certificate issued by the master block chain is generated, the main chain certificate contains a main chain public key, and the main chain certificate is synchronized to other sub block chains for storage through a data transmission channel established between cross-link gateways.
When a user registers on the main block chain through the user access platform, the main block chain performs a series of identity authentication on the user according to the identity data of the user, such as authentication on the face of the user, short message authentication codes input by the user through the user access platform, and the like. If the master block chain fails to verify the identity of the user, the user cannot register on the master block chain.
If the identity verification of the user by the main block chain is passed, a pair of a user private key and a user public key is generated for the user, and the user private key is used for signing the identity data of the user to obtain a user signature. And then the main block chain signs the identity data of the user, the user signature and the user public key by using the main chain private key of the main block chain to obtain the main chain signature. The master block chain packs the identity data of the user, the user signature, the user public key and the main chain signature to form the identity certificate data of the user, and links the identity certificate data of the user. And the master block chain also returns the identity of the user to the user access platform, and the identity can be a public key of the user so as to uniquely identify the identity of the user through the identity of the user and identify that the identity of the user passes verification on the master block chain.
If a user requests to access data on the sub-block chain, identity verification needs to be completed on the sub-block chain. The user access platform firstly sends the identity of a user to the sub-block chain, then the sub-block chain transmits the identity of the user to the main block chain through the cross-chain gateway, and requests the main block chain to acquire the identity voucher data of the user, and after receiving the identity of the user, the main block chain returns the identity voucher data corresponding to the identity of the user to the sub-block chain through the cross-chain gateway. After the sub-block chain obtains the identity credential data of the user, the main chain public key synchronized before the main block chain is used for verifying the main chain signature in the identity credential data of the user, and if the main chain signature passes the verification, the sub-block chain passes the identity verification of the user, so that the user can be allowed to access the data on the sub-block chain, and the simple verification of the identity of the user on the sub-block chain is realized.
Because the main chain private key and the main chain private key of the main blockchain are both stored in the blockchain, the safety of the main chain private key and the main chain private key can be ensured. And the identity voucher data generated after the main block chain verifies the identity of the user is directly stored on the block chain, and the transmission of the identity voucher data of the user is also carried out between the block chain and the block chain, so that the identity voucher data of the user can be ensured not to be falsified, and the reliability of the authentication of the user can be improved.
If the user requests to access the data on the master block chain, the user can directly access the data on the master block chain and the like because the user is registered on the master block chain in advance, that is, the identity of the user passes verification on the master block chain in advance.
Therefore, no matter a user accesses a plurality of block chains, the user only needs to verify the identity once on the main block chain, namely, the identity data of the user can be trusted for a plurality of times on the plurality of block chains only through one-time authentication, and trust transfer is realized, so that the complexity of the user authentication process required by the user to access the plurality of block chains is simplified.
The schematic flow shown in fig. 5 may be specifically applied to a financial payment scenario, for example, the user access platform may be implemented as a user payment platform supporting multi-channel payment, and the multiple blockchains are implemented by different payment backgrounds such as WeChat and Paibao, respectively, when a user needs to complete multiple transactions in different payment manners on the user access platform, the user only needs to perform identity verification in one authoritative payment background in advance, and then based on authentication trust transfer between the authoritative payment background and other payment backgrounds, simple and reliable verification of the user identity by other payment backgrounds may be implemented, so that payment experience of the user may be greatly improved.
The schematic flow shown in fig. 5 may also be applied to an enterprise information management scenario, for example, the user access platform may be implemented as an enterprise information management platform for managing multiple data of an enterprise, the multiple blockchains are implemented as storage backgrounds for different types of enterprise data such as enterprise tax information and enterprise ticket information, when a user needs to authorize and query multiple data of an enterprise on the enterprise information management platform, the data on the multiple subblockchains may be conveniently queried only after performing identity verification once on the blockchain, and complex user identity verification processes such as face verification and short message verification need not be performed multiple times on different blockchains, which not only can ensure security of enterprise data, but also greatly improves user experience.
Fig. 6 is a block diagram illustrating a data access control apparatus applied to a blockchain system in which a plurality of blockchains are deployed according to an exemplary embodiment. As shown in fig. 6, the apparatus includes:
a request response module 510 configured to, when a data access request of a user to a target block chain in a block chain system is received, send an identity of the user to a master block chain in the block chain system to instruct the master block chain to send identity credential data of the user to the target block chain according to the identity of the user, where the identity credential data is generated on the master block chain after the master block chain passes identity verification of the user; a data verification module 530 configured to verify a main chain signature included in the identity credential data on the target blockchain according to the main chain public key of the main blockchain stored on the target blockchain; the access control module 550 is configured to allow the user to access the target blockchain if the backbone signature included in the identity credential data is verified on the target blockchain.
In another exemplary embodiment, the apparatus further comprises:
the identity authentication module is configured to authenticate the identity of the user on the main block chain according to the identity data of the user; the main chain signature module is configured to sign user data corresponding to the user on the main block chain based on a main chain private key of the main block chain to obtain a main chain signature if the identity verification of the user passes, wherein the user data comprises identity data; and the credential data acquisition module is configured to take the user data and the main chain signature as identity credential data of the user.
In another exemplary embodiment, the user data further includes a user signature of the user and a user public key, the backbone signature module includes:
the user key generating unit is configured to generate a user public key on the main block chain and generate a user private key corresponding to the user public key; and the private key signature unit is configured to sign the identity data according to a user private key to obtain a user signature, and sign the identity data, the user signature and the user public key according to a main chain private key of the main block chain to obtain a main chain signature.
In another exemplary embodiment, the apparatus further comprises:
the identity certificate storage module is configured to store identity certificate data on the master block chain; and the identity identification acquisition module is configured to acquire the identity identification distributed by the main block chain aiming at the stored identity voucher data, and the identity identification is used for uniquely identifying the identity of the user.
In another exemplary embodiment, the plurality of blockchains further includes a chain of subblocks, and the apparatus further includes:
the main chain key generation module is configured to generate a main chain private key and a main chain public key of the main block chain on the main block chain; and the main chain public key synchronization module is configured to synchronously store the main chain public key to the sub-block chain.
In another exemplary embodiment, a cross-link gateway is configured on the block chain, the cross-link gateway is used for constructing a data transmission channel between the sub-block chain and the main block chain, and the main chain public key synchronization module is configured to transmit the main chain public key generated by the main block chain to the sub-block chain for storage based on the data transmission channel between the sub-block chain and the main block chain.
In another exemplary embodiment, the backbone public key synchronization module includes:
the main chain certificate generating unit is configured to generate a main chain certificate carrying a main chain public key on the main block chain; and the main chain certificate synchronization unit is used for sending the main chain certificate to the sub-block chain so as to enable the main chain public key to be stored in the main block chain and the sub-block chain respectively.
In another exemplary embodiment, the apparatus further comprises:
and the user signature verification module is configured to verify the user signature contained in the identity certificate data on the target block chain according to a user public key stored on the target block chain, wherein the user public key is synchronized from the main block chain to the target block chain, and if the user signature contained in the identity certificate data passes the verification on the target block chain, the user is allowed to access the target block chain.
In another exemplary embodiment, the request response module 510 includes:
and the request judging unit is configured to determine whether a target block chain requested by a user for data access is a main block chain or not according to the received data access request, and if the target block chain is determined to be a sub-block chain in the plurality of block chains, the identity of the user is sent to the main block chain.
In another exemplary embodiment, the request response module 510 further includes:
and the pass-confirmation unit is configured to further determine whether the identity of the user passes the verification on the master block chain if the target block chain is determined to be the master block chain, and allow the user to access data to the master block chain if the identity of the user passes the verification on the master block chain.
In another exemplary embodiment, the request response module 510 includes:
the identity searching unit is configured to search the identity of the user in an identity set according to user information carried in the data access request, the identity set is constructed according to the identity sent by the master block chain, and the identity sent by the master block chain is used for indicating that the identity of the identified user passes verification on the master block chain; and the identity transmitting unit is configured to transmit the searched identity of the user to the master block chain.
In another exemplary embodiment, the request response module 510 further includes:
and the failure response unit is configured to return a data access failure notification to the user or execute a process of performing identity verification on the user by the master block chain if the identity of the user is not found in the identity set.
It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which each module and unit execute operations has been described in detail in the method embodiment, and is not described again here.
Embodiments of the present application also provide an electronic device, including a processor and a memory, where the memory has stored thereon computer readable instructions, and the computer readable instructions, when executed by the processor, implement the data access control method applied to the blockchain system as described above.
A schematic structural diagram of a computer system suitable for implementing the electronic device of the embodiments of the present application is shown in fig. 7. It should be noted that the computer system 1600 of the electronic device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 7, computer system 1600 includes a Central Processing Unit (CPU)1601, which can perform various appropriate actions and processes, such as executing the methods described in the above embodiments, according to a program stored in a Read-Only Memory (ROM) 1602 or a program loaded from a storage portion 1608 into a Random Access Memory (RAM) 1603. In the RAM 1603, various programs and data necessary for system operation are also stored. The CPU 1601, ROM 1602, and RAM 1603 are connected to each other via a bus 1604. An Input/Output (I/O) interface 1605 is also connected to the bus 1604.
The following components are connected to the I/O interface 1605: an input portion 1606 including a keyboard, a mouse, and the like; an output section 1607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage portion 1608 including a hard disk and the like; and a communication section 1609 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 1609 performs communication processing via a network such as the internet. The driver 1610 is also connected to the I/O interface 1605 as needed. A removable medium 1611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1610 as necessary, so that a computer program read out therefrom is mounted in the storage portion 1608 as necessary.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method illustrated by the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via the communication portion 1609, and/or installed from the removable media 1611. When the computer program is executed by a Central Processing Unit (CPU)1601, various functions defined in the system of the present application are executed.
It should be noted that the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with a computer program embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. The computer program embodied on the computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
Another aspect of the present application also provides a computer-readable storage medium on which a computer program is stored, which, when executed by a processor, implements the data access control method applied to the blockchain system as described above. The computer-readable storage medium may be included in the electronic device described in the above embodiment, or may exist separately without being incorporated in the electronic device.
Another aspect of the application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the computer device executes the data access control method applied to the blockchain system provided in the above embodiments.
The above description is only a preferred exemplary embodiment of the present application, and is not intended to limit the embodiments of the present application, and those skilled in the art can easily make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (15)

1. A data access control method applied to a blockchain system, wherein a plurality of blockchains are deployed in the blockchain system, the method comprising:
when a data access request of a user to a target block chain in the block chain system is received, sending an identity of the user to a main block chain in the block chain system to indicate the main block chain to send identity credential data of the user to the target block chain according to the identity of the user, wherein the identity credential data is generated on the main block chain after the main block chain passes identity verification of the user;
according to the main chain public key of the main block chain stored in the target block chain, verifying the main chain signature contained in the identity certificate data on the target block chain;
and if the main chain signature contained in the identity certificate data passes verification on the target block chain, allowing the user to perform data access on the target block chain.
2. The method of claim 1, wherein prior to sending the identity of the user to the master blockchain, the method further comprises:
according to the identity data of the user, performing identity verification on the user on the main block chain;
if the identity of the user passes the verification, signing user data corresponding to the user on the master block chain based on a main chain private key of the master block chain to obtain a main chain signature, wherein the user data comprises the identity data;
and using the user data and the main chain signature as identity credential data of the user.
3. The method of claim 2, wherein the user data further comprises a user signature and a user public key of the user; signing the user data corresponding to the user on the main block chain based on the main chain private key of the main block chain to obtain the main chain signature, wherein the main chain signature comprises:
generating the user public key on the main block chain and generating a user private key corresponding to the user public key;
and signing the identity data according to the user private key to obtain the user signature, and signing the identity data, the user signature and the user public key according to the main chain private key of the main block chain to obtain the main chain signature.
4. The method of claim 2, wherein after the user data and the backbone signature are used as identity credential data for the user, the method further comprises:
storing the identity credential data on the master blockchain;
and acquiring an identity distributed by the main block chain aiming at the stored identity certificate data, wherein the identity is used for uniquely identifying the identity of the user.
5. The method of claim 1, wherein the plurality of blockchains further comprises a chain of sub-blocks; before sending the identity of the user to the master blockchain when a data access request of the user to a target blockchain is received, the method further comprises:
generating a main chain private key and a main chain public key of the main block chain on the main block chain;
and synchronously storing the main chain public key to the sub-block chain.
6. The method of claim 5, wherein a cross-chain gateway is configured on the blockchain, and the cross-chain gateway is used for constructing a data transmission channel between the sub-blockchain and the main blockchain; synchronously storing the main chain public key to the sub-block chain, wherein the steps of:
and transmitting the main chain public key generated by the main block chain to the sub-block chain for storage based on a data transmission channel between the sub-block chain and the main block chain.
7. The method of claim 5, wherein synchronously storing the public backbone key on the chain of sub-blocks comprises:
generating a main chain certificate carrying the main chain public key on the main block chain;
and sending the main chain certificate to the sub-block chain so that the main chain public key is stored in the main block chain and the sub-block chain respectively.
8. The method of claim 1, wherein after the backbone signature contained in the identity credential data is verified on the target block chain, the method further comprises:
verifying a user signature contained in the identity credential data on the target block chain according to the user public key of the user stored on the target block chain, wherein the user public key is synchronized from the master block chain to the target block chain;
and if the user signature contained in the identity certificate data passes verification on the target block chain, allowing the user to perform data access on the target block chain.
9. The method of claim 1, wherein sending the identity of the user to the master blockchain when receiving a data access request of the user to a target blockchain comprises:
determining whether a target block chain requested by the user for data access is the master block chain or not according to the received data access request;
and if the target block chain is determined to be a sub-block chain in the plurality of block chains, sending the identity of the user to the main block chain.
10. The method of claim 9, further comprising:
if the target block chain is determined to be the master block chain, further determining whether the identity of the user passes verification on the master block chain;
and if the identity of the user is confirmed to pass verification on the master block chain, allowing the user to perform data access on the master block chain.
11. The method of claim 1, wherein sending the identity of the user to the master blockchain when a data access request for the user to the target blockchain is received comprises:
searching the identity of the user in an identity set according to user information carried in the data access request, wherein the identity set is constructed according to the identity sent by the master block chain, and the identity sent by the master block chain is used for indicating that the identity of the identified user passes verification on the master block chain;
and sending the searched identity of the user to the master block chain.
12. The method of claim 11, further comprising:
if the identity of the user is not found in the identity set, returning a data access failure notification to the user, or executing the process of performing identity verification on the user by the master block chain.
13. A data access control apparatus applied to a blockchain system, wherein a plurality of blockchains are deployed in the blockchain system, the apparatus comprising:
the request response module is configured to send the identity of the user to a master block chain in the block chain system when a data access request of the user to a target block chain in the block chain system is received, so as to instruct the master block chain to send identity credential data of the user to the target block chain according to the identity of the user, wherein the identity credential data is generated on the master block chain after the master block chain passes identity verification on the user;
the data verification module is configured to verify a main chain signature contained in the identity credential data on the target block chain according to a main chain public key of the main block chain stored on the target block chain;
an access control module configured to allow the user to access data of the target blockchain if a backbone signature included in the identity credential data is verified on the target blockchain.
14. An electronic device, comprising:
a memory storing computer readable instructions;
a processor to read computer readable instructions stored by the memory to perform the method of any of claims 1-12.
15. A computer-readable storage medium having computer-readable instructions stored thereon, which, when executed by a processor of a computer, cause the computer to perform the method of any one of claims 1-12.
CN202011144027.XA 2020-10-22 2020-10-22 Data access control method and device applied to block chain system Active CN112311779B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011144027.XA CN112311779B (en) 2020-10-22 2020-10-22 Data access control method and device applied to block chain system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011144027.XA CN112311779B (en) 2020-10-22 2020-10-22 Data access control method and device applied to block chain system

Publications (2)

Publication Number Publication Date
CN112311779A true CN112311779A (en) 2021-02-02
CN112311779B CN112311779B (en) 2023-06-30

Family

ID=74327206

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011144027.XA Active CN112311779B (en) 2020-10-22 2020-10-22 Data access control method and device applied to block chain system

Country Status (1)

Country Link
CN (1) CN112311779B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259119A (en) * 2021-06-02 2021-08-13 支付宝(杭州)信息技术有限公司 Block chain message distribution method and device
CN114221824A (en) * 2022-02-22 2022-03-22 北京悦游信息技术有限公司 Security access control method, system and readable storage medium for private area network
CN114553912A (en) * 2022-02-24 2022-05-27 平安国际智慧城市科技股份有限公司 Health file sharing method, system, equipment and storage medium based on block chain

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878318A (en) * 2017-03-03 2017-06-20 钱德君 A kind of block chain real time polling cloud system
CN110109930A (en) * 2019-05-15 2019-08-09 山东省计算中心(国家超级计算济南中心) Government data storage, querying method and system based on block chain duplex structure
US20190372956A1 (en) * 2018-06-01 2019-12-05 Paypal, Inc. Using keys with targeted access to the blockchain to verify and authenticate identity
US10535062B1 (en) * 2019-03-20 2020-01-14 Capital One Services, Llc Using a contactless card to securely share personal data stored in a blockchain
WO2020048241A1 (en) * 2018-09-04 2020-03-12 阿里巴巴集团控股有限公司 Blockchain cross-chain authentication method and system, and server and readable storage medium
CN111209334A (en) * 2019-12-23 2020-05-29 国网河北省电力有限公司雄安新区供电公司 Block chain-based power terminal data security management method
CN111353175A (en) * 2020-05-22 2020-06-30 腾讯科技(深圳)有限公司 Data processing method, device, equipment, block chain system and storage medium
CN111476081A (en) * 2020-01-19 2020-07-31 天津大学 Identity authentication model based on block chain and face recognition
US20200295949A1 (en) * 2018-06-26 2020-09-17 Alibaba Group Holding Limited Blockchain-based content verification

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878318A (en) * 2017-03-03 2017-06-20 钱德君 A kind of block chain real time polling cloud system
US20190372956A1 (en) * 2018-06-01 2019-12-05 Paypal, Inc. Using keys with targeted access to the blockchain to verify and authenticate identity
US20200295949A1 (en) * 2018-06-26 2020-09-17 Alibaba Group Holding Limited Blockchain-based content verification
WO2020048241A1 (en) * 2018-09-04 2020-03-12 阿里巴巴集团控股有限公司 Blockchain cross-chain authentication method and system, and server and readable storage medium
US10535062B1 (en) * 2019-03-20 2020-01-14 Capital One Services, Llc Using a contactless card to securely share personal data stored in a blockchain
CN110109930A (en) * 2019-05-15 2019-08-09 山东省计算中心(国家超级计算济南中心) Government data storage, querying method and system based on block chain duplex structure
CN111209334A (en) * 2019-12-23 2020-05-29 国网河北省电力有限公司雄安新区供电公司 Block chain-based power terminal data security management method
CN111476081A (en) * 2020-01-19 2020-07-31 天津大学 Identity authentication model based on block chain and face recognition
CN111353175A (en) * 2020-05-22 2020-06-30 腾讯科技(深圳)有限公司 Data processing method, device, equipment, block chain system and storage medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113259119A (en) * 2021-06-02 2021-08-13 支付宝(杭州)信息技术有限公司 Block chain message distribution method and device
CN113259119B (en) * 2021-06-02 2021-10-29 支付宝(杭州)信息技术有限公司 Block chain message distribution method and device
CN114221824A (en) * 2022-02-22 2022-03-22 北京悦游信息技术有限公司 Security access control method, system and readable storage medium for private area network
CN114221824B (en) * 2022-02-22 2022-05-17 北京悦游信息技术有限公司 Security access control method, system and readable storage medium for private area network
CN114553912A (en) * 2022-02-24 2022-05-27 平安国际智慧城市科技股份有限公司 Health file sharing method, system, equipment and storage medium based on block chain

Also Published As

Publication number Publication date
CN112311779B (en) 2023-06-30

Similar Documents

Publication Publication Date Title
CN111163182B (en) Block chain-based device registration method and apparatus, electronic device, and storage medium
CN108259438B (en) Authentication method and device based on block chain technology
CN111144881A (en) Selective access to asset transfer data
CN112311779B (en) Data access control method and device applied to block chain system
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
CN108769230B (en) Transaction data storage method, device, server and storage medium
CN110602052A (en) Micro-service processing method and server
CN110177124B (en) Identity authentication method based on block chain and related equipment
CN111314172B (en) Block chain-based data processing method, device, equipment and storage medium
CN112733178B (en) Cross-chain trust method, device, equipment and medium based on digital certificate authentication
CN110096894B (en) Data anonymous sharing system and method based on block chain
CN113271311A (en) Digital identity management method and system in cross-link network
CN115150072A (en) Cloud network issuing authentication method, equipment, device and storage medium
WO2022088710A1 (en) Mirror image management method and apparatus
CN112446050B (en) Business data processing method and device applied to block chain system
WO2024011863A9 (en) Communication method and apparatus, sim card, electronic device, and terminal device
US20200137037A1 (en) Endpoint security
CN115967508A (en) Data access control method and device, equipment, storage medium and program product
CN115001714A (en) Resource access method and device, electronic equipment and storage medium
CN111294315B (en) Block chain-based security authentication method, block chain-based security authentication device, block chain-based security authentication equipment and storage medium
US20240143730A1 (en) Multi-factor authentication using blockchain
CN116980136A (en) Interface processing method, device, equipment, storage medium and product of intelligent contract
CN116226932A (en) Service data verification method and device, computer medium and electronic equipment
CN116049304A (en) Data processing method, device and equipment based on alliance chain and readable storage medium
CN116938462A (en) Transaction processing method and device based on blockchain, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40038689

Country of ref document: HK

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant