CN114780980A - Digital object operation evidence storing and tracing management method, device, equipment and medium - Google Patents
Digital object operation evidence storing and tracing management method, device, equipment and medium Download PDFInfo
- Publication number
- CN114780980A CN114780980A CN202210490545.XA CN202210490545A CN114780980A CN 114780980 A CN114780980 A CN 114780980A CN 202210490545 A CN202210490545 A CN 202210490545A CN 114780980 A CN114780980 A CN 114780980A
- Authority
- CN
- China
- Prior art keywords
- block chain
- block
- operation request
- request
- digital object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 23
- 238000013475 authorization Methods 0.000 claims abstract description 82
- 238000012795 verification Methods 0.000 claims abstract description 64
- 238000000034 method Methods 0.000 claims abstract description 41
- 238000012545 processing Methods 0.000 claims abstract description 37
- 238000004806 packaging method and process Methods 0.000 claims abstract description 4
- 238000004590 computer program Methods 0.000 claims description 17
- 238000011217 control strategy Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 8
- 238000012856 packing Methods 0.000 claims description 6
- 230000004044 response Effects 0.000 claims description 4
- 230000002708 enhancing effect Effects 0.000 abstract description 2
- 238000012360 testing method Methods 0.000 description 26
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000007613 environmental effect Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000007774 longterm Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application relates to the technical field of computers, in particular to a digital object operation evidence storing and tracing management method, device, equipment and medium, aiming at improving the safety of DO operation and enhancing the traceability of the DO operation. The method comprises the following steps: the authorization block chain network authorizes the client according to the authorization information sent by the resource owner; an operation block chain node on the operation block chain network responds to an authorized operation request sent by the client, and the operation request is verified through an intelligent contract to obtain a verification result; the operating block chain node is used for packaging and storing an operating request verified successfully in a preset time period and a verification result corresponding to the operating request verified successfully in a new block to obtain a new operating request block; and the operation block link point sends the operation request block to a digital object source database, and forwards a processing result of the digital object source database for processing the operation request block to the client.
Description
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a method, a device, equipment and a medium for digital object operation evidence storage and source tracing management.
Background
The DO (digital object) is different from a traditional data file, the DO comprises metadata and specific data, the traditional data file is searched through an address (such as url), the DO can be directly searched through file contents, the management mode is more flexible, the metadata of DO resources are stored in a DO warehouse, and the DO warehouse is used for uniformly managing and calling the metadata of the resources stored in the DO warehouse. The source data corresponding to the DO resource is stored in other databases or file systems, and the source data address can be indexed by the metadata of the DO resource. In the prior art, the subject attribute of the user is stored through a block chain, the subject attribute authorization of the user is managed, and the operation and management of the user on the DO resource are realized.
The prior art has the problems that the DO operation request is authenticated and processed by depending on a single center, and traceable safe storage and management of the operation request are lacked.
Disclosure of Invention
The embodiment of the application provides a digital object operation evidence storing and tracing management method, device, equipment and medium, aiming at improving the safety of DO operation and enhancing the traceability of the DO operation.
A first aspect of the embodiments of the present application provides a method for managing operation evidence storage and tracing of a digital object, where the method includes:
the authorization block chain network authorizes the client according to the authorization information sent by the resource owner;
an operation block chain node on an operation block chain network responds to an operation request sent by the authorized client, and verifies the operation request through an intelligent contract to obtain a verification result;
the operating block chain node is used for packaging and storing an operating request verified successfully in a preset time period and a verification result corresponding to the operating request verified successfully in a new block to obtain a new operating request block;
and the operation block link point sends the operation request block to a digital object warehouse and forwards a processing result of the digital object warehouse for processing the operation request block to the client.
Optionally, the authorizing the client according to the authorization information sent by the resource owner in the authorization blockchain network includes:
the resource owner generates the authorization information according to the authorization request sent by the client; the authorization information at least includes: the account of the resource owner, the account of the client and the account attribute which needs to be added to the account of the client are provided;
and the authorization block chain network verifies the authorization information, and after the verification is successful, corresponding operation permission is granted to the client.
Optionally, the verifying, by an intelligent contract, the operation request sent by the authorized client by an operation blockchain node on the operation blockchain network includes:
the operation block chain node obtains main attribute data corresponding to the operation request from the authorization block chain network;
the operating block link point obtains object attribute data corresponding to the operating request according to the operating request;
and the operation block chain node adopts an intelligent contract to verify the subject attribute data, the object attribute data and the access control strategy to obtain a verification result.
Optionally, the method further comprises:
and recording the verification result in the operation block chain network.
Optionally, the obtaining, by the operating block link point according to the operation request, object attribute data corresponding to the operation request includes:
the operation block chain node requests retrieval from the digital object identity information warehouse according to the digital object identity information corresponding to the operation request to obtain digital object positioning corresponding to the digital object identity information;
and the operation block chain node acquires the object attribute data of the corresponding digital object from the digital object metadata base according to the digital object positioning.
Optionally, the sending, by the operation block node, the operation request block to a digital object source database, and forwarding a processing result of the digital object source database processing the operation request block to the client, includes:
the operation block link sends the operation request block to the digital object source database;
the digital object source database processes according to each operation request in the operation request block and sends the processing result of each operation request to the operation block chain node;
and the operation block chain node sends the processing result of each operation request to the client.
Optionally, the verifying, by an intelligent contract, the operation request sent by the authorized client in response to the operation request by the operation blockchain node on the operation blockchain network to obtain a verification result, where the verifying includes:
and the operation block chain node responds to an operation request sent by the authorized client or an operation request sent by the resource owner, and verifies the operation request through an intelligent contract to obtain a verification result.
A second aspect of the embodiments of the present application provides a digital object operation evidence storage and source tracing management apparatus, where the apparatus includes:
the authorization module is used for authorizing the blockchain network to authorize the client according to the authorization information sent by the resource owner;
the operation verification module is used for responding to an operation request sent by the authorized client by an operation block chain node on the operation block chain network, verifying the operation request through an intelligent contract and obtaining a verification result;
the operation packing module is used for packing and storing the operation request verified successfully in the preset time period and the verification result corresponding to the operation request verified successfully in a new block by the operation block chain node to obtain a new operation request block;
and the operation returning module is used for sending the operation request block to a digital object source database by the operation block link node, and forwarding a processing result of the operation request block processed by the digital object source database to the client.
Optionally, the authorization module comprises:
an authorization information generation submodule, configured to generate the authorization information according to an authorization request sent by the client by the resource owner; the authorization information at least includes: the account of the resource owner, the account of the client and the account attribute which needs to be added to the account of the client are provided;
and the authorization submodule is used for verifying the authorization information by the authorization block chain network and granting corresponding operation authority to the client after the verification is successful.
Optionally, the operation verification module comprises:
the main attribute determining submodule is used for obtaining main attribute data corresponding to the operation request from the authorized block chain network by the operation block chain node;
the object attribute determining submodule is used for the operating block chain node to obtain object attribute data corresponding to the operating request according to the operating request;
and the verification result obtaining submodule is used for verifying the subject attribute data, the object attribute data and the access control strategy by adopting an intelligent contract for the operating block chain link points to obtain a verification result.
Optionally, the erase verification module further comprises:
and the verification result recording sub-module is used for recording the verification result in the operation block chain network.
Optionally, the object attribute determining sub-module includes:
the digital object positioning sub-module is used for requesting retrieval from the digital object identity information warehouse by the operating block chain node according to the digital object identity information corresponding to the operating request to obtain digital object positioning corresponding to the digital object identity information;
and the object attribute obtaining submodule is used for obtaining the object attribute data of the corresponding digital object from the digital object metadata base by the operation block chain node according to the digital object positioning.
Optionally, the operation return module includes:
a block sending submodule, configured to send the operation request block to the digital object source database by the operation block link node;
a result sending submodule, configured to process, by the digital object source database according to each operation request in the operation request block, and send a processing result of each operation request to the operation block link node;
and the result forwarding submodule is used for sending the processing result of each operation request to the client by the operation block chain node.
Optionally, the operation verification module further comprises:
and the operation block chain node responds to an operation request sent by the authorized client or an operation request sent by the resource owner, and verifies the operation request through an intelligent contract to obtain a verification result.
A third aspect of embodiments of the present application provides a readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps in the method according to the first aspect of the present application.
A fourth aspect of the embodiments of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the method according to the first aspect of the present application.
By adopting the digital object operation evidence storing and tracing management method provided by the application, the authorization block chain network authorizes the client according to the authorization information sent by the resource owner; the client sends an operation request to an operation block chain network, and operation block chain nodes on the operation block chain network verify the operation request through an intelligent contract to obtain a verification result; the operating block chain node packs and stores the operating request in a preset time period and the verification result corresponding to the operating request into a new block to obtain a new operating request block; and the operation block link point sends the operation request block to a digital object source database, and forwards the processing result of the digital object source database on the operation request block to the client. According to the method and the device, a double-chain management scheme is adopted, the authorized block chain network and the operation block chain network cooperate with each other, the processing efficiency is increased, the operation is verified by using an intelligent contract, the management safety of the operation of the DO warehouse is enhanced, and the traceability of the DO operation is enhanced by storing the block chain of the operation request.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required to be used in the description of the embodiments of the present application will be briefly described below, and it is obvious that the drawings in the description below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings may be obtained according to these drawings without inventive labor.
FIG. 1 is a block diagram of an overall framework of a double-stranded DO management scheme as proposed by an embodiment of the present application;
fig. 2 is a flowchart of a digital object operation evidence storage and source tracing management method according to an embodiment of the present application;
fig. 3 is a schematic diagram of a digital object operation evidence storing and tracing management apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
In the embodiment of the present application, a set of digital object operation evidence storage and tracing management method is designed, as shown in fig. 1, fig. 1 is an overall framework schematic diagram of a double-chain DO management scheme provided in an embodiment of the present application, and as shown in fig. 1:
the whole framework comprises a client, a resource owner, an authorized block chain network, an operation block chain network and a DO warehouse. The DO warehouse comprises a DOI (digital object identity information), a DO source database and a DO metadatabase.
The client is responsible for requesting authorization from the resource owner, and after obtaining the authorization, the corresponding DO resource can be operated. The resource owner has the corresponding user attribute for operating the DO resource, and can authorize the attribute to the client for temporary or long-term operation. The authorization block chain network is responsible for managing the attribute states of all users, recording the authorization initiated by the users and modifying the corresponding user attributes according to the authorization. The operation block chain network is responsible for managing all DO operations, recording the DO operations initiated by the user and sending the packed operations to the DO warehouse. The DOI is responsible for uniformly storing and managing the plurality of DO identity information, and a user can inquire the corresponding DO resource position according to the DO identity information. The DO metadata base is responsible for storing metadata of the DO resource, including DO name, attribute and the like. The DO source database is responsible for storing DO source data including pictures, videos and the like.
The digital object operation evidence storing and tracing management method provided by the embodiment of the application is provided based on the framework.
Referring to fig. 2, fig. 2 is a flowchart of a digital object operation evidence storing and tracing management method according to an embodiment of the present application. As shown in fig. 2, the method comprises the steps of:
s11: and the authorization blockchain network authorizes the client according to the authorization information sent by the resource owner.
In this embodiment, when a user needs to operate a DO resource in the DO warehouse, the user needs to operate on the client, and for a new user, the new user does not have the right to operate the corresponding DO resource, and at this time, the user needs to initiate an authorization request through the client, and can perform the corresponding DO operation after obtaining the authorization.
In this embodiment, the specific steps of authorizing, by the authorization blockchain network, the client according to the authorization information sent by the resource owner include:
s11-1: the resource owner generates the authorization information according to the authorization request sent by the client; the authorization information at least includes: the account of the resource owner and the account of the client need account attributes added to the account of the client.
In this embodiment, the resource owner owns the corresponding user attribute for operating the DO resource, and may authorize the attribute to the client for temporary or long-term operation, and when the user needs to operate the DO resource, the user may send the authorization request to the corresponding resource owner through the client.
In this embodiment, the authorized blockchain network is also called an authorized blockchain account book, and the authorized blockchain network manages attribute states of all users, where corresponding permissions are also set for each attribute, for example, an a user has a read permission for a DO resource, and a B user has a read and write permission for a DO resource.
In this embodiment, after receiving an authorization request sent by a client, a resource owner generates corresponding authorization information, where the authorization information includes an account of the resource owner, an account of a client user, and specific attribute authorization content, that is, an account attribute that needs to be added to the client. For example, "user A grants attribute X to user B. "
S11-2: and the authorization block chain network verifies the authorization information, and after the verification is successful, the corresponding operation authority is granted to the client.
In this embodiment, the authorization block chain ledger verifies the authorization information according to an access control policy, where the access control policy is a pre-established policy and mainly specifies an access and control policy for the DO resource, and only requests and instructions that conform to the policy can be verified, and requests and instructions that DO not conform to the access control policy cannot be verified. When the authorization information is received by the authorization block chain account book, whether the attribute is possessed in the attribute set of the user A or not and whether the attribute is not possessed in the user B or not are verified according to the access control strategy, and when the authorization information is determined to be correct, the verification is passed.
The method for granting the corresponding authority to the client is to change the account state of the client user and add an attribute capable of operating the DO resource to the account state. For example, the account attribute of the user A is X, the user A grants the account attribute X to the user B through the authorization block chain network, and the user B also has the account attribute X. The blockchain network completes authorization of the client.
For example, in a campus scenario, a teacher issues a test paper to a student, allowing only the student to read the test paper at a particular time but not modify the test paper.
User a contains the attribute set { "teacher", "student" }, user B initially has no attribute { }.
There are DO resources "2020 end-of-term test paper" in the DO repository.
DOI:school/1d2ae9582a92b822ec103。
The attribute set is { "test paper" }.
Access control policy set {1, "subject attribute: student or teacher, object attribute: examination paper, operation: read, environmental attributes: 2020.11.20-2021.11.21 ", 2" subject attributes: teacher, object attribute: test paper, operation: write, environmental attributes: 2020.11.10-2021.11.19"}.
Access control policy 1 indicates that teachers and students can read "2020 end-of-term test paper" at 2020.11.20-2020.11.21. Access control policy 2 indicates that the teacher may write to "2020 end-of-term test paper" at 2020.11.10-2020.11.19.
In an initial state, a user B cannot access the ' 2020-level end-of-term test paper ', the user A initiates authorization, an attribute ' student ' is granted to the user B, and after the user B obtains the authorization, the user B can read the ' 2020-level end-of-term test paper according to the access control policy 1 within a specific time and cannot write the ' 2020-level end-of-term test paper '.
When a student logs in a client and wants to read a test paper, the student firstly needs to request the teacher for the permission of reading the test paper, and the method specifically comprises the following steps:
the preset state of the authorized block chain network is as follows: { "A": { "teacher", "student" }, "B": { };
operation block chain network preset state: { };
user a initiates authorization { "from": "A", "to": B "," attribute ": student" };
the authorized block chain network packs the authorization to the new block, and the user state is modified in the account book as follows: { "A": { "teacher", "student" }, "B": { "student" } };
s12: and responding to an operation request sent by the authorized client by an operation block chain node on the operation block chain network, and verifying the operation request through an intelligent contract to obtain a verification result.
In this embodiment, after the client is authorized, the user of the client obtains a corresponding right, and the user can send an operation request to the operation block chain network through the client at this time, where the operation block chain is responsible for managing all DO operations, an intelligent contract is a preset contract, and an operation rule agreed by both parties of the contract defines a rule that the operation request passes verification. After the rule is met and the verification is passed, a verification result is obtained.
Illustratively, the operation request includes DOI (digital object resource identity information), operation type and operation signature.
The user B initiates an operation request:
{ "from": "B", "doi": "school/1 d2ae9582a92b822ec 103", "operation": "read", "sig": 0x1ab2f523ac … } "operation" indicates the operation type, and "sig" indicates signature information.
The specific steps of sending out the operation request and passing the verification are as follows:
s12-1: and the operation block chain node obtains the main attribute data corresponding to the operation request from the authorized block chain network.
In this embodiment, the operation block chain node is a service node in an operation block chain network, the operation block chain network is composed of a plurality of service nodes, the whole network allocates a task to each node, and the node is responsible for specific execution. In order to ensure the security of the operation, a body attribute of the operation needs to be authenticated, where the body attribute refers to a user attribute of a user who sends the operation, and the body attribute of an operation object corresponding to the operation request is stored in an authorized blockchain network and needs to be acquired through a cross-chain mechanism, where the cross-chain mechanism refers to data transmission between two different blockchains. And the operation block chain node obtains the main body attribute from the authorization block chain network through a cross-chain mechanism and is used for verifying the operation request.
Specifically, the operation blockchain node requests the authorized blockchain for the subject attribute set of the sender of the operation request according to the from field in the operation request. For example, the subject attribute set is acquired as { "student" }.
S12-2: and the operating block chain node obtains object attribute data corresponding to the operating request according to the operating request.
In this embodiment, the object attribute refers to an attribute of a DO resource corresponding to the operation request, and the object attribute of the digital object is stored in a DO metadata base. The specific steps of the operation block chain node obtaining the object attribute data corresponding to the operation request according to the operation request are as follows:
s12-2-1: and the operation block chain node requests retrieval from the digital object identity information warehouse according to the digital object identity information corresponding to the operation request to obtain digital object positioning corresponding to the digital object identity information.
In this embodiment, the operation block chain node may request a corresponding position of the DO from the DOI according to the DOI field in the operation request, the DOI may send a url (address) and an id of the DO resource in the DO repository to the block chain node, and the block chain node may locate the DO resource according to the url and the id.
Illustratively, the url obtained by the operation block chain node is { "url": www.school.com "," id ": 1d2ae9582a92b822ec 103" }.
S12-2-2: and the operation block chain node obtains the object attribute data of the corresponding digital object from the digital object warehouse according to the digital object positioning.
In this embodiment, after the position of the DO resource in the DO warehouse is located, the operation block chain accesses the corresponding DO warehouse through url and id according to the object attribute of the DO corresponding to the location request, and the DO warehouse sends the object attribute field of the corresponding DO to the operation block chain node according to the id of the DO.
Illustratively, the operation block chain node accesses a corresponding DO warehouse according to the url and the id, and acquires an object attribute set { "test paper" } of the DO.
S12-3: and the operating block chain node adopts an intelligent contract to verify the subject attribute data, the object attribute data and the access control strategy to obtain a verification result.
In this embodiment, in order to ensure the security of the operation, the operation request needs to be verified according to the received subject attribute data, object attribute data, and access control policy set. And verifying whether the subject attribute of the operation has the right to the DO operation. The verification of the operation request can be realized by running the intelligent contract program.
Illustratively, for the access control policy, policy 1, "body attribute: student or teacher, object attribute: examination paper, operation: read, environment attribute: 2020.11.20-2021.11.21', the subject attribute of the user B who sends the operation request is a student, the object attribute of the DO which wants to operate is a test paper, the operation is reading, and the time is 2020.11.20, then the operation request conforms to the access control strategy, and the verification is successful. For example, the generated verification result is authentication, True, which represents the successful verification.
S13: and the operating block chain node stores the successfully verified operating request in a preset time period and the verification result corresponding to the successfully verified operating request in a new block in a packaging manner to obtain a new operating request block.
In this embodiment, after the verification is successful, the operation request and the verification result corresponding to the operation request are packed and stored in a new block, so as to facilitate the packing processing. The new operation request block is a block newly divided in the block chain network and is specially used for storing the operation request and the corresponding verification result. For batch processing, the operation requests within a time period are uniformly packed and packed into a new block, and the preset time period may be set by itself, for example, 5 seconds or 10 seconds, which is not limited herein.
Illustratively, the operation request of the user B stored in the new block is:
{ blocknum:0, operations [ { "from": "B", "do": "2020 end-of-term test paper", "op _ code": "read", "sig": 0x1ab2f523ac … }, "authentication": True ] } a
Wherein, blocknum is a block number, operations are authorization information, op _ code is an operation type, sig is a digital signature, and authentication represents a verification result.
In another embodiment of the present application, the operation blockchain network records each operation request, and the operation records can be called and viewed at any time.
S14: and the operation block link point sends the operation request block to a digital object source database, and forwards a processing result of the digital object source database for processing the operation request block to the client.
In this embodiment, the specific steps of sending the packed operation request block to the digital object source database by the block node, and forwarding the processing result of the operation request block by the digital object source database to the client include:
s14-1: the operation block node sends the operation request block to the digital object source database.
In this embodiment, all operation requests and corresponding verification results within a preset time period are recorded in the operation request block, and the operation request block is directly sent to the corresponding DO source database.
S14-2: and the digital object source database processes according to each operation request in the operation request block and sends the processing result of each operation request to the operation block chain node.
In this embodiment, the DO source database invokes corresponding DO source data in the DO source database according to each operation request in the operation request block, and sends the corresponding DO source data to the block link node.
For example, if one operation request in the operation request block is "a read request of the B user for the 2020-level end test paper", the DO source database finds a "2020-level end test paper, pdf" file in the DO source database according to the request, and sends the file to the block chain node.
S14-3: and the operation block chain node sends the processing result of each operation request to the client.
In this embodiment, after the DO source database sends the processing result to the operation block link node, the operation block link node forwards the processing result to the client, and the user B implements the operation on the DO resource.
Illustratively, the operation block link point sends "2020 end-of-term test paper" in S14-2 to the client of user B, and user B realizes the reading operation on the test paper.
In the embodiment of the scheme, the complete steps of the students for checking the test paper are as follows:
1. the DO warehouse presets an access control strategy set: { "subject Properties: student or teacher, object attribute: test paper, operation: read, environmental attributes: 2020.11.20-2021.11.21 "," subject attribute: teacher, object attribute: test paper, operation: write, environment attribute: 2020.11.10-2021.11.19"}.
2. The authorized block chain network preset state: { "A": { "teacher", "student" }, "B": { };
3. operation block chain network preset state: {}.
4. User a initiates authorization { "from": "A", "to": B "," attribute ": student" }.
5. The grant block chain network packs the grant to the new block and modifies the user state in the network to: { "A": { "teacher", "student" }, "B": { "student" }.
6. User B initiates an operation request { "from": "B", "doi": "school/1 d2ae9582a92b822ec 103", "operation": "read", "sig": 0x1ab2f523ac … }.
7. And the operation blockchain node requests a main attribute set of a sender from the authorized blockchain network according to the from field in the operation request, and acquires the attribute set { 'student' }.
8. And the operation block chain node requests the corresponding position of the DO from the DOI warehouse according to the DOI field in the operation request, and acquires the url of the DO warehouse, { "url": www.school.com "," id ": 1d2ae9582a92b822ec 103" }.
9. And the operation block chain node accesses a corresponding DO warehouse according to the url and the id, and acquires an object attribute set { "test paper" } of the DO.
10. The intelligent contract verifies the operation request according to the acquired data and the access control strategy, packs the verification result in a new block and records the result in an operation block chain network [ { blocknum:0, operations [ { "from": "B", "do": "2020 grade end-of-term test paper", "operation": "read", "sig": 0x1ab2f523ac …), "authentication": True ] }.
11. And the DO warehouse carries out corresponding operation according to the received blocks.
12. The DO warehouse returns the result "2020 end-of-term test paper" to the blockchain node for further forwarding to user B.
In another embodiment of the present application, the resource owner may also operate on the digital object resource through the chain of operation blocks.
The operation procedure of the resource owner on the DO resource is the same as the processing procedure of the operation initiated by the client, and is not described here.
Based on the same inventive concept, an embodiment of the present application provides a digital object operation evidence storage and source tracing management apparatus. Referring to fig. 3, fig. 3 is a schematic diagram of a digital object operation evidence storing and source tracing management apparatus 300 according to an embodiment of the present application. As shown in fig. 3, the apparatus includes:
an authorization module 301, configured to authorize the blockchain network to authorize the client according to authorization information sent by the resource owner;
an operation verification module 302, configured to verify, by an intelligent contract, an operation block chain node on an operation block chain network in response to an operation request sent by an authorized client, to obtain a verification result;
an operation packing module 303, configured to pack and store, by the operation block link point, the operation request that is successfully verified within a preset time period and the verification result corresponding to the operation request that is successfully verified into a new block, so as to obtain a new operation request block;
an operation returning module 304, configured to send the operation request block to the digital object source database by the operation block node, and forward a processing result of the operation request block processed by the digital object source database to the client.
Optionally, the authorization module comprises:
the authorization information generation submodule is used for generating the authorization information by the resource owner according to the authorization request sent by the client; the authorization information at least includes: the account of the resource owner, the account of the client and the account attribute which needs to be added to the account of the client are provided;
and the authorization submodule is used for verifying the authorization information by the authorization block chain network and granting corresponding operation authority to the client after the verification is successful.
Optionally, the operation verification module comprises:
the main attribute determining submodule is used for the operation block chain node to obtain main attribute data corresponding to the operation request from the authorization block chain network;
the object attribute determining submodule is used for obtaining object attribute data corresponding to the operation request by the operation block chain node according to the operation request;
and the verification result obtaining submodule is used for verifying the subject attribute data, the object attribute data and the access control strategy by adopting an intelligent contract for the operating block link points to obtain a verification result.
Optionally, the erase verification module further comprises:
and the verification result recording sub-module is used for recording the verification result in the operation block chain network.
Optionally, the object attribute determining sub-module includes:
the digital object positioning sub-module is used for requesting retrieval from the digital object identity information warehouse by the operating block chain node according to the digital object identity information corresponding to the operating request to obtain digital object positioning corresponding to the digital object identity information;
and the object attribute obtaining submodule is used for obtaining the object attribute data of the corresponding digital object from the digital object metadata base by the operation block chain node according to the digital object positioning.
Optionally, the operation return module includes:
a block sending submodule, configured to send the operation request block to the digital object source database by the operation block link node;
the result sending sub-module is used for processing according to each operation request in the operation request block by using one digital object source database and sending the processing result of each operation request to the operation block chain node;
and the result forwarding sub-module is used for sending the processing result of each operation request to the client by the operation block chain node.
Optionally, the operation verification module further comprises:
and the operation block chain node responds to an operation request sent by the authorized client or an operation request sent by the resource owner, and verifies the operation request through an intelligent contract to obtain a verification result.
Based on the same inventive concept, another embodiment of the present application provides a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the method for managing and serving digital object resources according to any one of the above embodiments of the present application.
Based on the same inventive concept, another embodiment of the present application provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and running on the processor, and when the processor executes the computer program, the electronic device implements the steps in the method for managing and serving digital object resources according to any of the above embodiments of the present application.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.
Finally, it should also be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "include", "including" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article, or terminal device including a series of elements includes not only those elements but also other elements not explicitly listed or inherent to such process, method, article, or terminal device. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or terminal equipment comprising the element.
The method, the device, the equipment and the medium for managing the operation evidence storage and the traceability of the digital object provided by the application are introduced in detail, a specific example is applied in the text to explain the principle and the implementation mode of the application, and the description of the embodiment is only used for helping to understand the method and the core idea of the application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A digital object operation evidence storage and source tracing management method is characterized by comprising the following steps:
the authorization block chain network authorizes the client according to authorization information sent by a resource owner;
an operation block chain node on an operation block chain network responds to an operation request sent by the authorized client, and verifies the operation request through an intelligent contract to obtain a verification result;
the operating block chain node is used for packaging and storing an operating request verified successfully in a preset time period and a verification result corresponding to the operating request verified successfully in a new block to obtain a new operating request block;
and the operation block link point sends the operation request block to a digital object source database, and forwards a processing result of the digital object source database for processing the operation request block to the client.
2. The method of claim 1, wherein authorizing the client by the grant blockchain network according to the authorization information issued by the resource owner comprises:
the resource owner generates the authorization information according to the authorization request sent by the client; the authorization information at least comprises: the account of the resource owner, the account of the client and the account attribute which needs to be added to the account of the client are provided;
and the authorization block chain network verifies the authorization information, and after the verification is successful, the corresponding operation authority is granted to the client.
3. The method of claim 1, wherein verifying, by an intelligent contract, an operation blockchain node on an operation blockchain network in response to an operation request sent by an authorized client comprises:
the operation block chain node obtains main attribute data corresponding to the operation request from the authorization block chain network;
the operating block chain node obtains object attribute data corresponding to the operating request according to the operating request;
and the operation block chain node adopts an intelligent contract to verify the subject attribute data, the object attribute data and the access control strategy to obtain a verification result.
4. The method of claim 3, further comprising:
and recording the verification result in the operation block chain network.
5. The method according to claim 3, wherein the obtaining, by the operating block node, object attribute data corresponding to the operation request according to the operation request comprises:
the operation block chain node requests retrieval from the digital object identity information warehouse according to the digital object identity information corresponding to the operation request to obtain digital object positioning corresponding to the digital object identity information;
and the operation block chain node acquires the object attribute data of the corresponding digital object from the digital object metadata base according to the digital object positioning.
6. The method according to claim 1, wherein the operation block node sends the operation request block to a digital object source database, and forwards a processing result of the operation request block processed by the digital object source database to the client, including:
the operation block link sends the operation request block to the digital object source database;
the digital object source database processes according to each operation request in the operation request block and sends the processing result of each operation request to the operation block chain node;
the operation block chain node sends the processing result of each operation request to the client.
7. The method of claim 1, wherein an operation blockchain node on an operation blockchain network verifies an operation request sent by an authorized client through an intelligent contract to obtain a verification result in response to the operation request, and the method comprises:
and the operation block chain node responds to an operation request sent by the authorized client or an operation request sent by the resource owner, and verifies the operation request through an intelligent contract to obtain a verification result.
8. A digital object operation evidence storing and tracing management device is characterized by comprising:
the authorization module is used for authorizing the blockchain network to authorize the client according to the authorization information sent by the resource owner;
the operation verification module is used for responding to an operation request sent by the authorized client by an operation block chain node on the operation block chain network, verifying the operation request through an intelligent contract and obtaining a verification result;
the operation packing module is used for packing and storing the operation request verified successfully in the preset time period and the verification result corresponding to the operation request verified successfully in a new block by the operation block chain node to obtain a new operation request block;
and the operation returning module is used for sending the operation request block to the digital object warehouse by the operation block chain node and forwarding a processing result of the operation request block processed by the digital object warehouse to the client.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when executing the computer program.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110661692.4A CN113553603A (en) | 2021-06-15 | 2021-06-15 | Method, device, equipment and storage medium for managing and serving digital object resources |
| CN2021106616924 | 2021-06-15 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114780980A true CN114780980A (en) | 2022-07-22 |
Family
ID=78102129
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110661692.4A Withdrawn CN113553603A (en) | 2021-06-15 | 2021-06-15 | Method, device, equipment and storage medium for managing and serving digital object resources |
| CN202210490545.XA Pending CN114780980A (en) | 2021-06-15 | 2022-05-07 | Digital object operation evidence storing and tracing management method, device, equipment and medium |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110661692.4A Withdrawn CN113553603A (en) | 2021-06-15 | 2021-06-15 | Method, device, equipment and storage medium for managing and serving digital object resources |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN113553603A (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114021090A (en) * | 2021-10-13 | 2022-02-08 | 北京大数据先进技术研究院 | Digital object operation evidence storing and tracing management method, device, equipment and medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107332847A (en) * | 2017-07-05 | 2017-11-07 | 武汉凤链科技有限公司 | A kind of access control method and system based on block chain |
| CN108123936A (en) * | 2017-12-13 | 2018-06-05 | 北京科技大学 | A kind of access control method and system based on block chain technology |
| CN109117668A (en) * | 2018-08-10 | 2019-01-01 | 广东工业大学 | A kind of identification authorization safety access method based on block chain building |
| CN110109930A (en) * | 2019-05-15 | 2019-08-09 | 山东省计算中心(国家超级计算济南中心) | Government data storage, querying method and system based on block chain duplex structure |
| CN110602050A (en) * | 2018-04-28 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Authentication method and device for block chain access, storage medium and electronic device |
| CN111931140A (en) * | 2020-07-31 | 2020-11-13 | 支付宝(杭州)信息技术有限公司 | Authority management method, resource access control method and device and electronic equipment |
| CN112543105A (en) * | 2020-11-26 | 2021-03-23 | 齐鲁工业大学 | Role-based complete access control method under intelligent contract |
| CN112688927A (en) * | 2020-12-18 | 2021-04-20 | 重庆大学 | Block chain-based distributed access control method |
-
2021
- 2021-06-15 CN CN202110661692.4A patent/CN113553603A/en not_active Withdrawn
-
2022
- 2022-05-07 CN CN202210490545.XA patent/CN114780980A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107332847A (en) * | 2017-07-05 | 2017-11-07 | 武汉凤链科技有限公司 | A kind of access control method and system based on block chain |
| CN108123936A (en) * | 2017-12-13 | 2018-06-05 | 北京科技大学 | A kind of access control method and system based on block chain technology |
| CN110602050A (en) * | 2018-04-28 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Authentication method and device for block chain access, storage medium and electronic device |
| CN109117668A (en) * | 2018-08-10 | 2019-01-01 | 广东工业大学 | A kind of identification authorization safety access method based on block chain building |
| CN110109930A (en) * | 2019-05-15 | 2019-08-09 | 山东省计算中心(国家超级计算济南中心) | Government data storage, querying method and system based on block chain duplex structure |
| CN111931140A (en) * | 2020-07-31 | 2020-11-13 | 支付宝(杭州)信息技术有限公司 | Authority management method, resource access control method and device and electronic equipment |
| CN112543105A (en) * | 2020-11-26 | 2021-03-23 | 齐鲁工业大学 | Role-based complete access control method under intelligent contract |
| CN112688927A (en) * | 2020-12-18 | 2021-04-20 | 重庆大学 | Block chain-based distributed access control method |
Non-Patent Citations (1)
| Title |
|---|
| 郭惠芳等: "基于区块链的可信高校学生成绩记录***设计", 《现代计算机》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113553603A (en) | 2021-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11050750B2 (en) | Recording and verification method and apparatus of internet of things device, and identity authentication method and apparatus | |
| CN109190410B (en) | Log behavior auditing method based on block chain in cloud storage environment | |
| KR102480035B1 (en) | Dynamic Access Control on Blockchain | |
| CN110414268B (en) | Access control method, device, equipment and storage medium | |
| CN110784433B (en) | User access processing method, device and equipment | |
| US20200186517A1 (en) | Secure token passing via hash chains | |
| CN111950020B (en) | Block chain-based data sharing system, method, computing device and storage medium | |
| CN109241726B (en) | User authority control method and device | |
| CN110855777B (en) | Node management method and device based on block chain | |
| WO2014209416A1 (en) | Process authentication and resource permissions | |
| CN110222531A (en) | A kind of method, system and equipment accessing database | |
| CN113656780B (en) | Cross-chain access control method and device | |
| CN105337925A (en) | User account management method and apparatus | |
| CN107370604A (en) | A kind of more granularity access control methods under big data environment | |
| CN112769871B (en) | Cross-chain access control method and device | |
| CN114780980A (en) | Digital object operation evidence storing and tracing management method, device, equipment and medium | |
| WO2022206431A1 (en) | Method and apparatus for querying ledger data of fabric blockchain | |
| CN109981650B (en) | Transfer method and system for general certificates in block chain | |
| CN112861102B (en) | Method and system for processing electronic file based on block chain | |
| CN113065153B (en) | Digital object resource control and authorization method, device, equipment and storage medium | |
| JP6575052B2 (en) | Access control system and program | |
| CN109388923B (en) | Program execution method and device | |
| CN106161037B (en) | Digital signature method and device | |
| CN114021090A (en) | Digital object operation evidence storing and tracing management method, device, equipment and medium | |
| CN113901498B (en) | Data sharing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220722 |
|
| RJ01 | Rejection of invention patent application after publication |