CN115987683B - Node access control method, device, equipment and medium in block chain network - Google Patents
Node access control method, device, equipment and medium in block chain network Download PDFInfo
- Publication number
- CN115987683B CN115987683B CN202310247775.8A CN202310247775A CN115987683B CN 115987683 B CN115987683 B CN 115987683B CN 202310247775 A CN202310247775 A CN 202310247775A CN 115987683 B CN115987683 B CN 115987683B
- Authority
- CN
- China
- Prior art keywords
- node
- interface
- network address
- client
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the disclosure discloses a method, a device, equipment and a medium for controlling node access in a blockchain network, wherein the method comprises the following steps: the gateway acquires a preset network address list from an interface management platform; the gateway determines whether the network address of the client in the node access request exists in a preset network address list; when the network address exists in a preset network address list, the gateway sends the network address to the interface management platform; the interface management platform determines whether a node interface of the first node is in butt joint with a network address; when the node interface of the first node is not in butt joint with the network address, the interface management platform sends a calling instruction for allowing the node interface of the first node to be called to the gateway; when the gateway receives the call instruction, the gateway control interface service platform sends a node interface of the first node to the client; the client accesses the first node through a node interface of the first node.
Description
Technical Field
The present disclosure relates to data access technologies, and in particular, to a method, apparatus, device, and medium for controlling node access in a blockchain network.
Background
Blockchain technology builds on top of a network of blockchains, one of the important factors that determine the efficiency of blockchain operation. A plurality of nodes are arranged in the blockchain network, the nodes are used for storing and/or processing data in the blockchain, and a user can check the data in the nodes, the states of the nodes and the like by accessing the nodes. In the prior art, a user generally directly accesses a node to acquire data in the node, so that the node has a larger potential safety hazard.
Disclosure of Invention
The embodiment of the disclosure provides a method, a device, equipment and a medium for controlling node access in a blockchain network, so as to solve the technical problems.
In one aspect of the disclosed embodiments, a method for controlling node access in a blockchain network is provided, including: responding to a gateway receiving a node access request sent by a client for accessing a first node in a blockchain network, wherein the gateway acquires a preset network address list from an interface management platform; the gateway determines whether the network address of the client in the node access request exists in the preset network address list; responding to the network address existing in the preset network address list, and sending the network address to the interface management platform by the gateway; the interface management platform determines whether a node interface of the first node interfaces with the network address; responsive to the node interface of the first node not interfacing with the network address, the interface management platform sending a call instruction to the gateway that allows for invoking the node interface of the first node; responding to the gateway receiving the call instruction, the gateway control interface service platform sends a node interface of the first node to the client; the client accesses the first node through a node interface of the first node.
Optionally, in the method of any one of the above embodiments of the disclosure, the node access request includes an interface key of the client, the interface key of the client being issued by the interface management platform; the interface management platform determining whether a node interface of the first node interfaces with the network address, comprising: and the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
Optionally, in the method of any one of the foregoing embodiments of the present disclosure, before the sending, by the interface management platform, a call instruction to the gateway that allows calling a node interface of the first node, the method further includes: the interface management platform interfaces the node interface of the first node with the interface key of the client so as to interface the node interface of the first node with the network address.
Optionally, in the method of any one of the above embodiments of the disclosure, further includes: the interface management platform determines the corresponding access authority of the network address of the client in the corresponding list between the preset access authority and the network address by utilizing the corresponding list between the preset access authority and the network address; determining whether the client has the authority to access the first node based on the access authority corresponding to the network address of the client; the interface management platform sending a call instruction to the gateway to allow the node interface of the first node to be invoked, in response to the node interface of the first node not interfacing with the network address, comprising: and the interface management platform sends the calling instruction to the gateway in response to the client having the authority to access the first node and the node interface of the first node not being in butt joint with the network address.
Optionally, in the method of any one of the above embodiments of the disclosure, further includes: responding to the gateway receiving a data update request for updating data in a second node in the blockchain network sent by the client, and sending the data update request to the interface management platform by the gateway; the interface management platform determines whether a node interface of the second node is in butt joint with a network address of the client in the data updating request according to the interface key of the client in the data updating request; responding to the node interface of the second node to be in butt joint with the network address of the client, and determining the corresponding data update authority of the network address of the client in the corresponding list between the preset data update authority and the network address according to the corresponding list between the preset data update authority and the network address by the gateway; determining whether the client has the authority to update the data in the second node according to the data updating authority corresponding to the network address of the client; in response to the client having the right to update the data in the second node, the gateway allows the client to update the data to be updated in the data update request in the second node.
Optionally, in the method of any one of the above embodiments of the disclosure, further includes: the interface management platform determines whether the data format of the data to be updated is a preset data format; the responding to the butt joint of the node interface of the second node and the network address of the client, the gateway determining the corresponding data update authority of the network address of the client in the corresponding list between the preset data update authority and the network address according to the corresponding list between the preset data update authority and the network address, including: responding to the butt joint of the node interface of the second node and the network address of the client, wherein the data format of the data to be updated is the preset data format, and the gateway determines the corresponding data update authority of the network address of the client in the corresponding list between the preset data update authority and the network address according to the corresponding list between the preset data update authority and the network address.
In another aspect of the embodiments of the present disclosure, there is provided a node access control apparatus in a blockchain network, including: the first acquisition module is used for responding to a node access request which is sent by a client and used for accessing a first node in the blockchain network, and the gateway acquires a preset network address list from the interface management platform; a first determining module, configured to determine, by using the gateway, whether a network address of the client in the node access request exists in the preset network address list; the first sending module is used for responding to the existence of the network address in the preset network address list, and the gateway sends the network address to the interface management platform; a second determining module, configured to determine, by the interface management platform, whether a node interface of the first node interfaces with the network address; the second sending module is used for responding that the node interface of the first node is not in butt joint with the network address, and the interface management platform sends a calling instruction for allowing the node interface of the first node to be called to the gateway; the control module is used for responding to the gateway to receive the calling instruction, and the gateway control interface service platform sends a node interface of the first node to the client; and the access module is used for the client to access the first node through the node interface of the first node. Optionally, in the apparatus of any one of the above embodiments of the present disclosure, the node access request includes an interface key of the client, where the interface key of the client is issued by the interface management platform; the second determining module is further configured to: and the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
In yet another aspect of the disclosed embodiments, there is provided an electronic device including: a memory for storing a computer program; and the processor is used for executing the computer program stored in the memory, and when the computer program is executed, the node access control method in the block chain network is realized.
In yet another aspect of the disclosed embodiments, a computer readable storage medium is provided, on which a computer program is stored which, when executed by a processor, implements the above-described method of node access control in a blockchain network.
The embodiment of the disclosure provides a method, a device, equipment and a medium for controlling node access in a blockchain network, comprising the following steps: when the client accesses the first node, the network address of the client is verified through the gateway, whether the client can call the node interface of the first node is determined, the verification of the reliability of the client is realized, and the safety of data in the node is effectively ensured. In addition, in the embodiment of the disclosure, the node interfaces are uniformly managed through the interface management platform, so that the condition that the node interfaces are in butt joint with the network addresses is rapidly determined, and the calling efficiency of the investigation node interfaces is further improved.
The technical scheme of the present disclosure is described in further detail below through the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 illustrates a flow chart of one embodiment of a method of node access control in a blockchain network in accordance with embodiments of the present disclosure;
FIG. 2 illustrates a flow chart of another embodiment of a method of node access control in a blockchain network in accordance with embodiments of the present disclosure;
FIG. 3 illustrates a flow chart of yet another embodiment of a method of node access control in a blockchain network in accordance with embodiments of the present disclosure;
FIG. 4 is a schematic diagram illustrating an embodiment of a node access control device in a blockchain network in accordance with embodiments of the present disclosure;
fig. 5 is a schematic structural diagram of an application embodiment of the electronic device of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless it is specifically stated otherwise.
It will be appreciated by those of skill in the art that the terms "first," "second," etc. in embodiments of the present disclosure are used merely to distinguish between different steps, devices or modules, etc., and do not represent any particular technical meaning nor necessarily logical order between them.
It should also be understood that in embodiments of the present disclosure, "plurality" may refer to two or more, and "at least one" may refer to one, two or more.
It should also be appreciated that any component, data, or structure referred to in the presently disclosed embodiments may be generally understood as one or more without explicit limitation or the contrary in the context.
In addition, the term "and/or" in this disclosure is merely an association relationship describing an association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the front and rear association objects are an or relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and that the same or similar features may be referred to each other, and for brevity, will not be described in detail.
Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
Embodiments of the present disclosure may be applicable to electronic devices such as terminal devices, computer systems, servers, etc., which may operate with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with the terminal device, computer system, server, or other electronic device include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network personal computers, small computer systems, mainframe computer systems, and distributed cloud computing technology environments that include any of the foregoing, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment in which tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computing system storage media including memory storage devices.
The technology of narrow Blockchain (Blockchain) may be a distributed ledger that combines data blocks in a sequential manner into a chained data structure in time order, and that is cryptographically guaranteed to be non-tamperable and non-counterfeitable. The generalized blockchain technology can be to verify and store data by using a blockchain data structure, generate and update the data by using a Node (Node) consensus algorithm, ensure the safety of data transmission and access by using a cryptography mode, and use an intelligent contract consisting of automatic script codes. Nodes in a blockchain network, typically referred to as computers in the blockchain network, that is, any computer connected to the blockchain network (including cell phones, servers, etc.) is referred to as a node, and the blockchain network typically has a plurality of nodes therein for storing and/or processing data.
Fig. 1 is a flow chart illustrating a method of controlling access to nodes in a block chain network in an embodiment of the present disclosure. The embodiment can be applied to an electronic device, as shown in fig. 1, and the node access control method in the blockchain network of the embodiment includes the following steps:
step S110, in response to the gateway receiving a node access request sent by the client for accessing a first node in the blockchain network, the gateway acquires a preset network address list from the interface management platform.
Wherein the first node may be any node in a blockchain network, and the node access request may include: the node identifier for uniquely identifying the first node and the network address of the client, where the network address of the client may be URL (Uniform Resource Locator ), IP (Internet Protocol Address, network protocol address) of the client, and the node identifier may be a custom code, DID (Decentralized Identity, distributed digital identity) identifier, and the like.
The interface management platform stores a preset network address list, and a plurality of network addresses which can allow access to the nodes are recorded in the preset network address list. The network address in the preset network address list may be a URL, an IP address, or the like.
The client may be a computer, a server, or the like. The interface management platform can be deployed on a computer, a server and the like, and is used for managing the interfaces of the nodes. Gateway (Gateway), also known as Gateway, protocol converter, is a "Gateway" where one network is connected to another network; the gateway realizes network interconnection on the network layer and is complex network interconnection equipment, and the gateway can be used for wide area network interconnection and local area network interconnection.
In one embodiment, the client may register with the interface management platform before accessing the nodes in the blockchain network, such that the network address of the client is recorded in a preset network address list. The registering mode in the interface management platform may include: the client sends the network address of the client and the registration information required by the interface management platform to the interface management platform, the interface management platform examines the registration information, and after the registration information is examined, the interface management platform stores the network address of the client into a preset network address list, wherein the registration information can comprise the identity information of the client, such as business license, unified social credit code and the like.
In step S120, the gateway determines whether the network address of the client in the node access request exists in the preset network address list.
In one embodiment, when the client needs to access the first node, the client sends a node access request for accessing the first node to the gateway, when the gateway receives the node access request, the gateway obtains a preset network address list from the interface management platform, the gateway traverses the preset network address list, determines whether a network address identical to the network address of the client exists in the preset network address list, and when the network address identical to the network address of the client exists in the preset network address list, determines that the network address of the client exists in the preset network address list, otherwise, determines that the network address of the client does not exist in the preset network address list.
In step S130, in response to the network address of the client being in the preset network address list, the gateway sends the network address of the client to the interface management platform.
When the gateway determines that the network address of the client exists in the preset network address list, the gateway sends the network address of the client to the interface management platform.
In step S140, the interface management platform determines whether the node interface of the first node interfaces with the network address of the client.
The node interface may be an API (Application Programming Interface ) interface, which is a set of definitions, programs and protocols, and may implement mutual communication between computer software. A client may interact with and communicate with the first node through a node interface of the first node, e.g., the client may access the first node through the node interface of the first node.
The docking of the node interface with the network address indicates that the client corresponding to the network address has invoked the node interface, and can communicate and interact with the node corresponding to the node interface through the node interface.
In one embodiment, the interface management platform stores a corresponding list and a node state list between the node identifier and the node interface; the node interface states of all nodes in the block chain website are recorded in the node state list, the node interface state of each node comprises a network address for the node interface to be connected, and the corresponding relation between the node identifier of each node in the block chain network and the node interface of the node is stored in the corresponding list between the node identifier and the node interface. The interface management platform may query a corresponding list between the node identifier and the node interface for a node interface corresponding to the first node with the node identifier of the first node, then traverse a network address of the node interface of the first node in the node state list, determine whether a network address identical to the network address of the client exists in the network address of the node interface of the first node, and determine that the node interface of the first node is not in butt joint with the network address of the client when the network address identical to the network address of the client does not exist in the network address of the node interface of the first node, otherwise determine that the node interface of the first node is in butt joint with the network address of the client. When it is determined that the node interface of the first node interfaces with the network address of the client, it is indicated that the client has invoked the node interface of the first node.
In step S150, in response to the node interface of the first node not interfacing with the network address of the client, the interface management platform sends a call instruction to the gateway that allows the node interface of the first node to be invoked.
In one embodiment, when the interface management platform determines that the node interface of the first node is not docked with the network address of the client, the interface management platform sends a call instruction to the gateway that allows the node interface of the first node to be invoked.
Step S160, in response to the gateway receiving the call instruction, the gateway control interface service platform sends the node interface of the first node to the client.
The interface service platform can be deployed on a computer, a server and the like, and node interfaces of all nodes in the blockchain network are stored in the interface service platform. In one embodiment, when the gateway receives the call instruction, the gateway sends an interface call instruction to the interface service platform, the interface service platform sends the node interface of the first node to the client after receiving the interface call instruction, i.e. returns the node interface of the first node to the client.
In step S170, the client accesses the first node through the node interface of the first node.
The client accesses the first node through a node interface of the first node, checks data in the first node and the like.
In the embodiment of the disclosure, when the client accesses the first node, the network address of the client is verified through the gateway, so that whether the client can call the node interface of the first node is determined, the verification of the reliability of the client is realized, and the security of data in the node is effectively ensured. In addition, in the embodiment of the disclosure, the node interfaces are uniformly managed through the interface management platform, so that the condition that the node interfaces are in butt joint with the network addresses is rapidly determined, and the calling efficiency of the investigation node interfaces is further improved.
In an alternative embodiment, the node access request in the embodiments of the present disclosure includes an interface key of the client issued by the interface management platform. Step S140 in the embodiment of the present disclosure further includes: the interface management platform determines whether the node interface of the first node is in butt joint with the network address of the client according to whether the node interface of the first node is in butt joint with the interface key of the client.
The interface Key is used for interfacing with the node interface, and may be an API Key, which may be an encrypted string, and may be used when the node interface is called. When the node interface of the first node is in butt joint with the interface key of the client, the node interface of the first node is determined to be in butt joint with the network address of the client, otherwise, the node interface of the first node is determined to be not in butt joint with the network address of the client.
In one embodiment, after the client is successfully registered in the interface management platform, the interface management platform performs hash calculation on the network address of the client to obtain a hash value of the network address of the client, a token (token) can be generated through a token generation program, then the hash value of the network address of the client and the token form an interface key of the client, the interface key of the client and the network address of the client are bound to form a corresponding relation between the interface key of the client and the network address of the client, then the corresponding relation between the interface key of the client and the network address of the client is stored in a preset network address list, and the interface management platform sends the interface key of the client to the client.
In one embodiment, the node status list also records interface keys for node interface interfacing of each node in the blockchain network. The interface management platform determines whether the node interface of the first node is in butt joint with the network address of the client according to the node state list, and when the node interface of the first node is in butt joint with the interface key of the client, the interface management platform can determine whether the node interface of the first node is in butt joint with the network address of the client.
In an alternative embodiment, step S150 in the embodiment of the disclosure further includes: the interface management platform interfaces the node interface of the first node with the interface key of the client so that the node interface of the first node interfaces with the network address of the client.
Before the interface management platform sends a call instruction for allowing the node interface of the first node to be called to the gateway, the interface management platform interfaces the node interface of the first node with an interface key of the client so that the node interface of the first node interfaces with a network address of the client.
In one embodiment, before the interface management platform sends a call instruction for allowing to call the node interface of the first node to the gateway, the interface management platform obtains the interface key of the client corresponding to the network address of the client in the network address list according to the network address of the client and the corresponding relation between the interface key of the client in the preset network address list and the network address of the client, takes the interface key as an interface key for verification, compares the interface key for verification with the interface key of the client in the access request, and when the interface key for verification is the same as the interface key of the client in the access request, the interface management platform updates the node interface state of the first node in the node state list to be that the node interface of the first node is in butt joint with the interface key of the client, and updates the node interface state of the first node to be that the node interface of the first node is in butt joint with the network address of the client, so that the interface management platform can finish the butt joint of the node interface of the first node with the client.
In an alternative embodiment, as shown in fig. 2, the method in the embodiment of the present disclosure further includes the steps of:
step S210, the interface management platform determines the corresponding access authority of the network address of the client in the corresponding list between the preset access authority and the network address by using the corresponding list between the preset access authority and the network address.
Step S220, determining whether the client has a right to access the first node based on the access right corresponding to the network address of the client.
The interface management platform stores a corresponding list between preset access rights and network addresses, the corresponding list between the preset access rights and the network addresses stores access rights of a plurality of network addresses, and the access rights of the network addresses are used for indicating that clients corresponding to the network addresses have access rights of nodes.
In one embodiment, before step S150, that is, before the interface management platform sends a call instruction for allowing to call the node interface of the first node to the gateway, the interface management platform queries, according to the access right corresponding to the network address of the client in the corresponding list between the preset access right and the network address, when the access right corresponding to the network address of the client indicates that the network address of the client has the right to access the first node, it is determined that the client has the right to access the first node, otherwise, it is determined that the client does not have the right to access the first node.
In an alternative embodiment, step S150 in an embodiment of the present disclosure further includes: and responding to the client having the authority to access the first node, wherein the node interface of the first node is not in butt joint with the network address of the client, and the interface management platform sends a calling instruction to the gateway.
In one embodiment, when the interface management platform determines that the client has the authority to access the first node at the same time, and the node interface of the first node is not in butt joint with the network address of the client, the interface management platform sends a calling instruction to the gateway; when the interface management platform determines that the client does not have the authority to access the first node and/or the node interface of the first node is in butt joint with the network address, the interface management platform sends an instruction for prohibiting the client from calling the node interface of the first node to the gateway.
In an alternative embodiment, as shown in fig. 3, the method in the embodiment of the present disclosure further includes the steps of:
step S310, in response to the gateway receiving a data update request sent by the client to update the data in the second node in the blockchain network, the gateway sends the data update request to the interface management platform.
Wherein the data update request includes: the data to be updated, the interface key of the client, the network address of the client and the node identifier for uniquely identifying the second node may be newly added data or modified existing data in the second node. The second node may be any node in a blockchain network.
In one embodiment, when the gateway receives a data update request sent by a client, the gateway sends the data update request to the interface management platform.
In step S320, the interface management platform determines, according to the interface key of the client in the data update request, whether the node interface of the second node interfaces with the network address of the client in the data update request.
In one embodiment, the interface management platform may traverse the correspondence list between the node identifier and the node interface, determine the node interface of the second node corresponding to the node identifier of the second node in the data update request, and then the interface management platform may determine, according to the node status list, whether the node interface of the second node interfaces with the interface key of the client, and when determining that the node interface of the second node interfaces with the interface key of the client, determine that the node interface of the second node interfaces with the network address of the client.
Step S330, in response to the node interface of the second node interfacing with the network address of the client, the gateway determines the data update authority of the network address of the client corresponding to the corresponding list between the preset data update authority and the network address according to the corresponding list between the preset data update authority and the network address.
The gateway stores a corresponding list between preset data updating authorities and network addresses, the corresponding list between the preset data updating authorities and the network addresses stores data updating authorities of a plurality of network addresses, and the data updating authorities of the network addresses are used for indicating whether clients corresponding to the network addresses have authority to update data in nodes or not.
Step S340, determining whether the client has the authority to update the data in the second node according to the data update authority corresponding to the network address of the client.
In one embodiment, when the interface management platform determines that the node interface of the second node is in butt joint with the network address of the client, the interface management platform sends a message including the butt joint between the node interface of the second node and the network address of the client to the gateway, and after receiving the message, the gateway queries a corresponding list between preset data update authority and the network address to determine the data update authority corresponding to the network address of the client. When the data updating authority corresponding to the network address of the client indicates that the network address of the client has the authority to update the data, determining that the client has the authority to update the data in the second node, otherwise, determining that the client does not have the authority to update the data in the second node.
In step S350, in response to the client having the authority to update the data in the second node, the gateway allows the client to update the data to be updated in the data update request in the second node.
In an alternative embodiment, the method in an embodiment of the present disclosure further comprises: the interface management platform determines whether the data format of the data to be updated is a preset data format.
The interface management platform stores a preset data format which is the same as the data format in the nodes in the block chain network. The data format (data format) is a rule describing that data is stored in a file or a record, and may be a text format in the form of characters, or a compressed format in the form of binary data.
In one embodiment, the interface management platform may determine whether the data format of the data to be updated is a preset data format after determining that the node interface of the second node is docked with the network address of the client.
In an alternative embodiment, step S330 in the embodiment of the present disclosure further includes: responding to the node interface of the second node to be in butt joint with the network address of the client, wherein the data format of the data to be updated is a preset data format, and the gateway determines the corresponding data update authority of the network address of the client in the corresponding list between the preset data update authority and the network address according to the corresponding list between the preset data update authority and the network address.
When the interface management platform determines that the data format of the data to be updated is a preset data format and the node interface of the second node is in butt joint with the network address of the client, the interface management platform sends a message comprising the data format of the data to be updated as the preset data format and the node interface of the second node is in butt joint with the network address of the client to a gateway, and when the gateway receives the message, the gateway determines the data update authority corresponding to the network address of the client according to a corresponding list between the preset data update authority and the network address; when the interface management platform determines that the data format of the data to be updated is not the preset data format and/or the node interface of the second node is not in butt joint with the network address of the client, the interface management platform sends a refusing update message to the gateway, and the gateway refuses the client to update the data to be updated to the second node.
Fig. 4 shows a block diagram of a node access control apparatus in a block chain network in an embodiment of the present disclosure. As shown in fig. 3, the node access control device in the blockchain network of this embodiment includes:
a first obtaining module 410, configured to, in response to a gateway receiving a node access request sent by a client for accessing a first node in a blockchain network, obtain a preset network address list from an interface management platform;
A first determining module 420, configured to determine, by using the gateway, whether a network address of the client in the node access request exists in the preset network address list;
a first sending module 430, configured to send the network address to the interface management platform in response to the network address being in the preset network address list;
a second determining module 440, configured to determine, by the interface management platform, whether a node interface of the first node interfaces with the network address;
a second sending module 450, configured to send, to the gateway, a call instruction that allows calling the node interface of the first node, in response to the node interface of the first node not interfacing with the network address;
a control module 460, configured to, in response to the gateway receiving the call instruction, send, by the gateway control interface service platform, a node interface of the first node to the client;
an access module 470, configured to access the first node through a node interface of the first node by the client.
In an alternative embodiment, the node access request includes an interface key of the client, the interface key of the client being issued by the interface management platform; the second determining module 440 is further configured to: and the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
In an optional embodiment, before the interface management platform sends a call instruction for allowing the node interface of the first node to be called to the gateway, the method further includes:
and the interface updating module is used for interfacing the node interface of the first node with the interface key of the client so as to interface the node interface of the first node with the network address.
In an alternative embodiment, the apparatus further comprises:
the third determining module is used for determining the corresponding access authority of the network address of the client in the corresponding list between the preset access authority and the network address by using the corresponding list between the preset access authority and the network address by the interface management platform; determining whether the client has the authority to access the first node based on the access authority corresponding to the network address of the client;
the second sending module 450 is further configured to: and the interface management platform sends the calling instruction to the gateway in response to the client having the authority to access the first node and the node interface of the first node not being in butt joint with the network address.
In an alternative embodiment, the apparatus further comprises:
the third sending module is used for responding to the gateway to receive a data update request sent by the client for updating data in a second node in the blockchain network, and the gateway sends the data update request to the interface management platform;
a fourth determining module, configured to determine, by using the interface management platform according to the interface key of the client in the data update request, whether a node interface of the second node interfaces with a network address of the client in the data update request;
a fifth determining module, configured to determine, according to a corresponding list between a preset data update authority and a network address, a data update authority corresponding to the network address of the client in the corresponding list between the preset data update authority and the network address, in response to interfacing between a node interface of the second node and the network address of the client;
a sixth determining module, configured to determine, according to a data update right corresponding to a network address of the client, whether the client has a right to update data in the second node;
And the permission module is used for allowing the client to update the data to be updated in the data update request in the second node in response to the client having the authority to update the data in the second node.
In an alternative embodiment, the apparatus further comprises:
a seventh determining module, configured to determine, by using the interface management platform, whether the data format of the data to be updated is a preset data format;
the fifth determination module is further configured to: responding to the butt joint of the node interface of the second node and the network address of the client, wherein the data format of the data to be updated is the preset data format, and the gateway determines the corresponding data update authority of the network address of the client in the corresponding list between the preset data update authority and the network address according to the corresponding list between the preset data update authority and the network address.
In addition, the embodiment of the disclosure also provides an electronic device, which comprises:
a memory for storing a computer program;
and the processor is used for executing the computer program stored in the memory, and when the computer program is executed, the node access control method in the blockchain network is realized.
Fig. 5 is a schematic structural diagram of an application embodiment of the electronic device of the present disclosure. Next, an electronic device according to an embodiment of the present disclosure is described with reference to fig. 5. The electronic device may be either or both of the first device and the second device, or a stand-alone device independent thereof, which may communicate with the first device and the second device to receive the acquired input signals therefrom.
As shown in fig. 5, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions.
The memory may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program instructions may be stored on the computer readable storage medium that can be executed by a processor to implement the methods of node access control and/or other desired functions in a blockchain network of the various embodiments of the present disclosure described above.
In one example, the electronic device may further include: input devices and output devices, which are interconnected by a bus system and/or other forms of connection mechanisms (not shown).
In addition, the input device may include, for example, a keyboard, a mouse, and the like.
The output device may output various information including the determined distance information, direction information, etc., to the outside. The output means may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, etc.
Of course, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 5 for simplicity, components such as buses, input/output interfaces, etc. being omitted. In addition, the electronic device may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in a method of node access control in a blockchain network according to various embodiments of the present disclosure described in the above section of the present description.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Further, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions which, when executed by a processor, cause the processor to perform the steps in a method of node access control in a blockchain network according to various embodiments of the present disclosure described in the above section of the present description.
The computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
The basic principles of the present disclosure have been described above in connection with specific embodiments, however, it should be noted that the advantages, benefits, effects, etc. mentioned in the present disclosure are merely examples and not limiting, and these advantages, benefits, effects, etc. are not to be considered as necessarily possessed by the various embodiments of the present disclosure. Furthermore, the specific details disclosed herein are for purposes of illustration and understanding only, and are not intended to be limiting, since the disclosure is not necessarily limited to practice with the specific details described.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For system embodiments, the description is relatively simple as it essentially corresponds to method embodiments, and reference should be made to the description of method embodiments for relevant points.
The block diagrams of the devices, apparatuses, devices, systems referred to in this disclosure are merely illustrative examples and are not intended to require or imply that the connections, arrangements, configurations must be made in the manner shown in the block diagrams. As will be appreciated by one of skill in the art, the devices, apparatuses, devices, systems may be connected, arranged, configured in any manner. Words such as "including," "comprising," "having," and the like are words of openness and mean "including but not limited to," and are used interchangeably therewith. The terms "or" and "as used herein refer to and are used interchangeably with the term" and/or "unless the context clearly indicates otherwise. The term "such as" as used herein refers to, and is used interchangeably with, the phrase "such as, but not limited to.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present disclosure are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present disclosure may also be implemented as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices and methods of the present disclosure, components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of the disclosure to the form disclosed herein. Although a number of example aspects and embodiments have been discussed above, a person of ordinary skill in the art will recognize certain variations, modifications, alterations, additions, and subcombinations thereof.
Claims (10)
1. A method for controlling access to nodes in a blockchain network, comprising:
responding to a gateway receiving a node access request sent by a client for accessing a first node in a blockchain network, wherein the gateway acquires a preset network address list from an interface management platform;
The gateway determines whether the network address of the client in the node access request exists in the preset network address list;
responding to the network address existing in the preset network address list, and sending the network address to the interface management platform by the gateway;
the interface management platform determines whether a node interface of the first node interfaces with the network address;
responsive to the node interface of the first node not interfacing with the network address, the interface management platform sending a call instruction to the gateway that allows for invoking the node interface of the first node;
responding to the gateway receiving the call instruction, the gateway control interface service platform sends a node interface of the first node to the client;
the client accesses the first node through a node interface of the first node.
2. The method of claim 1, wherein the node access request includes an interface key of the client, the interface key of the client issued by the interface management platform;
the interface management platform determining whether a node interface of the first node interfaces with the network address, comprising:
And the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
3. The method of claim 2, wherein before the interface management platform sends the gateway a call instruction that allows the node interface of the first node to be invoked, further comprises:
the interface management platform interfaces the node interface of the first node with the interface key of the client so as to interface the node interface of the first node with the network address.
4. A method according to any one of claims 1-3, further comprising:
the interface management platform determines the corresponding access authority of the network address of the client in the corresponding list between the preset access authority and the network address by utilizing the corresponding list between the preset access authority and the network address;
determining whether the client has the authority to access the first node based on the access authority corresponding to the network address of the client;
the interface management platform sending a call instruction to the gateway to allow the node interface of the first node to be invoked, in response to the node interface of the first node not interfacing with the network address, comprising:
And the interface management platform sends the calling instruction to the gateway in response to the client having the authority to access the first node and the node interface of the first node not being in butt joint with the network address.
5. The method as recited in claim 1, further comprising:
responding to the gateway receiving a data update request for updating data in a second node in the blockchain network sent by the client, and sending the data update request to the interface management platform by the gateway;
the interface management platform determines whether a node interface of the second node is in butt joint with a network address of the client in the data updating request according to the interface key of the client in the data updating request;
responding to the node interface of the second node to be in butt joint with the network address of the client, and determining the corresponding data update authority of the network address of the client in the corresponding list between the preset data update authority and the network address according to the corresponding list between the preset data update authority and the network address by the gateway;
determining whether the client has the authority to update the data in the second node according to the data updating authority corresponding to the network address of the client;
In response to the client having the right to update the data in the second node, the gateway allows the client to update the data to be updated in the data update request in the second node.
6. The method as recited in claim 5, further comprising:
the interface management platform determines whether the data format of the data to be updated is a preset data format;
the responding to the butt joint of the node interface of the second node and the network address of the client, the gateway determining the corresponding data update authority of the network address of the client in the corresponding list between the preset data update authority and the network address according to the corresponding list between the preset data update authority and the network address, including:
responding to the butt joint of the node interface of the second node and the network address of the client, wherein the data format of the data to be updated is the preset data format, and the gateway determines the corresponding data update authority of the network address of the client in the corresponding list between the preset data update authority and the network address according to the corresponding list between the preset data update authority and the network address.
7. A node access control apparatus in a blockchain network, comprising:
the first acquisition module is used for responding to a node access request which is sent by a client and used for accessing a first node in the blockchain network, and the gateway acquires a preset network address list from the interface management platform;
a first determining module, configured to determine, by using the gateway, whether a network address of the client in the node access request exists in the preset network address list;
the first sending module is used for responding to the existence of the network address in the preset network address list, and the gateway sends the network address to the interface management platform;
a second determining module, configured to determine, by the interface management platform, whether a node interface of the first node interfaces with the network address;
the second sending module is used for responding that the node interface of the first node is not in butt joint with the network address, and the interface management platform sends a calling instruction for allowing the node interface of the first node to be called to the gateway;
the control module is used for responding to the gateway to receive the calling instruction, and the gateway control interface service platform sends a node interface of the first node to the client;
And the access module is used for the client to access the first node through the node interface of the first node.
8. The apparatus of claim 7, wherein the node access request includes an interface key of the client, the interface key of the client issued by the interface management platform;
the second determining module is further configured to: and the interface management platform determines whether the node interface of the first node is in butt joint with the network address according to whether the node interface of the first node is in butt joint with the interface key.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing a computer program stored in the memory and which, when executed, implements the method for controlling node access in a blockchain network as claimed in any of the preceding claims 1-6.
10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements a method of controlling access to nodes in a blockchain network according to any of the preceding claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310247775.8A CN115987683B (en) | 2023-03-15 | 2023-03-15 | Node access control method, device, equipment and medium in block chain network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310247775.8A CN115987683B (en) | 2023-03-15 | 2023-03-15 | Node access control method, device, equipment and medium in block chain network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115987683A CN115987683A (en) | 2023-04-18 |
| CN115987683B true CN115987683B (en) | 2023-07-28 |
Family
ID=85968358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310247775.8A Active CN115987683B (en) | 2023-03-15 | 2023-03-15 | Node access control method, device, equipment and medium in block chain network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115987683B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103929419A (en) * | 2014-03-28 | 2014-07-16 | 小米科技有限责任公司 | Access control method and device |
| CN109167780A (en) * | 2018-08-28 | 2019-01-08 | 下代互联网重大应用技术(北京)工程研究中心有限公司 | A kind of method, equipment, system and the medium of the access of control resource |
| CN111010372A (en) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | Block chain network identity authentication system, data processing method and gateway equipment |
| WO2020123898A1 (en) * | 2018-12-13 | 2020-06-18 | Neji, Inc. | Decentralized dynamic host configuration protocol using blockchain-based smart contracts |
| CN111371739A (en) * | 2020-02-14 | 2020-07-03 | 重庆邮电大学 | Internet of things data access control method based on block chain technology |
| CN111698228A (en) * | 2020-05-28 | 2020-09-22 | 中国平安财产保险股份有限公司 | System access authority granting method, device, server and storage medium |
| CN111786998A (en) * | 2020-06-30 | 2020-10-16 | 成都新潮传媒集团有限公司 | Authority management method and device based on micro-service calling and storage medium |
| CN112134828A (en) * | 2019-06-25 | 2020-12-25 | 中国信息通信研究院 | Method and system for controlling user access |
| CN113382017A (en) * | 2021-06-29 | 2021-09-10 | 深圳壹账通智能科技有限公司 | Permission control method and device based on white list, electronic equipment and storage medium |
| CN113542117A (en) * | 2021-07-09 | 2021-10-22 | 重庆邮电大学 | Internet of things equipment resource access control method based on hierarchical block chain |
| CN114499942A (en) * | 2021-12-22 | 2022-05-13 | 天翼云科技有限公司 | Data access method and device and electronic equipment |
| CN114612103A (en) * | 2022-05-10 | 2022-06-10 | 中国信息通信研究院 | Method, device, system, medium and electronic equipment for cross-block chain transaction |
| CN114826661A (en) * | 2022-03-18 | 2022-07-29 | 浪潮卓数大数据产业发展有限公司 | Data access method, device and medium based on open API |
| CN114826749A (en) * | 2022-04-30 | 2022-07-29 | 济南浪潮数据技术有限公司 | Interface access control method, device and medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11861031B2 (en) * | 2020-06-15 | 2024-01-02 | Allstate Solutions Private Limited | Distributed ledger interface system for background verification of an individual |
-
2023
- 2023-03-15 CN CN202310247775.8A patent/CN115987683B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103929419A (en) * | 2014-03-28 | 2014-07-16 | 小米科技有限责任公司 | Access control method and device |
| CN109167780A (en) * | 2018-08-28 | 2019-01-08 | 下代互联网重大应用技术(北京)工程研究中心有限公司 | A kind of method, equipment, system and the medium of the access of control resource |
| WO2020123898A1 (en) * | 2018-12-13 | 2020-06-18 | Neji, Inc. | Decentralized dynamic host configuration protocol using blockchain-based smart contracts |
| CN112134828A (en) * | 2019-06-25 | 2020-12-25 | 中国信息通信研究院 | Method and system for controlling user access |
| CN111010372A (en) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | Block chain network identity authentication system, data processing method and gateway equipment |
| CN111371739A (en) * | 2020-02-14 | 2020-07-03 | 重庆邮电大学 | Internet of things data access control method based on block chain technology |
| CN111698228A (en) * | 2020-05-28 | 2020-09-22 | 中国平安财产保险股份有限公司 | System access authority granting method, device, server and storage medium |
| CN111786998A (en) * | 2020-06-30 | 2020-10-16 | 成都新潮传媒集团有限公司 | Authority management method and device based on micro-service calling and storage medium |
| CN113382017A (en) * | 2021-06-29 | 2021-09-10 | 深圳壹账通智能科技有限公司 | Permission control method and device based on white list, electronic equipment and storage medium |
| CN113542117A (en) * | 2021-07-09 | 2021-10-22 | 重庆邮电大学 | Internet of things equipment resource access control method based on hierarchical block chain |
| CN114499942A (en) * | 2021-12-22 | 2022-05-13 | 天翼云科技有限公司 | Data access method and device and electronic equipment |
| CN114826661A (en) * | 2022-03-18 | 2022-07-29 | 浪潮卓数大数据产业发展有限公司 | Data access method, device and medium based on open API |
| CN114826749A (en) * | 2022-04-30 | 2022-07-29 | 济南浪潮数据技术有限公司 | Interface access control method, device and medium |
| CN114612103A (en) * | 2022-05-10 | 2022-06-10 | 中国信息通信研究院 | Method, device, system, medium and electronic equipment for cross-block chain transaction |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115987683A (en) | 2023-04-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108810006B (en) | Resource access method, device, equipment and storage medium | |
| US10891383B2 (en) | Validating computer resource usage | |
| AU2021293965B2 (en) | Preventing unauthorized package deployment in clusters | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| CN105610810A (en) | Data processing method, client and servers | |
| CN113271311B (en) | Digital identity management method and system in cross-link network | |
| CN112511316B (en) | Single sign-on access method and device, computer equipment and readable storage medium | |
| CN109711122B (en) | Authority management method, device, system, equipment and readable storage medium | |
| JP2022525551A (en) | Preventing erroneous transmission of copies of data records to distributed ledger systems | |
| CN104580210A (en) | Hotlinking prevention method, hotlinking prevention assembly and cloud platform under cloud platform environment | |
| CN114398631A (en) | Business processing method and device, electronic equipment and storage medium | |
| CN111563215B (en) | Method and device for controlling front-end operation authority and related equipment | |
| CN108965108B (en) | Message pushing method and related equipment | |
| CN115987683B (en) | Node access control method, device, equipment and medium in block chain network | |
| US20220385596A1 (en) | Protecting integration between resources of different services using service-generated dependency tags | |
| CN113590180B (en) | Detection strategy generation method and device | |
| CN113472781B (en) | Service acquisition method, server and computer readable storage medium | |
| CN112073395B (en) | File distribution method and device | |
| CN112905970A (en) | Authority verification method and device, computer readable storage medium and electronic equipment | |
| CN103701844A (en) | User information management method and system | |
| JP5636394B2 (en) | Information processing apparatus, information processing method, and program | |
| CN112114739A (en) | Method, apparatus and computer program product for managing data objects | |
| CN116166736B (en) | Block chain data uplink method, device and medium based on application program interface | |
| Nasridinov et al. | A histogram‐based method for efficient detection of rewriting attacks in simple object access protocol messages | |
| CN115982748B (en) | Method, device and equipment for safely controlling data resource hosting based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |