Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposedBody details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specificThe present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricityThe detailed description of road and method, in case unnecessary details interferes description of the invention.
It should be appreciated that ought use in this specification and in the appended claims, term " includes " instruction is described specialSign, entirety, step, operation, the presence of element and/or component, but be not precluded one or more of the other feature, entirety, step,Operation, the presence or addition of element, component and/or its set.
It will be further appreciated that the term "and/or" used in description of the invention and the appended claims isRefer to any combination and all possible combinations of one or more of associated item listed, and including these combinations.
As used in this specification and in the appended claims, term " if ", " if " can be according to upperHereafter be interpreted " when ... " or " once " or " in response to determination " or " in response to detecting ".Similarly, phrase " ifDetermine " or " if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or" in response to determination " or " once detecting [described condition or event] " or " in response to detecting [described condition or thingPart] ".
Before introducing the embodiment of the present invention, an application scenarios of the invention are first introduced.
In block chain technology, can according to function by the node in alliance's chain be divided into using node layer, middle layer node andNeeds are using middle layer node as medium when block chain node layer, block chain node layer and application node layer progress information exchange.Block link layer is made of multiple alliance's chain nodes, and middle layer can be made of multiple middlewares, and each block chain node is okInformation exchange is carried out by some system in application layer by middleware.In other words, middleware can be regarded as an applicationTwo systems can be communicatively coupled by interface by middleware.
Block chain node first has to carry out authentication to middleware, and after authentication passes through, block chain node just can be withInformation exchange is carried out with middleware.So the present invention proposes a kind of identity identifying method based on alliance's chain, to realize to centrePart carries out trusted identity certification.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Fig. 1 is the implementation process schematic diagram of the identity identifying method provided in an embodiment of the present invention based on block chain, this realityThe first node that the method in example is applied in block chain is applied, as shown, the method may include following steps:
Step S101 obtains the identification information of middleware, and judges the centre according to the identification informationWhether part with the first node belongs to identical block chain.
In embodiments of the present invention, the node in alliance's chain is divided into two kinds, one is manager node (i.e. first segmentsPoint), one is member node (i.e. second nodes).Only manager node can just possess the write-in permission of intelligent contract, instituteIt is responsible for the publication of the identification information of middleware in block chain with, manager node, and for not using or no longer safeMiddleware, manager node can revoke its identification information, and be written in block chain by intelligent contract.And member savesPoint can be verified after obtaining contract authorization by identification information of the intelligent contract to middleware, and in acquisitionBetween part detailed identification information, but have no right to rewrite intelligent contract.
Intelligent contract can be deployed on node all in block chain, can also be only deployed on part of nodes, onlyThe node for deploying intelligent contract could externally provide intelligent bond service, i.e., could participate in the authentication and information of middlewareInteraction.
Step S101-S103 is authentication of the manager node (i.e. first node) to middleware in block chainJourney.Only pass through the authentication of chain manager node, the identification information of middleware can be just written to intelligent contract.
In one embodiment, it is described according to the identification information judge the middleware whether with the first segmentPoint belongs to identical block chain, comprising:
Judge whether root certificate in the identification information of the middleware is believed with the identity of the first nodeRoot certificate in breath is identical.
If in root certificate in the identification information of the middleware and the identification information of the first nodeRoot certificate is identical, then determines that the middleware and the first node belong to identical block chain.
Step S102, if the middleware and the first node belong to identical block chain, by the middlewareIntelligent contract is written in identification information, and monitors the authorization requests of second node in block chain.
Here, the identification information of middleware node, which can be, represents the number card that the root CA of the tissue is signed and issuedBook.One tissue creates a root CA and using root certificate as the recognition methods of tissue, and root CA can sign and issue middleware oneLetter of identity includes the identification information of the middleware, such as title, type, description above.Likewise, representing tissueRoot CA can also sign and issue block chain node a letter of identity.Belonged to by the node that same root CA signs and issues letter of identity sameAlliance's chain organizational member.
In one embodiment, after intelligent contract is written in the identification information of the middleware, further includes:
Judge whether the access times of the middleware within a preset time are less than preset times, and judges the middlewareSecurity level whether be less than predetermined level.
If the access times of the middleware within a preset time are less than the safety etc. of preset times or the middlewareGrade is less than predetermined level, then determines that the middleware is invalid middleware, by the invalid middleware from the intelligent contractIdentification information delete to obtain updated intelligent contract.
This embodiment, if the access times of middleware are very few, is illustrated in this for judging whether middleware is effectiveBetween part be of little use or be seldom used, if the security level of middleware be less than predetermined level, illustrate that the middleware is dangerous.InBetween part access times it is very few or dangerous, will all be judged as invalid middleware.Invalid monitoring to middleware, Ke YitiThe reliability of middleware in high alliance's chain.
It is in one embodiment, described that intelligent contract is sent to the second node, comprising:
The updated intelligent contract is sent to the second node.
Step S103 carries out intelligent contract to the second node if monitoring the authorization requests of the second nodeAuthorization, and intelligent contract is sent to the second node, the intelligence contract is used to indicate the second node according to instituteIt states intelligent contract and authentication is carried out to the middleware.
In practical applications, the manager node of block chain can be after the authorization requests for receiving member node to the memberNode carries out contract authorization, voluntarily can also carry out contract authorization to the member node in block chain.
Fig. 2 is the implementation process schematic diagram for the identity identifying method based on block chain that further embodiment of this invention provides,Method in the present embodiment is applied to the second node in block chain, as shown, the method may include following steps:
Step S201, first node into block chain send authorization requests, and the authorization requests are used to indicate described theOne node carries out the authorization of intelligent contract to the second node.
Step S201-S204 is authentication procedures of the member node (i.e. second node) in block chain to middleware,It only have passed through the certification of member node, member node could carry out data interaction with middleware.
In one embodiment, the first node into block chain sends authorization requests, comprising:
From the wound generation block of the block chain obtain administrator's list, and respectively statistics with it is every in administrator's listHistorical communication number between a first node includes all first nodes in the block chain in administrator's list.
According to the sequence of the historical communication number from more to less, a first node is selected, and is sent out to the first nodeSend authorization requests.
Number of communications is more, illustrates that the interactivity of member node and the manager node is higher, further illustrate them itBetween communication success rate it is higher.
In one embodiment, the first node into block chain sends authorization requests, further includes:
The communication efficiency between third node each in the block chain is calculated separately, the third node is the areaNode in block chain in addition to current second node.
According to the sequence of communication efficiency from high to low, select a node as node to be selected.
Obtain the extension information of the digital certificate of the node to be selected, and judge in the extension information whether includeAdministrator's identification information.
If including administrator's identification information in the extension information, using the node to be selected as first node, andAuthorization requests are sent to the first node.
In practical applications, it will be usually written with the node of administrator's identity in administrator's list of wound generation block.AndAdministrator's identity can be labeled in the extension information of the digital certificate of node in a manner of administrator's identification information, thusThe management of the node can be judged by administrator's identification information in the extension information of the digital certificate of block chain nodeMember's identity.
Communication efficiency is higher to illustrate that communication quality is higher or communication distance is closer.Select the higher management of communication efficiencyMember's node is conducive to the success rate for improving authorization.
Step S202 receives the first node and sends after obtaining the authorization of intelligent contract of the first nodeIntelligent contract, and load the installation intelligent contract.
The second node for being only loaded with intelligent contract could externally provide intelligent bond service, i.e., could participate in middlewareAuthentication and information exchange.
Step S203 obtains the identification information of the middleware, and root after monitoring the communication request of middlewareThe identification information of the middleware is authenticated according to the intelligent contract.
In one embodiment, described that the identification information of the middleware is recognized according to the intelligent contractCard, comprising:
Search whether that there are the identification informations of the middleware in the intelligent contract.
If in the intelligence contract, there are the identification informations of the middleware, judge the identity mark of the middlewareWhether the root certificate known in information is identical as the root certificate in the identification information of the second node.
If in root certificate in the identification information of the middleware and the identification information of the second nodeRoot certificate it is identical, then to the certification of the identification information of middleware success.
Step S204 is established if passed through to the certification of the identification information of the middleware with the middlewareCommunication connection.
The identification information for obtaining middleware in the embodiment of the present invention by the first node in block chain, if among thisPart and first node belong to identical block chain, then intelligent contract are written in the identification information of middleware, pass through above-mentioned sideMethod can be realized the first authentication again to middleware;In monitoring block chain after second season point to authorization requests, toTwo nodes carry out the authorization of intelligent contract, so that second node can carry out authentication to middleware according to intelligent contract, withThis realizes the second authentication again to middleware.By the above method, block chain interior joint is carried out to middlewareTrusted identity certification, and double authentication process effectively increases the reliability to middleware authentication.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each processExecution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limitIt is fixed.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each functionCan unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by differentFunctional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completingThe all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can alsoTo be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integratedUnit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function listMember, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to restrict the invention.Above systemThe specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Fig. 3 is the schematic diagram of terminal device provided in an embodiment of the present invention.As shown in figure 3, the terminal device 3 of the embodimentInclude: processor 30, memory 31 and is stored in the calculating that can be run in the memory 31 and on the processor 30Machine program 32.The processor 30 realizes above-mentioned each authentication side based on block chain when executing the computer program 32Step in method embodiment, such as step S101 to S103 shown in FIG. 1.
Illustratively, the computer program 32 can be divided into one or more module/units, it is one orMultiple module/units are stored in the memory 31, and are executed by the processor 30, to complete the present invention.Described oneA or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used forImplementation procedure of the computer program 32 in the terminal device 3 is described.For example, the computer program 32 can be dividedIt is cut into acquiring unit, writing unit, authorization unit, each unit concrete function is as follows:
Acquiring unit, for obtaining the identification information of middleware, and according to identification information judgementWhether middleware with the first node belongs to identical block chain.
Writing unit, if belonging to identical block chain for the middleware and the first node, by the centreIntelligent contract is written in the identification information of part, and monitors the authorization requests of second node in block chain.
Authorization unit, if carrying out intelligence to the second node for monitoring the authorization requests of the second nodeThe authorization of contract, and intelligent contract is sent to the second node, the intelligence contract is used to indicate the second node rootAuthentication is carried out to the middleware according to the intelligent contract.
Optionally, the acquiring unit includes:
First judgment module, whether the root certificate in identification information for judging the middleware is with described firstRoot certificate in the identification information of node is identical.
First determination module, if in the identification information of the middleware root certificate and the first nodeRoot certificate in identification information is identical, then determines that the middleware and the first node belong to identical block chain.
Optionally, the computer storage medium further include:
Judging unit, for judging in described after intelligent contract is written in the identification information of the middlewareBetween the access times of part within a preset time whether be less than preset times, and judge whether the security level of the middleware is less thanPredetermined level.
Judging unit, if being less than preset times or described for the access times of the middleware within a preset timeThe security level of middleware is less than predetermined level, then determines that the middleware is invalid middleware, will from the intelligent contractThe identification information of the invalid middleware deletes to obtain updated intelligent contract.
Optionally, the authorization unit includes:
Sending module, for the updated intelligent contract to be sent to the second node.
Fig. 4 is the schematic diagram of terminal device provided in an embodiment of the present invention.As shown in figure 4, the terminal device 4 of the embodimentInclude: processor 40, memory 41 and is stored in the calculating that can be run in the memory 41 and on the processor 40Machine program 42.The processor 40 realizes above-mentioned each authentication side based on block chain when executing the computer program 42Step in method embodiment, such as step S201 to S204 shown in Fig. 2.
Illustratively, the computer program 42 can be divided into one or more module/units, it is one orMultiple module/units are stored in the memory 41, and are executed by the processor 40, to complete the present invention.Described oneA or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used forImplementation procedure of the computer program 42 in the terminal device 4 is described.For example, the computer program 42 can be dividedIt is cut into transmission unit, receiving unit, authentication unit, communication unit, each unit concrete function is as follows:
Transmission unit sends authorization requests for the first node into block chain, and the authorization requests are used to indicate instituteState the authorization that first node carries out intelligent contract to the second node.
Receiving unit, for receiving the first node after obtaining the authorization of intelligent contract of the first nodeThe intelligent contract of transmission, and load the installation intelligent contract.
Authentication unit, for after monitoring the communication request of middleware, obtaining the identification information of the middleware,And the identification information of the middleware is authenticated according to the intelligent contract.
Communication unit, if the certification for the identification information to the middleware passes through, with the middlewareEstablish communication connection.
Optionally, the transmission unit includes:
Statistical module, for obtaining administrator's list from the wound generation block of the block chain, and statistics and the pipe respectivelyThe historical communication number between each first node in reason person's list includes institute in the block chain in administrator's listThere is first node.
First choice module selects a first node for the sequence according to the historical communication number from more to less,And authorization requests are sent to the first node.
Optionally, the transmission unit further include:
Computing module, for calculating separately the communication efficiency between third node each in the block chain, describedThree nodes are the node in the block chain in addition to current second node.
Second selecting module selects a node as node to be selected for the sequence according to communication efficiency from high to low.
Module, the extension information of the digital certificate for obtaining the node to be selected are obtained, and judges the extensionIt whether include administrator's identification information in information.
Sending module, if making the node to be selected for including administrator's identification information in the extension informationFor first node, and authorization requests are sent to the first node.
Optionally, the authentication unit includes:
Searching module, for searching whether that there are the identification informations of the middleware in the intelligent contract.
Second judgment module, if for, there are the identification information of the middleware, judging in the intelligent contractRoot certificate in the identification information of the middleware whether with the root certificate in the identification information of the second nodeIt is identical.
Second determination module, if in the identification information of the middleware root certificate and the second nodeIdentification information in root certificate it is identical, then to the certification of the identification information of middleware success.
The terminal device 3/4 can be the calculating such as desktop PC, notebook, palm PC and cloud server and setIt is standby.The terminal device may include, but be not limited only to, processor, memory.It will be understood by those skilled in the art that Fig. 3/4 are onlyIt is only the example of terminal device 3/4, does not constitute the restriction to terminal device 3/4, may include more more or fewer than illustratingComponent, perhaps combines certain components or different components, for example, the terminal device can also include input-output equipment,Network access equipment, bus etc..
Alleged processor can be central processing unit (Central Processing Unit, CPU), can also be itHis general processor, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processorDeng.
The memory can be the internal storage unit of the terminal device 3/4, for example, terminal device 3/4 hard disk orMemory.The memory is also possible to the External memory equipment of the terminal device 3/4, such as matches on the terminal device 3/4Standby plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD)Card, flash card (Flash Card) etc..Further, the memory can also both include the inside of the terminal device 3/4Storage unit also includes External memory equipment.The memory is for storing the computer program and terminal device instituteOther programs and data needed.The memory can be also used for temporarily storing the data that has exported or will export.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodimentThe part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosureMember and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actuallyIt is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technicianEach specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceedThe scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be withIt realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, instituteThe division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such asMultiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.SeparatelyA bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, deviceOr the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unitThe component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multipleIn network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unitIt is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated listMember both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale orIn use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementationAll or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer programCalculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that onThe step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generationCode can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable mediumIt may include: any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic that can carry the computer program codeDish, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM,Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that describedThe content that computer-readable medium includes can carry out increasing appropriate according to the requirement made laws in jurisdiction with patent practiceSubtract, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal andTelecommunication signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned realityApplying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned eachTechnical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modifiedOr replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should allIt is included within protection scope of the present invention.