阅读说明：本技术 一种基于角色权限的utxo授权及证书管理的方法和系统 (UTXO authorization and certificate management method and system based on role authority ) 是由 史云凌 于 2021-08-25 设计创作，主要内容包括：本发明公开了授权及证书管理领域的一种基于角色权限的UTXO授权及证书管理的方法和系统,本发明技术方案包括以下步骤：拓扑结构、角色定义、权限定义、证书定义、服务能力、证书颁布、证书授权；本发明通过通过区块链解决了数据权限分配和验证问题,通过证书管理解决了数据所有权和使用权的授权问题,通过证书授权解决了数据权限的转移问题。(The invention discloses a UTXO authorization and certificate management method and system based on role authority in the field of authorization and certificate management, the technical scheme of the invention comprises the following steps: topology, role definition, authority definition, certificate definition, service capability, certificate issuance and certificate authorization; the invention solves the problems of data authority distribution and verification through the blockchain, the authorization problem of data ownership and use authority through certificate management, and the transfer problem of data authority through certificate authorization.)

1. A UTXO authorization and certificate management method and system based on role authority is characterized in that: the technical scheme of the invention comprises the following steps:

topological structure: the organizational structure of the block chain defined herein supports the multi-chain characteristic and is evolved from a flat structure into a tree structure; the main chain and the sub-chain are logically separated and mutually independent chains, and can be expanded and upgraded independently;

role definition: the role is the attribute of the user, and is to perform classified management on the users with similar rights;

and (3) permission definition: the authority refers to the access and use capability set of data, has a superior-subordinate relationship and is a tree structure; the different roles are mainly distinguished by different authorities; the authority is a classification dimension of data and is different using methods of different data; the authority is the inherent attribute of the data and does not change along with the change of the user;

certificate definition: a certificate is a collection of attributes, and a certificate may contain attributes of multiple entities; a certificate is a proof of a fact and is accompanied by some set of attributes of the fact;

service capability: the service subchain provides service data certificate version capability and service data certificate verification capability; only certificate data and authorization capabilities are described herein, the data itself not being linked within the scope of the description herein;

certificate issuing: a user submits a certificate application of an entity E through a certificate service center module A; the certificate service center module A submits a UTXO transaction; the certificate service center module A stores object id as key and utxo as value into a cache;

and (3) certificate authorization: includes entity E owner A, entity E user B, entity F owner B, entity F user C.

2. The method and system for UTXO authorization and certificate management based on role authority of claim 1, wherein: subordinate subchains in the chain in the topological structure are divided into a role subchain, an authority subchain and a service subchain, and the role of each subchain is played by the subchain; the service subchain can have its own role subchain, authority subchain and service subchain, which is a recursive structure.

3. The method and system for UTXO authorization and certificate management based on role authority of claim 1, wherein: the authority data in the authority definition comprises mapping of roles and authorities and data authority; the mapping of roles and permissions defines which permissions a role has; the authority contained in one role is not necessarily only in one authority data, and one authority data only contains the authority owned by one role; one data right only contains all right definitions of one data; to modify the data permissions, a transaction must be completed through the blockchain and leave a modification record.

4. The method and system for UTXO authorization and certificate management based on role authority of claim 1, wherein: the certificate in the certificate definition is represented by a UTXO, the new certificate can be authorized, the number of times of use of the certificate is reduced by one after the certificate is authorized, and the authorization process conforms to a UTXO transaction model.

5. The method and system for UTXO authorization and certificate management based on role authority of claim 2, wherein: the role subchain provides role data certificate issuing capability and role data certificate verifying capability; the authority subchain provides authority data certificate version capability and authority data certificate verification capability.

6. The method and system for UTXO authorization and certificate management based on role authority of claim 1, wherein: the process of certificate authorization is 1) the owner a of the entity E manages the authority of the entity E in the blockchain system, and uses UTXO U1 as a certificate of ownership, wherein the value of U1 is the authorized number of times; 2) the user B of the entity E needs to apply the authority to the entity A before using the entity E; 3) a converts its own U1 into two new UTXOs through UTXO model, one is providing UTXO U2 to B and the other is a proprietary UTXO U3 of a, where the sum of the values of U2 and U3 equals the value of U1; similarly, when the user B uses a plurality of entities to generate a new entity F, the user B sequentially obtains a plurality of usage rights UTXO Un; 4) when user B releases new entity, it converts these multiple use rights UTXO Un into one new entity ownership UTXO Ux; the use right UTXO Un is converted into the ownership UTXO Ux through the signature of the participant; 5) when user C uses entity F, it needs to apply authorization to owner B, but user C does not need to apply authorization to owner A; 6) authority UTXO (including use authority Un and ownership U1, Ux) of each entity constructs one point of graph computation; 7) one edge per authorization construct graph calculation; 8) all points and edges are formed into a directed graph.

Technical Field

The invention relates to the field of authorization and certificate management, in particular to a method and a system for UTXO authorization and certificate management based on role authority.

Background

Utxo (outstanding Transaction outputs) is the output of an unspent Transaction, a core concept for block chain Transaction generation and validation. The transactions constitute a set of chained structures, all of which can trace back to the output of one or more transactions in the forward direction.

Role-Based Access Control (Role-Based Access Control) in a RBAC, rights are associated with roles, and users gain rights to the roles by becoming members of the appropriate roles. This greatly simplifies the management of rights. Therefore, management is hierarchical and interdependent, the authority is given to the role, and the role is given to the user, so that the authority design is clear and management is convenient.

Graph computation Graph (Graph) is an abstract data structure for representing associations between objects, described using vertices (Vertex) and edges (Edge): vertices represent objects and edges represent relationships between objects. Data that can be abstracted into a graph description is graph data. The graph calculation is the process of expressing and solving the problem by taking the graph as a data model. System software that aims to efficiently solve graph computation problems is called a graph computation system.

Therefore, the present invention provides a method and system for UTXO authorization and certificate management based on role authority to solve the problems set forth in the above background art.

Disclosure of Invention

The present invention is directed to a method and system for UTXO authorization and certificate management based on role authority, so as to solve the problems in the background art.

In order to achieve the purpose, the invention provides the following technical scheme:

the technical scheme of the invention is that the method and the system for UTXO authorization and certificate management based on role authority comprise the following steps:

topological structure: the organizational structure of the block chain defined herein supports the multi-chain characteristic and is evolved from a flat structure into a tree structure; the main chain and the sub-chain are logically separated and mutually independent chains, and can be expanded and upgraded independently;

role definition: the role is the attribute of the user, and is to perform classified management on the users with similar rights;

and (3) permission definition: the authority refers to the access and use capability set of data, has a superior-subordinate relationship and is a tree structure; the different roles are mainly distinguished by different authorities; the authority is a classification dimension of data and is different using methods of different data; the authority is the inherent attribute of the data and does not change along with the change of the user;

certificate definition: a certificate is a collection of attributes, and a certificate may contain attributes of multiple entities; a certificate is a proof of a fact and is accompanied by some set of attributes of the fact;

service capability: the service subchain provides service data certificate version capability and service data certificate verification capability; only certificate data and authorization capabilities are described herein, the data itself not being linked within the scope of the description herein;

certificate issuing: a user submits a certificate application of an entity E through a certificate service center module A; the certificate service center module A submits a UTXO transaction; the certificate service center module A stores object id as key and utxo as value into a cache;

and (3) certificate authorization: includes entity E owner A, entity E user B, entity F owner B, entity F user C.

As a further scheme of the invention: subordinate subchains in the chain in the topological structure are divided into a role subchain, an authority subchain and a service subchain, and the role of each subchain is played by the subchain; the service subchain can have its own role subchain, authority subchain and service subchain, which is a recursive structure.

As a still further scheme of the invention: the authority data in the authority definition comprises mapping of roles and authorities and data authority; the mapping of roles and permissions defines which permissions a role has; the authority contained in one role is not necessarily only in one authority data, and one authority data only contains the authority owned by one role; one data right only contains all right definitions of one data; to modify the data permissions, a transaction must be completed through the blockchain and leave a modification record.

As a still further scheme of the invention: the certificate in the certificate definition is represented by a UTXO, the new certificate can be authorized, the number of times of use of the certificate is reduced by one after the certificate is authorized, and the authorization process conforms to a UTXO transaction model.

As a still further scheme of the invention: the role subchain provides role data certificate issuing capability and role data certificate verifying capability; the authority subchain provides authority data certificate version capability and authority data certificate verification capability.

As a still further scheme of the invention: the process of certificate authorization is 1) the owner a of the entity E manages the authority of the entity E in the blockchain system, and uses UTXO U1 as a certificate of ownership, wherein the value of U1 is the authorized number of times; 2) the user B of the entity E needs to apply the authority to the entity A before using the entity E; 3) a converts its own U1 into two new UTXOs through UTXO model, one is providing UTXO U2 to B and the other is a proprietary UTXO U3 of a, where the sum of the values of U2 and U3 equals the value of U1; similarly, when the user B uses a plurality of entities to generate a new entity F, the user B sequentially obtains a plurality of usage rights UTXO Un; 4) when user B releases new entity, it converts these multiple use rights UTXO Un into one new entity ownership UTXO Ux; the use right UTXO Un is converted into the ownership UTXO Ux through the signature of the participant; 5) when user C uses entity F, it needs to apply authorization to owner B, but user C does not need to apply authorization to owner A; 6) authority UTXO (including use authority Un and ownership U1, Ux) of each entity constructs one point of graph computation; 7) one edge per authorization construct graph calculation; 8) all points and edges are formed into a directed graph.

Advantageous effects

Compared with the prior art, the invention has the beneficial effects that:

1. the data authority distribution and verification problem is solved through a block chain.

2. The problem of data ownership and authorization of usage rights is solved by certificate management.

3. The problem of transferring the data authority is solved through certificate authorization.

Drawings

FIG. 1 is a schematic of the topology of the present invention;

FIG. 2 is a schematic diagram illustrating a certificate authorization process according to the present invention;

fig. 3 is a diagram illustrating certificate authorization in the present invention.

Detailed Description

The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.

Referring to fig. 1 to 3, in an embodiment of the present invention, a method and a system for UTXO authorization and certificate management based on role authority include the following steps:

topological structure: the organizational structure of the block chain defined herein supports the multi-chain characteristic and is evolved from a flat structure into a tree structure; the main chain and the sub-chain are logically separated and mutually independent chains, and can be expanded and upgraded independently;

role definition: the role is the attribute of the user, and is to perform classified management on the users with similar rights;

and (3) permission definition: the authority refers to the access and use capability set of data, has a superior-subordinate relationship and is a tree structure; the different roles are mainly distinguished by different authorities; the authority is a classification dimension of data and is different using methods of different data; the authority is the inherent attribute of the data and does not change along with the change of the user;

certificate definition: a certificate is a collection of attributes, and a certificate may contain attributes of multiple entities; a certificate is a proof of a fact and is accompanied by some set of attributes of the fact;

service capability: the service subchain provides service data certificate version capability and service data certificate verification capability; only certificate data and authorization capabilities are described herein, the data itself not being linked within the scope of the description herein;

certificate issuing: a user submits a certificate application of an entity E through a certificate service center module A; the certificate service center module A submits a UTXO transaction; the certificate service center module A stores object id as key and utxo as value into a cache;

and (3) certificate authorization: includes entity E owner A, entity E user B, entity F owner B, entity F user C.

In this embodiment: subordinate subchains in the chain in the topological structure are divided into a role subchain, an authority subchain and a service subchain, and the role of each subchain is played by the subchain; the service subchain can have its own role subchain, authority subchain and service subchain, which is a recursive structure.

In this embodiment: the authority data in the authority definition comprises mapping of roles and authorities and data authority; the mapping of roles and permissions defines which permissions a role has; the authority contained in one role is not necessarily only in one authority data, and one authority data only contains the authority owned by one role; one data right only contains all right definitions of one data; to modify the data permissions, a transaction must be completed through the blockchain and leave a modification record.

In this embodiment: the certificate in the certificate definition is represented by a UTXO, the new certificate can be authorized, the number of times of use of the certificate is reduced by one after the certificate is authorized, and the authorization process conforms to a UTXO transaction model.

In this embodiment: the role subchain provides role data certificate issuing capability and role data certificate verifying capability; the authority subchain provides authority data certificate version capability and authority data certificate verification capability.

In this embodiment: the process of certificate authorization is 1) the owner a of the entity E manages the authority of the entity E in the blockchain system, and uses UTXO U1 as a certificate of ownership, wherein the value of U1 is the authorized number of times; 2) the user B of the entity E needs to apply the authority to the entity A before using the entity E; 3) a converts its own U1 into two new UTXOs through UTXO model, one is providing UTXO U2 to B and the other is a proprietary UTXO U3 of a, where the sum of the values of U2 and U3 equals the value of U1; similarly, when the user B uses a plurality of entities to generate a new entity F, the user B sequentially obtains a plurality of usage rights UTXO Un; 4) when user B releases new entity, it converts these multiple use rights UTXO Un into one new entity ownership UTXO Ux; the use right UTXO Un is converted into the ownership UTXO Ux through the signature of the participant; 5) when user C uses entity F, it needs to apply authorization to owner B, but user C does not need to apply authorization to owner A; 6) authority UTXO (including use authority Un and ownership U1, Ux) of each entity constructs one point of graph computation; 7) one edge per authorization construct graph calculation; 8) all points and edges are formed into a directed graph.