CN113868691A

CN113868691A - Authorized operation method and device of block chain based on cloud-native technology

Info

Publication number: CN113868691A
Application number: CN202111459866.5A
Authority: CN
Inventors: 王晓亮; 宁志伟
Original assignee: Beijing Xita Technology Co ltd
Current assignee: Beijing Xita Technology Co ltd
Priority date: 2021-12-02
Filing date: 2021-12-02
Publication date: 2021-12-31
Anticipated expiration: 2041-12-02
Also published as: CN113868691B

Abstract

A method and a device for authorized operation of a cloud-native-based block chain are provided, wherein the method comprises the following steps: acquiring a block chain license from a preset file mapping area; wherein the preset file mapping region is associated with a running environment for running the blockchain node; obtaining authorization information of a block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the validity of the authorization information based on the signature verification public key; and if the validity of the authorization information passes the verification, opening the operation permission of the operation environment so as to deploy and operate the block chain node to be operated in the operation environment based on the operation parameters included in the authorization information. By applying the scheme, the block chain authorized operation under the cloud native environment can be realized in a non-invasive mode, and the portability and the safety of software can be improved.

Description

Authorized operation method and device of block chain based on cloud-native technology

Technical Field

The present disclosure relates to the field of blockchain technologies, and in particular, to an authorized operation method and apparatus for a blockchain based on cloud-native.

Background

For internet enterprises, it is often necessary to build block chains by themselves to meet the business requirements of self evidence storage, consensus, asset management, etc., and the block chains used specifically often come from a lower-level block chain development enterprise; the block chain development enterprises can customize block chains for developing product properties according to the requirements of upper-level enterprises; in this mode, in order to guarantee the rights and interests of the blockchain development enterprises and avoid piracy, the blockchain as a commercial product needs to have an authorized operation function similar to engineering software and design software of commercial versions.

In the related art, the execution code of the blockchain may include content related to authorization check, and after the blockchain is deployed and started, the content related to authorization check attempts to ensure that the currently running blockchain copy only runs under the condition of authorization through a mode of checking a license and the like. However, in a cloud environment, the above design scheme may require the blockchain to acquire a license or a hardware identifier from outside the container environment, which is prone to cause a security risk.

Disclosure of Invention

In view of this, the present specification discloses an authorized operation method and apparatus based on cloud-native blockchain.

According to a first aspect of embodiments of the present specification, a method for authorized operation of a cloud-native-based blockchain is disclosed, including:

acquiring a block chain license from a preset file mapping area; wherein the preset file mapping region is associated with a running environment for running the blockchain node;

obtaining authorization information of a block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the validity of the authorization information based on the signature verification public key;

and if the validity of the authorization information passes the verification, opening the operation permission of the operation environment so as to deploy and operate the block chain node to be operated in the operation environment based on the operation parameters included in the authorization information.

Optionally, the cloud native cluster comprises a kubernets cluster; the operating environment includes: all operating environments supported by the Kubernetes cluster; the preset file mapping area includes: a Configmap file or a secret file which is positioned in the same name space with a preset cluster operator;

the obtaining authorization information of the block chain to be operated, the digital signature of the authorization information and the signature verification public key of the digital signature from the block chain license, and verifying the validity of the authorization information based on the signature verification public key include:

calling the cluster operator, acquiring authorization information of a block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the validity of the authorization information based on the signature verification public key;

the opening of the operation authority of the operation environment comprises the following steps: and authorizing the Kubernetes cluster to be used as the running environment of the block chain to be run.

Optionally, the cloud native cluster comprises a kubernets cluster; the operating environment includes: the pod used for operating the block chain node in the Kubernetes cluster; the preset file mapping area includes: a Configmap file or a secret file in the same namespace as the pod for running the blockchain node;

calling the initialization container init container of the pod for operating the block chain node, acquiring authorization information of the block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the legality of the authorization information based on the signature verification public key;

the opening of the operation authority of the operation environment comprises the following steps: and authorizing the pod for operating the blockchain node as an operating environment of the blockchain to be operated.

Optionally, the authorization information includes any one or a combination of more of the following information:

naming specifications of the block chain to be operated;

an upper limit of the operable number of the block chain to be operated;

the executable time interval of the block chain to be executed.

Optionally, the obtaining, by the cloud-native cluster, a block chain license from a preset file mapping region includes:

and the cloud native cluster acquires the block chain license encrypted by the cloud native cluster public key from a preset file mapping area, and decrypts the block chain license by using the private key of the cloud native cluster.

According to a second aspect of embodiments of the present specification, there is disclosed an authorized operation device based on a cloud-native blockchain, comprising:

the acquisition module acquires a block chain license from a preset file mapping region; wherein the preset file mapping region is associated with a running environment for running the blockchain node;

the verification module is used for acquiring authorization information of the block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the legality of the authorization information based on the signature verification public key;

and the authorization module is used for opening the operation permission of the operation environment if the validity check of the authorization information passes, so that the block chain node to be operated is deployed and operated in the operation environment based on the operation parameters included in the authorization information.

the verification module further:

the authorization module further: and authorizing the Kubernetes cluster to be used as the running environment of the block chain to be run.

the verification module further:

the authorization module further: and authorizing the pod for operating the blockchain node as an operating environment of the blockchain to be operated.

naming specifications of the block chain to be operated;

an upper limit of the operable number of the block chain to be operated;

the executable time interval of the block chain to be executed.

Optionally, the obtaining module further: and acquiring the block chain license encrypted by the cloud native cluster public key from a preset file mapping area, and decrypting the block chain license by using the private key of the cloud native cluster.

According to a third aspect of the embodiments of the present specification, a computer device is disclosed, which at least comprises a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of the above-mentioned aspect embodiments when executing the program.

According to a fourth aspect of embodiments herein, a computer-readable storage medium is disclosed, on which a computer program is stored, which, when executed by a processor, implements the method of any of the above-described aspect embodiments.

In the above technical solution, since the step of actually performing the validity check is performed on the cloud native cluster level, the blockchain license used in the check process is also obtained from the preset file mapping region of the cloud native cluster, and the operation control on the blockchain nodes is realized by controlling the operation authority of the operation environment; therefore, the communication of the internal and external file streams of the operating environment is not involved in the process, and the potential safety hazard caused by data reading of the cross-operating environment in the related technology is avoided.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with this specification and together with the description, serve to explain the principles.

Fig. 1 is a diagram illustrating an example of a scenario for authorizing a block chain to run in a related art shown in the present specification;

FIG. 2 is a flowchart illustrating a method for authorizing execution based on cloud-native blockchains;

FIG. 3 is a logical example diagram of authorized run blockchains in a cloud-native environment shown in the present specification;

fig. 4 is a diagram illustrating an exemplary structure of an authorized operation device based on a cloud-native blockchain;

fig. 5 is a diagram illustrating an example of a configuration of a computer device for authorized operation based on cloud-native blockchains.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in one or more embodiments of the present disclosure, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in one or more embodiments of the present disclosure. It is to be understood that the described embodiments are only a few, and not all embodiments. All other embodiments that can be derived by one of ordinary skill in the art from one or more embodiments of the disclosure without making any creative effort shall fall within the scope of the disclosure.

When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of systems and methods consistent with certain aspects of the present description, as detailed in the appended claims.

The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

In the related art, the execution code of the blockchain may include content related to authorization check, and after the blockchain is deployed and started, the content related to authorization check attempts to ensure that the currently running blockchain copy only runs under the condition of authorization through a mode of checking a license and the like.

Referring to fig. 1, fig. 1 is a diagram illustrating an exemplary scenario of authorized operation block chains in the related art; in this example, the nodes of the block chain are deployed in a container of a cloud native cluster, and may exist as a cloud native application, and the license and the device information in the cluster are read by executing an authority check code inside the cloud native application, so as to confirm whether the current cluster has an execution authority; generally, a cloud native application refers to a computer application developed and deployed based on a cloud native thought, and has the advantages of high elasticity, easiness in sharing, high availability, flexibility in iteration and the like compared with a traditional computer application program, but correspondingly, the cloud native application generally runs in a relatively isolated container environment carried by a cluster, and obviously, by adopting the above design scheme in a cloud environment, a block chain is required to acquire a license or a hardware identification code from outside the container environment, which easily causes a potential safety hazard.

Based on this, the present specification proposes a technical solution based on cloud-native, which completes authorization check and operation permission of the blockchain in the operation environment of the operation blockchain node.

In implementation, the operating environment for operating the blockchain node may be associated with a preset file mapping region, and the blockchain license carrying the authorization information, the digital signature, the signature verification public key, and other information of the blockchain to be operated may be stored in the file mapping region, and the permission check code is not designed in the code of the blockchain, but is designed on the operating environment level for operating the blockchain node, so as to open the operating environment permission and deploy the blockchain node when the validity check of the authorization information passes.

Moreover, from the perspective of software packaging and distribution, if the aforementioned related technologies are adopted, it is not beneficial to rapidly deploy different versions of application software for different customers; for example, for software X with the same internal function, if it is required to perform authorization check on customer a by using the machine feature code and to perform authorization check on customer B by using the authorization certificate, the software distributor needs to give different deployment packages of software X for customers a and B, respectively, even if the internal function of software X is not changed. If the scheme is adopted, the verification is not established inside the software service, but is established in the operating environment of the software service, and unauthorized execution actions are blocked from the operating environment level, so that the invasion of an authority verification link to the software function body can be avoided, the software packaging efficiency is improved, and the software maintenance difficulty is reduced.

The present specification is described below with reference to specific embodiments and specific application scenarios.

Referring to fig. 2, fig. 2 is a flowchart illustrating an authorization operation method based on a cloud-native blockchain according to an embodiment of the present disclosure, where the method may be applied to any cloud-native cluster; the method may comprise the steps of:

s201, acquiring a block chain license from a preset file mapping region; wherein the preset file mapping region is associated with a running environment for running the blockchain node;

s202, obtaining authorization information of a block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the legality of the authorization information based on the signature verification public key;

and S203, if the validity of the authorization information passes the verification, opening the operation authority of the operation environment so as to deploy and operate the block chain node to be operated in the operation environment based on the operation parameters included in the authorization information.

The block chain can comprise any form of block chain. The block chain technology, also called as distributed account book technology, is a technology in which a plurality of computing devices participate in accounting together and maintain a complete distributed database together; in general, blockchains have the characteristics of decentralization, public transparency, participation in database records by each computing device, and rapid data synchronization between computing devices. Blockchains are generally divided into three types: public chain (Public Blockchain), Private chain (Private Blockchain) and alliance chain (Consortium Blockchain). Furthermore, there may be a combination of the above types, such as private chain + federation chain, federation chain + public chain, and so on. In general, various types of blockchain properties may differ, and thus may be used to meet different technical requirements; for example, if the highest degree of decentralization is desired, a public chain may be selected; federation chains, etc., may be selected if desired to compromise decentralization and performance. Various types of block chains have advantages, and those skilled in the art can select the type of the block chain according to specific service requirements; since the solution shown in this specification focuses on the configuration and authorized execution process of the blockchain in the cloud native environment, and does not focus on the service specifically completed by the blockchain, this specification does not limit the specific type of the blockchain.

The cloud native cluster can be any computer cluster which has cloud native properties and comprises a plurality of computer devices; generally, multiple computer devices in a cloud native cluster may be scheduled by unified software, and the name of the software used for scheduling is also often referred to as a cluster; for example, kubernets is a container orchestration engine in the industry, also known as K8s, which may be deployed on a cloud native cluster and schedule computers in the cloud native cluster as nodes, in which case the cluster with the kubernets deployed may also be referred to as a kubernets cluster.

The operation environment for operating the blockchain node may be determined according to the meaning of the cloud native cluster; for example, if the cloud native cluster is a kubernets cluster, the corresponding operating environment for the block chain node may refer to one or more Pod(s) used for operating the block chain in the kubernets cluster, where the number of specifically included Pod(s) may depend on the range of control required by the authorized operating mechanism, that is, if the authorized operating mechanism needs to control a block chain node operating within 1 Pod, the operating environment for the block chain node may refer to the 1 Pod; if the authorized operation mechanism needs to control all the blockchain nodes in the whole kubernets cluster, the operation environment for the blockchain nodes can also refer to the whole cluster.

In this specification, the cloud native cluster may obtain a block chain license from a preset file mapping region; the preset file mapping area is associated with an operation environment for operating the blockchain node; continuing to take the example that the cloud native cluster is a kubernets cluster, the preset file mapping region may be a configmap file or a secret file in the kubernets cluster; it is known to those skilled in the art that the configmap and the secret file only have the difference in common usage, and other file mapping methods can be used to store the blockchain license.

Design details such as a data format used by the block chain license, whether encryption is performed, and the like can be designed by a person of ordinary skill in the art according to specific service requirements, and the specification is not limited in detail.

In one embodiment, the blockchain license may be an encrypted blockchain license; specifically, the process of acquiring the blockchain license from the preset file mapping area by the cloud native cluster may specifically refer to: and the cloud native cluster acquires the block chain license encrypted by the cloud native cluster public key from a preset file mapping area, and decrypts the block chain license by using the private key of the cloud native cluster. Because the block chain license encrypted by the cloud native cluster public key can only be decrypted by the private key of the cloud native cluster, and the private key is not publicly held by the cloud native cluster, only the cloud native cluster can decrypt the encrypted block chain license, and the condition that the block chain license is stolen is avoided.

In this specification, after obtaining the blockchain license, the cloud native cluster may obtain authorization information of a blockchain to be operated, a digital signature of the authorization information, and a signature verification public key of the digital signature from the blockchain license, and verify validity of the authorization information based on the signature verification public key; it is understood that the validity of the authorization information may include not only integrity verification based on the digital signature, but also information verification with the operating environment, for example, if the authorization information of the block chain includes a machine code of an authorization cluster, the cloud native cluster may verify the integrity of the machine code of the authorization cluster through the digital signature and the signature verification public key, and after the integrity verification passes, obtain the machine code of the cluster and compare the machine code of the authorization cluster, and if the machine code comparison also passes, prove that the authorization information in the block chain license is a piece of legal authorization information for the cluster.

In one embodiment, the authorization information may include any one or a combination of more of the following information:

naming specifications of the block chain to be operated; specifically, the information may require that the name of the blockchain to be run holds the prefix and suffix, or tag, specified by the developer or distributor, for example, so that the name of the blockchain is "AA chain-BB company-CC cluster-n chain", so that others can directly determine from the blockchain name that the blockchain is an n AA chain running in a CC cluster subordinate to BB company.

An upper limit of the operable quantity of the block chain to be operated; specifically, the information may be used to limit the number of blockchains to be run when the running environment needs to run multiple blockchains, for example, when the running environment is the entire cluster, for example, when the cluster only purchases 3 AA blockchains, the information may be used to limit the cluster only to run at most 3 AA blockchains.

The operable time interval of the block chain to be operated; specifically, the information may limit the operable time interval of the block chain to be operated; the specific form may be a time period starting point + a time period, or a time starting point + a time period ending point, and the specific form is not limited in the present specification; for example, if the cluster only purchased the 3 year AA blockchain usage right, the information can be used to restrict the cluster to only run up to 3 year AA blockchain.

Certainly, it can be understood that, in order to further ensure that the privacy information is not leaked, the authorization information may also be protected by using a hash algorithm in the actual use process; for example, assuming that the cloud-native cluster applies for a license with "My _ Blockchain _ ABC" as a prefix and a runnable time of "2020.1.1-2030.1.1", the issuing authority may hash the authorization information ("My _ Blockchain _ ABC" and "2020.1.1-2030.1.1") with a hash algorithm such as SM3 to obtain a corresponding hash value, and digitally sign the hash value, so that for the cloud-native cluster, it only needs to rebuild the expected authorization information locally according to the authorization information ("My _ Blockchain _ ABC" and "2020.1.1-2030.1.1") and compare with the authorization information which is carried in the Blockchain license and signed and authenticated by the issuing organization, if the hash values match, the validity of the authorization information ("My _ Blockchain _ ABC" and "2020.1.1-2030.1.1") can be verified without the authorization information being contained in the license in plain text.

In this specification, if the validity check of the authorization information passes, the cloud native cluster may open an operation permission of the operation environment, so as to deploy and operate the to-be-operated blockchain node in the operation environment based on an operation parameter that may be included in the authorization information. Specifically, since the authorization information includes an operation parameter of a block chain, the operation environment may use the operation parameter to deploy and operate a node of the block chain to be operated after obtaining an operation permission to operate the block chain to be operated; conceivably, if the validity check of the authorization information fails, the cloud native cluster may not open the operation permission of the operation environment, thereby ensuring that the node of the block chain to be operated is not operated without being unauthorized.

That is to say, the above-mentioned scheme not only realizes the limitation on whether the block chain based on cloud-origin is running or not, but also realizes the limitation on the operation parameters of the block chain, for example, if the authorization information includes the naming specification, the upper limit of the operable number, and the operable time interval of the block chain to be run, the block chain to be run needs to be run according to the naming specification, the upper limit of the operable number, and the operable time interval.

In a specific embodiment, the cloud native cluster may include a kubernets cluster; the operating environment may include: all operating environments supported by the Kubernetes cluster; the preset file mapping region may include: a Configmap file or a secret file which is positioned in the same name space with a preset cluster operator; in this case, that means that the scope of the authorization execution mechanism is the entire kubernets cluster, the process of obtaining the authorization information of the to-be-operated block chain, the digital signature of the authorization information, and the signature verification public key of the digital signature from the block chain license, and verifying the validity of the authorization information based on the signature verification public key may specifically be: calling the cluster operator, acquiring authorization information of a block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the validity of the authorization information based on the signature verification public key; the specific manner of opening the operation permission of the operation environment may be: and authorizing the Kubernetes cluster to be used as the running environment of the block chain to be run.

In another particular embodiment shown, the cloud-native cluster may comprise a kubernets cluster; the operating environment may include: pod for running block chain node in the Kubernetes cluster; the preset file mapping region may include: a Configmap file or a secret file in the same name space as the pod for running the node of the block chain; in this case, that means that the scope of action of the authorization execution mechanism is one pod in a Kubernetes cluster, the specific process of obtaining the authorization information of the to-be-executed blockchain, the digital signature of the authorization information, and the signature verification public key of the digital signature from the blockchain license, and verifying the validity of the authorization information based on the signature verification public key may include: calling the initialization container init container of the pod for operating the block chain node, acquiring authorization information of a block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the legality of the authorization information based on the signature verification public key; when the operation right needs to be opened to the operation environment, the following steps may be performed: and authorizing the pod for operating the blockchain node as an operating environment of the blockchain to be operated.

It can be seen from the above solutions that, in a kubernets environment, if a large-scale authorization control needs to be performed on a whole cluster or a plurality of pods, a verification link for the block chain license may be completed by a customized development of a kubernets operator, and the block chain license is stored in a configmap or a secret file in the same namespace as the operator in advance; if the single-chain level control needs to be realized, the init container of the pod of the operation blockchain node can be used to detect the validity of the blockchain license, and the blockchain license is stored in the configmap or secret file in the same name space with the pod in advance.

It can be understood that, although the scheme is described by taking a kubernets cluster as an example in this specification, in essence, the idea of the technical scheme is to complete authorized execution of software from a running environment level rather than from inside the software, so that besides the kubernets cluster, for other ACK, Openshift, and the like based on the kubernets cluster, or a cloud native platform not based on the kubernets, a person skilled in the art can complete corresponding adaptation and migration work, and this specification does not need to list all possible implementation environments.

Referring to fig. 3, fig. 3 is a logic diagram illustrating an example of authorized run blockchains in a cloud native environment; in this example, similar to the previous example in fig. 1, there may still be n container environments, permanently stored licenses, and device information in the cloud native cluster, but the operations of reading, checking, etc. the licenses are no longer performed by code in the blockchain node running in the container environment, but are completed by control code contained in the container environment itself; that is, in this scheme, the software implementation related to the license is performed by the container environment, and the blockchain node within the operating environment may not contain any code for checking the blockchain license, but focus on the business and functions of the blockchain itself. Compared with the conventional scheme shown in fig. 1, the code of the blockchain itself can be purer and more beneficial to maintenance, and interaction between the blockchain code and data such as licenses and equipment information outside the container can also be reduced, so that the risk of data misoperation is reduced.

The foregoing is all embodiments of the present specification directed to the method for authorized operation of a cloud-native based blockchain. As can be seen from the above embodiment, with the above scheme, since the step of actually performing the validity check is performed on the cloud native cluster level, the blockchain license used in the check process is also obtained from the preset file mapping region of the cloud native cluster, and the operation control on the blockchain link points is realized by controlling the operation authority of the operation environment; therefore, the communication of the internal and external file streams in the operating environment is not involved in the process, and the potential safety hazard caused by the data reading of the cross-operating environment in the related technology is avoided; moreover, the method can avoid the invasion of the authority verification link to the software function body, is beneficial to improving the software packaging efficiency and reducing the software maintenance difficulty. The present specification further provides embodiments of a corresponding cloud-native based authorized operation device of a blockchain as follows:

referring to fig. 4, fig. 4 is a structural example diagram of an authorized operation device based on a cloud-native blockchain shown in this specification, where the device may include:

the obtaining module 401 obtains a block chain license from a preset file mapping region; wherein the preset file mapping region is associated with a running environment for running the blockchain node;

a verification module 402, configured to obtain authorization information of a block chain to be run, a digital signature of the authorization information, and a signature verification public key of the digital signature from the block chain license, and verify validity of the authorization information based on the signature verification public key;

and an authorization module 403, configured to open an operation permission of the operation environment if the validity check of the authorization information passes, so as to deploy and operate the to-be-operated blockchain node in the operation environment based on the operation parameters included in the authorization information.

In a specific embodiment, the cloud native cluster may include a kubernets cluster; the operating environment may include: all operating environments supported by the Kubernetes cluster; the preset file mapping region may include: a Configmap file or a secret file which is positioned in the same name space with a preset cluster operator; the check module may further: calling the cluster operator, acquiring authorization information of a block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the validity of the authorization information based on the signature verification public key; the authorization module may further: and authorizing the Kubernetes cluster to be used as the running environment of the block chain to be run.

In a specific embodiment, the cloud native cluster may include a kubernets cluster; the operating environment may include: pod for running block chain node in the Kubernetes cluster; the preset file mapping region may include: a Configmap file or a secret file in the same name space as the pod for running the node of the block chain; the check module may further: calling the initialization container init container of the pod for operating the block chain node, acquiring authorization information of a block chain to be operated, a digital signature of the authorization information and a signature verification public key of the digital signature from the block chain license, and verifying the legality of the authorization information based on the signature verification public key; the authorization module may further: and authorizing the pod for operating the blockchain node as an operating environment of the blockchain to be operated.

In one embodiment, the authorization information may include any one or a combination of more of the following information: naming specifications of the block chain to be operated; an upper limit of the operable quantity of the block chain to be operated; and the executable time interval of the block chain to be executed.

In a specific embodiment, the obtaining module may further: and acquiring the block chain license encrypted by the cloud native cluster public key from a preset file mapping area, and decrypting the block chain license by using the private key of the cloud native cluster.

The present specification further provides a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the aforementioned method for authorized operation based on a cloud-native block chain when executing the program.

Fig. 5 is a schematic diagram illustrating a more specific hardware structure of a computing device according to an embodiment of the present disclosure, where the computing device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.

The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.

The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.

The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.

The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).

Bus 1050 includes a path that transfers information between various components of the device, such as processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.

It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.

Embodiments of the present specification further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the foregoing authorization operation method based on a cloud-native block chain.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

From the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present disclosure can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points. The above-described apparatus embodiments are merely illustrative, and the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present disclosure. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

The foregoing is only a specific embodiment of the embodiments of the present disclosure, and it should be noted that, for those skilled in the art, a plurality of modifications and decorations can be made without departing from the principle of the embodiments of the present disclosure, and these modifications and decorations should also be regarded as the protection scope of the embodiments of the present disclosure.

Claims

1. An authorized operation method based on a cloud-native block chain is applied to a cloud-native cluster and comprises the following steps:

2. The method of claim 1, the cloud-native cluster comprising a kubernets cluster; the operating environment includes: all operating environments supported by the Kubernetes cluster; the preset file mapping area includes: a Configmap file or a secret file which is positioned in the same name space with a preset cluster operator;

3. The method of claim 1, the cloud-native cluster comprising a kubernets cluster; the operating environment includes: the pod used for operating the block chain node in the Kubernetes cluster; the preset file mapping area includes: a Configmap file or a secret file in the same namespace as the pod for running the blockchain node;

4. The method of claim 1, the authorization information comprising any one or a combination of more of the following:

naming specifications of the block chain to be operated;

an upper limit of the operable number of the block chain to be operated;

the executable time interval of the block chain to be executed.

5. The method of claim 1, wherein the cloud-native cluster obtains a blockchain license from within a preset file mapping region, comprising:

6. An authorized operation device based on a cloud native blockchain is applied to a cloud native cluster, and comprises:

7. The apparatus of claim 6, the cloud native cluster comprising a Kubernets cluster; the operating environment includes: all operating environments supported by the Kubernetes cluster; the preset file mapping area includes: a Configmap file or a secret file which is positioned in the same name space with a preset cluster operator;

the verification module further:

8. The apparatus of claim 6, the cloud native cluster comprising a Kubernets cluster; the operating environment includes: the pod used for operating the block chain node in the Kubernetes cluster; the preset file mapping area includes: a Configmap file or a secret file in the same namespace as the pod for running the blockchain node;

the verification module further:

9. The apparatus of claim 6, the authorization information comprising any one or combination of:

naming specifications of the block chain to be operated;

an upper limit of the operable number of the block chain to be operated;

the executable time interval of the block chain to be executed.

10. The apparatus of claim 6, the acquisition module further to:

and acquiring the block chain license encrypted by the cloud native cluster public key from a preset file mapping area, and decrypting the block chain license by using the private key of the cloud native cluster.

11. A computer device comprising at least a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1 to 5 when executing the program.

12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 5.