CN115834178A - Node management method, node management device, terminal equipment and storage medium - Google Patents

Node management method, node management device, terminal equipment and storage medium Download PDF

Info

Publication number
CN115834178A
CN115834178A CN202211445306.9A CN202211445306A CN115834178A CN 115834178 A CN115834178 A CN 115834178A CN 202211445306 A CN202211445306 A CN 202211445306A CN 115834178 A CN115834178 A CN 115834178A
Authority
CN
China
Prior art keywords
node
client
permission
license
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211445306.9A
Other languages
Chinese (zh)
Inventor
谭锦志
严昕林
戴唯威
张延楠
尚璇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Qulian Technology Co Ltd
Original Assignee
Hangzhou Qulian Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Qulian Technology Co Ltd filed Critical Hangzhou Qulian Technology Co Ltd
Priority to CN202211445306.9A priority Critical patent/CN115834178A/en
Publication of CN115834178A publication Critical patent/CN115834178A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the application is applicable to the technical field of computers, and provides a node management method, a node management device, terminal equipment and a storage medium, wherein the method comprises the following steps: when a node application for a node initiated by a user terminal is received, generating an auditing result about the node application based on a client certificate associated with the user terminal; the client certificate is generated when the client program installed on the user terminal is legal after the blockchain identification is obtained; if the verification result is that the verification is passed, identifying the node as a permitted node, and generating a permission file about the permitted node; the permission file includes a node permission; sending the node permission to the permitted node, the node permission being used to authorize the permitted node to operate in the blockchain. By the method for managing the nodes, the client side can locally authenticate the node permission, and consumption of block chain network resources can be reduced.

Description

Node management method, node management device, terminal equipment and storage medium
Technical Field
The embodiment of the application belongs to the technical field of computers, and particularly relates to a node management method, a node management device, terminal equipment and a storage medium.
Background
In the prior art, before managing the nodes of the blockchain, a corresponding allowed node list needs to be defined in advance and written into each node of the blockchain. When the identity authentication or maintenance needs to be performed on the nodes in the block chain, a node list in the nodes needs to be acquired through network communication, and the identity authentication or maintenance is performed on the block chain nodes according to the node list. In the prior art, when nodes are authenticated or maintained, a node list needs to be acquired through network communication, so when a large number of nodes are added in a short time, normal operation of a block chain service is easily affected by node identity authentication through the prior art. In addition, in the prior art, since the node list only includes information such as a public key and an IP address, when updating the node management rule of the blockchain, the operation of the entire blockchain network needs to be stopped, and after the update of the management rule is completed, the node permission of each node in the blockchain needs to be manually replaced, which is not favorable for the management of the node.
Disclosure of Invention
In view of this, an embodiment of the present invention provides a node management method, so as to solve the problem in the prior art that node admission needs to be performed through network communication and the problem that a block chain needs to be stopped when a node is managed.
A first aspect of an embodiment of the present application provides a node management method, which is applied to a block chain system and includes:
when a node application for a node initiated by a user terminal is received, generating an auditing result about the node application based on a client certificate associated with the user terminal; the client certificate is generated when the client program installed on the user terminal is legal after the blockchain identification is obtained;
if the verification result is that the verification is passed, identifying the node as a permitted node, and generating a permission file about the permitted node; the permission file includes a node permission;
sending the node permission to the permitted node, the node permission being used to authorize the permitted node to operate in the blockchain.
A second aspect of the embodiments of the present application provides a node management apparatus, which is applied to a block chain, and includes:
the auditing module is used for generating an auditing result about the node application based on a client certificate associated with the user terminal when receiving the node application for the node initiated by the user terminal; the client certificate is generated when the client program installed on the user terminal is legal after the blockchain identification is obtained;
the permission module is used for identifying the node as a permitted node if the audit result is that the audit is passed, and generating a permission file related to the permitted node; the permission file includes a node permission;
an authorization module to send the node permission to the permitted node, the node permission to authorize the permitted node to operate in the block chain.
A third aspect of embodiments of the present application to be deployed provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the node management method according to the first aspect when executing the computer program.
A fourth aspect of embodiments of the present application provides a computer-readable storage medium, which stores a computer program that, when executed by a processor, implements the node management method according to the first aspect.
A fifth aspect of embodiments of the present application provides a computer program product, which when run on a computer, causes the computer to execute the node management method according to the first aspect.
Compared with the prior art, the embodiment of the application has the following advantages:
according to the embodiment of the application, the concept of the certificate is introduced into the blockchain system to reduce the interactive operation between each node to be deployed and the license management platform, the license management platform can grant the client certificate corresponding to the client program installed in the user terminal and passes the approval, and the task of node authentication of the blockchain is issued to the client program installed in the user terminal to be completed, namely the node authentication process does not need to pass through the license management platform but is handed to the client program installed in the user terminal to apply for the license for the node needing to be uplink, so that the authentication of the node license in the blockchain can be locally performed at the client of the user terminal side, and the blockchain network resource does not need to be occupied. The method realizes the purpose of the authentication of the block chain link points and the mutual isolation of the block chain network services, can reduce the consumption of the block chain network resources, and is beneficial to the high-efficiency operation of the block chain services.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the embodiments or the description of the prior art will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a networking topology diagram of a node management system according to an embodiment of the present application;
fig. 2 is a schematic relationship diagram of each participant of a node management system according to an embodiment of the present application;
fig. 3 is a schematic diagram of a node management method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of client initialization according to an embodiment of the present application;
fig. 5 is a schematic diagram of another node management method provided in an embodiment of the present application;
fig. 6 is a schematic flowchart of node issuance provided in an embodiment of the present application;
FIG. 7 is a schematic flow chart of a node suspension pin according to an embodiment of the present disclosure;
fig. 8 is a schematic flowchart of node update provided in an embodiment of the present application;
fig. 9 is a schematic flowchart of node validity checking provided in an embodiment of the present application;
fig. 10 is a schematic diagram of a node management apparatus according to an embodiment of the present application;
fig. 11 is a schematic diagram of a node managed terminal device according to an embodiment of the present application;
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
In the prior art, before node permission is performed on nodes in a block chain, a manager needs to preset a plurality of public keys and a plurality of IP addresses, and the manager can write the predefined public keys and IP addresses into a permitted node list, and write a previously created permitted node list into each node of the block chain when performing permission authentication on the nodes. When the nodes of the block chain are authenticated, the node list in each node needs to be sent to the permission management platform in a network communication mode, and then the permission management platform authenticates the identity of the node. Subsequently, when maintaining the permitted node list in the node, the data in the permitted node list in each node needs to be inserted or deleted by a super administrator in the system. In the prior art, the following three defects mainly exist.
In a first aspect, the service operation of a block chain is affected. In the prior art, when the node of the blockchain is authenticated, the permission node list needs to be sent to the permission management platform in a network communication manner. Therefore, the blockchain needs to consume certain network resources for transmitting data generated in the node authentication process. When the blockchain needs to perform permission authentication on a large number of nodes in a short time, the permission authentication is performed in such a way, so that a large number of network resources of the blockchain are easily occupied, and the normal operation of other services in the blockchain network is influenced.
In the second aspect, only limited node permission information can be updated and maintained. In the prior art, although the identity of the super administrator is set for updating and maintaining the node list of the permitted node, the node list only contains information such as an IP address and a public key. Therefore, the hypervisor intelligently changes the number of nodes in the node list or the public key. When further definition operation on the node permission is needed, if the node expiration time is changed, the whole blockchain network needs to be shut down, and the node permission of each node needs to be changed manually.
In a third aspect, the prior art is directed to only a single blockchain. When a user having a plurality of blockchains performs node management according to the prior art scheme, maintenance and update of node permissions need to be performed separately for each blockchain.
In order to solve the above technical problem, the present invention provides a node management system, through which a client can perform node permission authentication locally, and at the same time, because a concept of a credential is added to the system, the client and the node can be managed in a diversified manner through the credential. In the embodiment provided by the present application, the node that sends the node application to the client program may be a node to be deployed of the block chain. The node to be deployed can become a permitted node after obtaining the node permission issued by the client program.
The technical solution of the present application will be described below by way of specific examples.
Fig. 1 is a networking topology diagram of a node management system in the embodiment of the present application. It should be noted that the node management system provided in the embodiments of the present application may be applied to a block chain system. By the node management system provided by the embodiment of the application, various node management such as node permission, node updating, node overhead and the like can be performed on each node in the block chain system. By the node management system provided by the embodiment of the application, when the node in a single blockchain system is managed, the permission management platform, the client and the node in the node management system can be devices in the blockchain system. By the node management system provided by the embodiment of the application, the nodes in a plurality of different block chains can be managed simultaneously. In a scenario where a node management system is used to manage multiple blockchain systems, both the node management platform and the client in the node management system may exist independently of any one blockchain system.
In the embodiment of the present application, the node management system may include an admission management platform, a client and a block link node. The license management platform can be used for storing various license information such as the license conditions of the client, the client certificate, the node certificate and the like, and can also issue the client certificate and the node certificate according to the certificate standard issued by the administrator.
In the embodiment of the present application, the administrator may be a user, and may also be an administration platform or a terminal that accesses the license management platform in a third party manner. The supervisor can formulate the voucher standard and write the formulated voucher standard into the permission management platform, the supervisor can also formulate various node voucher templates according to the type of the block chain, and the permission management platform can issue the voucher according to the voucher standard.
In this embodiment, the node management system may further include a plurality of clients, and each client may form an independent blockchain management platform. The client can receive node applications about nodes to be deployed, which are initiated by the user terminal, and based on client credentials associated with the user terminal, the client program can perform permission authentication on the node applications, and meanwhile, the client can perform operations such as node management, node updating, node revoking, node credential application and the like on permitted nodes.
In the embodiment of the present application, the user terminal may perform node authentication in a manner of sending a node application about a node to be deployed to the client program, and a node permitted by the client may become a permitted node and start performing various node services. In the node management system, the license management platform, the client, and the execution subject of each node may be a computer device, and the computer device may be a desktop computer, a cloud server, or the like.
As shown in fig. 2, a relationship diagram of each participant in the node management system is shown, in the node management system, a supervisor can implement a definition operation on a license management platform of a block chain by formulating various credential standards and credential templates. The client can send the client's license conditions and license information to the license management platform and receive the client's credentials and node credentials fed back by the license management platform. Meanwhile, the client can also download the license information from the license management platform periodically to carry out license verification, so as to ensure the validity of the issued node license. The permission management platform can issue client-side certificates for the client-sides according to the permission conditions uploaded by the client-sides and also can issue node certificates for the nodes according to the permission information uploaded by the client-sides. The permission conditions uploaded by the client may include, but are not limited to, expiration time of the client, IP address of the client, node type issuable by the client, total number of nodes issuable by the client, IP address range of nodes allowable by the client, and other various blockchain service information. The service information included in the license condition is determined by the content of the blockchain service associated with the client. The client can carry out various node management such as permission, revoke, update and the like on the nodes.
Referring to fig. 3, a schematic diagram of a node management method provided in the embodiment of the present application is shown, it should be noted that the method may be applied to a block chain, an execution main body of the embodiment of the present application may be a computer device, and the computer device may be a desktop computer, a cloud server, and the like, and a specific type of the computer device is not limited in the embodiment of the present application.
The node management method may specifically include the following steps:
s301, when receiving a node application for a node to be deployed initiated by a user terminal, generating an auditing result about the node application based on a client certificate associated with the user terminal; the client certificate is generated when the client program installed on the user terminal is legal after the blockchain identification is obtained;
in the embodiment of the present application, before the client program installed on the user terminal performs authentication of the node license, the client program may first perform legal authentication of the client program through the license management platform. After the client program passes the legal authentication, the license management platform may send the client credential to the authenticated client program. The client program installed on the user terminal can receive and store the client certificate sent by the license management platform, and the client carrying the client certificate can become a legal client in the block chain. When a client program which is installed on a user terminal and carries a client certificate receives a node application which is initiated by the user terminal and related to a node to be deployed, an auditing result related to the node application can be generated through the client program. The generated audit result may include audit pass and audit fail.
In a possible implementation manner of the embodiment of the present application, before the node management system performs node permission authentication through a client program installed on a user terminal, a user may first provide the user terminal to perform initialization setting on the client program. The user can perform initialization setting of the client program by configuring client license conditions in the client program, and the configured client license conditions can include, but are not limited to, various blockchain service information such as the number of nodes licensed by the client, the expiration time of the licensed nodes, and the IP address range of the licensed nodes. The service information contained in the license condition is determined by the block chain service content associated with the client. After the license condition is configured, the user can send the configured license condition to the license management platform through the client program installed on the user terminal. The license management platform may perform uplink storage of the received client license terms and form client license information based on the received license terms. After the license management platform performs uplink storage on the license conditions of the client, it may generate a client credential based on the license conditions of the client, and feed the generated client credential back to the client program on the corresponding user terminal. The client certificate may include a license condition of the client and a client identifier. Wherein the client identification may include a client credential unique identification and a client license unique identification. The client License may be a License file that ensures that the client can function properly, e.g., a file beginning with X License copy (C) 2020, where X may be the client name. The client certificate is a verifiable certificate which is obtained by the license management platform performing uplink storage on the received license conditions and generating a decentralized unique client identifier according to the license conditions. The node credentials may have encapsulated therein node permission information and a unique client identification. The node permission information may include various blockchain service information, such as an expiration time of the node, an IP address of the node, and a node type of the node. The client program installed on the user terminal can have the license right corresponding to the license condition after receiving the client certificate fed back by the license management platform based on the license condition. The client program installed on the user terminal can carry out node permission authentication on the received node application according to the permission conditions in the client certificate.
As shown in fig. 4, a schematic flowchart of the initialization for the client is shown. In S41, when the user uses the client program for the first time on the user terminal, the user may configure the license condition of the client program, such as the number of nodes licensed by the client, the expiration time of the license node, and the IP address range of the licensable node. After the user configures the license condition of the client program, the process may enter S42, and the client program installed on the user terminal may generate a client license according to the license condition configured by the user, and send the client license to the blockchain license management platform for uplink storage. After receiving the client license, the license management platform may proceed to S42, i.e., the license management platform may issue the client credential to the client program submitting the client license. The client installed on the user terminal may receive and store the client certificate issued by the license management platform, and may proceed to S42, that is, the client installed on the user terminal may perform initialization setting again according to the received client certificate, so that the initialization setting for using the client for the first time is completed.
In another possible implementation manner of the embodiment of the present application, the client credential may include a permission condition of the client, such as a maximum number of permissions of the client program, an expiration time, an IP address range of the node, and the like. The client program can carry out condition matching on the node information in the received node application locally according to the permission condition in the client certificate. If the node information in the node application matches the node permission condition, the client program may generate an audit result that the node passes the audit. If the node information in the node application does not match the node permission condition, the client program may generate an audit result that the audit fails for the node.
S302, if the audit result is that the audit is passed, identifying the node as a permitted node, and generating a permission file about the permitted node; the permission file includes a node permission;
in the embodiment of the application, if the client program installed on the user terminal passes the audit result generated based on the node information in the node application, the client program installed on the user terminal may identify the node to be deployed as the permitted node, and automatically generate the permission file based on the node application. The generated license file may include node licenses therein. The node License may be a License file that ensures that the node can normally operate, for example, a file beginning with X License copy (C) 2020, where X may be a node name.
In a possible implementation manner of the embodiment of the present application, when receiving a node application for a node initiated by a user terminal, a client program may match node information included in the node application according to a permission condition associated with a client credential. For example, it is determined whether the node IP address included in the node application is within the IP address range included in the license condition of the client program. Or, judging whether the node type contained in the node application is in the node type contained in the permission condition of the client program. When the node information included in the node application matches the permission conditions associated with the client credentials, the client program may generate an audit result that the audit is passed. For example, when the node IP address included in a certain node application is in the IP address range included in the license condition of the client program, the node type is in the node type included in the license condition of the client program, and the number of nodes that have been licensed by the client program does not reach the maximum license number of the client program, then the client program may consider that the node information of the node matches the license condition of the client, and the client program may generate an audit result that the audit is passed.
In another possible implementation manner of the embodiment of the present application, when the node information in the node application of the node to be deployed does not satisfy the client permission condition or the number of permitted nodes in the client program has reached the maximum permission number of the client program, the client program may consider that the node application audit is not passed, and the client program installed on the user terminal may generate an audit result that the audit is not passed, and reject the node application of the node. For example, if a certain node application shows that the IP address of the node is outside the IP address range of the client permission condition, the client program may consider that the node information in the node application does not match the node permission condition, that is, the node information in the node application does not satisfy the client permission condition. Therefore, the client program can generate an auditing result of which the auditing is not passed and reject the node application of the node.
S303, sending the node permission to the permitted node, wherein the node permission is used for authorizing the permitted node to operate in the block chain.
The node permission is used for authorizing the permitted node to perform node service, and the node permission can include basic information for allowing the permitted node to normally operate in the blockchain network. The client program installed on the user terminal may transmit the generated node license to the corresponding licensed node after generating the node license. The licensed node can start to operate after receiving the node license, and perform various node services.
In the embodiment of the application, the client program installed on the user terminal can carry out client legalization authentication in a mode of sending the license conditions to the license management platform. The permission management platform can carry out legalization authentication on the client program on the user terminal according to the received permission conditions, and after the legalization authentication is finished, the permission management platform can issue a client certificate for the client program according to the permission conditions and grant the permission for issuing node permission information to the client. After receiving the client certificate, the client program installed on the user terminal can locally perform node permission authentication on the received node application about the node to be deployed. By the method, the local operation of node permission authentication can be realized, and the client program installed on the user terminal can perform the node permission authentication locally and independently according to the client certificate, namely the authentication process of block chain link point permission can not occupy block chain network resources, and the block chain link point authentication and the block chain service are isolated. The scheme can isolate the authentication of the block chain link point permission from the service of the block chain, and can reduce the consumption of network resources and performance of the block chain. The client performs node authentication locally through the client certificate, so that the block chain service can be operated as usual even when node authentication is performed on a large number of nodes, the block chain service is not influenced by the node authentication, and the stability of the operation of the block chain service is facilitated.
Referring to fig. 5, a schematic diagram of another node management method provided in the embodiment of the present application is shown, which specifically includes the following steps:
s501, when a node application for a node to be deployed initiated by a user terminal is received, generating an auditing result about the node application based on a client certificate associated with the user terminal; the client certificate is generated when the client program installed on the user terminal is legal after the blockchain identification is obtained;
s502, if the auditing result is that the auditing is passed, identifying the node as a permitted node, and generating a permission file related to the permitted node; the permission file includes a node permission;
s503, sending the node permission to the permitted node, wherein the node permission is used for authorizing the permitted node to operate in the block chain;
since S501 to S503 in this embodiment are similar to S301 to S303 in the previous embodiment, they can refer to each other, and this embodiment is not described again.
S503, sending the license file to a license management platform corresponding to the block chain so as to bind the client certificate and the licensed node;
in the embodiment of the present application, after the client program installed on the user terminal generates the license file, the generated license file may be further sent to the license management platform for uplink storage. After receiving the license file uploaded by the client program installed on the user terminal, the license management platform can write the received license file into the block chain network for storage, and can bind the client certificate of the user terminal sending the license file and the licensed node according to the license file. The permission file may include node permissions and permission information. The license information may include node license information and a license condition of the client. That is, the license information may include various blockchain service information such as an expiration time of a node, an IP address of the node, a node type of the node, a maximum license number of the client program, an expiration time, and an IP address range of the node. The node permission information may include, but is not limited to, various blockchain traffic information such as an expiration time of the node, an IP address of the node, and a node type of the node. The license condition of the client may include service information such as a maximum license number of the client program, an expiration time, an IP address range of the node, and the like.
S504, receiving a node certificate fed back by the license management platform based on the node license information;
in the embodiment of the application, if the result of the verification generated by the client installed on the user terminal based on the node information in the node application is that the verification is passed, the client installed on the user terminal may send the node license information generated based on the node information to the license management platform for uplink storage. After receiving the license file uploaded by the client program installed on the user terminal, the license management platform can generate a corresponding node certificate according to the received license file. The node credentials may include node permission information, a node permission identification, and a client identification. The node certificate is a verifiable certificate which is obtained by the permission management platform performing uplink storage on the received node permission information and generating a decentralized unique node permission identifier according to the node permission information. The node permission information may include, but is not limited to, various blockchain traffic information such as an expiration time of the node, an IP address of the node, and a node type of the node. The license management platform can bind the client certificate and the licensed node by writing the client identifier in the node certificate. In subsequent operations, when the user or license management platform queries the client program for node license authentication to the licensed node by looking at the client identification in the node credential. After the license management platform generates the node certificate, the node certificate can be fed back to the client program which uploads the node license information. The client program installed on the user terminal may receive the node credential fed back by the license management platform based on the node license information.
S505, generating a configuration file based on the node certificate and the node permission, and sending the configuration file to the permitted node.
In the embodiment of the application, after receiving the node certificate fed back by the license management platform based on the license file, the client program installed on the user terminal can directly generate the configuration file on the client program based on the node license and the node certificate. After the client program generates the configuration file, the configuration file can be sent to the node to be deployed, and the node to be deployed can become an allowed node after receiving the configuration file fed back by the client program.
In another possible implementation manner of the embodiment of the present application, the client program may further send the received node credential and the node permission information to the corresponding node to be deployed. After receiving the node certificate and the node permission information sent by the client program, the node to be deployed can become a permitted node. The node that becomes an authorized node may begin operating and perform various node services such as storing blockchain data, accounting, providing wallet services, etc. After receiving the node permission information and the node certificate, the node to be deployed can generate a configuration file of the node according to the received node permission information and the received node certificate, and store the configuration file.
Fig. 6 is a flowchart illustrating issuing of node permissions according to an embodiment of the present application. In S61, when a node needs to perform a node service, a user may initiate a node application through a client program installed on a user terminal, and submit the node application to a super administrator of the client program installed on a manager terminal for auditing, where the node application may include node information such as an IP address of a node to be deployed. The super administrator can determine whether to allow the user to deploy the node through the client program installed on the user terminal according to the node information in the node application on the client program installed on the administrator terminal. If the super manager does not allow the user to deploy the node through the client program installed on the user terminal, the super manager can reject the node application through the client program installed on the manager terminal. If the super administrator allows the user to deploy the node through the client program installed on the user terminal, S62 may be entered, and the client program installed on the user terminal may check whether the node application satisfies the permission condition of the client. For example, a user may wish to deploy a blockchain for financial transactions, which may include four nodes. The user may generate a node application on the client program for the financial block chain and submit the node application to a hypervisor of the client program. If the super administrator allows no user to deploy the melting block chain on the client program, the node application of the user can be rejected. If the super administrator allows the user to deploy the financial block chain on the client program, the client program can be used for auditing whether the node application meets the permission conditions of the client.
And if the node information in the node application does not meet the permission condition of the client program installed on the user terminal, and if the node IP address of the node to be deployed is out of the IP address range of the client permission condition, the client program installed on the user terminal considers that the node application is not approved. The client program installed on the user terminal may reject the node application for that node. If the node information in the node application meets the permission condition of the client program installed on the user terminal, if the node IP address of the node is within the IP address range of the client permission condition, the client program installed on the user terminal may consider that the node application is approved. The client program installed on the user terminal can issue a license file to the node to be deployed according to the node application and the license condition of the client program. The license file issued by the client program can include node license and license information, the client program installed on the user terminal can send the node license to the node to be deployed for authorizing the normal operation of the node, and send the issued license file to the block chain license management platform for uploading the license. In S63, the license management platform may store the license file in the blockchain after receiving the license file sent by the client program installed on the user terminal. The license management platform can issue the node certificate according to the license file and feed back the issued node certificate to the client program uploading the license file. In S64, after receiving the node credential fed back by the license management platform based on the license file, the client installed on the user terminal may send the node license and the node credential to the node to be deployed for node application. And the node to be deployed can become a permitted node after receiving the node permission and the node certificate fed back by the client program, and writes the node permission information and the node certificate into a configuration file of the node. In another possible implementation manner, after receiving the node credential fed back by the license management platform based on the license file, the client program installed on the user terminal may also generate the configuration file directly on the client program based on the node license and the node credential. After the client program generates the configuration file, the configuration file can be sent to the node to be deployed, and the node to be deployed can become an allowed node after receiving the configuration file fed back by the client program.
In another possible implementation manner of the embodiment of the present application, after the client program installed on the user terminal completes node license authentication, the client program may further automatically revoke the issued node license based on the node credential when deleting a licensed node or deleting a blockchain network. When receiving an instruction for deleting a node or a blockchain network, the permission management platform can determine an issuing client program of the node according to the client identifier in the node certificate and form a node revoking instruction about the node. The license management platform may send the node revoke instruction to a client program installed on the user terminal through network communication. The user can also directly generate a node revoke instruction about a certain permitted node on the client program through the user terminal. After receiving the node revoking instruction, the client program installed on the user terminal can generate corresponding node revoking information according to the node revoking instruction. The node revoking information may include a client identifier of the client program and a node identifier of the node to be revoked. The client program installed on the user terminal may send the generated node overhead information to the admission management platform for uplink storage. After receiving the node revoke information sent by the client program, the permission management platform can store the received node revoke information in the block chain network for storage. The admission management platform can generate a corresponding node revoke certificate based on the received node revoke information, and the generated node revoke certificate can include the unique identification of the node to be revoked and the client identification. The license management platform may feed back the node revocation credential to a client program installed on the user terminal. After receiving the node revoke certificate, the client program installed on the user terminal can delete the configuration file in the permitted node by sending a deletion instruction to the server of the node to be revoked, and the specific mode for deleting the node configuration file by the client program is determined by the type of the block chain where the permitted node is located. Since the node configuration file of the permitted node stores the node permission information and the node certificate of the permitted node, the permitted node cannot perform the node service after the configuration file of the permitted node is deleted, and the permitted node becomes an expense node, that is, the node expense is completed.
Fig. 7 is a schematic flow chart of revoking node admission in the node management system. As shown in the figure, in S71, when the user needs to delete a certain node or blockchain network, the user may apply for revoking node permission from the client program through the user terminal. When receiving an application for revoking node permission, a client program installed on a user terminal may generate revoking information according to the received application, and send the generated revoking information to the permission management platform, so as to update the permission information stored in the permission management platform. After receiving revoke information sent by the client program installed on the user terminal, the license management platform may proceed to S72, that is, the license management platform may generate an revoke node credential based on the revoke information sent by the client program, and feed back the generated revoke node credential to the client program sending the revoke node license. The client program installed on the user terminal may enter S73 after receiving the revoke node credential fed back by the license management platform, that is, the client program may delete the configuration file in the to-be-revoked node.
In another possible implementation manner of the embodiment of the present application, after the client program installed on the user terminal completes the node permission authentication, the client and the node may be updated based on the client credential and the node credential. In the node management system provided by the application, the client program may further include a license update interface, and the hypervisor may update the client credential and the node credential through the license update interface. The client certificate of the client program and the node certificate of the node are specifically implemented as follows:
before updating the client program, a user can initiate an update application to the client program through a user terminal, and the update application can include various license information such as the number of issuable nodes and license expiration time. The user can also preset various client updating conditions in the client program, for example, the number of issuable node licenses in the new license condition needs to be greater than or equal to the limited number of the current issuable nodes, the expiration time of the node licenses in the new license condition needs to be later than the expiration time of the node licenses in the current license condition, and the like. After receiving an update application initiated by a user, a client program installed on a user terminal can judge whether the client can be updated according to the update application according to a preset client update condition.
If the update application satisfies the preset client update condition, the client program installed on the user terminal may send the update application to the license management platform. After receiving the update application sent by the client, the license management platform can perform uplink storage on the update application and form an update instruction according to the update application. The update instructions may include new client credentials and license credentials. The license management platform may feed back the update instruction to the client program that sent the update application. After receiving the update instruction fed back by the license management platform, the client program installed on the user terminal can update the license condition and the client identifier of the client based on the new client certificate in the update instruction.
After the updating of the client program installed on the user terminal is completed, the configuration file of each permitted node authorized by the client program can be obtained, and the existing node certificate in the node configuration file is updated according to the new node certificate in the updating instruction. Optionally, in the process of updating the node, the client program installed on the user terminal may fail to update the node due to a network fault of a server where the client program is located or a network fault of a server where the node is located. Therefore, after the client program finishes updating the licensed node, in order to ensure that the credentials of all nodes are updated, the client program may acquire the configuration file of the licensed node again and determine the client identifier in the existing node credentials of the licensed node. By determining whether the client identifier in the node credential is consistent with the client identifier of the client, the client program can determine whether the node has completed the node update. If the client identifier in the node certificate is consistent with the existing client identifier of the client, the client program can consider that the node is updated, and the client program does not need to perform subsequent operations on the node. If the client identifier in the node certificate is inconsistent with the existing client identifier of the client, the client program can consider that the node update fails, and the client program updates the node certificate of the node again.
Fig. 8 is a schematic view of an update flow of a client program and a node according to an embodiment of the present application. In S81, when the user needs to update the client license condition, the client program may check the user identity, that is, the client may check whether the user is a hypervisor. If the verification fails, i.e., the user is not a hypervisor of the client program, the client program may reject the update application of the user. If the verification is successful, the node management system may enter S82, that is, when the user is a super administrator of the client program installed on the user terminal, the client verifies whether the new client permission condition in the update application submitted by the super administrator meets the current permission limit of the client program. If the verification fails, that is, the new client permission condition in the update application does not satisfy the current permission limit of the client program, the client program may reject the update application. If the verification is successful, the node management system may enter S83, that is, when the new client permission condition in the update application satisfies the current permission limit of the client program, the client program may generate the update application according to the update information, and send the update application to the permission management platform. After receiving the new client certificate fed back by the license management platform based on the update application, the client program can update the client license condition according to the new client certificate. The client program may update the existing client credentials based on the received new client credentials and update the allowed nodes of the client based on the new node credentials. When the client certificate and the node certificate are updated, the permission conditions and the client identification in the client certificate and the node certificate are updated, so that after the client certificate is updated, the client program installed on the user terminal can judge whether the permitted node is updated successfully by judging whether the client identification in the node certificate of the permitted node is consistent with the existing client identification of the client. And if the client identifier in the node certificate is consistent with the existing client identifier of the client, the node is updated successfully. If the client identifier in the node certificate is inconsistent with the existing client identifier of the client, the node fails to be updated, and the client program installed on the user terminal can update the node which fails to be updated again.
In the embodiment of the application, because the configuration file of the node includes the node permission information and the node certificate, and the node certificate includes the node identifier and the client identifier, the issuing client of the node can be determined by querying the node certificate, that is, the node certificate and the client certificate are bound. Therefore, when the client and the node are updated, only the node certificate can be updated, and the node permission information does not need to be replaced. In the embodiment of the application, node permission information does not need to be replaced when the node is updated, so that the node updating can be completed under the condition that the node normally operates by managing the block chain nodes through the node management method provided by the embodiment of the application. The method and the device for updating the block chain service can solve the problem that when the node is updated, the node permission information needs to be replaced, so that the node is stopped and the normal operation of the block chain service is influenced.
In this embodiment, in another possible implementation manner of this embodiment, after the client program installed on the user terminal completes the node license authentication, the client program may further perform validity check on the client and the node based on the license information stored on the license management platform. In order to ensure the validity of the issued node license information, the client program installed on the user terminal may periodically perform validity check on the client certificate and the node certificate. The client program installed on the user terminal may periodically acquire the license information stored in the license management platform, and the license information stored on the license management platform may include client credential information and node credential information. The client program installed on the user terminal can check the validity of the client program and the node by judging whether the client certificate and the node certificate of the permitted node are consistent with the permission information. If the client certificate is found to be inconsistent with the license information stored on the license management platform through verification, the client certificate of the client program can be considered to be invalid, namely the node license authentication function of the client is invalid. The client program installed on the user terminal may disable the node license function in the program and stop license authentication for the node. Meanwhile, the client program installed on the user terminal can also stop the node service of the licensed node by sending a stop instruction to the licensed node, for example, the client can send a stop () instruction to the server deployed by the node to stop the node process.
If the client program installed on the user terminal verifies that the client certificate is consistent with the license information stored on the license management platform, the client certificate of the client program can be considered to be valid, and the client program installed on the user terminal can further carry out validity check on any licensed node which is licensed by the client program. The client program installed on the user terminal may determine whether the licensed node is valid by determining whether the node credentials in the configuration file of the licensed node are consistent with the license information in the license management platform.
If the client program installed on the user terminal verifies that the node certificate of the permitted node is inconsistent with the permission information, the client program can think that the node is invalid, and the client program can send warning information to the invalid node so as to remind the user and an administrator that the node certificate of the node is inconsistent with the permission information stored on the permission management platform. The client program installed on the user terminal may also stop the node service of the licensed node by sending a stop instruction to the licensed node, e.g., the client may issue a stop () instruction to a server deployed by the node to stop the node process. If the client program installed on the user terminal verifies that the information in the node certificate of the permitted node is consistent with the permission information stored on the block chain permission management platform, the client program installed on the user terminal can consider that the current client and the permitted node both have validity, and can continue to run the block chain service.
Fig. 9 is a schematic flow chart illustrating a procedure of performing validity check on a permitted node for a client program installed on a user terminal. To ensure the validity of the issued node, the client program installed on the user terminal may perform a periodic credential check on the licensed node. The content of the client certificate check can be to judge whether the client certificate and the node certificate are consistent with the license information stored on the license management platform. Therefore, when the validity check of the licensed node is performed in S91, the client program installed on the user terminal may first acquire the license information stored on the license management platform. After receiving the license information fed back by the license management platform, the client program installed on the user terminal may proceed to S92, that is, check whether the information in the client credential is consistent with the license information stored on the blockchain license management platform. If the information in the client certificate is inconsistent with the license information stored on the blockchain license management platform, the client program installed on the user terminal can stop the node issuing function in the program and stop the node service of all nodes under the client by sending a stop instruction. If the information in the client certificate installed on the user terminal is consistent with the license information stored on the blockchain license management platform, S92 may be entered, that is, the client program may further check the validity of the node certificate, that is, the client program may check whether the information in the node certificate of the licensed node is consistent with the license information stored on the blockchain license management platform. If the information in the node credential for the licensed node is not consistent with the license information stored on the blockchain license management platform, the client installed on the user terminal may stop the node service for that node. If the information in the node certificate of the permitted node is consistent with the permission information stored on the block chain permission management platform, the client program installed on the user terminal can consider that the current client and the permitted node both have validity, and can continue to operate the block chain service.
In the embodiment of the present application, the client program installed on the user terminal may periodically check the validity of the node and the client, and since the license information on the license management platform is stored on the blockchain network, the license information stored on the license management platform has non-tamper property. While the client credentials and node credentials stored on the client program and node are stored on the server device, it may happen that the node profiles are artificially replaced. By carrying out consistency check on the non-falsifiable license information, the client certificate and the node certificate stored on the client program and the node, the consistency between the data stored on the client and the node and the data recorded on the license management platform can be effectively ensured. Even if someone artificially replaces the node permission locally, the node permission can be found in time through validity check, and the safety of the block chain network can be further ensured.
In another possible implementation manner of the embodiment of the present application, in order to further satisfy the requirement of the blockchain network for further supervision on the node and the special customization requirement, the node management system in the embodiment of the present application may further include a supervision party. In the embodiment of the present application, the administrator may be a user, and may also be an administration platform or a terminal that accesses the license management platform in a third party manner. The supervisor can establish a certificate standard based on the limitation of different block chain types to node permission, and write the established certificate standard into the permission management platform, and the permission management platform can issue the certificate according to the certificate standard. The supervisor can also formulate a plurality of node certificate templates according to the types of the block chains, the license management platform can match different node certificate templates according to the node license information, and generate corresponding node certificates based on the matched node certificate templates. In addition, the supervisor can inquire the license information and the update record stored on the license management platform, the supervisor can inquire the issuance condition of the certificate and the license on the license management platform, and the supervisor can supervise and inspect the client and the block chain link point according to the inquired data.
In the embodiment of the application, the administrator can customize the node restriction data for different block chain types in the certificate template by formulating the standardized template of the node certificate, and then the license management platform issues various node certificates according to the certificate template. Therefore, in the node management method provided by the application, the customizing operation of the node permission limitation can be realized through the monitoring party, and a user can customize various node permission limitations according to the self requirement and apply the node permission limitations to different block chains.
In the embodiment of the application, because the concept of the certificate is introduced into the node management of the blockchain, the license management platform can generate the corresponding client certificate and the corresponding node certificate according to the license condition and the node license information submitted by the client program installed on the user terminal. Therefore, when the client program and the licensed node need to be updated, the user can write the updated license data into the new client certificate and the new node certificate through the license management platform, so that when the license data of the blockchain network is updated, only the client certificate and the node certificate can be updated without replacing the node license information. Compared with the prior art, when the user updates the permission data, the block chain network needs to be shut down first, and then the node updating is carried out in a mode of manually replacing the node list of each node. Obviously, the node management method provided by the embodiment of the present application can improve the node management efficiency while ensuring the normal operation of the block chain service, and is helpful for the user to manage the block chain nodes in time. In the embodiment of the application, because the client program installed on the user terminal receives the limitation of the client license condition when performing license authentication on the node and the license management platform writes the client identifier into the node certificate when generating the node certificate, the user can synchronously update the client identifier in the client certificate when updating the blockchain network. When the node is updated subsequently, the client program installed on the user terminal can quickly determine the node to be updated by judging whether the client identifier in the node certificate is consistent with the client identifier in the new client certificate or not, so that the node certificate can be automatically updated in batch. Therefore, by the node management method provided by the embodiment of the application, the node certificates can be updated in batches, the node management efficiency can be improved, and the effective management of the large-batch blockchain nodes can be realized. In addition, in the embodiment of the present application, a series of node management operations such as node and client admission, update, and suspension may be performed by a client program installed on a user terminal first sending corresponding node management information to an admission management platform, where the node management information includes various node management information such as node admission information and client admission conditions, and then the admission management platform uplink-stores the node management information. Because the block chain has the characteristic of being not tampered, the permission management platform carries out uplink storage on various node management information, so that the record of node change can be reserved, and other people are prevented from tampering.
It should be noted that, the sequence numbers of the steps in the foregoing embodiments do not mean the execution sequence, and the execution sequence of each process should be determined by the function and the inherent logic of the process, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Referring to fig. 10, a schematic diagram of a node management apparatus provided in the embodiment of the present application is shown, and specifically, the node management apparatus may include an auditing module 1001, a permission module 1002, and an authorization module 1003, where:
an auditing module 1001, configured to generate an auditing result for a node application based on a client credential associated with a user terminal when the node application for the node initiated by the user terminal is received; the client program carries a client certificate; the client certificate is generated when the client program installed on the user terminal is legal after the blockchain identification is obtained;
a permission module 1002, configured to identify the node as a permitted node if the audit result is that the audit is passed, and generate a permission file about the permitted node; the permission file includes a node permission; to be deployed
An authorizing module 1003 configured to send the node permission to the permitted node, where the node permission is used to authorize the permitted node to operate in the block chain.
The auditing module 1001 may further be configured to perform condition matching on the node information of the node in the node application according to a node permission condition associated with the client credential; and if the node information is matched with the node permission condition, generating the auditing result of which the auditing is passed.
The auditing module 1001 may be further configured to generate the license condition in the client program, and send the license condition to the license management platform; receiving the client-side certificate fed back by the license management platform based on the license condition, and storing the client-side certificate; the client certificate is generated when the client program is detected to have the permission right corresponding to the permission condition.
The licensing module 1002 may be further configured to receive a node credential fed back by the license management platform based on the node license information; sending the node credential and the node permission information to the permitted node to cause the permitted node to generate a configuration file based on the node credential and the node permission information; the licensed node is any node licensed by the client program.
The license module 1002 may be further configured to send an update application to the license management platform through the client program if an update condition corresponding to any client credential is satisfied; updating the license conditions and the client identifications of the client credentials in response to the update instructions fed back by the license management platform based on the update application; and acquiring the configuration files of the permitted nodes, and updating the node certificates in the configuration files issued by any client certificate according to the updating instruction.
The permission module 1002 may be further configured to generate node suspension and cancellation information of any permitted node in response to a node suspension and cancellation instruction about the any permitted node, and send the node suspension and cancellation information to the permission management platform; and receiving a node revoke certificate fed back by the permission management platform based on the node revoke information, and deleting the node certificate of any permitted node according to the node revoke certificate.
The license module 1002 may be further configured to obtain license information in the license management platform; if the client-side certificate is inconsistent with the permission information, forbidding the user terminal to carry out node permission through the client-side program, and sending a stop instruction to a permitted node; the stop instruction is used for stopping the node service of the permitted node; the licensed node is any node licensed by the client program.
The permission module 1002 may be further configured to, if the client credential is consistent with the permission information, determine whether the node credential is consistent with the permission information; and if the node certificate is inconsistent with the permission information, sending warning information to the permitted node, and sending a stop instruction to the permitted node.
Optionally, the client credentials and the node credentials are generated by the license management platform based on credential criteria and credential templates corresponding to the blockchain.
Optionally, the credential criteria and the credential template are generated by a supervisor and sent to the license management platform; the supervisor is for supervising and managing the license information stored in the license management platform.
For the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the description of the method embodiment for relevant points.
Referring to fig. 11, a schematic diagram of a terminal device provided in an embodiment of the present application is shown. As shown in fig. 11, the terminal device 1100 in the embodiment of the present application includes: a processor 1110, a memory 1120, and computer programs 1121 stored in the memory 1120 and operable on the processor 1110. The processor 1110, when executing the computer program 1121, implements the steps in various embodiments of the node management method described above, such as the steps S301 to S302 shown in fig. 3. Alternatively, the processor 1110, when executing the computer program 1121, implements the functions of each module/unit in the above-described device embodiments, for example, the functions of the modules 1001 to 1002 shown in fig. 10.
Illustratively, the computer programs 1121 can be divided into one or more modules/units that are stored in the memory 1120 and executed by the processor 1110 to accomplish the present application. The one or more modules/units can be a series of computer program instruction segments capable of performing specific functions, which can be used for describing the execution process of the computer program 1121 in the terminal device 1100. For example, the computer program 1121 may be divided into an auditing module and a licensing module, and the specific functions of each module are as follows:
the auditing module is used for generating an auditing result related to the node application through a client program when receiving the node application sent by any node in the block chain; the client program carries a client certificate; the client certificate is generated when the client program is legal after the blockchain identification is obtained;
the permission module is used for generating node permission information about any node if the audit result is that the audit is passed, and sending the node permission information to any node and a permission management platform corresponding to the block chain so as to bind the client program and any node; the node permission information includes permission information allowing the any node to operate in the blockchain.
The terminal device 1100 may be a server device in the foregoing embodiments, and the server device may be a computing device such as a desktop computer and a cloud server. The terminal device 1100 may include, but is not limited to, a processor 1110 and a memory 1120. Those skilled in the art will appreciate that fig. 11 is merely an example of a terminal device 1100, and does not constitute a limitation of terminal device 1100, and may include more or fewer components than shown, or some of the components may be combined, or different components, e.g., terminal device 1100 may also include input-output devices, network access devices, buses, etc.
The Processor 1110 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 1120 may be an internal storage unit of the terminal device 1100, such as a hard disk or a memory of the terminal device 1100. The memory 1120 may also be an external storage device of the terminal device 1100, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and so on, provided on the terminal device 1000. Further, the memory 1120 may also include both an internal storage unit and an external storage device of the terminal device 1100. The memory 1120 is used for storing the computer program 1121 and other programs and data required by the terminal device 1100. The memory 1120 may also be used to temporarily store data that has been output or is to be output.
The embodiment of the present application further discloses a terminal device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the node management method according to the foregoing embodiments when executing the computer program.
The embodiment of the application also discloses a computer readable storage medium, which stores a computer program, and the computer program is executed by a processor to implement the node management method according to the foregoing embodiments.
The embodiment of the present application further discloses a computer program product, when the computer program product runs on a computer, the computer is enabled to execute the node management method in the foregoing embodiments.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (13)

1. A node management method is applied to a block chain system and is characterized by comprising the following steps:
when a node application for a node initiated by a user terminal is received, generating an auditing result about the node application based on a client certificate associated with the user terminal; the client certificate is generated when the client program installed on the user terminal is legal after the blockchain identification is obtained;
if the verification result is that the verification is passed, identifying the node as a permitted node, and generating a permission file about the permitted node; the permission file comprises node permissions;
sending the node permission to the permitted node; the node permission is used to authorize the permitted node to operate in the blockchain.
2. The method according to claim 1, wherein the generating, when receiving a node application for a node initiated by a user terminal, an audit result about the node application based on client credentials associated with the user terminal comprises:
carrying out condition matching on the node information of the node in the node application according to the permission condition associated with the client certificate;
and if the node information is matched with the permission condition, generating the auditing result which passes the auditing.
3. The method of claim 1, wherein sending the node permission to the permitted node comprises:
sending the license file to a license management platform corresponding to the block chain so as to bind the client certificate and the licensed node;
receiving a node certificate fed back by the license management platform based on the license file;
generating a configuration file based on the node credentials and the node permissions, and sending the configuration file to the permitted nodes.
4. The method of claim 3, wherein the node credentials and the client credentials include a client identifier, and wherein after generating a configuration file based on the node credentials and the node permissions and sending the configuration file to the permitted nodes, further comprising:
if the updating condition corresponding to any client certificate is met, sending an updating application to the license management platform;
updating the license condition and the client identification of any client certificate in response to an update instruction fed back by the license management platform based on the update application;
and acquiring the configuration files of the permitted nodes, and updating the node certificates in the configuration files issued by any client certificate according to the updating instruction.
5. The method of claim 3, wherein after generating a configuration file based on the node credentials and the node permissions and sending the configuration file to the permitted nodes, further comprising:
responding to a node revoking instruction about any permitted node, generating node revoking information of the any permitted node, and sending the node revoking information to the permission management platform;
and receiving a node revoke certificate fed back by the permission management platform based on the node revoke information, and deleting the node certificate of any permitted node according to the node revoke certificate.
6. The method of claim 3, wherein the client credentials and the node credentials are generated by the license management platform based on credential criteria and credential templates corresponding to the blockchain.
7. The method of claim 6, wherein the credential criteria and the credential template are generated by a supervisor and sent to the license management platform; the supervisor is for supervising and managing the license information stored in the license management platform.
8. The method of claim 2, wherein the license file further comprises license information, and wherein after sending the node license to the licensed node, further comprising:
acquiring the license information in the license management platform;
if the client-side certificate is inconsistent with the permission information, forbidding the user terminal to carry out node permission through the client-side program, and sending a stop instruction to a permitted node; the stop instruction is used for stopping the node service of the permitted node; the licensed node is any node licensed by the client program.
9. The method of claim 8, wherein the node credential is generated by the license management platform based on the license file, and wherein after obtaining the license information in the license management platform, further comprising:
if the client-side certificate is consistent with the permission information, judging whether the node certificate is consistent with the permission information;
and if the node certificate is inconsistent with the permission information, sending warning information to the permitted node, and sending a stop instruction to the permitted node.
10. The method according to any one of claims 1 to 9, wherein before generating, by the client program, an audit result regarding the node application when receiving the node application initiated by the user, the method includes:
generating the license condition in the client program, and sending the license condition to the license management platform;
receiving the client-side certificate fed back by the license management platform based on the license condition, and storing the client-side certificate; the client certificate is generated when the client program is detected to have the permission right corresponding to the permission condition.
11. A node management device applied to a block chain is characterized by comprising:
the auditing module is used for generating an auditing result about a node application based on a client certificate associated with a user terminal when the node application for the node initiated by the user terminal is received; the client certificate is generated when the block chain identification obtains that a client program installed on the user terminal is legal;
the permission module is used for identifying the node as a permitted node if the audit result is that the audit is passed, and generating a permission file related to the permitted node; the permission file includes a node permission;
and the authorization module is used for sending the node permission to the permitted node, and the node permission is used for authorizing the permitted node to run in the block chain to be deployed.
12. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the node management method according to any of claims 1-10 when executing the computer program.
13. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out a node management method according to any one of claims 1 to 10.
CN202211445306.9A 2022-11-18 2022-11-18 Node management method, node management device, terminal equipment and storage medium Pending CN115834178A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211445306.9A CN115834178A (en) 2022-11-18 2022-11-18 Node management method, node management device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211445306.9A CN115834178A (en) 2022-11-18 2022-11-18 Node management method, node management device, terminal equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115834178A true CN115834178A (en) 2023-03-21

Family

ID=85529045

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211445306.9A Pending CN115834178A (en) 2022-11-18 2022-11-18 Node management method, node management device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115834178A (en)

Similar Documents

Publication Publication Date Title
JP7280396B2 (en) Secure provisioning and management of equipment
US20210103667A1 (en) Device and methods for management and access of distributed data sources
US11063928B2 (en) System and method for transferring device identifying information
CN107579958B (en) Data management method, device and system
CN106850622B (en) User identity management method based on permission chain
CN109714348B (en) Authority processing method, device, equipment and medium based on block chain
JP5863128B2 (en) Software license control
TW201923639A (en) Systems and methods for managing relationships among digital identities
CN111314340B (en) Authentication method and authentication platform
CN108289098B (en) Authority management method and device of distributed file system, server and medium
US20220035950A1 (en) Privacy-preserving mobility as a service supported by blockchain
US9064126B2 (en) Delegating authority of licenses to use computer products in a disconnected network
CN111526111B (en) Control method, device and equipment for logging in light application and computer storage medium
CN105915338A (en) Key generation method and key generation system
CN115698998A (en) Secure resource authorization for external identities using remote subject objects
TWI829219B (en) De-centralized data authorization control system capable of transferring read token from block chain subsystem to data requester device
CN111414612A (en) Security protection method and device for operating system mirror image and electronic equipment
DE102022108625A1 (en) MULTIPLE PHYSICAL REQUEST INTERFACES FOR SECURITY PROCESSORS
US20140223508A1 (en) Dynamically Constructed Capability for Enforcing Object Access Order
EP3062254A1 (en) License management for device management system
US20240048562A1 (en) Sponsor delegation for multi-factor authentication
CN114978668B (en) Cross-chain data entity identity management and authentication method and system
CN115834178A (en) Node management method, node management device, terminal equipment and storage medium
CN111797373B (en) Method, system, computer device and readable storage medium for identity information authentication
TWI829221B (en) De-centralized data authorization control system capable of allowing data requestetr device to inspect correctness of data authorization policy stored in block chain subsystem

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination