CN116992404A - Authorization method for container application, authorization verification method, electronic device, and readable storage medium - Google Patents

Authorization method for container application, authorization verification method, electronic device, and readable storage medium Download PDF

Info

Publication number
CN116992404A
CN116992404A CN202310975067.6A CN202310975067A CN116992404A CN 116992404 A CN116992404 A CN 116992404A CN 202310975067 A CN202310975067 A CN 202310975067A CN 116992404 A CN116992404 A CN 116992404A
Authority
CN
China
Prior art keywords
authorization
file
application
container application
container
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310975067.6A
Other languages
Chinese (zh)
Inventor
张婷
高达辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ainnovation Hefei Technology Co ltd
Original Assignee
Ainnovation Hefei Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ainnovation Hefei Technology Co ltd filed Critical Ainnovation Hefei Technology Co ltd
Priority to CN202310975067.6A priority Critical patent/CN116992404A/en
Publication of CN116992404A publication Critical patent/CN116992404A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2137Time limited access, e.g. to a computer or data

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Remote Sensing (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an authorization method, an authorization verification method, an electronic device and a readable storage medium for a container application. The method comprises the following steps: acquiring a hardware identifier of a host to which the container application belongs; acquiring authorization information of an authorization center by utilizing the hardware identifier and the application identifier of the container application, wherein the authorization information is generated by the hardware identifier; generating an authorization file based on the authorization information; the authorization file is stored in the host, and the storage address and the file directory of the container application are mapped in a mounting mode, so that the method can be used for authorizing the container application.

Description

Authorization method for container application, authorization verification method, electronic device, and readable storage medium
Technical Field
The present application relates to the field of internet identification technologies, and in particular, to a container application authorization method, an authorization verification method, an electronic device, and a readable storage medium.
Background
With the continuous development of technology, application deployment (application) using a container engine such as a Docker is becoming a common application deployment method, and for an application deployed in a container (hereinafter referred to as a container application), the application can be started and run in the container.
However, for container applications deployed in containers, it is often necessary to address the problem of being illegally replicated. At present, whether the container application is an illegally copied container application is mainly determined by detecting whether the container application is authorized during the starting and running processes of the container application, so how to authorize the container application is important.
Disclosure of Invention
An object of an embodiment of the present application is to provide an authorization method, an authorization verification method, an electronic device, and a readable storage medium for a container application, which are used for solving the problems in the prior art.
An embodiment of the present application provides a method for authorizing a container application, including:
acquiring a hardware identifier of a host to which the container application belongs;
acquiring authorization information of an authorization center by utilizing the hardware identifier and the application identifier of the container application;
generating an authorization file based on the authorization information;
and storing the authorized file in the host, and carrying out mounting mapping on the storage address and the file directory of the container application.
In one embodiment, the method further comprises: and setting a file validity period for the authorization file.
In one embodiment, obtaining the hardware identifier of the host to which the container application belongs specifically includes:
acquiring the IP address of the host machine by executing the shell command;
accessing the host by using the IP address, the login account number, the login password and the connection port of the host;
after the host machine is accessed, the Mac address of the specified network card in the host machine is obtained and used as the obtained hardware identifier.
In an embodiment, the obtaining authorization information of the authorization center by using the hardware identifier and the application identifier of the container application specifically includes:
generating and sending an authorization request to the authorization center by using the hardware identifier and the application identifier of the container application, so that the authorization center performs identity verification on the container application through the application identifier, and generating and feeding back authorization information by using the hardware identifier under the condition that the identity verification is passed;
and acquiring the authorization information fed back by the authorization center.
A second aspect of the embodiment of the present application provides a method for verifying authorization of a container application, including:
determining a storage address of an authorized file through mounting mapping of a container application file directory;
acquiring the authorization file according to the storage address;
acquiring authorization information in the authorization file;
acquiring a hardware identifier for generating the authorization information and an application identifier of the container application by analyzing the authorization information;
and matching the hardware identifier for generating the authorization information with the actual hardware identifier of the host to which the container application belongs, and carrying out authorization verification on the container application according to a matching result.
In one embodiment, the method further comprises:
judging whether the authorization file is in a file validity period or not under the condition that a hardware identifier for generating the authorization information is matched with the actual hardware identifier, wherein an authorization check result is passed under the condition that the authorization file is in the file validity period; or if the authorization file is not in the file validity period, the authorization verification result is not passed.
In an embodiment, in the case that the authorization check result is not passed, the method further includes: the launching and running of the container application is disabled.
In one embodiment, the determining the storage address of the authorization file through the mount mapping of the container application file directory specifically includes:
and in the starting or running process of the container application, determining the storage address of the authorized file through the mounting mapping of the container application file directory.
A third aspect of an embodiment of the present application provides an electronic device, including:
a memory for storing a computer program;
a processor configured to perform the method of the first aspect of the embodiments of the present application and any of the embodiments thereof.
A fourth aspect of an embodiment of the present application provides a readable storage medium, including: a program which, when run on an electronic device, causes the electronic device to perform the method of any of the embodiments of the application.
The method for authorizing the container application comprises the steps of obtaining the hardware identifier of a host machine to which the container application belongs, obtaining authorization information of an authorization center by utilizing the hardware identifier and the application identifier of the container application, generating the authorization information through the hardware identifier, generating an authorization file based on the authorization information, storing the authorization file in the host machine, and carrying out mounting mapping on a storage address and a file catalog of the container application, so that authorization of the container application is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an electronic device according to an embodiment of the present application;
FIG. 2 is a flowchart of an authorization method for a container application according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating an authorization verification method for a container application according to an embodiment of the present application;
FIG. 4 is a schematic diagram of an authorization device for a container application according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an authorization verification device for a container application according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. In the description of the present application, the terms "first," "second," and the like are used merely to distinguish between descriptions and are not to be construed as indicating or implying relative importance.
As mentioned above, for a container application deployed in a container, it is generally necessary to cope with the problem of being illegally copied, for example, in practical applications, an illegitimate molecule will often illegally copy the container application in the container, and such illegitimate copied container application may have a security risk during the operation, and may damage the reasonable benefit of the developer of the container application. Currently, whether a container application is an illegally copied container application is determined mainly by detecting whether the container application is authorized during the starting and running process of the container application, for example, the illegally copied container application is not authorized, so how to authorize the container application is important.
In view of the above, an embodiment of the application provides an electronic device. Fig. 1 is a schematic diagram showing a specific structure of the electronic device 1. The electronic device 1 includes: at least one processor 11 and a memory 12, one processor being exemplified in fig. 1. The processor 11 and the memory 12 may be connected by a bus 10, the memory 12 storing instructions executable by the processor 11, the instructions being executable by the processor 11 to cause the electronic device 1 to perform all or part of the flow of the method in the embodiments described below.
In practical applications, the electronic device 1 may be a mobile phone, a tablet computer, a notebook computer, a desktop computer, or the like, and in an application scenario of the embodiment of the present application, the electronic device 1 may be used as a server, or a plurality of electronic devices 1 may be formed into a server cluster to execute the method of the embodiment of the present application.
Fig. 2 is a schematic flow chart of an authorization method for a container application according to an embodiment of the application. Some or all of the steps of the method may be performed by the electronic device 1 shown in fig. 1, where the electronic device 1 may be a host of a container, that is, the method may be performed by a host of a container, or the electronic device 1 may be a server other than the host of a container, that is, the method may be performed by a server other than the host of a container, and herein, the method may be specifically described by taking the electronic device 1 as an example of the server. The method comprises the following steps:
step S21: and acquiring the hardware identification of the host to which the container application belongs.
The application of the container may be any application program in the container, for example, the method provided by the embodiment of the present application may be used to authorize each application program in the container, where each application program in the container may be used as the container application in the step S21, and further authorization is performed by executing the method; of course, the container application in the step S21 may be an application program specified in the container, for example, the specified application program may be a certain type of application program (for example, a security type application program, a social type application program, an electronic commerce type application program, etc.), or may be an unauthorized application program, etc., for example, an unauthorized application program in the container is used as the container application in the step S21, and further, the method provided by the embodiment of the present application is executed to authorize the application program.
It should be noted that, considering that the application scenario of the present application is to authorize a container application in a container, in the application scenario that prefers software, another possible authorization manner may be to acquire information on a software layer to authorize the container application, for example, the information on the software layer may be a unique identifier of the container (such as an IP address, a number, etc. of the container). However, since there may be some instability in the operation of the container itself, for example, the container may restart after a period of operation, or may even be logged off by a user, and the unique identifier of the container is usually valid only during normal operation of the container, after restarting or even logging off the container, the unique identifier of the container may change to cause the previous unique identifier to fail, and thus cause the authorization based on the previous unique identifier of the container to also fail. Therefore, in order to improve the authorization stability of the application to the container, what is obtained by the embodiment of the application is the hardware identifier of the host of the container, rather than the unique identifier of the container itself, and the authorization is performed based on the hardware identifier of the host later.
In practical applications, the hardware identifier of the host may be various, for example, the Mac address of the network card in the host, the CPUID of the CPU in the host, etc., and the corresponding host can be uniquely identified by the hardware identifier.
For the specific implementation manner of the step S21, the shell command may be executed to obtain the IP address of the host, and because the IP address may also be a dynamic IP, in order to improve the authorization stability, the IP address of the host is difficult to be used as the hardware identifier of the host; therefore, after the IP address of the host is obtained, the host is further accessed by using the IP address and the login account number, login password and connection port of the host, and after the host is accessed, the Mac address of the designated network card in the host is obtained as the obtained hardware identifier of the host, where in the case that the host has only one network card, the designated network card is the network card in the host, in the case that the host has multiple network cards, the first network card may be used as the designated network card according to the positional relationship of the network cards, or the second network card or the network card at other designated location may be used as the designated network card.
Step S22: and acquiring the authorization information of the authorization center by using the hardware identifier and the application identifier of the container application.
The authorization center is used for generating authorization information, for example, in practical application, the authorization center can be connected with a plurality of servers, and the servers can respectively acquire the authorization information of the authorization center by utilizing the hardware identifier and the application identifier of the container application.
For the specific implementation manner of the step S22, for example, the server uses the hardware identifier and the application identifier of the container application to generate an authorization request, and then sends the authorization request to the authorization center, where the authorization request carries the hardware identifier and the application identifier of the container application.
The authorization center can acquire the authorization request due to the connection with the server, and then the authorization center can generate corresponding authorization information through the hardware identifier and the application identifier of the container application. For example, the authorization center may perform identity verification on the container application through the application identifier, specifically, the application identifier may be compared with application identifiers of all container applications in the container application list, if the application identifier is included in each application identifier of the container application list, the authentication is indicated to pass, otherwise, if the application identifier is not included in each application identifier of the container application list, the authentication is indicated to fail. At this time, under the condition that the authentication passes, the authorization center can further generate authorization information by using the hardware identifier of the host machine and the application identifier of the container application, and feed back the authorization information to the server, so that the server can acquire the authorization information fed back by the authorization center.
For the specific mode of generating the authorization information by using the hardware identifier and the application identifier of the container application by the authorization center, for example, the hardware identifier and the application identifier may be spliced to obtain a spliced character string, then the spliced character string is encrypted by using an encryption algorithm, the encrypted ciphertext is used as the generated authorization information, other character strings may be added before and/or after the spliced character string to generate the authorization information, or the authorization information may be generated by other modes.
Step S23: an authorization file is generated based on the authorization information.
In practical applications, for example, the authorization information may be added to a blank file to generate the authorization file, or the authorization information may be added to an existing authorization file to generate a new authorization file, which is used as the authorization file generated in the step S23.
Step S24: and storing the authorized file in a host machine, and carrying out mounting mapping on the storage address and the file directory of the container application.
As mentioned above, there may be some instability in the operation of the container itself, for example, the container may restart after a period of operation, or may even be logged off by the user, so in order to enable the container application to perform the authorization check by using the authorization file stably, the authorization check of the container application is not affected by the instability of the operation of the container itself, and therefore in step S24, the authorization file is further stored in the host, and in particular, the authorization file may be stored in the host in a solidified manner, for example, in a hard disk of the host. Of course, in order to facilitate obtaining the authorization file in the authorization verification process of the container application, in the step S24, a mounting mapping is further performed on the storage address of the authorization file in the host machine and the file directory of the container application, so that the storage address of the authorization file in the host machine can be obtained through the mounting mapping, and further the authorization verification is performed on the authorization file.
The method for authorizing the container application comprises the steps of obtaining the hardware identifier of a host machine to which the container application belongs, obtaining authorization information of an authorization center by utilizing the hardware identifier and the application identifier of the container application, generating an authorization file based on the authorization information, storing the authorization file in the host machine, and carrying out mounting mapping on a storage address and a file directory of the container application, so that authorization of the container application is realized.
In addition, in the authorization mode of the embodiment of the application, because the authorization information is generated based on the hardware identifier of the host and the application identifier of the container application, compared with the authorization based on the unique identifier of the container, the stability of the authorization of the container application can be improved under the environment that the container runs unstably; in addition, the authorization file generated by the subsequent authorization information is stored in the host machine instead of the container, so that the stability of the application authorization of the container is further improved under the environment that the container runs unstably.
In practical application, in order to further improve security, for example, in some special scenarios, an lawbreaker may further illegally copy an authorization file, so that the embodiment of the present application may set a file validity period for an authorization level file, so that, during the file validity period, the authorization file is valid, and only during the file validity period, the authorization file can be used for authorization verification, but not during the file validity period, the authorization file fails, and cannot be used for authorization verification. Therefore, the method provided by the embodiment of the present application may further include setting a file validity period for the authorization file, for example, after the authorization file is generated in step S23, the file validity period may be set for the authorization file, or after step S34, the file validity period may be set for the authorization file. The term of the validity period of the file can be 1 year, 1 month, 1 week, 1 day, etc.
The embodiment of the application further provides an authorization verification method for the container application. Fig. 3 is a schematic flow chart of a specific authorization verification method applied to the container, where the method may be performed by the electronic device 1 as a host of the container, or may be performed by the electronic device 1 as a server outside the host of the container, and the method may be performed by taking the electronic device 1 as the server as an example, and specific descriptions are given herein. The method comprises the following steps:
step S31: and determining the storage address of the authorized file through the mounting mapping of the container application file directory.
In order to prevent the unauthorized copying of the container application by the non-molecule, the method can be executed to perform authorization verification on the container application during the starting process of the container application, or the method can be executed to perform authorization verification on the container application during the running process of the container application. Therefore, for the execution timing of the step S31, the storage address of the authorization file may be determined through the mount mapping of the container application file directory of the container application during the starting or running process of the container application.
Of course, for a container application to be started or running in a container, if the container application file directory of the container application does not have a storage address of the mount mapping, it is indicated that the container application is not authorized by the container application authorization method of the present application, and therefore, the authorization verification cannot be passed, at this time, it may be determined that the authorization verification result of the container application is not passed, and then the storage address of the mount mapping is mainly found in the container application file directory of the container application, and the description is performed by determining the storage address.
Step S32: and acquiring the authorization file according to the storage address.
Since the authorization file is stored in the storage address of the host, in this step S32, the authorization file can be acquired from the storage address.
Step S33: and acquiring authorization information in the authorization file.
Since the authorization file is generated by the authorization information, the authorization information in the authorization file can be obtained by parsing the authorization file in general.
Step S34: and acquiring a hardware identifier for generating the authorization information by analyzing the authorization information.
In the step S22, the authorization information is generated through the hardware identifier and the application identifier of the container application, for example, in the above mentioned manner of generating the authorization information, the hardware identifier and the application identifier may be spliced, then the spliced character string is encrypted by using an encryption algorithm, and the ciphertext obtained by the encryption is used as the generated authorization information, so when the authorization information is analyzed, the ciphertext may be decrypted first, so as to obtain the corresponding spliced character string, then the hardware identifier, that is, the hardware identifier for generating the authorization information, may be extracted from the spliced character string, and of course, the application identifier corresponding to the container application may also be extracted from the spliced character string; it is also mentioned above that other strings may be added before and/or after the spliced string to generate the authorization information, at this time, the other strings added before and/or after may be removed to obtain the spliced string, and then the hardware identifier, that is, the hardware identifier for generating the authorization information, may be extracted from the spliced string, and of course, the application identifier of the corresponding container application may also be extracted from the spliced string.
Step S35: and matching the hardware identifier for generating the authorization information with the actual hardware identifier of the host to which the container application belongs, and carrying out authorization verification on the container application through a matching result.
The method comprises the steps of carrying out authorization verification on a container application, wherein the authorization verification is carried out on the container application, on one hand, the hardware identification of the container application when the container application is authorized by the container application authorization method provided by the embodiment of the application is obtained, and on the other hand, the actual hardware identification of a host machine to which the container application currently belongs is obtained, then the two are matched, and further, the container application is subjected to the authorization verification according to a matching result, and the matching result can comprise matching and non-matching, for example, if the two are not matched, the authorization verification result is not passed; if the authorization file is not judged to pass the validity period, the authorization verification result can be judged to pass the validity period, and if the authorization file is judged to pass the validity period, the authorization verification result is judged to pass the validity period according to the validity period.
If the validity period of the authorization file is required to be judged later, the method can further comprise the step of further judging whether the authorization file is within the validity period of the file or not under the condition that the hardware identifier for generating the authorization information is matched with the actual hardware identifier, wherein under the condition that the authorization file is within the validity period of the file, the authorization verification result is passed; or if the authorization file is not in the file validity period, the authorization verification result is not passed.
Of course, if the result of the authorization check is passed, the starting and continuous running of the container application can be allowed; in the case that the authorization verification result is not passed, for example, the hardware identifier used for generating the authorization information does not match with the actual hardware identifier, or the authorization file is not in the file validity period, the starting and running of the container application can be forbidden.
For example, if a molecule is not generated to illegally copy a container application, and the container application is started or run in a container of another host, because when the container application is authorized by the container application authorization method provided by the embodiment of the present application, the hardware identifier of the host used for generating the authorization file is different from the hardware identifier of the host in the starting or running process (i.e., the actual hardware identifier), and thus the two identifiers are not matched, so that the authorization verification result is not passed, and at this time, the starting and running of the container application can be forbidden.
Based on the same inventive concept as the method for authorizing a container application provided by the embodiment of the present application, the embodiment of the present application further provides an apparatus for authorizing a container application, and for the specific content in the apparatus embodiment, reference may be made to the corresponding method embodiment described above, if it is unclear. As shown in fig. 4, the apparatus 40 includes a hardware identification acquisition unit 401, an authorization information acquisition unit 402, an authorization file generation unit 403, and a storage mapping unit 404, wherein:
a hardware identifier obtaining unit 401, configured to obtain a hardware identifier of a host to which the container application belongs;
an authorization information obtaining unit 402, configured to obtain authorization information of an authorization center by using the hardware identifier and an application identifier of the container application;
an authorization file generation unit 403, configured to generate an authorization file based on the authorization information;
and the storage mapping unit 404 is configured to store the authorized file in the host, and perform mounting mapping on the storage address and the file directory of the container application.
By adopting the device 40 provided by the embodiment of the present application, since the device 40 adopts the same inventive concept as the authorization method for container application provided by the embodiment of the present application, the device 40 can solve the technical problem on the premise that the method can solve the technical problem, and the description thereof is omitted herein.
In addition, in practical application, the technical effect obtained by combining the device 40 with a specific hardware device is also within the scope of the present application, for example, different units in the device 40 are distributed in different nodes in a distributed cluster manner, so as to improve model training efficiency and the like.
The apparatus 40 may further comprise a file validity period setting unit for setting a file validity period for the authorization file.
The hardware identifier obtaining unit 401 may specifically include a hardware identifier obtaining subunit, configured to obtain, by executing a shell command, an IP address of the host; accessing the host by using the IP address, the login account number, the login password and the connection port of the host; after the host machine is accessed, the Mac address of the specified network card in the host machine is obtained and used as the obtained hardware identifier.
The authorization information obtaining unit 402 may specifically include an authorization information obtaining subunit, configured to generate and send an authorization request to the authorization center by using the hardware identifier and an application identifier of the container application, so that the authorization center performs identity verification on the container application through the application identifier, and generate and feed back authorization information by using the hardware identifier if the identity verification passes; and acquiring the authorization information fed back by the authorization center.
Based on the same inventive concept as the method for verifying the authorization of the container application provided by the embodiment of the present application, the embodiment of the present application further provides a device for verifying the authorization of the container application, and for the specific content in the embodiment of the device, reference may be made to the corresponding method embodiment described above if it is unclear. As shown in fig. 5, the apparatus 50 includes a storage address determining unit 501, an authorization file acquiring unit 502, an authorization information second acquiring unit 503, a hardware identification second acquiring unit 504, and an authorization checking unit 505, wherein:
a storage address determining unit 501, configured to determine a storage address of the authorization file through a mount mapping of the container application file directory;
an authorization file obtaining unit 502, configured to obtain the authorization file according to the storage address;
an authorization information second obtaining unit 503, configured to obtain authorization information in the authorization file;
a hardware identifier second obtaining unit 504, configured to obtain a hardware identifier for generating the authorization information by parsing the authorization information;
and the authorization verification unit 505 is configured to match the hardware identifier for generating the authorization information with an actual hardware identifier of a host to which the container application belongs, and perform authorization verification on the container application according to a matching result.
It is clear that the device 50 also solves the problems of the prior art, which are not described here in detail.
The apparatus 50 may further include a validity period judging unit, configured to judge whether the authorization file is within a file validity period if a hardware identifier for generating the authorization information matches with the actual hardware identifier, where, in the case that the authorization file is within the file validity period, an authorization check result is passed; or if the authorization file is not in the file validity period, the authorization verification result is not passed.
The storage address determining unit 501 may specifically include a storage address determining subunit, configured to determine, during the startup or running process of the container application, a storage address of the authorization file through a mount mapping of a file directory of the container application.
The apparatus 50 may further comprise a prohibiting unit for prohibiting the starting and running of the container application if the authorization check result is not passed.
The embodiment of the application also provides a computer program product, which is stored in a storage medium, and the program product is executed by at least one processor to implement each process of the training method provided by the embodiment of the application, and the same technical effects can be achieved, so that repetition is avoided, and a detailed description is omitted here.
The embodiment of the application also provides a non-transitory electronic device readable storage medium, which comprises: a program which, when run on an electronic device, causes the electronic device to perform all or part of the flow of the method in the above-described embodiments. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a Flash Memory (Flash Memory), a Hard Disk (HDD), or a Solid State Drive (SSD), etc. The storage medium may also comprise a combination of memories of the kind described above.
Although embodiments of the present application have been described in connection with the accompanying drawings, various modifications and variations may be made by those skilled in the art without departing from the spirit and scope of the application, and such modifications and variations are within the scope of the application as defined by the appended claims.

Claims (10)

1. A method of authorizing a container application, comprising:
acquiring a hardware identifier of a host to which the container application belongs;
acquiring authorization information of an authorization center by utilizing the hardware identifier and the application identifier of the container application;
generating an authorization file based on the authorization information;
and storing the authorized file in the host, and carrying out mounting mapping on the storage address and the file directory of the container application.
2. The method according to claim 1, wherein the method further comprises: and setting a file validity period for the authorization file.
3. The method according to claim 1, wherein obtaining the hardware identifier of the host to which the container application belongs specifically comprises:
acquiring the IP address of the host machine by executing the shell command;
accessing the host by using the IP address, the login account number, the login password and the connection port of the host;
after the host machine is accessed, the Mac address of the specified network card in the host machine is obtained and used as the obtained hardware identifier.
4. The method according to claim 1, wherein obtaining authorization information of an authorization center using the hardware identifier and an application identifier of the container application, specifically comprises:
generating and sending an authorization request to the authorization center by using the hardware identifier and the application identifier of the container application, so that the authorization center performs identity verification on the container application through the application identifier, and generating and feeding back authorization information by using the hardware identifier under the condition that the identity verification is passed;
and acquiring the authorization information fed back by the authorization center.
5. A method for authorization verification of a container application, comprising:
determining a storage address of an authorized file through mounting mapping of a container application file directory;
acquiring the authorization file according to the storage address;
acquiring authorization information in the authorization file;
acquiring a hardware identifier for generating the authorization information by analyzing the authorization information;
and matching the hardware identifier for generating the authorization information with the actual hardware identifier of the host to which the container application belongs, and carrying out authorization verification on the container application according to a matching result.
6. The method of claim 5, wherein the method further comprises:
judging whether the authorization file is in a file validity period or not under the condition that a hardware identifier for generating the authorization information is matched with the actual hardware identifier, wherein an authorization check result is passed under the condition that the authorization file is in the file validity period; or if the authorization file is not in the file validity period, the authorization verification result is not passed.
7. The method of claim 6, wherein in the event that the authorization check result is not pass, the method further comprises: the launching and running of the container application is disabled.
8. The method according to claim 5, wherein determining the storage address of the authorization file by the mount mapping of the container application file directory, in particular comprises:
and in the starting or running process of the container application, determining the storage address of the authorized file through the mounting mapping of the container application file directory.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor configured to perform the method of any one of claims 1 to 8.
10. A readable storage medium, comprising: program which, when run on an electronic device, causes the electronic device to perform the method of any one of claims 1 to 8.
CN202310975067.6A 2023-08-02 2023-08-02 Authorization method for container application, authorization verification method, electronic device, and readable storage medium Pending CN116992404A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310975067.6A CN116992404A (en) 2023-08-02 2023-08-02 Authorization method for container application, authorization verification method, electronic device, and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310975067.6A CN116992404A (en) 2023-08-02 2023-08-02 Authorization method for container application, authorization verification method, electronic device, and readable storage medium

Publications (1)

Publication Number Publication Date
CN116992404A true CN116992404A (en) 2023-11-03

Family

ID=88526194

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310975067.6A Pending CN116992404A (en) 2023-08-02 2023-08-02 Authorization method for container application, authorization verification method, electronic device, and readable storage medium

Country Status (1)

Country Link
CN (1) CN116992404A (en)

Similar Documents

Publication Publication Date Title
US20200294048A1 (en) Blockchain-based data verification method and apparatus, and electronic device
JP6719079B2 (en) Information equipment, data processing system, data processing method and computer program
JP5704518B2 (en) Confidential information leakage prevention system, confidential information leakage prevention method, and confidential information leakage prevention program
EP3178011B1 (en) Method and system for facilitating terminal identifiers
US9059978B2 (en) System and methods for remote maintenance in an electronic network with multiple clients
US9047458B2 (en) Network access protection
TW565800B (en) Communications system, terminal, reproduction program, storage medium storing reproduction program, server, server program, and storage medium storing server program
US10205596B2 (en) Authenticating a consumable product based on a remaining life value
US9811037B2 (en) Methods and systems for determining authenticity of a consumable product
TWI682297B (en) Method, device and system for preventing cross-website request forgery
US9015817B2 (en) Resilient and restorable dynamic device identification
WO2019127890A1 (en) Vulnerability scanning method, device, computer apparatus, and storage medium
CN109190335B (en) Software copyright protection method and system
US11868476B2 (en) Boot-specific key access in a virtual device platform
CN112099904B (en) Nested page table management method and device of virtual machine, processor chip and server
CN108229162B (en) Method for realizing integrity check of cloud platform virtual machine
CN108600259B (en) Authentication and binding method of equipment, computer storage medium and server
CN112272093B (en) Token management method, electronic equipment and readable storage medium
CN107766699A (en) A kind of authorized appropriation method and apparatus
CN110730079B (en) System for safe starting and trusted measurement of embedded system based on trusted computing module
CN107276967B (en) Distributed system and login verification method thereof
CN116992404A (en) Authorization method for container application, authorization verification method, electronic device, and readable storage medium
CN116644485A (en) Anti-counterfeiting authentication method and device for server memory, electronic equipment and storage medium
CN109284622B (en) Contact information processing method and device and storage medium
CN116010926A (en) Login authentication method, login authentication device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination