WO2020034700A1 - Method and device for accounting, authenticating and accessing cloud - Google Patents

Method and device for accounting, authenticating and accessing cloud Download PDF

Info

Publication number
WO2020034700A1
WO2020034700A1 PCT/CN2019/088169 CN2019088169W WO2020034700A1 WO 2020034700 A1 WO2020034700 A1 WO 2020034700A1 CN 2019088169 W CN2019088169 W CN 2019088169W WO 2020034700 A1 WO2020034700 A1 WO 2020034700A1
Authority
WO
WIPO (PCT)
Prior art keywords
cloud
alliance
endorsement
user
token
Prior art date
Application number
PCT/CN2019/088169
Other languages
French (fr)
Chinese (zh)
Inventor
王楠楠
黄国强
罗斌
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2020034700A1 publication Critical patent/WO2020034700A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • This application relates to cloud technology, and in particular, to a cloud account opening, authentication, and access method, device, and storage medium.
  • This application provides an access method, device, and storage medium, so that users of the cloud alliance can access resources of any cloud in the cloud alliance.
  • a method for user access to the cloud including:
  • the first cloud obtains a user's first access request, wherein the first access request includes a target token generated by an endorsement subject endorsing the user information of the user, the first cloud Belongs to a cloud alliance, which includes multiple clouds;
  • an alliance token from an alliance blockchain and match the target token with the alliance token to obtain a matching result, wherein the alliance blockchain can be used by any one of the cloud alliances Cloud access
  • the target user is determined as a legitimate user according to the matching result, and the target user is allowed to access the first cloud.
  • the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
  • the endorsement body when the fourth cloud and the first cloud are the same cloud, the endorsement body includes the first One cloud; when the fourth cloud and the first cloud are not the same cloud, the endorsement body includes a fourth cloud and the first cloud.
  • the method further includes: when the life cycle of the alliance token is greater than the expiration period, the first cloud Regenerate a new alliance token and upload the new alliance token to the alliance blockchain.
  • the method further includes:
  • the first cloud sends a second access request of the user to the second cloud, wherein the second cloud belongs to the cloud alliance.
  • a cloud user authentication method including:
  • the third cloud obtains a user authentication request, wherein the authentication request includes user information of the user, the third cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
  • the method further includes:
  • Determining an expiration period of the federation token wherein the expiration period is used to invalidate the federation token when a life period of the federation token is greater than an expiration period.
  • the user information includes one or more of an alliance account number, a password, and an alliance identifier.
  • a method for opening an account for a cloud user including:
  • the fourth cloud receives a user's account opening request, wherein the account opening cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the endorsement request includes the user information
  • the endorsement result is a result obtained by the endorsement subject endorsing the user information
  • the endorsement result is uploaded to the alliance blockchain according to the endorsement result, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
  • the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
  • the user information includes one or more of an alliance account number, a password, and an alliance identifier.
  • an access device including: an acquisition module, a matching module, and a determination module,
  • the obtaining module is configured to obtain a first access request of a user, wherein the first access request includes a target token, the target token is generated by an endorsement subject endorsing the user information of the user, the The first cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the matching module is configured to obtain an alliance token from an alliance blockchain, and match the target token and the alliance token to obtain a matching result, wherein the alliance blockchain can be used by the cloud Access to any cloud in the alliance;
  • the determining module is configured to determine the target user as a legal user according to the matching result, and allow the target user to access the first cloud.
  • the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
  • the endorsement body when the fourth cloud and the first cloud are the same cloud, the endorsement body includes the first One cloud; when the fourth cloud and the first cloud are not the same cloud, the endorsement body includes a fourth cloud and the first cloud.
  • the method further includes: when the life cycle of the alliance token is greater than the expiration period, the first cloud Regenerate a new alliance token and upload the new alliance token to the alliance blockchain.
  • the access device further includes a receiving module and a sending module
  • the receiving module is further configured to receive a second access request from a user, wherein the second access request includes a target token;
  • the sending module is further configured to send a second access request of the user to the second cloud, where the second cloud belongs to the cloud alliance.
  • an authentication device including: an acquisition module, a sending module, and a generating module
  • the obtaining module is configured to obtain an authentication request of a user, wherein the authentication request includes user information of the user, the third cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the sending module is configured to send an endorsement request to the endorsement subject according to the authentication request, and receive an endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is the endorsement subject A result obtained by endorsing the user information;
  • the generating module is configured to generate a target token for the target user according to the endorsement result
  • the sending module is further configured to upload the target token to an alliance blockchain as an alliance token, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
  • the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
  • the apparatus further includes a determining module
  • the determining module is configured to determine an expiration period of the federation token, wherein the expiration period is used to invalidate the federation token when a life period of the federation token is greater than an expiration period.
  • the user information includes one or more of an alliance account number, a password, and an alliance identifier.
  • an account opening device including: a receiving module, a generating module, and a sending module,
  • the receiving module is configured to receive a user account opening request, wherein the account opening cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the generating module is configured to generate user information for the user according to the account opening request
  • the sending module is configured to send an endorsement request to the endorsement subject and receive an endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is the endorsement subject's response to the user information Endorsement results;
  • the sending module is further configured to upload the endorsement result to the alliance blockchain according to the endorsement result, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
  • the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
  • the user information includes one or more of an alliance account number, a password, and an alliance identifier.
  • a cloud system including: a plurality of computer devices, wherein the computer device includes a memory, a processor coupled to the memory, and a communication module, wherein the communication module is used for sending or receiving Externally sent data, the memory is used to store program code, and the processor is used to call the program code stored in the memory to perform the method as described in any one of the first aspects.
  • a cloud system including: a plurality of computer devices, wherein the computer device includes a memory, a processor coupled to the memory, and a communication module, wherein the communication module is used for sending or receiving Externally sent data, the memory is used to store program code, and the processor is used to call the program code stored in the memory to perform the method as described in any one of the second aspects.
  • a cloud system including: a plurality of computer devices, wherein the computer device includes a memory, a processor coupled to the memory, and a communication module, wherein the communication module is configured to send or receive Externally sent data, the memory is used to store program code, and the processor is used to call the program code stored in the memory to perform the method as described in any one of the third aspects.
  • a computer non-transitory storage medium including instructions, which, when the instructions are run on a device, cause the device to perform the method according to any one of the first aspects.
  • a computer non-transitory storage medium includes instructions that, when the instructions run on a device, cause the device to perform the method according to any one of the second aspects.
  • a computer non-transitory storage medium including instructions, which, when the instructions are run on a device, cause the device to perform the method according to any one of the third aspects.
  • the first cloud when the user needs to access the first cloud, receives the first access request sent by the user, where the first access request includes a target token.
  • First Cloud obtains the alliance token from the alliance blockchain, matches the target token and the alliance token to obtain a matching result, determines the target user as a legitimate user according to the matching result, and allows the target The user accesses the first cloud. Since the target token is generated by endorsement of the user information of the user and has good credibility, as long as the access request sent by the client carries the target token, and the target token is verified If it is successfully passed, the identity of the user is determined to be valid, and the user is allowed to access. Therefore, as long as the target token is carried, users of the cloud alliance can freely access any cloud resource in the cloud alliance.
  • FIG. 1 is a schematic structural diagram of a cloud alliance according to an embodiment of the present application.
  • FIG. 2 is a schematic structural diagram of another cloud alliance according to an embodiment of the present application.
  • FIG. 3 is a process interaction diagram of an account opening method provided by the present application.
  • FIG. 4 is a process interaction diagram of an authentication method provided by the present application.
  • FIG. 5 is a flow interaction diagram of an access method provided by the present application.
  • FIG. 6 is a flow interaction diagram of an access method provided by the present application.
  • FIG. 7 is a schematic structural diagram of still another cloud alliance provided by the present application.
  • FIG. 8 is a schematic structural diagram of still another cloud alliance provided by the present application.
  • the envisaged cloud alliance includes multiple clouds, and an alliance blockchain belonging to the cloud alliance is constructed on the cloud alliance, wherein the alliance blockchain can be used by any cloud in the cloud alliance. access.
  • the scale of the cloud alliance can be set according to actual needs.
  • the cloud alliance can be an alliance formed between clouds of multiple enterprises, an alliance formed between clouds of multiple cities, or multiple countries.
  • the alliance formed between the cloud, or even the global cloud, is not specifically limited here.
  • a cloud can include multiple cloud nodes (see the solid white dots in Figure 2).
  • the cloud includes at least one data center and network equipment connected to the data center.
  • Each data center includes hardware layers, such as servers, storage arrays, network equipment, and so on; and software layers running on top of the hardware layer.
  • Cloud service providers provide cloud-based software and hardware resources to provide users with rental or hosting services, including hardware services such as computing, storage, and networking, or software services such as artificial intelligence and databases.
  • the alliance blockchain includes at least one order service node (such as the solid black dots in Figure 2) and an accounting node (such as a dotted dot in Figure 2) that connects the order service nodes. .
  • the ordering service node may be composed of nodes other than each cloud in the cloud alliance, and the accounting node may be formed by combining some cloud nodes in each cloud in the cloud alliance.
  • the sorting service node is used to sort the information that needs to be stored in the alliance blockchain, package the sorted information into blocks, and then broadcast the packed block to all accounting nodes.
  • the bookkeeping node is used to store the packed blocks.
  • the sorting service node may designate some of the bookkeeping nodes as endorsement nodes (such as dots with diagonal lines in FIG. 2).
  • the cloud alliance can be established in the following way: Cloud 1 first creates a cloud alliance and formulates the smart contracts that the cloud alliance needs to follow. If other clouds (such as cloud 2) recognize the smart contract formulated by cloud 1, other clouds can join the cloud alliance.
  • Cloud 1 creates a cloud alliance, it can create an alliance blockchain on its own foundation.
  • other clouds join the blockchain, other clouds can create a sub-blockchain on their own foundation, and Connect with the original alliance blockchain to form a new alliance blockchain.
  • the alliance blockchain is the private blockchain of the cloud alliance, that is, when any cloud uploads data to the blockchain, the uploaded data will be quickly synchronized to the entire alliance blockchain, and can be used by the cloud Other cloud downloads in the alliance. It should be understood that the foregoing construction method is only an example, and should not constitute a specific limitation.
  • users of the Cloud Alliance can access any cloud resource in the Cloud Alliance at will.
  • users can open an alliance account on any cloud in the cloud alliance. After the alliance account is opened, the user can use the alliance account to log in and perform identity verification on any cloud in the cloud alliance. After the verification is completed, the user can access any cloud in the cloud alliance through the alliance account.
  • the following describes two specific application scenarios by way of examples:
  • the user opens an alliance account on A cloud in the cloud alliance. Then, the user can log in and authenticate with the alliance account on the B cloud in the cloud alliance. After the verification is completed, the user can access the resources of the B cloud in the cloud alliance through the alliance account. Users can also log in and authenticate with an alliance account on C Cloud in the Cloud Alliance. After the verification is completed, the user can access the resources of C Cloud in the cloud alliance through the alliance account.
  • users can access every cloud (including A cloud) in the cloud alliance in the same way.
  • the user opens an alliance account on A cloud in the cloud alliance. Then, the user can log in and authenticate with the alliance account on the B cloud in the cloud alliance. After the verification is completed, the user can access the B cloud, and can access each cloud (including A cloud) in the cloud alliance through the B cloud.
  • the cloud that the user directly accesses can be called the first cloud
  • the cloud that the user accesses through the first cloud can be called the second cloud
  • the cloud that the user authenticates can be called the third cloud
  • the cloud that the user opens an alliance account with It can be called the fourth cloud.
  • first cloud, the third cloud, and the fourth cloud may be the same cloud; the third cloud and the fourth cloud may be the same cloud, and the first cloud may not be the same cloud; the fourth cloud and The first cloud may be the same cloud, the third cloud may not be the same cloud; the first cloud and the fourth cloud may be the same cloud, and the third cloud may not be the same cloud; the first cloud, the third cloud The cloud and the fourth cloud may not be the same cloud, which is not specifically limited here.
  • the user can carry the target token to access any cloud in the cloud alliance.
  • the accessed cloud (first cloud) verifies the target token.
  • the user can be determined to be a legitimate user and allowed to access.
  • the reason why a user can visit any cloud in the cloud alliance with a target token is that the target token is a token generated by the endorsement body of the cloud alliance to endorse the user's user information according to the endorsement policy. Because the target token can prove that the endorsement subject has endorsed the user information of the target user, that is, the target token can prove that the endorsement subject guarantees the credibility of the target user, so long as the target token is verified, It can be determined that the target user is a legitimate user.
  • the user information includes one or more of an alliance account, a password, and an alliance identifier.
  • the endorsement subject may include any cloud in the cloud alliance or a third-party notary. More specifically, in the case where the endorsement subject includes one of the clouds in the cloud alliance, the endorsement subject includes the endorsement node of the cloud.
  • the third-party notarization agency may be a recognized agency of the cloud alliance, such as credit card verification agencies and other credit agencies.
  • the endorsement policy can be set according to actual needs. For example, when the fourth cloud and the first cloud are the same cloud, the endorsement body includes the first cloud; in the fourth cloud and the first cloud, When the first cloud is not the same cloud, the endorsement body includes a fourth cloud and the first cloud, which is not specifically limited herein. It should be understood that the above examples of user information, endorsement body, and endorsement strategy are merely examples, and should not constitute specific limitations.
  • the process for the first cloud to verify the target token may be: the first cloud obtains a first access request from the target user, and obtains an index and a target token from the first access request.
  • the first cloud sends the index to the alliance blockchain.
  • the alliance blockchain receives the index sent by the first cloud.
  • the alliance blockchain looks up the alliance token according to the index.
  • the alliance blockchain sends the alliance token to First Cloud.
  • First Cloud receives the alliance token sent by the alliance blockchain.
  • the first cloud matches the target token and the alliance token to obtain a matching result. When the matching result is a successful match, the first cloud determines that the target user is a legitimate user, and allows the target user to access the first cloud.
  • the process of generating a target token may be: a third cloud acquires an authentication request from a user, wherein the authentication request includes user information of the user. Then, the third cloud sends an endorsement request to the endorsement subject according to the authentication request. The endorsement request includes the user information. Accordingly, the endorsement subject receives the endorsement request sent by the third cloud. The endorsement subject endorses the user information according to the endorsement policy to obtain the endorsement result. The endorsement body sends the endorsement result to the third cloud. Accordingly, the third cloud receives the endorsement result returned by the endorsement body. When the endorsement is successful, the third cloud generates a target token for the user. The third cloud uploads the target token to the alliance blockchain as an alliance token.
  • the alliance blockchain receives the target token sent by the third cloud, and stores the target token as the alliance token.
  • the alliance blockchain sends the index of the alliance token to the third cloud.
  • the third cloud receives the index sent by the alliance blockchain.
  • the third cloud sends the target token to the user's client. Accordingly, the user end of the user receives the target token sent by the third cloud.
  • the process of generating user information may be: the account opening cloud receives an account opening request from a target user, where the account opening request may include necessary information for opening an account, for example, one or more of a passport number, an ID number, a name, and the like. Then, the account opening cloud generates user information for the target user according to the account opening request.
  • Account opening cloud sends an endorsement request to the endorsement subject and receives the endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is obtained by the endorsement subject endorsing the user information result.
  • the account opening cloud uploads the user information to the alliance blockchain.
  • the alliance blockchain has the characteristics of distributed storage and decentralized storage, user information stored in the alliance blockchain has extremely high reliability.
  • the user opens an alliance account on A cloud in the cloud alliance. Then, the user can use the federation account to log in and authenticate on the B cloud in the cloud alliance to generate a target token. After the verification is completed, the user can carry the target token to access the resources of B cloud in the cloud alliance. Users can also use the federation account to log in and authenticate on the C cloud in the cloud alliance to generate target tokens. After the verification is completed, the user can access the resources of C Cloud in the Cloud Alliance by carrying the target token. By analogy, users can access every cloud (including A cloud) in the cloud alliance in the same way.
  • the user opens an alliance account on A cloud in the cloud alliance. Then, the user can use the federation account to log in and authenticate on the B cloud in the cloud alliance to generate a target token. After the verification is completed, the user can carry the target token to access the B cloud, and can carry the target token to access each cloud (including the A cloud) in the cloud alliance.
  • FIG. 3 is a process interaction diagram of an account opening method provided by the present application.
  • the account opening method in this embodiment includes:
  • the fourth cloud receives a user's account opening request.
  • the account opening request includes one or more of identity information, the account opening information, a passport number, an ID number, a name, and the like.
  • S102 The fourth household cloud verifies the identity information.
  • the identity information may be submitted to a third-party verification agency for verification by the fourth cloud.
  • the third-party verification agency may be an organization with good credibility, for example, the household administration bureau, public security agency, or banking institution, etc., which is not specifically limited here.
  • the fourth cloud In a case where the identity information verification is successful, the fourth cloud generates user information for the user.
  • the user information includes one or more of an affiliate account, a password, and an affiliate ID.
  • the affiliate account can be a user's common account in the cloud alliance, that is, the user can log in to the affiliate account on any cloud in the cloud alliance.
  • the password is the verification information entered by the target user when logging in to the federated account.
  • the federation identity is the identity of the cloud federation.
  • the fourth cloud sends the endorsement request to the endorsement subject. Accordingly, the endorsement subject receives the endorsement request sent by the fourth cloud.
  • the endorsement request may be sent in the form of an account opening proposal.
  • the account opening cloud uploads the account opening proposal to the alliance blockchain.
  • the alliance blockchain synchronizes the account opening proposal within the entire alliance blockchain.
  • the endorsement node receives the account opening proposal, it endorses the account opening proposal.
  • S105 The endorsement subject endorses the user information according to the endorsement policy to obtain the endorsement result.
  • the endorsement body sends the endorsement result to the fourth cloud. Accordingly, the fourth cloud receives the endorsement result sent by the endorsement body.
  • the fourth cloud sends user information to the user end of the user. Accordingly, the user end of the user receives the user information returned by the fourth cloud.
  • FIG. 4 is a process interaction diagram of an authentication method provided by the present application.
  • the authentication method in this embodiment includes:
  • the third cloud obtains an authentication request from a user.
  • the authentication request includes user information of the user, and the user information includes one or more of an alliance account, a password, and an alliance identifier.
  • the third cloud verifies the identity of the user according to the alliance account and password.
  • the identity information may be verified by a third cloud or a third-party verification agency.
  • the third cloud In the case of successful verification, the third cloud generates an endorsement request according to the authentication request, wherein the endorsement request includes user information.
  • S204 The third cloud submits an endorsement request to the endorsement subject. Accordingly, the endorsement subject receives the endorsement request submitted by the authentication cloud.
  • the endorsement request may be sent in the form of an authentication proposal.
  • the fourth cloud uploads the authentication proposal to the alliance blockchain.
  • the alliance blockchain receives the authentication proposal, it synchronizes the authentication proposal within the entire alliance blockchain.
  • the endorsement node receives the authentication proposal, it endorses the authentication proposal.
  • S205 The endorsement subject endorses the user information according to the endorsement policy to obtain the endorsement result.
  • the endorsement body sends the endorsement result to the third cloud. Accordingly, the third cloud receives the endorsement result sent by the endorsement body.
  • the third cloud uploads the alliance token to the alliance blockchain. Accordingly, the alliance blockchain receives the alliance token sent by the third cloud.
  • S209 The third cloud sends the target token to the user end of the user. Accordingly, the user end of the user receives the target token sent by the third cloud.
  • FIG. 5 is a flow interaction diagram of an access method provided by the present application.
  • the access method in this embodiment includes:
  • the first cloud receives a first access request from a target user, wherein the first access request includes an index and a target token, and the target token is an order generated by the endorsement subject to endorsement of the user information of the user brand.
  • the alliance blockchain searches for the alliance token corresponding to the index according to the index.
  • the alliance token in the alliance blockchain has an expiration period.
  • the alliance token is valid when the life cycle of the alliance token is less than the expiration period; when the life cycle of the alliance token is greater than or equal to the expiration period, the alliance token will become invalid.
  • the expiry period of the alliance token can ensure that the alliance token will not lose its effect because it exists for too long, which improves the reliability of the alliance token.
  • the alliance blockchain sends an alliance token to the first cloud. Accordingly, the first cloud receives the alliance token sent by the alliance blockchain.
  • S305 The first cloud matches the target token and the alliance token to obtain a matching result.
  • S308 First Cloud uploads the alliance token to the alliance blockchain. Accordingly, the alliance blockchain receives the alliance token sent by the first cloud.
  • FIG. 6 is a flow interaction diagram of an access method provided by the present application.
  • the access method in this embodiment includes:
  • the first cloud sends a second access request of the user to the second cloud, where the first access request includes an index and a target token.
  • the second access cloud sends an index to the alliance blockchain. Accordingly, the alliance blockchain receives the index sent by the second cloud.
  • the alliance blockchain searches for the alliance token corresponding to the index according to the index.
  • the alliance token in the alliance blockchain has an expiration period.
  • the alliance token is valid when the life cycle of the alliance token is less than the expiration period; when the life cycle of the alliance token is greater than or equal to the expiration period, the alliance token will become invalid.
  • the expiry period of the alliance token can ensure that the alliance token will not lose its effect because it exists for too long, which improves the reliability of the alliance token.
  • the alliance blockchain sends an alliance token to the second cloud. Accordingly, the second cloud receives the alliance token sent by the alliance blockchain.
  • S405 The second cloud matches the target token and the alliance token to obtain a matching result.
  • the second cloud uploads the alliance token to the alliance blockchain. Accordingly, the alliance blockchain receives the alliance token sent by the second cloud.
  • FIG. 7 is a schematic structural diagram of still another cloud alliance provided by the present application.
  • the cloud alliance of the present application includes the first cloud, the third cloud, and the fourth cloud.
  • the cloud alliance blockchain is built on the first cloud, the third cloud, and the fourth cloud.
  • the first cloud, the third cloud, and the fourth cloud may be completely different clouds, some of the same clouds, or completely the same clouds, which are not specifically limited herein.
  • the first cloud may include multiple cloud nodes, and each cloud node includes a receiving module 101, a generating module 102, and a sending module 130.
  • the receiving module 101 is configured to receive a user account opening request, wherein the account opening cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the generating module 102 is configured to generate user information for the user according to the account opening request;
  • the sending module 103 is configured to send an endorsement request to the endorsement subject and receive an endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is the endorsement subject to the user Endorsement of information;
  • the sending module 103 is further configured to upload the endorsement result to the alliance blockchain according to the endorsement result, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
  • the third cloud may include multiple cloud nodes, and each cloud node includes an obtaining module 201, a sending module 202, and a generating module 203.
  • the obtaining module 201 is configured to obtain an authentication request of a user, wherein the authentication request includes user information of the user, the third cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the sending module 202 is configured to send an endorsement request to the endorsement subject according to the authentication request, and receive an endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is the endorsement.
  • the generating module 203 is configured to generate a target token for the target user according to the endorsement result
  • the sending module 203 is further configured to upload the target token to an alliance blockchain as an alliance token, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
  • the fourth cloud may include multiple cloud nodes, and each cloud node includes an obtaining module 301, a matching module 302, and a determining module 303.
  • the obtaining module 301 is configured to obtain a first access request of a user, wherein the first access request includes a target token, and the target token is generated by an endorsement subject endorsing the user information of the user.
  • Said first cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the matching module 302 is configured to obtain an alliance token from an alliance blockchain, and match the target token and the alliance token to obtain a matching result, wherein the alliance blockchain can be used by the Access to any cloud in the cloud alliance;
  • the determining module 303 is configured to determine that the target user is a legal user according to the matching result, and allow the target user to access the first cloud.
  • the first cloud, the third cloud, and the fourth cloud are not described in detail.
  • FIG. 8 is a schematic structural diagram of still another cloud alliance provided by the present application.
  • the cloud alliance of the present application includes a first cloud system, a third cloud system, and a fourth cloud system.
  • the first cloud system, the third cloud system, and the fourth cloud system build a cloud alliance blockchain.
  • the first cloud system, the third cloud system, and the fourth cloud system may be different cloud systems, some of the same cloud systems, or completely the same cloud systems, which are not specifically limited herein.
  • the first cloud system, the third cloud system, and the fourth cloud system may belong to different companies, or may belong to clouds operated by different countries operated by the same company.
  • the first cloud system of the present application includes a plurality of computing devices, and each computing device includes one or more processors 401, a communication interface 402, and a memory 403.
  • the processor 401, the communication interface 402, and the memory 403 may be connected through a bus 404.
  • the processor 401 includes one or more general-purpose processors.
  • the general-purpose processor may be any type of device capable of processing electronic instructions, including a central processing unit (CPU), a microprocessor, a microcontroller, and a main processor. Processors, controllers, and application-specific integrated circuits (ASICs).
  • the processor 401 executes various types of digital storage instructions, such as software or firmware programs stored in the memory 403, which enables a computing device to provide a wide variety of services. For example, the processor 401 can execute programs or process data to perform part or all of the methods described herein.
  • the communication interface 402 may be a wired interface (such as an Ethernet interface) or a wireless interface (such as a cellular network interface or using a wireless local area network interface) for communicating with other computing devices or users.
  • a wired interface such as an Ethernet interface
  • a wireless interface such as a cellular network interface or using a wireless local area network interface
  • the memory 403 may include an internal memory and an external memory.
  • the internal memory may include one or more of at least one of the following: volatile memory (such as dynamic random access memory (DRAM), static RAM (SRAM), synchronous dynamic RAM (SDRAM)), and non-volatile memory (Such as one-time programmable read-only memory (OTPROM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), mask ROM, NAND (NAND) Flash memory, or non-NOR flash memory, etc.).
  • the internal memory may be in the form of a solid state drive (SSD).
  • the external memory may also include a flash drive, such as high-density flash memory, secure digital, micro SD, mini SD, extreme data (xD), memory stick, and the like.
  • the external storage may use centralized storage or distributed storage, which is not specifically limited here.
  • the processor 401 can perform the following steps by reading the program in the memory 403:
  • the fourth cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the endorsement result is uploaded to the alliance blockchain through the communication interface 402 according to the endorsement result, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
  • the endorsement body includes any cloud or a third party notary in the cloud alliance.
  • the user information includes one or more of an alliance account, a password, and an alliance identifier.
  • the structure of the third cloud system of the present application is similar to that of the first cloud system, and includes multiple computing devices.
  • Each computing device includes one or more processors 501, a communication interface 502, and a memory 503.
  • the processor 501, the communication interface 502, and the memory 503 may be connected through a bus 504.
  • the processor 501 can perform the following steps by reading the program in the memory 503:
  • the authentication request includes user information of the user
  • the third cloud belongs to a cloud alliance
  • the cloud alliance includes multiple clouds
  • the target token is uploaded to the alliance blockchain through the communication interface 502 as an alliance token, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
  • the endorsement body includes any cloud or a third party notary in the cloud alliance.
  • the expiration period of the federation token is determined by the processor 501, wherein the expiration period is used to invalidate the federation token when the life period of the federation token is greater than the expiration period.
  • the user information includes one or more of an alliance account, a password, and an alliance identifier.
  • the structure of the third cloud system of the present application is similar to that of the first cloud system, and includes multiple computing devices.
  • Each computing device includes one or more processors 601, a communication interface 602, and a memory 603.
  • the processor 601, the communication interface 602, and the memory 603 may be connected through a bus 604.
  • the processor 601 can execute the following steps by reading the program in the memory 603:
  • a first access request of a user is obtained through the communication interface 602, wherein the first access request includes a target token generated by an endorsement subject endorsing the user information of the user, the first access request
  • the cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
  • the alliance token is obtained from the alliance blockchain through the communication interface 602, and the target token and the alliance token are matched to obtain a matching result, wherein the alliance blockchain can be used in the cloud alliance Access to any cloud of
  • the processor 601 determines that the target user is a legal user according to the matching result, and allows the target user to access the first cloud.
  • the endorsement body includes any cloud or a third party notary in the cloud alliance.
  • the processor 601 regenerates a new alliance token and uploads the new alliance token to the alliance blockchain.
  • the second access request of the user is received through the communication interface 602, wherein the second access request includes a target token; and the second access request of the user is sent to the second cloud through the communication interface 602, where , The second cloud belongs to the cloud alliance.
  • the first cloud when the user needs to access the first cloud, receives the first access request sent by the user, where the first access request includes a target token.
  • First Cloud obtains the alliance token from the alliance blockchain, matches the target token and the alliance token to obtain a matching result, determines the target user as a legitimate user according to the matching result, and allows the target The user accesses the first cloud. Since the target token is generated by endorsement of the user information of the user and has good credibility, as long as the access request sent by the client carries the target token, and the target token is verified If it is successfully passed, the identity of the user is determined to be valid, and the user is allowed to access. Therefore, as long as the target token is carried, users of the cloud alliance can freely access any cloud resource in the cloud alliance.
  • the disclosed system, terminal, and method may be implemented in other ways.
  • the device embodiments described above are only schematic.
  • the division of the unit is only a logical function division.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may also be electrical, mechanical or other forms of connection.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments of the present invention.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist separately physically, or two or more units may be integrated into one unit.
  • the above integrated unit may be implemented in the form of hardware or in the form of software functional unit.
  • the integrated unit When the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • the technical solution of the present invention is essentially a part that contributes to the existing technology, or all or part of the technical solution may be embodied in the form of a software product, which is stored in a storage medium
  • Included are several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present invention.
  • the foregoing storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Disclosed is an accounting, authenticating and accessing method, comprising: a first cloud obtains a first access request of a user, wherein the first access request comprises a target token, the target token is generated by performing endorsement on user information of the user by an endorsement body, the first cloud belongs to a cloud alliance, and the cloud alliance comprises a plurality of clouds; obtain an alliance token from an alliance blockchain, and match the target token with the alliance token to obtain the matching result, wherein the alliance blockchain can be accessed by any cloud in the cloud alliance; determine the user to be a valid user according to the matching result, and allow the user to access the first cloud. By means of the method, users of the cloud alliance can randomly access resources of any cloud in the cloud alliance.

Description

云的开户、认证及访问方法和设备Cloud account opening, authentication and access method and equipment 技术领域Technical field
本申请涉及云技术,尤其涉及一种云的开户、认证及访问方法、设备以及存储介质。This application relates to cloud technology, and in particular, to a cloud account opening, authentication, and access method, device, and storage medium.
背景技术Background technique
随着云技术的快速发展,全球范围内出现了越来越多的云。不同云可能由不同的企业运营,如果用户希望访问这些云的资源,就必须在每朵云上都分别注册一个账户,并使用账户登录对应的云,才能够访问账户对应的云的资源。为了打破这些云之间的隔阂,实现资源的共享,人们提出了构建云联盟的设想。With the rapid development of cloud technology, more and more clouds have appeared around the world. Different clouds may be operated by different enterprises. If users want to access the resources of these clouds, they must register an account on each cloud and log in to the corresponding cloud using the account in order to access the resources of the cloud corresponding to the account. In order to break the barrier between these clouds and realize the sharing of resources, people have proposed the idea of building a cloud alliance.
但是,如何实现云联盟的用户可以随意访问云联盟中的任意一朵云的资源是一个尚未解决的问题。However, how to realize that users of the cloud alliance can freely access the resources of any cloud in the cloud alliance is an open problem.
发明内容Summary of the Invention
本申请提供了一种访问方法、设备以及存储介质,能够实现云联盟的用户可以访问云联盟中的任意一朵云的资源。This application provides an access method, device, and storage medium, so that users of the cloud alliance can access resources of any cloud in the cloud alliance.
第一方面,提供了一种用户对云的访问方法,包括:In a first aspect, a method for user access to the cloud is provided, including:
第一云获取用户的第一访问请求,其中,所述第一访问请求包括目标令牌,所述目标令牌由背书主体对所述用户的用户信息进行背书而生成的,所述第一云属于云联盟,所述云联盟包括多朵云;The first cloud obtains a user's first access request, wherein the first access request includes a target token generated by an endorsement subject endorsing the user information of the user, the first cloud Belongs to a cloud alliance, which includes multiple clouds;
从联盟区块链上获取联盟令牌,并将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果,其中,所述联盟区块链可被所述云联盟中的任意一朵云访问;Obtain an alliance token from an alliance blockchain, and match the target token with the alliance token to obtain a matching result, wherein the alliance blockchain can be used by any one of the cloud alliances Cloud access
根据匹配结果确定所述目标用户为合法用户,并允许所述目标用户对所述第一云进行访问。The target user is determined as a legitimate user according to the matching result, and the target user is allowed to access the first cloud.
结合第一方面,第一方面的第一种可能的实施方式中,所述背书主体包括云联盟中的任一云或者第三方公证机构。With reference to the first aspect, in a first possible implementation manner of the first aspect, the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
结合第一方面的上述任一方式,第一方面的第二种可能的实施方式中,在第四云和所述第一云是同一朵云的情况下,所述背书主体包括所述第一云;在第四云和所述第一云不是同一朵云的情况下,所述背书主体包括第四云和所述第一云。With reference to any one of the foregoing aspects of the first aspect, in a second possible implementation manner of the first aspect, when the fourth cloud and the first cloud are the same cloud, the endorsement body includes the first One cloud; when the fourth cloud and the first cloud are not the same cloud, the endorsement body includes a fourth cloud and the first cloud.
结合第一方面的上述任一方式,第一方面的第三种可能的实施方式中,所述方法还包括:在所述联盟令牌的生命周期大于失效周期的情况下,所述第一云重新生成新的联盟令牌,并将所述新的联盟令牌上传到所述联盟区块链中。With reference to any one of the foregoing aspects of the first aspect, in a third possible implementation manner of the first aspect, the method further includes: when the life cycle of the alliance token is greater than the expiration period, the first cloud Regenerate a new alliance token and upload the new alliance token to the alliance blockchain.
结合第一方面的上述任一方式,第一方面的第四种可能的实施方式中,所述方法还包括:With reference to any one of the foregoing aspects of the first aspect, in a fourth possible implementation manner of the first aspect, the method further includes:
接收用户的第二访问请求,其中,所述第二访问请求包括目标令牌;Receiving a second access request from a user, wherein the second access request includes a target token;
所述第一云向所述第二云发送所述用户的第二访问请求,其中,所述第二云属于所述云联盟。The first cloud sends a second access request of the user to the second cloud, wherein the second cloud belongs to the cloud alliance.
第二方面,提供了一种云用户的认证方法,包括:In a second aspect, a cloud user authentication method is provided, including:
第三云获取用户的认证请求,其中,所述认证请求包括所述用户的用户信息,所述第三云属于云联盟,所述云联盟包括多朵云;The third cloud obtains a user authentication request, wherein the authentication request includes user information of the user, the third cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
根据所述认证请求向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得到的结果;Sending an endorsement request to the endorsement body according to the authentication request, and receiving an endorsement result returned by the endorsement body, wherein the endorsement request includes the user information, and the endorsement result is that the endorsement body performs the user information Endorsement of the results;
根据所述背书结果为所述目标用户生成目标令牌;Generating a target token for the target user according to the endorsement result;
将所述目标令牌上传至联盟区块链中以作为联盟令牌,所述联盟区块链可被所述云联盟中的任意一朵云访问。Upload the target token to the alliance blockchain as an alliance token, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
结合第二方面,第二方面的第二种可能的实施方式中,所述背书主体包括云联盟中的任一云或者第三方公证机构。With reference to the second aspect, in a second possible implementation manner of the second aspect, the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
结合第二方面的上述任一方式,第二方面的第三种可能的实施方式中,所述方法还包括:With reference to any one of the foregoing aspects of the second aspect, in a third possible implementation manner of the second aspect, the method further includes:
确定所述联盟令牌的失效周期,其中,所述失效周期用于在所述联盟令牌的生命周期大于失效周期时,使所述联盟令牌失效。Determining an expiration period of the federation token, wherein the expiration period is used to invalidate the federation token when a life period of the federation token is greater than an expiration period.
结合第二方面的上述任一方式,第二方面的第四种可能的实施方式中,所述用户信息包括联盟账号、密码、联盟标识中的一种或者多种。With reference to any one of the foregoing aspects of the second aspect, in a fourth possible implementation manner of the second aspect, the user information includes one or more of an alliance account number, a password, and an alliance identifier.
第三方面,提供一种云用户的开户方法,包括:In a third aspect, a method for opening an account for a cloud user is provided, including:
第四云接收用户的开户请求,其中,所述开户云属于云联盟,所述云联盟包括多朵云;The fourth cloud receives a user's account opening request, wherein the account opening cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
根据所述开户请求为所述用户生成用户信息;Generating user information for the user according to the account opening request;
向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得到的结果;Sending an endorsement request to the endorsement subject and receiving the endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is a result obtained by the endorsement subject endorsing the user information;
根据所述背书结果将所述背书结果上传至联盟区块链中,所述联盟区块链可被所述云联盟中的任意一朵云访问。The endorsement result is uploaded to the alliance blockchain according to the endorsement result, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
结合第三方面,第三方面的第一种可能的实施方式中,所述背书主体包括云联盟中的任一云或者第三方公证机构。With reference to the third aspect, in a first possible implementation manner of the third aspect, the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
结合第三方面的上述一种方式,第三方面的第二种可能的实施方式中,所述用户信息包括联盟账号、密码、联盟标识中的一种或者多种。With reference to the foregoing one manner of the third aspect, in a second possible implementation manner of the third aspect, the user information includes one or more of an alliance account number, a password, and an alliance identifier.
第四方面,提供了一种访问设备,包括:获取模块、匹配模块以及确定模块,In a fourth aspect, an access device is provided, including: an acquisition module, a matching module, and a determination module,
所述获取模块用于获取用户的第一访问请求,其中,所述第一访问请求包括目标令牌,所述目标令牌由背书主体对所述用户的用户信息进行背书而生成的,所述第一云属于云联盟,所述云联盟包括多朵云;The obtaining module is configured to obtain a first access request of a user, wherein the first access request includes a target token, the target token is generated by an endorsement subject endorsing the user information of the user, the The first cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
所述匹配模块用于从联盟区块链上获取联盟令牌,并将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果,其中,所述联盟区块链可被所述云联盟中的任意一朵云访问;The matching module is configured to obtain an alliance token from an alliance blockchain, and match the target token and the alliance token to obtain a matching result, wherein the alliance blockchain can be used by the cloud Access to any cloud in the alliance;
所述确定模块用于根据匹配结果确定所述目标用户为合法用户,并允许所述目标用户对所述第一云进行访问。The determining module is configured to determine the target user as a legal user according to the matching result, and allow the target user to access the first cloud.
结合第四方面,第四方面的第一种可能的实施方式中,所述背书主体包括云联盟中的任一云或者第三方公证机构。With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
结合第四方面的上述任一方式,第四方面的第二种可能的实施方式中,在第四云和所述第一云是同一朵云的情况下,所述背书主体包括所述第一云;在第四云和所述第一云不是同一朵云的情况下,所述背书主体包括第四云和所述第一云。With reference to any one of the foregoing aspects of the fourth aspect, in a second possible implementation manner of the fourth aspect, when the fourth cloud and the first cloud are the same cloud, the endorsement body includes the first One cloud; when the fourth cloud and the first cloud are not the same cloud, the endorsement body includes a fourth cloud and the first cloud.
结合第四方面的上述任一方式,第四方面的第三种可能的实施方式中,所述方法还包括:在所述联盟令牌的生命周期大于失效周期的情况下,所述第一云重新生成新的联盟令牌,并将所述新的联盟令牌上传到所述联盟区块链中。With reference to any one of the foregoing aspects of the fourth aspect, in a third possible implementation manner of the fourth aspect, the method further includes: when the life cycle of the alliance token is greater than the expiration period, the first cloud Regenerate a new alliance token and upload the new alliance token to the alliance blockchain.
结合第四方面的上述任一方式,第四方面的第四种可能的实施方式中,所述访问设备还包括接收模块以及发送模块,With reference to any one of the foregoing aspects of the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the access device further includes a receiving module and a sending module,
所述接收模块还用于接收用户的第二访问请求,其中,所述第二访问请求包括目标令牌;The receiving module is further configured to receive a second access request from a user, wherein the second access request includes a target token;
所述发送模块还用于向所述第二云发送所述用户的第二访问请求,其中,所述第二云属于所述云联盟。The sending module is further configured to send a second access request of the user to the second cloud, where the second cloud belongs to the cloud alliance.
第五方面,提供了一种认证设备,包括:获取模块、发送模块以及生成模块In a fifth aspect, an authentication device is provided, including: an acquisition module, a sending module, and a generating module
所述获取模块用于获取用户的认证请求,其中,所述认证请求包括所述用户的用户信息,所述第三云属于云联盟,所述云联盟包括多朵云;The obtaining module is configured to obtain an authentication request of a user, wherein the authentication request includes user information of the user, the third cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
所述发送模块用于根据所述认证请求向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得到的结果;The sending module is configured to send an endorsement request to the endorsement subject according to the authentication request, and receive an endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is the endorsement subject A result obtained by endorsing the user information;
所述生成模块用于根据所述背书结果为所述目标用户生成目标令牌;The generating module is configured to generate a target token for the target user according to the endorsement result;
所述发送模块还用于将所述目标令牌上传至联盟区块链中以作为联盟令牌,所述联盟区块链可被所述云联盟中的任意一朵云访问。The sending module is further configured to upload the target token to an alliance blockchain as an alliance token, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
结合第五方面,第五方面的第二种可能的实施方式中,所述背书主体包括云联盟中的任一云或者第三方公证机构。With reference to the fifth aspect, in a second possible implementation manner of the fifth aspect, the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
结合第五方面的上述任一方式,第五方面的第三种可能的实施方式中,所述装置还包括确定模块,With reference to any one of the foregoing aspects of the fifth aspect, in a third possible implementation manner of the fifth aspect, the apparatus further includes a determining module,
所述确定模块用于确定所述联盟令牌的失效周期,其中,所述失效周期用于在所述联盟令牌的生命周期大于失效周期时,使所述联盟令牌失效。The determining module is configured to determine an expiration period of the federation token, wherein the expiration period is used to invalidate the federation token when a life period of the federation token is greater than an expiration period.
结合第五方面的上述任一方式,第五方面的第四种可能的实施方式中,所述用户信息包括联盟账号、密码、联盟标识中的一种或者多种。With reference to any one of the foregoing aspects of the fifth aspect, in a fourth possible implementation manner of the fifth aspect, the user information includes one or more of an alliance account number, a password, and an alliance identifier.
第六方面,提供一种开户设备,包括:接收模块、生成模块以及发送模块,According to a sixth aspect, an account opening device is provided, including: a receiving module, a generating module, and a sending module,
所述接收模块用于接收用户的开户请求,其中,所述开户云属于云联盟,所述云联盟包括多朵云;The receiving module is configured to receive a user account opening request, wherein the account opening cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
所述生成模块用于根据所述开户请求为所述用户生成用户信息;The generating module is configured to generate user information for the user according to the account opening request;
所述发送模块用于向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得到的结果;The sending module is configured to send an endorsement request to the endorsement subject and receive an endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is the endorsement subject's response to the user information Endorsement results;
所述发送模块还用于根据所述背书结果将所述背书结果上传至联盟区块链中,所 述联盟区块链可被所述云联盟中的任意一朵云访问。The sending module is further configured to upload the endorsement result to the alliance blockchain according to the endorsement result, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
结合第六方面,第六方面的第一种可能的实施方式中,所述背书主体包括云联盟中的任一云或者第三方公证机构。With reference to the sixth aspect, in a first possible implementation manner of the sixth aspect, the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
结合第六方面的上述一种方式,第六方面的第二种可能的实施方式中,所述用户信息包括联盟账号、密码、联盟标识中的一种或者多种。With reference to the foregoing one manner of the sixth aspect, in a second possible implementation manner of the sixth aspect, the user information includes one or more of an alliance account number, a password, and an alliance identifier.
第七方面,提供了一种云系统,包括:多个计算机设备,其中,所述计算机设备包括存储器以及与所述存储器耦合的处理器、通信模块,其中:所述通信模块用于发送或者接收外部发送的数据,所述存储器用于存储程序代码,所述处理器用于调用所述存储器存储的程序代码以执行如第一方面任一项描述的方法。According to a seventh aspect, a cloud system is provided, including: a plurality of computer devices, wherein the computer device includes a memory, a processor coupled to the memory, and a communication module, wherein the communication module is used for sending or receiving Externally sent data, the memory is used to store program code, and the processor is used to call the program code stored in the memory to perform the method as described in any one of the first aspects.
第八方面,提供了一种云系统,包括:多个计算机设备,其中,所述计算机设备包括存储器以及与所述存储器耦合的处理器、通信模块,其中:所述通信模块用于发送或者接收外部发送的数据,所述存储器用于存储程序代码,所述处理器用于调用所述存储器存储的程序代码以执行如第二方面任一项描述的方法。According to an eighth aspect, a cloud system is provided, including: a plurality of computer devices, wherein the computer device includes a memory, a processor coupled to the memory, and a communication module, wherein the communication module is used for sending or receiving Externally sent data, the memory is used to store program code, and the processor is used to call the program code stored in the memory to perform the method as described in any one of the second aspects.
第九方面,提供了一种云系统,包括:多个计算机设备,其中,所述计算机设备包括存储器以及与所述存储器耦合的处理器、通信模块,其中:所述通信模块用于发送或者接收外部发送的数据,所述存储器用于存储程序代码,所述处理器用于调用所述存储器存储的程序代码以执行如第三方面任一项描述的方法。In a ninth aspect, a cloud system is provided, including: a plurality of computer devices, wherein the computer device includes a memory, a processor coupled to the memory, and a communication module, wherein the communication module is configured to send or receive Externally sent data, the memory is used to store program code, and the processor is used to call the program code stored in the memory to perform the method as described in any one of the third aspects.
第十方面,提供了一种计算机非瞬态存储介质,包括指令,当所述指令在设备上运行时,使得所述设备执行如第一方面任一项所述的方法。According to a tenth aspect, a computer non-transitory storage medium is provided, including instructions, which, when the instructions are run on a device, cause the device to perform the method according to any one of the first aspects.
第十一方面,提供了一种计算机非瞬态存储介质,包括指令,当所述指令在设备上运行时,使得所述设备执行如第二方面任一项所述的方法。According to an eleventh aspect, a computer non-transitory storage medium is provided, and includes instructions that, when the instructions run on a device, cause the device to perform the method according to any one of the second aspects.
第十二方面,提供了一种计算机非瞬态存储介质,包括指令,当所述指令在设备上运行时,使得所述设备执行如第三方面任一项所述的方法。According to a twelfth aspect, a computer non-transitory storage medium is provided, including instructions, which, when the instructions are run on a device, cause the device to perform the method according to any one of the third aspects.
上述方案中,在用户端需要访问第一云的情况下,第一云接收用户发送的第一访问请求,其中,第一访问请求中包括目标令牌。第一云从联盟区块链上获取联盟令牌,将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果,根据匹配结果确定所述目标用户为合法用户,并允许所述目标用户对所述第一云进行访问。由于目标令牌是由背书主体对所述用户的用户信息进行背书而生成的,具有良好的公信力,因此,只要用户端发送的访问请求中携带了目标令牌,并且,对目标令牌的验证也顺利通过,就可以确定用户的身份是合法的,允许用户进行访问。所以,只要携带了目标令牌,云联盟的用户就可以随意访问云联盟中的任意一朵云的资源。In the above solution, when the user needs to access the first cloud, the first cloud receives the first access request sent by the user, where the first access request includes a target token. First Cloud obtains the alliance token from the alliance blockchain, matches the target token and the alliance token to obtain a matching result, determines the target user as a legitimate user according to the matching result, and allows the target The user accesses the first cloud. Since the target token is generated by endorsement of the user information of the user and has good credibility, as long as the access request sent by the client carries the target token, and the target token is verified If it is successfully passed, the identity of the user is determined to be valid, and the user is allowed to access. Therefore, as long as the target token is carried, users of the cloud alliance can freely access any cloud resource in the cloud alliance.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1是本申请实施例涉及的一种云联盟的结构示意图;FIG. 1 is a schematic structural diagram of a cloud alliance according to an embodiment of the present application; FIG.
图2是本申请实施例涉及的另一种云联盟的结构示意图;2 is a schematic structural diagram of another cloud alliance according to an embodiment of the present application;
图3是本申请提供的一种开户方法的流程交互图;3 is a process interaction diagram of an account opening method provided by the present application;
图4是本申请提供的一种认证方法的流程交互图;FIG. 4 is a process interaction diagram of an authentication method provided by the present application; FIG.
图5是本申请提供的一种访问方法的流程交互图;FIG. 5 is a flow interaction diagram of an access method provided by the present application; FIG.
图6是本申请提供的一种访问方法的流程交互图;FIG. 6 is a flow interaction diagram of an access method provided by the present application; FIG.
图7是本申请提供的又一种云联盟的结构示意图;7 is a schematic structural diagram of still another cloud alliance provided by the present application;
图8是本申请提供的再一种云联盟的结构示意图。FIG. 8 is a schematic structural diagram of still another cloud alliance provided by the present application.
具体实施例Specific embodiment
如图1所示,设想中的云联盟包括多朵云,在云联盟之上构建了属于云联盟的联盟区块链,其中,所述联盟区块链可被云联盟中的任意一朵云访问。可以理解,云联盟的规模可以根据实际需要进行设置,例如,云联盟可以是多个企业的云之间构成的联盟,可以是多个城市的云之间构成的联盟,也可以是多个国家的云之间构成的联盟,甚至可以是全球的云之间构成的联盟,此处不作具体限定。As shown in FIG. 1, the envisaged cloud alliance includes multiple clouds, and an alliance blockchain belonging to the cloud alliance is constructed on the cloud alliance, wherein the alliance blockchain can be used by any cloud in the cloud alliance. access. It can be understood that the scale of the cloud alliance can be set according to actual needs. For example, the cloud alliance can be an alliance formed between clouds of multiple enterprises, an alliance formed between clouds of multiple cities, or multiple countries. The alliance formed between the cloud, or even the global cloud, is not specifically limited here.
云可以包括多个云节点(见图2中纯白色的圆点)。具体地,云包括至少一个数据中心以及连接数据中心的网络设备。每个数据中心内包括硬件层,例如服务器、存储阵列、网络设备等;以及运行于硬件层之上的软件层。提供云服务的厂商,基于云的软件和硬件资源,向用户提供出租或托管服务,包括计算、存储、网络等硬件服务,或者人工智能、数据库等软件服务。A cloud can include multiple cloud nodes (see the solid white dots in Figure 2). Specifically, the cloud includes at least one data center and network equipment connected to the data center. Each data center includes hardware layers, such as servers, storage arrays, network equipment, and so on; and software layers running on top of the hardware layer. Cloud service providers provide cloud-based software and hardware resources to provide users with rental or hosting services, including hardware services such as computing, storage, and networking, or software services such as artificial intelligence and databases.
联盟区块链包括至少一个排序服务节点(order node)(如图2中纯黑色的圆点)以及连接排序服务节点的记账节点(peer node)(如图2中带点纹的圆点)。其中,排序服务节点可以是由云联盟中的各个云之外的节点组成的,记账节点可以是由云联盟中每个朵云中的部分云节点组合而成的。排序服务节点用于将需要存储到联盟区块链中的信息进行排序,将排序好的信息打包成区块,然后,将打包好的区块广播给所有记账节点。记账节点用于存储打包好的区块。并且,排序服务节点可以指定部分记账节点为背书节点(如图2中带斜纹的圆点)。The alliance blockchain includes at least one order service node (such as the solid black dots in Figure 2) and an accounting node (such as a dotted dot in Figure 2) that connects the order service nodes. . The ordering service node may be composed of nodes other than each cloud in the cloud alliance, and the accounting node may be formed by combining some cloud nodes in each cloud in the cloud alliance. The sorting service node is used to sort the information that needs to be stored in the alliance blockchain, package the sorted information into blocks, and then broadcast the packed block to all accounting nodes. The bookkeeping node is used to store the packed blocks. In addition, the sorting service node may designate some of the bookkeeping nodes as endorsement nodes (such as dots with diagonal lines in FIG. 2).
云联盟可以是通过如下方式搭建而成的:云1首先创建云联盟,并制定云联盟需要遵循的智能合约。如果其他的云(例如云2)认可云1制定的智能合约,则其他的云可以加入到云联盟中。在云1创建云联盟的时候,可以在自身的基础上创建联盟区块链,当其他的云加入区块链时,其他的云可以在自己的基础上创建分区块链,并将分区块链与原来的联盟区块链连通,以构成新的联盟区块链。联盟区块链是云联盟的私有区块链,也就是说,当任意一朵云将数据上传至区块链时,上传的数据会被迅速同步至整个联盟区块链中,并可以被云联盟中的其他云下载。应理解,上述搭建方式仅仅是一种示例,不应构成具体限定。The cloud alliance can be established in the following way: Cloud 1 first creates a cloud alliance and formulates the smart contracts that the cloud alliance needs to follow. If other clouds (such as cloud 2) recognize the smart contract formulated by cloud 1, other clouds can join the cloud alliance. When Cloud 1 creates a cloud alliance, it can create an alliance blockchain on its own foundation. When other clouds join the blockchain, other clouds can create a sub-blockchain on their own foundation, and Connect with the original alliance blockchain to form a new alliance blockchain. The alliance blockchain is the private blockchain of the cloud alliance, that is, when any cloud uploads data to the blockchain, the uploaded data will be quickly synchronized to the entire alliance blockchain, and can be used by the cloud Other cloud downloads in the alliance. It should be understood that the foregoing construction method is only an example, and should not constitute a specific limitation.
设想中云联盟的用户就可以随意访问云联盟中的任意一朵云的资源。具体来说,用户可以在云联盟中的任意一朵云上开设联盟账户。在联盟账户开设完毕后,用户可以在云联盟中的任意一朵云上使用联盟账户进行登录并进行身份验证。在验证完成后,用户可以通过联盟账户访问云联盟中的任意一朵云。下面以举例的形式说明两种具体的应用场景:Imagine that users of the Cloud Alliance can access any cloud resource in the Cloud Alliance at will. Specifically, users can open an alliance account on any cloud in the cloud alliance. After the alliance account is opened, the user can use the alliance account to log in and perform identity verification on any cloud in the cloud alliance. After the verification is completed, the user can access any cloud in the cloud alliance through the alliance account. The following describes two specific application scenarios by way of examples:
在第一种场景中,用户在云联盟中的A云上开设联盟账户。然后,用户可以在云联盟中的B云上使用联盟账户进行登录并进行身份验证。在验证完成后,用户可以通过联盟账户访问云联盟中的B云的资源。用户还可以在云联盟中的C云上使用联盟账户进行登录并进行身份验证。在验证完成后,用户可以通过联盟账户访问云联盟中的C云的资源。以此类推,用户可以使用同样的方式访问云联盟中的每一朵云(包括A云)。In the first scenario, the user opens an alliance account on A cloud in the cloud alliance. Then, the user can log in and authenticate with the alliance account on the B cloud in the cloud alliance. After the verification is completed, the user can access the resources of the B cloud in the cloud alliance through the alliance account. Users can also log in and authenticate with an alliance account on C Cloud in the Cloud Alliance. After the verification is completed, the user can access the resources of C Cloud in the cloud alliance through the alliance account. By analogy, users can access every cloud (including A cloud) in the cloud alliance in the same way.
在第二种场景中,用户在云联盟中的A云上开设联盟账户。然后,用户可以在云联盟中的B云上使用联盟账户进行登录并进行身份验证。在验证完成后,用户可以访问B云,以及,可以通过B云去访问云联盟中的每一朵云(包括A云)。In the second scenario, the user opens an alliance account on A cloud in the cloud alliance. Then, the user can log in and authenticate with the alliance account on the B cloud in the cloud alliance. After the verification is completed, the user can access the B cloud, and can access each cloud (including A cloud) in the cloud alliance through the B cloud.
其中,用户直接访问的云可以称之为第一云,用户通过第一云访问的云可以称之为第二云,用户验证身份的云可以称之为第三云,用户开设联盟账户的云可以称之为第四云。应理解,上述第一云、第三云和第四云可以是同一朵云;第三云和第四云可以是同一朵云,第一云可以不是同一朵云;第四云和第一云可以是同一朵云,第三云可以不是同一朵云;第一云和第四云可以是同一朵云,第三云可以不是同一朵云;第一云、第三云和第四云可以不是同一朵云,此处不作具体限定。Among them, the cloud that the user directly accesses can be called the first cloud, the cloud that the user accesses through the first cloud can be called the second cloud, the cloud that the user authenticates can be called the third cloud, and the cloud that the user opens an alliance account with It can be called the fourth cloud. It should be understood that the first cloud, the third cloud, and the fourth cloud may be the same cloud; the third cloud and the fourth cloud may be the same cloud, and the first cloud may not be the same cloud; the fourth cloud and The first cloud may be the same cloud, the third cloud may not be the same cloud; the first cloud and the fourth cloud may be the same cloud, and the third cloud may not be the same cloud; the first cloud, the third cloud The cloud and the fourth cloud may not be the same cloud, which is not specifically limited here.
为了实现用户可以随意访问云联盟中任意一朵云的资源,用户可以携带目标令牌去访问云联盟中任意一朵云。当用户携带目标令牌去访问云联盟中任意一朵云时,被访问的云(第一云)对目标令牌进行验证。在第一云对目标令牌验证通过的情况下,可以确定用户为合法用户,并允许用户进行访问。In order to enable users to freely access the resources of any cloud in the cloud alliance, the user can carry the target token to access any cloud in the cloud alliance. When a user carries a target token to access any cloud in the cloud alliance, the accessed cloud (first cloud) verifies the target token. In the case where the first cloud passes the verification of the target token, the user can be determined to be a legitimate user and allowed to access.
用户携带目标令牌就可以去访问云联盟中任意一朵云的原因在于:目标令牌是云联盟的背书主体根据背书策略对用户的用户信息进行背书而生成的令牌。由于目标令牌能够证明背书主体对目标用户的用户信息进行了背书,也就是说,目标令牌能够证明背书主体对目标用户的可信性进行了担保,因此,只要对目标令牌验证通过,就可以确定目标用户为合法用户。其中,所述用户信息包括联盟账号、密码、联盟标识中的一种或者多种。背书主体可以包括云联盟中的任意一朵云或者第三方公证机构。更具体地,在背书主体包括云联盟中的其中一朵云的情况下,背书主体包括该云的背书节点。第三方公证机构可以是云联盟认可的机构,例如,信用卡验证机构以及其他信用机构等等。背书策略可以根据实际需要进行设置,举例来说,在第四云和所述第一云是同一朵云的情况下,所述背书主体包括所述第一云;在第四云和所述第一云不是同一朵云的情况下,所述背书主体包括第四云和所述第一云,此处不作具体限定。应理解,上述用户信息、背书主体和背书策略的举例仅仅是作为一种示例,不应构成具体限定。The reason why a user can visit any cloud in the cloud alliance with a target token is that the target token is a token generated by the endorsement body of the cloud alliance to endorse the user's user information according to the endorsement policy. Because the target token can prove that the endorsement subject has endorsed the user information of the target user, that is, the target token can prove that the endorsement subject guarantees the credibility of the target user, so long as the target token is verified, It can be determined that the target user is a legitimate user. The user information includes one or more of an alliance account, a password, and an alliance identifier. The endorsement subject may include any cloud in the cloud alliance or a third-party notary. More specifically, in the case where the endorsement subject includes one of the clouds in the cloud alliance, the endorsement subject includes the endorsement node of the cloud. The third-party notarization agency may be a recognized agency of the cloud alliance, such as credit card verification agencies and other credit agencies. The endorsement policy can be set according to actual needs. For example, when the fourth cloud and the first cloud are the same cloud, the endorsement body includes the first cloud; in the fourth cloud and the first cloud, When the first cloud is not the same cloud, the endorsement body includes a fourth cloud and the first cloud, which is not specifically limited herein. It should be understood that the above examples of user information, endorsement body, and endorsement strategy are merely examples, and should not constitute specific limitations.
第一云对目标令牌进行验证的过程可以是:第一云获取目标用户的第一访问请求,并从所述第一访问请求中获取索引以及目标令牌。第一云将所述索引发送给联盟区块链。相应地,联盟区块链接收第一云发送的所述索引。联盟区块链根据所述索引查找联盟令牌。联盟区块链将联盟令牌发送给第一云。相应地,第一云接收联盟区块链发送的联盟令牌。第一云将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果。在所述匹配结果为成功匹配时,第一云确定所述目标用户为合法用户,并允许所述目标用户对所述第一云进行访问。The process for the first cloud to verify the target token may be: the first cloud obtains a first access request from the target user, and obtains an index and a target token from the first access request. The first cloud sends the index to the alliance blockchain. Accordingly, the alliance blockchain receives the index sent by the first cloud. The alliance blockchain looks up the alliance token according to the index. The alliance blockchain sends the alliance token to First Cloud. Accordingly, First Cloud receives the alliance token sent by the alliance blockchain. The first cloud matches the target token and the alliance token to obtain a matching result. When the matching result is a successful match, the first cloud determines that the target user is a legitimate user, and allows the target user to access the first cloud.
目标令牌的生成过程可以是:第三云获取用户的认证请求,其中,所述认证请求包括所述用户的用户信息。然后,第三云根据所述认证请求向背书主体发送背书请求。其中,所述背书请求包括所述用户信息。相应地,背书主体接收第三云发送的背书请求。背书主体根据背书策略对用户信息进行背书从而得到背书结果。背书主体将背书结果发送给第三云。相应地,第三云接收所述背书主体返回的背书结果。在背书结果为背书成功时,第三云为所述用户生成目标令牌。第三云将所述目标令牌上传至联盟 区块链中以作为联盟令牌。相应地,联盟区块链接收第三云发送的目标令牌,并将所述目标令牌作为联盟令牌进行存储。联盟区块链向第三云发送联盟令牌的索引。相应地,第三云接收联盟区块链发送的索引。第三云将所述目标令牌发送给用户的用户端。相应地,用户的用户端接收第三云发送的所述目标令牌。不难理解,由于联盟区块链具有分布式存储以及去中心化存储的特点,所以,存储在联盟区块链中的联盟令牌是不可能被篡改的,具有极高的可靠性。The process of generating a target token may be: a third cloud acquires an authentication request from a user, wherein the authentication request includes user information of the user. Then, the third cloud sends an endorsement request to the endorsement subject according to the authentication request. The endorsement request includes the user information. Accordingly, the endorsement subject receives the endorsement request sent by the third cloud. The endorsement subject endorses the user information according to the endorsement policy to obtain the endorsement result. The endorsement body sends the endorsement result to the third cloud. Accordingly, the third cloud receives the endorsement result returned by the endorsement body. When the endorsement is successful, the third cloud generates a target token for the user. The third cloud uploads the target token to the alliance blockchain as an alliance token. Accordingly, the alliance blockchain receives the target token sent by the third cloud, and stores the target token as the alliance token. The alliance blockchain sends the index of the alliance token to the third cloud. Accordingly, the third cloud receives the index sent by the alliance blockchain. The third cloud sends the target token to the user's client. Accordingly, the user end of the user receives the target token sent by the third cloud. It is not difficult to understand that, because the alliance blockchain has the characteristics of distributed storage and decentralized storage, the alliance tokens stored in the alliance blockchain cannot be tampered with high reliability.
用户信息的生成过程可以是:开户云接收目标用户的开户请求,其中,开户请求可以包括开户的必要信息,例如,护照号码、身份证号码以及姓名等等中的一种或者多种。然后,开户云根据所述开户请求为所述目标用户生成用户信息。开户云向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得到的结果。在背书结果为背书成功时,开户云将所述用户信息上传至联盟区块链中。类似地,由于联盟区块链具有分布式存储以及去中心化存储的特点,所以,存储在联盟区块链中的用户信息具有极高的可靠性。The process of generating user information may be: the account opening cloud receives an account opening request from a target user, where the account opening request may include necessary information for opening an account, for example, one or more of a passport number, an ID number, a name, and the like. Then, the account opening cloud generates user information for the target user according to the account opening request. Account opening cloud sends an endorsement request to the endorsement subject and receives the endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is obtained by the endorsement subject endorsing the user information result. When the endorsement result is that the endorsement is successful, the account opening cloud uploads the user information to the alliance blockchain. Similarly, since the alliance blockchain has the characteristics of distributed storage and decentralized storage, user information stored in the alliance blockchain has extremely high reliability.
针对上述的两种不同的应用场景,用户可以携带目标令牌去访问云联盟中任意一朵云可以是通过如下的方式实现的:For the two different application scenarios mentioned above, users can carry a target token to access any cloud in the cloud alliance. This can be achieved in the following ways:
针对第一种应用场景来说,用户在云联盟中的A云上开设联盟账户。然后,用户可以在云联盟中的B云上使用联盟账户进行登录并进行身份验证从而生成目标令牌。在验证完成后,用户可以携带目标令牌访问云联盟中的B云的资源。用户还可以在云联盟中的C云上使用联盟账户进行登录并进行身份验证从而生成目标令牌。在验证完成后,用户可以通过携带目标令牌访问云联盟中的C云的资源。以此类推,用户可以使用同样的方式访问云联盟中的每一朵云(包括A云)。For the first application scenario, the user opens an alliance account on A cloud in the cloud alliance. Then, the user can use the federation account to log in and authenticate on the B cloud in the cloud alliance to generate a target token. After the verification is completed, the user can carry the target token to access the resources of B cloud in the cloud alliance. Users can also use the federation account to log in and authenticate on the C cloud in the cloud alliance to generate target tokens. After the verification is completed, the user can access the resources of C Cloud in the Cloud Alliance by carrying the target token. By analogy, users can access every cloud (including A cloud) in the cloud alliance in the same way.
针对第二种应用场景来说,用户在云联盟中的A云上开设联盟账户。然后,用户可以在云联盟中的B云上使用联盟账户进行登录并进行身份验证从而生成目标令牌。在验证完成后,用户可以携带目标令牌访问B云,以及,可以携带目标令牌去访问云联盟中的每一朵云(包括A云)。For the second application scenario, the user opens an alliance account on A cloud in the cloud alliance. Then, the user can use the federation account to log in and authenticate on the B cloud in the cloud alliance to generate a target token. After the verification is completed, the user can carry the target token to access the B cloud, and can carry the target token to access each cloud (including the A cloud) in the cloud alliance.
下面结合图3至图6以及具体的实施例对本发明进行进一步的说明。The present invention will be further described below with reference to FIGS. 3 to 6 and specific embodiments.
如图3所示,图3是本申请提供的一种开户方法的流程交互图。本实施例的开户方法包括:As shown in FIG. 3, FIG. 3 is a process interaction diagram of an account opening method provided by the present application. The account opening method in this embodiment includes:
S101:第四云接收用户的开户请求。S101: The fourth cloud receives a user's account opening request.
在本申请具体的实施例中,所述开户请求包括身份信息,所述开户信息护照号码、身份证号码以及姓名等等中的一种或者多种。In a specific embodiment of the present application, the account opening request includes one or more of identity information, the account opening information, a passport number, an ID number, a name, and the like.
S102:第四户云对所述身份信息进行验证。S102: The fourth household cloud verifies the identity information.
在本申请具体的实施例中,所述身份信息可以由第四云提交给第三方验证机构进行验证。第三方验证机构可以是具有良好公信力的机构,例如,户政局、公安机关或者银行机构等等,此处不作具体限定。In a specific embodiment of the present application, the identity information may be submitted to a third-party verification agency for verification by the fourth cloud. The third-party verification agency may be an organization with good credibility, for example, the household administration bureau, public security agency, or banking institution, etc., which is not specifically limited here.
S103:在身份信息验证成功的情况下,第四云为所述用户生成用户信息。S103: In a case where the identity information verification is successful, the fourth cloud generates user information for the user.
在本申请具体的实施例中,所述用户信息包括联盟账户、密码和联盟标识中的一种或者多种。联盟账户可以是用户在云联盟中的通行的账号,也就是说,用户可以在 云联盟中的任意一朵云上登录联盟账户。密码是目标用户登录联盟账户时输入的验证信息。联盟标识是云联盟的标识。In a specific embodiment of the present application, the user information includes one or more of an affiliate account, a password, and an affiliate ID. The affiliate account can be a user's common account in the cloud alliance, that is, the user can log in to the affiliate account on any cloud in the cloud alliance. The password is the verification information entered by the target user when logging in to the federated account. The federation identity is the identity of the cloud federation.
S104:第四云向背书主体发送所述背书请求。相应地,背书主体接收第四云发送的背书请求。S104: The fourth cloud sends the endorsement request to the endorsement subject. Accordingly, the endorsement subject receives the endorsement request sent by the fourth cloud.
在本申请的具体的实施例中,背书请求可以以开户提案的形式发送。具体地,开户云将开户提案上传到联盟区块链,联盟区块链在接收到开户提案之后,将开户提案在整个联盟区块链内进行同步。背书节点接收到开户提案之后,对开户提案进行背书。In a specific embodiment of the present application, the endorsement request may be sent in the form of an account opening proposal. Specifically, the account opening cloud uploads the account opening proposal to the alliance blockchain. After receiving the account opening proposal, the alliance blockchain synchronizes the account opening proposal within the entire alliance blockchain. After the endorsement node receives the account opening proposal, it endorses the account opening proposal.
S105:背书主体根据背书策略对用户信息进行背书以得到背书结果。S105: The endorsement subject endorses the user information according to the endorsement policy to obtain the endorsement result.
S106:背书主体将背书结果发送给第四云。相应地,第四云接收背书主体发送的背书结果。S106: The endorsement body sends the endorsement result to the fourth cloud. Accordingly, the fourth cloud receives the endorsement result sent by the endorsement body.
S107:在背书结果为背书成功时,第四云将背书结果上传联盟区块链。S107: When the endorsement result is successful, the fourth cloud uploads the endorsement result to the alliance blockchain.
S108:第四云向用户的用户端发送用户信息。相应地,用户的用户端接收第四云返回的用户信息。S108: The fourth cloud sends user information to the user end of the user. Accordingly, the user end of the user receives the user information returned by the fourth cloud.
如图4所示,图4是本申请提供的一种认证方法的流程交互图。本实施例的认证方法包括:As shown in FIG. 4, FIG. 4 is a process interaction diagram of an authentication method provided by the present application. The authentication method in this embodiment includes:
S201:第三云获取用户的认证请求。S201: The third cloud obtains an authentication request from a user.
在本申请具体的实施例中,所述认证请求包括所述用户的用户信息,所述用户信息包括联盟账户、密码和联盟标识中的一种或者多种。In a specific embodiment of the present application, the authentication request includes user information of the user, and the user information includes one or more of an alliance account, a password, and an alliance identifier.
S202:第三云根据联盟账户以及密码对用户的身份进行验证。其中,所述身份信息可以由第三云或者第三方验证机构进行验证。S202: The third cloud verifies the identity of the user according to the alliance account and password. The identity information may be verified by a third cloud or a third-party verification agency.
S203:在验证成功的情况下,第三云根据认证请求生成背书请求,其中,所述背书请求包括用户信息。S203: In the case of successful verification, the third cloud generates an endorsement request according to the authentication request, wherein the endorsement request includes user information.
S204:第三云向背书主体提交背书请求。相应地,背书主体接收认证云提交的背书请求。S204: The third cloud submits an endorsement request to the endorsement subject. Accordingly, the endorsement subject receives the endorsement request submitted by the authentication cloud.
在本申请的具体的实施例中,背书请求可以以认证提案的形式发送。具体地,第四云将认证提案上传到联盟区块链,联盟区块链在接收到认证提案之后,将认证提案在整个联盟区块链内进行同步。背书节点接收到认证提案之后,对认证提案进行背书。In a specific embodiment of the present application, the endorsement request may be sent in the form of an authentication proposal. Specifically, the fourth cloud uploads the authentication proposal to the alliance blockchain. After the alliance blockchain receives the authentication proposal, it synchronizes the authentication proposal within the entire alliance blockchain. After the endorsement node receives the authentication proposal, it endorses the authentication proposal.
S205:背书主体根据背书策略对用户信息进行背书以得到背书结果。S205: The endorsement subject endorses the user information according to the endorsement policy to obtain the endorsement result.
S206:背书主体将背书结果发送给第三云。相应地,第三云接收背书主体发送的背书结果。S206: The endorsement body sends the endorsement result to the third cloud. Accordingly, the third cloud receives the endorsement result sent by the endorsement body.
S207:在背书结果为背书成功时,第三云生成目标令牌,并将目标令牌作为联盟令牌。S207: When the endorsement result is that the endorsement is successful, the third cloud generates a target token, and uses the target token as an alliance token.
S208:第三云将联盟令牌上传至联盟区块链。相应地,联盟区块链接收第三云发送的联盟令牌。S208: The third cloud uploads the alliance token to the alliance blockchain. Accordingly, the alliance blockchain receives the alliance token sent by the third cloud.
S209:第三云将所述目标令牌发送给用户的用户端。相应地,用户的用户端接收第三云发送的所述目标令牌。S209: The third cloud sends the target token to the user end of the user. Accordingly, the user end of the user receives the target token sent by the third cloud.
如图5所示,图5是本申请提供的一种访问方法的流程交互图。本实施例的访问方法包括:As shown in FIG. 5, FIG. 5 is a flow interaction diagram of an access method provided by the present application. The access method in this embodiment includes:
S301:第一云接收目标用户的第一访问请求,其中,所述第一访问请求包括索引 和目标令牌,所述目标令牌是背书主体对所述用户的用户信息进行背书而生成的令牌。S301: The first cloud receives a first access request from a target user, wherein the first access request includes an index and a target token, and the target token is an order generated by the endorsement subject to endorsement of the user information of the user brand.
S302:第一云向联盟区块链发送索引。相应地,联盟区块链接收第一云发送的索引。S302: First Cloud sends an index to the alliance blockchain. Accordingly, the alliance blockchain receives the index sent by the first cloud.
S303:联盟区块链根据所述索引查找所述索引对应的联盟令牌。S303: The alliance blockchain searches for the alliance token corresponding to the index according to the index.
在本申请的具体的实施例中,联盟区块链中的联盟令牌具有失效周期。其中,在联盟令牌的生命周期小于失效周期的情况下,联盟令牌是有效的;在联盟令牌的生命周期大于或者等于失效周期时,联盟令牌将会失效。联盟令牌的失效周期可以保证联盟令牌不会因为存在的时间太长而导致失去作用,提高联盟令牌的可靠性。In a specific embodiment of the present application, the alliance token in the alliance blockchain has an expiration period. Among them, the alliance token is valid when the life cycle of the alliance token is less than the expiration period; when the life cycle of the alliance token is greater than or equal to the expiration period, the alliance token will become invalid. The expiry period of the alliance token can ensure that the alliance token will not lose its effect because it exists for too long, which improves the reliability of the alliance token.
S304:联盟区块链向所述第一云发送联盟令牌。相应地,所述第一云接收所述联盟区块链发送的联盟令牌。S304: The alliance blockchain sends an alliance token to the first cloud. Accordingly, the first cloud receives the alliance token sent by the alliance blockchain.
S305:第一云将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果。S305: The first cloud matches the target token and the alliance token to obtain a matching result.
S306:在匹配结果为匹配成功时,第一云确定所述用户为合法用户,并允许所述用户对所述第一云进行访问。S306: When the matching result is a successful match, the first cloud determines that the user is a legitimate user, and allows the user to access the first cloud.
S307:在匹配结果为匹配失败并且失败原因为令牌失效时,第一云重新生成新的联盟令牌。S307: When the matching result is a matching failure and the failure reason is a token invalidation, First Cloud regenerates a new alliance token.
S308:第一云将联盟令牌上传至联盟区块链。相应地,联盟区块链接收第一云发送的联盟令牌。S308: First Cloud uploads the alliance token to the alliance blockchain. Accordingly, the alliance blockchain receives the alliance token sent by the first cloud.
如图6所示,图6是本申请提供的一种访问方法的流程交互图。本实施例的访问方法包括:As shown in FIG. 6, FIG. 6 is a flow interaction diagram of an access method provided by the present application. The access method in this embodiment includes:
S401:第一云向第二云发送用户的第二访问请求,其中,所述第一访问请求包括索引和目标令牌。S401: The first cloud sends a second access request of the user to the second cloud, where the first access request includes an index and a target token.
S402:第二访问云向联盟区块链发送索引。相应地,联盟区块链接收第二云发送的索引。S402: The second access cloud sends an index to the alliance blockchain. Accordingly, the alliance blockchain receives the index sent by the second cloud.
S403:联盟区块链根据所述索引查找所述索引对应的联盟令牌。S403: The alliance blockchain searches for the alliance token corresponding to the index according to the index.
在本申请的具体的实施例中,联盟区块链中的联盟令牌具有失效周期。其中,在联盟令牌的生命周期小于失效周期的情况下,联盟令牌是有效的;在联盟令牌的生命周期大于或者等于失效周期时,联盟令牌将会失效。联盟令牌的失效周期可以保证联盟令牌不会因为存在的时间太长而导致失去作用,提高联盟令牌的可靠性。In a specific embodiment of the present application, the alliance token in the alliance blockchain has an expiration period. Among them, the alliance token is valid when the life cycle of the alliance token is less than the expiration period; when the life cycle of the alliance token is greater than or equal to the expiration period, the alliance token will become invalid. The expiry period of the alliance token can ensure that the alliance token will not lose its effect because it exists for too long, which improves the reliability of the alliance token.
S404:联盟区块链向所述第二云发送联盟令牌。相应地,所述第二云接收所述联盟区块链发送的联盟令牌。S404: The alliance blockchain sends an alliance token to the second cloud. Accordingly, the second cloud receives the alliance token sent by the alliance blockchain.
S405:第二云将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果。S405: The second cloud matches the target token and the alliance token to obtain a matching result.
S406:在匹配结果为匹配成功时,第二云确定所述用户为合法用户,并允许所述用户对所述第二云进行访问。S406: When the matching result is a successful match, the second cloud determines that the user is a legitimate user, and allows the user to access the second cloud.
S407:在匹配结果为匹配失败并且失败原因为令牌失效时,第二云重新生成新的联盟令牌。S407: When the matching result is that the matching fails and the failure reason is that the token is invalid, the second cloud regenerates a new alliance token.
408:第二云将联盟令牌上传至联盟区块链。相应地,联盟区块链接收第二云发送的联盟令牌。408: The second cloud uploads the alliance token to the alliance blockchain. Accordingly, the alliance blockchain receives the alliance token sent by the second cloud.
参阅图7,图7是是本申请提供的又一种云联盟的结构示意图。本申请的云联盟包括第一云、第三云和第四云,其中,第一云、第三云和第四云之上构建了云联盟区块 链。其中,第一云、第三云和第四云可以是完全不同的云,部分相同的云或者完全相同的云,此处不作具体限定。Referring to FIG. 7, FIG. 7 is a schematic structural diagram of still another cloud alliance provided by the present application. The cloud alliance of the present application includes the first cloud, the third cloud, and the fourth cloud. Among them, the cloud alliance blockchain is built on the first cloud, the third cloud, and the fourth cloud. The first cloud, the third cloud, and the fourth cloud may be completely different clouds, some of the same clouds, or completely the same clouds, which are not specifically limited herein.
如图7所示,第一云可以包括多个云节点,每个云节点包括接收模块101、生成模块102以及发送模块130。As shown in FIG. 7, the first cloud may include multiple cloud nodes, and each cloud node includes a receiving module 101, a generating module 102, and a sending module 130.
所述接收模块101用于接收用户的开户请求,其中,所述开户云属于云联盟,所述云联盟包括多朵云;The receiving module 101 is configured to receive a user account opening request, wherein the account opening cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
所述生成模块102用于根据所述开户请求为所述用户生成用户信息;The generating module 102 is configured to generate user information for the user according to the account opening request;
所述发送模块103用于向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得到的结果;The sending module 103 is configured to send an endorsement request to the endorsement subject and receive an endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is the endorsement subject to the user Endorsement of information;
所述发送模块103还用于根据所述背书结果将所述背书结果上传至联盟区块链中,所述联盟区块链可被所述云联盟中的任意一朵云访问。The sending module 103 is further configured to upload the endorsement result to the alliance blockchain according to the endorsement result, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
如图7所示,第三云可以包括多个云节点,每个云节点包括获取模块201、发送模块202以及生成模块203。As shown in FIG. 7, the third cloud may include multiple cloud nodes, and each cloud node includes an obtaining module 201, a sending module 202, and a generating module 203.
所述获取模块201用于获取用户的认证请求,其中,所述认证请求包括所述用户的用户信息,所述第三云属于云联盟,所述云联盟包括多朵云;The obtaining module 201 is configured to obtain an authentication request of a user, wherein the authentication request includes user information of the user, the third cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
所述发送模块202用于根据所述认证请求向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得到的结果;The sending module 202 is configured to send an endorsement request to the endorsement subject according to the authentication request, and receive an endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is the endorsement. A result obtained by the subject endorsing the user information;
所述生成模块203用于根据所述背书结果为所述目标用户生成目标令牌;The generating module 203 is configured to generate a target token for the target user according to the endorsement result;
所述发送模块203还用于将所述目标令牌上传至联盟区块链中以作为联盟令牌,所述联盟区块链可被所述云联盟中的任意一朵云访问。The sending module 203 is further configured to upload the target token to an alliance blockchain as an alliance token, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
如图7所示,第四云可以包括多个云节点,每个云节点包括获取模块301、匹配模块302以及确定模块303。As shown in FIG. 7, the fourth cloud may include multiple cloud nodes, and each cloud node includes an obtaining module 301, a matching module 302, and a determining module 303.
所述获取模块301用于获取用户的第一访问请求,其中,所述第一访问请求包括目标令牌,所述目标令牌由背书主体对所述用户的用户信息进行背书而生成的,所述第一云属于云联盟,所述云联盟包括多朵云;The obtaining module 301 is configured to obtain a first access request of a user, wherein the first access request includes a target token, and the target token is generated by an endorsement subject endorsing the user information of the user. Said first cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
所述匹配模块302用于从联盟区块链上获取联盟令牌,并将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果,其中,所述联盟区块链可被所述云联盟中的任意一朵云访问;The matching module 302 is configured to obtain an alliance token from an alliance blockchain, and match the target token and the alliance token to obtain a matching result, wherein the alliance blockchain can be used by the Access to any cloud in the cloud alliance;
所述确定模块303用于根据匹配结果确定所述目标用户为合法用户,并允许所述目标用户对所述第一云进行访问。The determining module 303 is configured to determine that the target user is a legal user according to the matching result, and allow the target user to access the first cloud.
上述实施例中并没有对第一云、第三云和第四云展开描述,具体请参见图2至图6以及相关陈述,此处不再展开赘述。In the above embodiments, the first cloud, the third cloud, and the fourth cloud are not described in detail. For details, refer to FIGS. 2 to 6 and related statements, and details are not described herein again.
参阅图8,图8是是本申请提供的再一种云联盟的结构示意图。本申请的云联盟包括第一云系统、第三云系统和第四云系统,其中,第一云系统、第三云系统和第四云系统之上构建了云联盟区块链。其中,第一云系统、第三云系统和第四云系统可以是不同的云系统,部分相同的云系统或者完全相同的云系统,此处不作具体限定。第一云系统、第三云系统、第四云系统可以属于不同公司,也可以属于相同公司运营的不 同国家运营的云。Referring to FIG. 8, FIG. 8 is a schematic structural diagram of still another cloud alliance provided by the present application. The cloud alliance of the present application includes a first cloud system, a third cloud system, and a fourth cloud system. Among them, the first cloud system, the third cloud system, and the fourth cloud system build a cloud alliance blockchain. The first cloud system, the third cloud system, and the fourth cloud system may be different cloud systems, some of the same cloud systems, or completely the same cloud systems, which are not specifically limited herein. The first cloud system, the third cloud system, and the fourth cloud system may belong to different companies, or may belong to clouds operated by different countries operated by the same company.
如图8所示,本申请的第一云系统包括多个计算设备,每个计算设备包括一个或多个处理器401、通信接口402和存储器403。其中,处理器401、通信接口402和存储器403之间可以通过总线404连接。As shown in FIG. 8, the first cloud system of the present application includes a plurality of computing devices, and each computing device includes one or more processors 401, a communication interface 402, and a memory 403. The processor 401, the communication interface 402, and the memory 403 may be connected through a bus 404.
处理器401包括一个或者多个通用处理器,其中,通用处理器可以是能够处理电子指令的任何类型的设备,包括中央处理器(central processing unit,CPU)、微处理器、微控制器、主处理器、控制器以及专用集成电路(application specific integrated circuit,ASIC)等等。处理器401执行各种类型的数字存储指令,例如存储在存储器403中的软件或者固件程序,它能使计算设备提供较宽的多种服务。例如,处理器401能够执行程序或者处理数据,以执行本文介绍的方法的部分或者全部。The processor 401 includes one or more general-purpose processors. The general-purpose processor may be any type of device capable of processing electronic instructions, including a central processing unit (CPU), a microprocessor, a microcontroller, and a main processor. Processors, controllers, and application-specific integrated circuits (ASICs). The processor 401 executes various types of digital storage instructions, such as software or firmware programs stored in the memory 403, which enables a computing device to provide a wide variety of services. For example, the processor 401 can execute programs or process data to perform part or all of the methods described herein.
通信接口402可以为有线接口(例如以太网接口)或无线接口(例如蜂窝网络接口或使用无线局域网接口),用于与其他计算设备或用户进行通信。The communication interface 402 may be a wired interface (such as an Ethernet interface) or a wireless interface (such as a cellular network interface or using a wireless local area network interface) for communicating with other computing devices or users.
存储器403可以包括内部存储器和外部存储器。内部存储器可以包括如下至少一项中的一项或者多项:易失性存储器(例如动态随机存取器(DRAM)、静态RAM(SRAM)、同步动态RAM(SDRAM))和非易失性存储器(例如一次性可编程只读存储器(OTPROM)、可编程ROM(PROM)、可擦除可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)、掩膜ROM、与非(NAND)闪存、或非(NOR)闪存等)。内部存储器可以具有固态驱动器(SSD)的形式。外部存储器还可以包括闪驱,例如高密度闪存、安全数字、微型SD、迷你型SD、极限数据(xD)、存储棒等。外部存储器可以采用集中式存储,也可以采用分布式存储,此处不作具体限定。The memory 403 may include an internal memory and an external memory. The internal memory may include one or more of at least one of the following: volatile memory (such as dynamic random access memory (DRAM), static RAM (SRAM), synchronous dynamic RAM (SDRAM)), and non-volatile memory (Such as one-time programmable read-only memory (OTPROM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), mask ROM, NAND (NAND) Flash memory, or non-NOR flash memory, etc.). The internal memory may be in the form of a solid state drive (SSD). The external memory may also include a flash drive, such as high-density flash memory, secure digital, micro SD, mini SD, extreme data (xD), memory stick, and the like. The external storage may use centralized storage or distributed storage, which is not specifically limited here.
处理器401通过读取存储器403中的程序,可以执行如下步骤:The processor 401 can perform the following steps by reading the program in the memory 403:
通过通信接口402接收用户的开户请求,其中,所述第四云属于云联盟,所述云联盟包括多朵云;Receiving a user's account opening request through the communication interface 402, wherein the fourth cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
通过处理器401根据所述开户请求为所述用户生成用户信息;Generating user information for the user by the processor 401 according to the account opening request;
通过通信接口402向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得到的结果;Send an endorsement request to the endorsement subject through the communication interface 402 and receive the endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is that the endorsement subject endorses the user information The results obtained;
通过通信接口402根据所述背书结果将所述背书结果上传至联盟区块链中,所述联盟区块链可被所述云联盟中的任意一朵云访问。The endorsement result is uploaded to the alliance blockchain through the communication interface 402 according to the endorsement result, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
可选地,所述背书主体包括云联盟中的任一云或者第三方公证机构。Optionally, the endorsement body includes any cloud or a third party notary in the cloud alliance.
可选地,所述用户信息包括联盟账号、密码、联盟标识中的一种或者多种。Optionally, the user information includes one or more of an alliance account, a password, and an alliance identifier.
如图8所示,本申请的第三云系统的结构与第一云系统相似,包括多个计算设备,每个计算设备包括一个或多个处理器501、通信接口502和存储器503。其中,处理器501、通信接口502和存储器503之间可以通过总线504连接。As shown in FIG. 8, the structure of the third cloud system of the present application is similar to that of the first cloud system, and includes multiple computing devices. Each computing device includes one or more processors 501, a communication interface 502, and a memory 503. The processor 501, the communication interface 502, and the memory 503 may be connected through a bus 504.
处理器501通过读取存储器503中的程序,可以执行如下步骤:The processor 501 can perform the following steps by reading the program in the memory 503:
通过通信接口502获取用户的认证请求,其中,所述认证请求包括所述用户的用户信息,所述第三云属于云联盟,所述云联盟包括多朵云;Obtaining a user's authentication request through the communication interface 502, wherein the authentication request includes user information of the user, the third cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
通过通信接口502根据所述认证请求向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述 背书主体对所述用户信息进行背书得到的结果;Send an endorsement request to the endorsement subject according to the authentication request through the communication interface 502, and receive the endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is The endorsement of the user information;
通过处理器501根据所述背书结果为所述目标用户生成目标令牌;Generating a target token for the target user by the processor 501 according to the endorsement result;
通过通信接口502将所述目标令牌上传至联盟区块链中以作为联盟令牌,所述联盟区块链可被所述云联盟中的任意一朵云访问。The target token is uploaded to the alliance blockchain through the communication interface 502 as an alliance token, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
可选地,所述背书主体包括云联盟中的任一云或者第三方公证机构。Optionally, the endorsement body includes any cloud or a third party notary in the cloud alliance.
可选地,通过处理器501确定所述联盟令牌的失效周期,其中,所述失效周期用于在所述联盟令牌的生命周期大于失效周期时,使所述联盟令牌失效。Optionally, the expiration period of the federation token is determined by the processor 501, wherein the expiration period is used to invalidate the federation token when the life period of the federation token is greater than the expiration period.
可选地,所述用户信息包括联盟账号、密码、联盟标识中的一种或者多种。Optionally, the user information includes one or more of an alliance account, a password, and an alliance identifier.
如图8所示,本申请的第三云系统的结构与第一云系统相似,包括多个计算设备,每个计算设备包括一个或多个处理器601、通信接口602和存储器603。其中,处理器601、通信接口602和存储器603之间可以通过总线604连接。As shown in FIG. 8, the structure of the third cloud system of the present application is similar to that of the first cloud system, and includes multiple computing devices. Each computing device includes one or more processors 601, a communication interface 602, and a memory 603. The processor 601, the communication interface 602, and the memory 603 may be connected through a bus 604.
处理器601通过读取存储器603中的程序,可以执行如下步骤:The processor 601 can execute the following steps by reading the program in the memory 603:
通过通信接口602获取用户的第一访问请求,其中,所述第一访问请求包括目标令牌,所述目标令牌由背书主体对所述用户的用户信息进行背书而生成的,所述第一云属于云联盟,所述云联盟包括多朵云;A first access request of a user is obtained through the communication interface 602, wherein the first access request includes a target token generated by an endorsement subject endorsing the user information of the user, the first access request The cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
通过通信接口602从联盟区块链上获取联盟令牌,并将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果,其中,所述联盟区块链可被所述云联盟中的任意一朵云访问;The alliance token is obtained from the alliance blockchain through the communication interface 602, and the target token and the alliance token are matched to obtain a matching result, wherein the alliance blockchain can be used in the cloud alliance Access to any cloud of
通过处理器601根据匹配结果确定所述目标用户为合法用户,并允许所述目标用户对所述第一云进行访问。The processor 601 determines that the target user is a legal user according to the matching result, and allows the target user to access the first cloud.
可选地,所述背书主体包括云联盟中的任一云或者第三方公证机构。Optionally, the endorsement body includes any cloud or a third party notary in the cloud alliance.
可选地,在所述联盟令牌的生命周期大于失效周期的情况下,处理器601重新生成新的联盟令牌,并将所述新的联盟令牌上传到所述联盟区块链中。Optionally, if the life cycle of the alliance token is greater than the expiration period, the processor 601 regenerates a new alliance token and uploads the new alliance token to the alliance blockchain.
可选地,通过通信接口602接收用户的第二访问请求,其中,所述第二访问请求包括目标令牌;通过通信接口602向所述第二云发送所述用户的第二访问请求,其中,所述第二云属于所述云联盟。Optionally, the second access request of the user is received through the communication interface 602, wherein the second access request includes a target token; and the second access request of the user is sent to the second cloud through the communication interface 602, where , The second cloud belongs to the cloud alliance.
上述方案中,在用户端需要访问第一云的情况下,第一云接收用户发送的第一访问请求,其中,第一访问请求中包括目标令牌。第一云从联盟区块链上获取联盟令牌,将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果,根据匹配结果确定所述目标用户为合法用户,并允许所述目标用户对所述第一云进行访问。由于目标令牌是由背书主体对所述用户的用户信息进行背书而生成的,具有良好的公信力,因此,只要用户端发送的访问请求中携带了目标令牌,并且,对目标令牌的验证也顺利通过,就可以确定用户的身份是合法的,允许用户进行访问。所以,只要携带了目标令牌,云联盟的用户就可以随意访问云联盟中的任意一朵云的资源。In the above solution, when the user needs to access the first cloud, the first cloud receives the first access request sent by the user, where the first access request includes a target token. First Cloud obtains the alliance token from the alliance blockchain, matches the target token and the alliance token to obtain a matching result, determines the target user as a legitimate user according to the matching result, and allows the target The user accesses the first cloud. Since the target token is generated by endorsement of the user information of the user and has good credibility, as long as the access request sent by the client carries the target token, and the target token is verified If it is successfully passed, the identity of the user is determined to be valid, and the user is allowed to access. Therefore, as long as the target token is carried, users of the cloud alliance can freely access any cloud resource in the cloud alliance.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、终端和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接 口、装置或单元的间接耦合或通信连接,也可以是电的,机械的或其它的形式连接。In the several embodiments provided in this application, it should be understood that the disclosed system, terminal, and method may be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may also be electrical, mechanical or other forms of connection.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本发明实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments of the present invention.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以是两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist separately physically, or two or more units may be integrated into one unit. The above integrated unit may be implemented in the form of hardware or in the form of software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分,或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。When the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention is essentially a part that contributes to the existing technology, or all or part of the technical solution may be embodied in the form of a software product, which is stored in a storage medium Included are several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present invention. The foregoing storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes .
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。The above are only specific embodiments of the present invention, but the scope of protection of the present invention is not limited to this. Any person skilled in the art can easily think of various equivalents within the technical scope disclosed by the present invention. Modifications or replacements should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (17)

  1. 一种访问云的方法,其特征在于,包括:A method for accessing the cloud, comprising:
    第一云获取用户的第一访问请求,其中,所述第一访问请求包括目标令牌,所述目标令牌由背书主体对所述用户的用户信息进行背书而生成的,所述第一云属于云联盟,所述云联盟包括多朵云;The first cloud obtains a user's first access request, wherein the first access request includes a target token generated by an endorsement subject endorsing the user information of the user, the first cloud Belongs to a cloud alliance, which includes multiple clouds;
    从联盟区块链上获取联盟令牌,并将所述目标令牌和所述联盟令牌进行匹配以得到匹配结果,其中,所述联盟区块链可被所述云联盟中的任意一朵云访问;Obtain an alliance token from an alliance blockchain, and match the target token with the alliance token to obtain a matching result, wherein the alliance blockchain can be used by any one of the cloud alliances Cloud access
    根据匹配结果确定所述目标用户为合法用户,并允许所述目标用户对所述第一云进行访问。The target user is determined as a legitimate user according to the matching result, and the target user is allowed to access the first cloud.
  2. 根据权利要求1所述的方法,其特征在于,所述背书主体包括云联盟中的任一云或者第三方公证机构。The method according to claim 1, wherein the endorsement subject includes any cloud in a cloud alliance or a third-party notary.
  3. 根据权利要求1或2所述的方法,其特征在于,所述方法还包括:The method according to claim 1 or 2, further comprising:
    在所述联盟令牌的生命周期大于失效周期的情况下,所述第一云重新生成新的联盟令牌,并将所述新的联盟令牌上传到所述联盟区块链中。In the case where the life cycle of the alliance token is greater than the expiration period, the first cloud regenerates a new alliance token and uploads the new alliance token to the alliance blockchain.
  4. 根据权利要求1至3任一权利要求所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 3, wherein the method further comprises:
    接收用户的第二访问请求,其中,所述第二访问请求包括目标令牌;Receiving a second access request from a user, wherein the second access request includes a target token;
    向所述第二云发送所述用户的第二访问请求,其中,所述第二云属于所述云联盟。Sending a second access request of the user to the second cloud, wherein the second cloud belongs to the cloud alliance.
  5. 一种云用户的认证方法,其特征在于,包括:A cloud user authentication method includes:
    第三云获取用户的认证请求,其中,所述认证请求包括所述用户的用户信息,所述第三云属于云联盟,所述云联盟包括多朵云;The third cloud obtains a user authentication request, wherein the authentication request includes user information of the user, the third cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
    根据所述认证请求向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得到的结果;Sending an endorsement request to the endorsement body according to the authentication request, and receiving an endorsement result returned by the endorsement body, wherein the endorsement request includes the user information, and the endorsement result is that the endorsement body performs the user information Endorsement of the results;
    根据所述背书结果为所述目标用户生成目标令牌;Generating a target token for the target user according to the endorsement result;
    将所述目标令牌上传至联盟区块链中以作为联盟令牌,所述联盟区块链可被所述云联盟中的任意一朵云访问。Upload the target token to the alliance blockchain as an alliance token, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
  6. 根据权利要求5所述的方法,其特征在于,所述背书主体包括云联盟中的任一云或者第三方公证机构。The method according to claim 5, wherein the endorsement subject includes any cloud in a cloud alliance or a third-party notary agency.
  7. 根据权利要求5或6所述的方法,其特征在于,所述方法还包括:The method according to claim 5 or 6, further comprising:
    确定所述联盟令牌的失效周期,其中,所述失效周期用于在所述联盟令牌的生命周期大于失效周期时,使所述联盟令牌失效。Determining an expiration period of the federation token, wherein the expiration period is used to invalidate the federation token when a life period of the federation token is greater than an expiration period.
  8. 根据权利要求5-7任一权利要求所述的方法,其特征在于,所述用户信息包括联盟账号、密码、联盟标识中的一种或者多种。The method according to any one of claims 5-7, wherein the user information includes one or more of an affiliate account number, a password, and an affiliate ID.
  9. 一种云用户的开户方法,其特征在于,包括:A method for opening a cloud user account, comprising:
    第四云接收用户的开户请求,其中,所述第四云属于云联盟,所述云联盟包括多朵云;A fourth cloud receives a user's account opening request, wherein the fourth cloud belongs to a cloud alliance, and the cloud alliance includes multiple clouds;
    根据所述开户请求为所述用户生成用户信息;Generating user information for the user according to the account opening request;
    向背书主体发送背书请求,并接收所述背书主体返回的背书结果,其中,所述背书请求包括所述用户信息,所述背书结果为所述背书主体对所述用户信息进行背书得 到的结果;Sending an endorsement request to the endorsement subject and receiving an endorsement result returned by the endorsement subject, wherein the endorsement request includes the user information, and the endorsement result is a result of the endorsement subject endorsing the user information;
    根据所述背书结果将所述背书结果上传至联盟区块链中,所述联盟区块链可被所述云联盟中的任意一朵云访问。The endorsement result is uploaded to the alliance blockchain according to the endorsement result, and the alliance blockchain can be accessed by any cloud in the cloud alliance.
  10. 根据权利要求9所述的方法,其特征在于,所述背书主体包括云联盟中的任一云或者第三方公证机构。The method according to claim 9, wherein the endorsement subject includes any cloud in a cloud alliance or a third party notary.
  11. 根据权利要求9或者10所述的方法,其特征在于,所述用户信息包括联盟账号、密码、联盟标识中的一种或者多种。The method according to claim 9 or 10, wherein the user information comprises one or more of an affiliate account number, a password, and an affiliate ID.
  12. 一种云系统,其特征在于,包括:多个计算机设备,其中,所述多个计算机设备中的每个计算机设备包括存储器以及与所述存储器耦合的处理器、通信模块,其中:所述通信模块用于发送或者接收外部发送的数据,所述存储器用于存储程序代码,所述处理器用于调用所述存储器存储的程序代码以执行如权利要求1-4任一权利要求描述的方法。A cloud system, comprising: a plurality of computer devices, wherein each of the plurality of computer devices includes a memory, and a processor and a communication module coupled to the memory, wherein: the communication A module is used to send or receive data sent externally, the memory is used to store program code, and the processor is used to call the program code stored in the memory to perform the method described in any one of claims 1-4.
  13. 一种云系统,其特征在于,包括:多个计算机设备,其中,所述多个计算机设备中的每个计算机设备包括存储器以及与所述存储器耦合的处理器、通信模块,其中:所述通信模块用于发送或者接收外部发送的数据,所述存储器用于存储程序代码,所述处理器用于调用所述存储器存储的程序代码以执行如权利要求5-8任一权利要求描述的方法。A cloud system, comprising: a plurality of computer devices, wherein each of the plurality of computer devices includes a memory, and a processor and a communication module coupled to the memory, wherein: the communication A module is used to send or receive data sent externally, the memory is used to store program code, and the processor is used to call the program code stored in the memory to perform the method described in any one of claims 5-8.
  14. 一种云系统,其特征在于,包括:多个计算机设备,其中,所述多个计算机设备中的每个计算机设备包括存储器以及与所述存储器耦合的处理器、通信模块,其中:所述通信模块用于发送或者接收外部发送的数据,所述存储器用于存储程序代码,所述处理器用于调用所述存储器存储的程序代码以执行如权利要求9-11任一权利要求描述的方法。A cloud system, comprising: a plurality of computer devices, wherein each of the plurality of computer devices includes a memory, and a processor and a communication module coupled to the memory, wherein: the communication A module is used to send or receive data sent externally, the memory is used to store program code, and the processor is used to call the program code stored in the memory to perform the method described in any one of claims 9-11.
  15. 一种计算机非瞬态存储介质,其特征在于,包括指令,当所述指令在计算机上运行时,使得所述计算机执行如权利要求1-4任意一项所述的方法。A computer non-transitory storage medium, comprising instructions, which, when the instructions are run on a computer, cause the computer to execute the method according to any one of claims 1-4.
  16. 一种计算机非瞬态存储介质,其特征在于,包括指令,当所述指令在计算机上运行时,使得所述计算机执行如权利要求5-8任意一项所述的方法。A computer non-transitory storage medium, comprising instructions, which, when the instructions are run on a computer, cause the computer to execute the method according to any one of claims 5-8.
  17. 一种计算机非瞬态存储介质,其特征在于,包括指令,当所述指令在计算机上运行时,使得所述计算机执行如权利要求9-11任意一项所述的方法。A computer non-transitory storage medium, comprising instructions, which, when the instructions are run on a computer, cause the computer to execute the method according to any one of claims 9-11.
PCT/CN2019/088169 2018-08-15 2019-05-23 Method and device for accounting, authenticating and accessing cloud WO2020034700A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810931000.1 2018-08-15
CN201810931000.1A CN110839002B (en) 2018-08-15 2018-08-15 Cloud account opening, authentication and access method and device

Publications (1)

Publication Number Publication Date
WO2020034700A1 true WO2020034700A1 (en) 2020-02-20

Family

ID=69524843

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/088169 WO2020034700A1 (en) 2018-08-15 2019-05-23 Method and device for accounting, authenticating and accessing cloud

Country Status (2)

Country Link
CN (1) CN110839002B (en)
WO (1) WO2020034700A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113364855A (en) * 2021-06-02 2021-09-07 网易(杭州)网络有限公司 Block chain information management method, device, service platform, equipment and medium
CN114244546A (en) * 2020-09-09 2022-03-25 华为技术有限公司 Method and device for service provider to acquire user information
CN114615332A (en) * 2022-02-24 2022-06-10 阿里巴巴(中国)有限公司 Cloud product access method, device and system, storage medium and computer terminal

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553432B (en) * 2022-01-28 2023-08-18 中国银联股份有限公司 Identity authentication method, device, equipment and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532981A (en) * 2013-10-31 2014-01-22 中国科学院信息工程研究所 Identity escrow and authentication cloud resource access control system and method for multiple tenants
CN103685267A (en) * 2013-12-10 2014-03-26 小米科技有限责任公司 Data access method and device
US20170329980A1 (en) * 2016-05-13 2017-11-16 Vmware, Inc. Secure and scalable data transfer using a hybrid blockchain-based approach
CN107579998A (en) * 2017-10-17 2018-01-12 光载无限(北京)科技有限公司 Personal data center and digital identification authentication method based on block chain, digital identity and intelligent contract
US20180103013A1 (en) * 2016-10-11 2018-04-12 Fujitsu Limited Edge server, encryption communication control method thereof, and terminal

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9569771B2 (en) * 2011-04-29 2017-02-14 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields
CN102984252B (en) * 2012-11-26 2015-04-08 中国科学院信息工程研究所 Cloud resource access control method based on dynamic cross-domain security token
EP3454238B1 (en) * 2016-12-23 2022-02-09 CloudMinds (Shanghai) Robotics Co., Ltd. Registration and authorization method, device and system
CN106789047B (en) * 2017-03-03 2019-09-10 上海唯链信息科技有限公司 A kind of block chain identification system
CN107786547A (en) * 2017-09-30 2018-03-09 厦门快商通信息技术有限公司 A kind of auth method based on block chain, device and computer-readable recording medium
CN107888384B (en) * 2017-11-30 2020-11-27 中链科技有限公司 Identity data management method, system and computer readable storage medium
WO2019127278A1 (en) * 2017-12-28 2019-07-04 深圳达闼科技控股有限公司 Safe access blockchain method, apparatus, system, storage medium, and electronic device
CN108280646A (en) * 2018-01-19 2018-07-13 中国科学院软件研究所 Block chain group chain method based on alliance's chain and block catenary system
CN108256864B (en) * 2018-02-13 2019-06-07 中链科技有限公司 Foundation across chain alliance and communication means, system between a kind of block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532981A (en) * 2013-10-31 2014-01-22 中国科学院信息工程研究所 Identity escrow and authentication cloud resource access control system and method for multiple tenants
CN103685267A (en) * 2013-12-10 2014-03-26 小米科技有限责任公司 Data access method and device
US20170329980A1 (en) * 2016-05-13 2017-11-16 Vmware, Inc. Secure and scalable data transfer using a hybrid blockchain-based approach
US20180103013A1 (en) * 2016-10-11 2018-04-12 Fujitsu Limited Edge server, encryption communication control method thereof, and terminal
CN107579998A (en) * 2017-10-17 2018-01-12 光载无限(北京)科技有限公司 Personal data center and digital identification authentication method based on block chain, digital identity and intelligent contract

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244546A (en) * 2020-09-09 2022-03-25 华为技术有限公司 Method and device for service provider to acquire user information
CN114244546B (en) * 2020-09-09 2023-06-02 华为技术有限公司 Method and device for service provider to acquire user information
CN113364855A (en) * 2021-06-02 2021-09-07 网易(杭州)网络有限公司 Block chain information management method, device, service platform, equipment and medium
CN113364855B (en) * 2021-06-02 2023-03-24 网易(杭州)网络有限公司 Block chain information management method, device, service platform, equipment and medium
CN114615332A (en) * 2022-02-24 2022-06-10 阿里巴巴(中国)有限公司 Cloud product access method, device and system, storage medium and computer terminal

Also Published As

Publication number Publication date
CN110839002A (en) 2020-02-25
CN110839002B (en) 2022-05-17

Similar Documents

Publication Publication Date Title
US10958418B2 (en) System and method for a blockchain network with heterogeneous privacy
US11297064B2 (en) Blockchain authentication via hard/soft token verification
WO2020034700A1 (en) Method and device for accounting, authenticating and accessing cloud
CN111010382B (en) Method and apparatus for processing data requests in a blockchain network
WO2020134942A1 (en) Identity verification method and system therefor
US9635000B1 (en) Blockchain identity management system based on public identities ledger
WO2019205849A1 (en) Authentication method and apparatus for blockchain access, and storage medium and electronic apparatus
CN110771120B (en) System and method for blockchain based authentication
CN110213223B (en) Service management method, device, system, computer equipment and storage medium
ES2871062T3 (en) System and method for data management based on blockchain
US20230037932A1 (en) Data processing method and apparatus based on blockchain network, and computer device
US20230089134A1 (en) Data communication method and apparatus, computer device, and storage medium
CN106664291A (en) Systems and methods for providing secure access to local network devices
CN110535971A (en) Interface configuration processing method, device, equipment and storage medium based on block chain
CN113225736A (en) Unmanned aerial vehicle cluster node authentication method and device, storage medium and processor
US20190288833A1 (en) System and Method for Securing Private Keys Behind a Biometric Authentication Gateway
CN113255014A (en) Data processing method based on block chain and related equipment
US20170104748A1 (en) System and method for managing network access with a certificate having soft expiration
Otta et al. Decentralized identity and access management of cloud for security as a service
WO2021226854A1 (en) Blockchain machine, blockchain data access authentication method, and computer-readable storage medium
WO2023098327A1 (en) Blockchain-based block processing method and apparatus, device, storage medium, and program product
Khalil et al. DSCOT: An NFT-based blockchain architecture for the authentication of IoT-enabled smart devices in smart cities
Noor et al. Decentralized Access Control using Blockchain Technology for Application in Smart Farming
KR20200129939A (en) Method, system and non-transitory computer-readable recording medium for managing an account on blockchain network
US11941053B1 (en) Secure data interactions performed by an internet of things (IoT) device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19850433

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19850433

Country of ref document: EP

Kind code of ref document: A1