WO2021098140A1 - Procédé de déploiement de réseau de chaîne de blocs, dispositif électronique et support de stockage lisible par ordinateur - Google Patents

Procédé de déploiement de réseau de chaîne de blocs, dispositif électronique et support de stockage lisible par ordinateur Download PDF

Info

Publication number
WO2021098140A1
WO2021098140A1 PCT/CN2020/086275 CN2020086275W WO2021098140A1 WO 2021098140 A1 WO2021098140 A1 WO 2021098140A1 CN 2020086275 W CN2020086275 W CN 2020086275W WO 2021098140 A1 WO2021098140 A1 WO 2021098140A1
Authority
WO
WIPO (PCT)
Prior art keywords
blockchain network
server
user
fabric
generate
Prior art date
Application number
PCT/CN2020/086275
Other languages
English (en)
Chinese (zh)
Inventor
鲁铁华
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021098140A1 publication Critical patent/WO2021098140A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • This application relates to the field of blockchain technology, and in particular to a blockchain network deployment method, electronic device, and computer-readable storage medium.
  • Hyperledger Fabric (hereinafter referred to as Fabric) is a blockchain open source project. It officially provides a sample of one-click deployment of blockchain network based on Docker (application container engine), which can quickly build a blockchain for testing and demonstration purposes. Network, but the scenario considered in the official sample is relatively simple and cannot meet the needs of the production environment. The inventor realizes that the official sample has the following shortcomings: (1) The private key and certificate are generated using command-line tools, and all certificates are generated at once, and cannot be dynamically added. (2) The bottom layer is implemented based on Docker and Docker-Compose technology. The container is started with Docker-Compose, does not support distributed, and all components are limited to run on one host. (3) One-click deployment is completed through Shell script, the organizational structure is fixed, the modification is complicated, and the addition of new organizations is not supported.
  • this application proposes a blockchain network deployment method, electronic device, and computer-readable storage medium to solve at least one of the above technical problems.
  • this application proposes a blockchain network deployment method, which includes the steps:
  • the method further includes the steps:
  • the interface of Fabric-CA is called to dynamically generate a new user certificate and save it to the NAS network disk.
  • the steps of starting the container according to the yaml configuration file, building a blockchain network, and using Fabric-CA to generate a user certificate, and save it to a NAS network disk share include:
  • the step of generating a user certificate file through the ICA server includes:
  • the HTTP request includes parameters in JSON format, and the parameters in JSON format are used to customize the blockchain network structure and configure according to the blockchain network information entered by the user, including the blockchain network Name, the name and number of organizations included in the blockchain network, and the name and number of nodes included in each organization.
  • the present application also provides an electronic device, including a memory and a processor, the memory stores a blockchain network deployment system that can run on the processor, and the blockchain network When the deployment system is executed by the processor, the steps of the above-mentioned blockchain network deployment method are realized.
  • the present application also provides a computer-readable storage medium, the computer-readable storage medium stores a blockchain network deployment system, and the blockchain network deployment system can be used by at least one processor Execute, so that the at least one processor executes the steps of the blockchain network deployment method described above.
  • the blockchain network deployment method, electronic device and computer-readable storage medium proposed in this application can provide Java services by the server, generate yaml configuration files according to HTTP requests initiated by the client, and call K8s According to the Restful API interface, start each container according to the yaml configuration file, complete the blockchain network construction, realize the blockchain as a service, and support the one-click deployment of the Fabric blockchain network.
  • Fabric-CA is used to generate user certificates, and each organization deploys an ICA server to ensure data security, and all certificates are saved to the NAS network disk for sharing.
  • FIG. 1 is a schematic diagram of an optional hardware architecture of the electronic device of the present application.
  • FIG. 2 is a schematic diagram of program modules of the first embodiment of the blockchain network deployment system of the present application.
  • Figure 3 is a schematic diagram of the architecture of a blockchain network deployed in this application.
  • FIG. 4 is a schematic diagram of program modules of the second embodiment of the blockchain network deployment system of the present application.
  • FIG. 5 is a schematic flowchart of the first embodiment of the blockchain network deployment method of the present application.
  • Fig. 6 is a detailed flowchart of steps S404 and S406 in Fig. 5;
  • FIG. 7 is a schematic flowchart of a second embodiment of a blockchain network deployment method according to the present application.
  • FIG. 1 is a schematic diagram of an optional hardware architecture of the electronic device 2 of this application.
  • the electronic device 2 may include, but is not limited to, a memory 11, a processor 12, and a network interface 13 that can communicate with each other through a system bus. It should be pointed out that FIG. 1 only shows the electronic device 2 with the components 11-13, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
  • the electronic device 2 may be a node forming a blockchain network.
  • the network interface 13 may include a wireless network interface or a wired network interface, and the network interface 13 is generally used to establish a communication connection between the electronic device 2 and other electronic devices.
  • this application proposes a blockchain network deployment system 200.
  • FIG. 2 is a program module diagram of the first embodiment of the blockchain network deployment system 200 of the present application.
  • the blockchain network deployment system 200 includes a series of computer program instructions stored on the memory 11, and when the computer program instructions are executed by the processor 12, the blocks of the various embodiments of the present application can be implemented. Chain network deployment operation.
  • the blockchain network deployment system 200 may be divided into one or more modules based on specific operations implemented by the various parts of the computer program instructions. For example, in FIG. 2, the blockchain network deployment system 200 can be divided into a receiving module 201, a configuration module 202, a starting module 203, and a generating module 204. among them:
  • the receiving module 201 is used to receive an HTTP request for creating a blockchain network.
  • this embodiment uses Kubernetes (K8s for short) to manage Docker containers, supports expansion (which can be expanded to more nodes based on the node created for the first time), provides Java services, supports one-click deployment of the Fabric blockchain network, and completes the area.
  • the so-called one-click deployment means that the user only needs to issue an instruction to start the deployment, and then wait for the deployment to be completed, without intervention during the deployment process.
  • this embodiment uses one-click deployment as a Web service and supports HTTP requests.
  • the Java service calls the API interface of K8s to start and stop the container.
  • the client user enters the blockchain network related information (for example, information related to each organization) through the browser, and initiates an HTTP request to create the blockchain network, and the HTTP request contains parameters in JSON format.
  • the parameters in the JSON format are used to customize the blockchain network structure, and are configured according to the relevant information of the blockchain network entered by the user, including the network name, the name of the organization included, the number of organizations, and the name of the node initiated by each organization And the number, etc.
  • the Java service of the server (the electronic device 2) provides a Restful API interface. After receiving the HTTP request, it parses the parameters in JSON format, assembles the parameters required by K8s, and then sends the HTTP request to K8s to create a blockchain network .
  • the configuration module 202 is configured to generate a yaml configuration file according to the HTTP request.
  • the Java service uses a template to generate yaml configuration files, such as namespace.yaml, pvc.yaml, deployment.yaml, svc.yaml, etc., according to the parameters in the JSON format.
  • the starting module 203 is used to start the container according to the yaml configuration file to build a blockchain network.
  • the generating module 204 is configured to use Fabric-CA (Certificate Authority) to generate a user certificate.
  • Fabric-CA Certificate Authority
  • the startup sequence of each container of the blockchain network has a dependency relationship, and the specific processing procedures of the startup module 203 and the generation module 204 include:
  • Fabric-ca-client is used to complete sending an HTTP request to the ICA server and parse the returned result.
  • the Fabric-ca-client is a Shell script, and there are two most commonly used commands: register identity and register identity.
  • the steps to generate a digital certificate file for a user through the ICA server include:
  • the ICA server After the ICA server returns the digital certificate, it saves the digital certificate file (ca-cert.pem) to the NAS network disk.
  • both the Orderer node and the Peer node are started based on the Docker container technology. They both create and run the container based on the Docker image file, and execute the shell command to start the service after the container is started.
  • the Docker image file can be compared to the GHO image file when the GHOST tool is used to install the operating system.
  • Orderer nodes are started based on the Docker image of hyperledger/fabric-orderer, and the Orderer command is executed after the container is started; Peer nodes are started based on the Docker image of hyperledger/fabric-peer, and after the container is started Execute the peer node start command.
  • the container is actually started by Kubernetes.
  • the specific method is to call the Restful API interface provided by Kubernetes and pass in the yaml configuration file to start the Orderer node and the Peer node.
  • FIG. 3 is a schematic diagram of the architecture of a blockchain network deployed in this application.
  • This embodiment supports the expansion of nodes or organizations in the blockchain network.
  • the specific processing procedures of the configuration module 202 and the startup module 203 include:
  • the specific processing procedures of the configuration module 202 and the activation module 203 include:
  • the Peer nodes in the new organization should be added to the channel, and smart contracts should be installed on the Peer nodes in the new organization.
  • the blockchain network deployment system can deploy blockchain networks with one click based on Kubernetes and Fabric-CA.
  • Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts.
  • Fabric blockchain network realizes blockchain as a service.
  • each organization deploys an ICA server to ensure data security. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
  • the blockchain network deployment system 200 includes a creation module 205 in addition to the receiving module 201, the configuration module 202, the activation module 203, and the generation module 204 in the first embodiment.
  • the creation module 205 is used to call the interface of Fabric-CA to dynamically generate a new user certificate when a new user needs to be created, and save it to the NAS network disk.
  • the user can be obtained by accessing the SDK node when creating the user.
  • the SDK node invokes the interface of the Fabric-CA (ICA server) to generate a new user certificate, which is then saved to the NAS network disk.
  • ICA server Fabric-CA
  • Network-config.yaml is a Java service that provides a Restful API interface. Users can operate the blockchain network by accessing the API interface of the SDK node.
  • Network-config.yaml is the SDK configuration file.
  • the ICA server information is defined in the yaml file, including access addresses, users and passwords, and access certificates.
  • Network-config.yaml can be provided not only for SDK use, but also for Used by other applications (such as blockchain browsers).
  • the SDK node parses the Network-config.yaml configuration file to read the configuration information of the ICA server and automatically construct a client to access the ICA server, which simplifies the interaction with the CA server and facilitates the dynamic generation of user certificates.
  • the blockchain network deployment system can deploy blockchain networks with one click based on Kubernetes and Fabric-CA.
  • Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts.
  • Fabric blockchain network realizes blockchain as a service.
  • each organization deploys an ICA server, which can dynamically generate new certificates after the blockchain network is started. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
  • this application also proposes a blockchain network deployment method.
  • FIG. 5 is a schematic flowchart of the first embodiment of the blockchain network deployment method of the present application.
  • the execution order of the steps in the flowchart shown in FIG. 5 can be changed, and some steps can be omitted.
  • the method includes:
  • Step S400 receiving an HTTP request for creating a blockchain network.
  • this embodiment uses Kubernetes (K8s for short) to manage Docker containers, supports expansion (which can be expanded to more nodes based on the node created for the first time), provides Java services, supports one-click deployment of the Fabric blockchain network, and completes the area.
  • the so-called one-click deployment means that the user only needs to issue an instruction to start the deployment, and then wait for the deployment to be completed, without intervention during the deployment process.
  • this embodiment uses one-click deployment as a Web service and supports HTTP requests.
  • the Java service calls the API interface of K8s to start and stop the container.
  • the client user enters the blockchain network related information (for example, information related to each organization) through the browser, and initiates an HTTP request to create the blockchain network, and the HTTP request contains parameters in JSON format.
  • the parameters in the JSON format are used to customize the blockchain network structure, and are configured according to the relevant information of the blockchain network entered by the user, including the network name, the name of the organization included, the number of organizations, and the name of the node initiated by each organization And the number, etc.
  • the Java service of the server (the electronic device 2) provides a Restful API interface. After receiving the HTTP request, it parses the parameters in JSON format, assembles the parameters required by K8s, and then sends the HTTP request to K8s to create a blockchain network .
  • Step S402 Generate a yaml configuration file according to the HTTP request.
  • the Java service uses a template to generate yaml configuration files, such as namespace.yaml, pvc.yaml, deployment.yaml, svc.yaml, etc., according to the parameters in the JSON format.
  • the yaml configuration file includes the configuration file of k8s and the configuration file of Fabric.
  • the yaml configuration file includes the configuration file of k8s and the configuration file of Fabric.
  • K8s or Docker-compose you need to write a large number of yaml configuration files to define the container's image, mount volume, environment variables, startup script and other information.
  • these configuration files are manually written and prepared before starting the network. If you need to modify the blockchain network information, such as adding an organization, then you need to rewrite these yaml configuration files, which is time-consuming and labor-intensive.
  • these configuration files are abstracted as Freemarker templates to realize the separation of data and templates, so that the information input by the user can be received, the yaml configuration files required by K8s and Fabric are dynamically generated, and the one-click deployment of the blockchain network is realized.
  • Step S404 Start the container according to the yaml configuration file to build a blockchain network.
  • the Java service calls the Restful API interface of K8s to create a blockchain network.
  • K8s starts the Docker container according to the request parameters in the yaml configuration file to complete the blockchain network construction.
  • the Fabric blockchain network is based on Docker containers. Using K8s to manage Docker containers can support the deployment of the Fabric blockchain network in a distributed environment without restricting all components to run on one host.
  • the Fabric blockchain network contains several organizations. Organization is a very important concept in the Fabric network. Nodes, channels, smart contracts, etc. are closely related to the organization. This embodiment implements blockchain as a service, supports one-click deployment of blockchain networks through APIs, and supports dynamic joining of new organizations.
  • Step S406 Use Fabric-CA to generate a user certificate, and save it to the NAS network disk share.
  • Orderer nodes, Peer nodes, and transaction submissions need to use CA certificates. These certificates are generated when the blockchain network is started. After generation, they are stored on the NAS network disk, and from the NAS network when needed. Read these certificates on the disk.
  • Fabric-CA can ensure that the private key is stored on different nodes to ensure the security of the private key (the official example uses the command line tool to generate the private key and is stored together, which is not secure).
  • the startup sequence of each container of the blockchain network has a dependency relationship.
  • the steps S404 and S406 specifically include:
  • Step S4000 start the Root-CA server as the root node of the CA server.
  • asymmetric encryption technology is used in the blockchain for data encryption and decryption.
  • a private key and a public key are required.
  • the private key is only known by the data recipient, and the public key is public.
  • the data sender uses the public key of the data receiver to encrypt the data and sends it to the data receiver, and the data receiver uses its own corresponding private key to decrypt it.
  • the CA server certifies that the public key is safe and has not been tampered with, and is used to ensure the security of the public key.
  • the specific method of proof is: the data receiver sends its own public key to the CA server, the CA server returns a digital certificate (that is, the user certificate) to the data receiver, and then the data receiver sends the digital certificate issued by the CA server to the data receiver.
  • the data sender uses it for encryption (the digital certificate contains the public key of the data receiver).
  • the Root-CA server is used as the root node of the CA server.
  • Step S4002 start the ICA server of each organization.
  • each organization deploys an ICA server, and the certificate of each organization's ICA server is issued by the same Root-CA server, and the Root-CA server and the ICA server form a chain of trust.
  • the ICA server of each organization provides certificate verification services for other nodes of the current organization (including Peer nodes and SDK nodes, etc.) to issue digital certificates required within the organization.
  • the ICA server is a web server that can receive and process HTTP requests.
  • step S4004 the Setup node is started to complete the initialization, and the user certificate file is generated through the ICA server.
  • Fabric-ca-client is used to complete sending an HTTP request to the ICA server and parse the returned result.
  • the Fabric-ca-client is a Shell script, and there are two most commonly used commands: register identity and register identity.
  • the steps to generate a digital certificate file for a user through the ICA server include:
  • Step S4006 Save the generated user certificate file to the NAS network disk share.
  • the ICA server After the ICA server returns the digital certificate, it saves the digital certificate file (ca-cert.pem) to the NAS network disk.
  • Step S4008 start the Orderer node and the Peer node.
  • both the Orderer node and the Peer node are started based on the Docker container technology. They both create and run the container based on the Docker image file, and execute the shell command to start the service after the container is started.
  • the Docker image file can be compared to the GHO image file when the GHOST tool is used to install the operating system.
  • Orderer nodes are started based on the Docker image of hyperledger/fabric-orderer, and the Orderer command is executed after the container is started; Peer nodes are started based on the Docker image of hyperledger/fabric-peer, and after the container is started Execute the peer node start command.
  • the container is actually started by Kubernetes.
  • the specific method is to call the Restful API interface provided by Kubernetes and pass in the yaml configuration file to start the Orderer node and the Peer node.
  • This embodiment supports the expansion of nodes or organizations in the blockchain network. Among them, when a new Peer node joins the organization, the specific processing steps include:
  • the Peer nodes in the new organization should be added to the channel, and smart contracts should be installed on the Peer nodes in the new organization.
  • the blockchain network deployment method provided in this embodiment can deploy the blockchain network with one click based on Kubernetes and Fabric-CA.
  • Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts.
  • Fabric blockchain network realizes blockchain as a service.
  • each organization deploys an ICA server to ensure data security. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
  • steps S500-S506 of the blockchain network deployment method are similar to steps S400-S406 of the first embodiment, except that the method further includes step S508.
  • the method includes the following steps:
  • Step S500 receiving an HTTP request for creating a blockchain network.
  • this embodiment uses Kubernetes (K8s for short) to manage Docker containers, supports expansion (which can be expanded to more nodes based on the node created for the first time), provides Java services, supports one-click deployment of the Fabric blockchain network, and completes the area.
  • the so-called one-click deployment means that the user only needs to issue an instruction to start the deployment, and then wait for the deployment to be completed, without intervention during the deployment process.
  • this embodiment uses one-click deployment as a Web service and supports HTTP requests.
  • the Java service calls the API interface of K8s to start and stop the container.
  • the client user enters the blockchain network related information (for example, information related to each organization) through the browser, and initiates an HTTP request to create the blockchain network, and the HTTP request contains parameters in JSON format.
  • the parameters in the JSON format are used to customize the blockchain network structure, and are configured according to the relevant information of the blockchain network entered by the user, including the network name, the name of the organization included, the number of organizations, and the name of the node initiated by each organization And the number, etc.
  • the Java service of the server (the electronic device 2) provides a Restful interface. After receiving the HTTP request, it parses the parameters in the JSON format, assembles the parameters required by K8s, and then sends the HTTP request to the K8s to create a blockchain network.
  • Step S502 Generate a yaml configuration file according to the HTTP request.
  • the Java service uses a template to generate yaml configuration files, such as namespace.yaml, pvc.yaml, deployment.yaml, svc.yaml, etc., according to the parameters in the JSON format.
  • the yaml configuration file includes the configuration file of k8s and the configuration file of Fabric.
  • the yaml configuration file includes the configuration file of k8s and the configuration file of Fabric.
  • K8s or Docker-compose you need to write a large number of yaml configuration files to define the container's image, mount volume, environment variables, startup script and other information.
  • these configuration files are manually written and prepared before starting the network. If you need to modify the blockchain network information, such as adding an organization, then you need to rewrite these yaml configuration files, which is time-consuming and labor-intensive.
  • these configuration files are abstracted as Freemarker templates to realize the separation of data and templates, so that the information input by the user can be received, and the yaml configuration files required by K8s and Fabric can be dynamically generated to realize one-click deployment of the blockchain network.
  • Step S504 Start the container according to the yaml configuration file to build a blockchain network.
  • the Java service calls the Restful API interface of K8s to create a blockchain network.
  • K8s starts the Docker container according to the request parameters in the yaml configuration file to complete the blockchain network construction.
  • the Fabric blockchain network is based on Docker containers. Using K8s to manage Docker containers can support the deployment of the Fabric blockchain network in a distributed environment without restricting all components to run on one host.
  • the Fabric blockchain network contains several organizations. Organization is a very important concept in the Fabric network. Nodes, channels, smart contracts, etc. are closely related to the organization. This embodiment implements blockchain as a service, supports one-click deployment of blockchain networks through APIs, and supports dynamic joining of new organizations.
  • Step S506 Use Fabric-CA to generate a user certificate, and save it to the NAS network disk share.
  • Orderer nodes, Peer nodes, and transaction submissions need to use CA certificates. These certificates are generated when the blockchain network is started. After generation, they are stored on the NAS network disk, and from the NAS network when needed. Read these certificates on the disk.
  • Fabric-CA can ensure that the private key is stored on different nodes to ensure the security of the private key (the official example uses the command line tool to generate the private key and is stored together, which is not secure).
  • step S508 when a new user needs to be created, the interface of the Fabric-CA is called to dynamically generate a new user certificate and save it to the NAS network disk.
  • the user can be obtained by accessing the SDK node when creating the user.
  • the SDK node invokes the interface of the Fabric-CA (ICA server) to generate a new user certificate, which is then saved to the NAS network disk.
  • ICA server Fabric-CA
  • Network-config.yaml is a Java service that provides a Restful API interface. Users can operate the blockchain network by accessing the API interface of the SDK node.
  • Network-config.yaml is the SDK configuration file.
  • the ICA server information is defined in the yaml file, including access addresses, users and passwords, and access certificates.
  • Network-config.yaml can be provided not only for SDK use, but also for Used by other applications (such as blockchain browsers).
  • the SDK node parses the Network-config.yaml configuration file to read the configuration information of the ICA server and automatically construct a client to access the ICA server, which simplifies the interaction with the CA server and facilitates the dynamic generation of user certificates.
  • the blockchain network deployment method provided in this embodiment can deploy the blockchain network with one click based on Kubernetes and Fabric-CA.
  • Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts.
  • Fabric blockchain network realizes blockchain as a service.
  • each organization deploys an ICA server, which can dynamically generate new certificates after the blockchain network is started. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
  • the computer-readable storage medium may be non-volatile or volatile, and the computer-readable storage medium has a storage area
  • a blockchain network deployment program the blockchain network deployment program can be executed by at least one processor, so that the at least one processor executes the steps of the blockchain network deployment method described above.
  • the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present application.
  • a terminal device which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.

Abstract

La présente demande se rapporte à la technologie des chaînes de blocs, et divulgue un procédé de déploiement de réseau de chaîne de blocs. Le procédé comprend les étapes consistant à : utiliser un service Java pour fournir une interface API Restful, et recevoir une requête HTTP pour créer un réseau de chaîne de blocs qui est initié par un client ; générer, selon des paramètres dans la requête HTTP, un fichier de configuration yaml à l'aide d'un modèle ; appeler une interface API Restful Kubernetes, démarrer un conteneur selon le fichier de configuration yaml, et établir un réseau de chaîne de blocs ; et générer un certificat d'utilisateur en utilisant Fabric-CA et le sauvegarder dans un disque de stockage rattaché au réseau (NAS) pour partage. La présente demande décrit en outre un dispositif électronique et un support de stockage lisible par ordinateur. Le procédé de déploiement de réseau de chaîne de blocs, le dispositif électronique et le support de stockage lisible par ordinateur décrits dans la présente demande peuvent résoudre les défauts et les déficiences dans un exemple officiel et sont appliqués à un environnement de production.
PCT/CN2020/086275 2019-11-21 2020-04-23 Procédé de déploiement de réseau de chaîne de blocs, dispositif électronique et support de stockage lisible par ordinateur WO2021098140A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911151724.5A CN111130841B (zh) 2019-11-21 2019-11-21 区块链网络部署方法、电子装置及计算机可读存储介质
CN201911151724.5 2019-11-21

Publications (1)

Publication Number Publication Date
WO2021098140A1 true WO2021098140A1 (fr) 2021-05-27

Family

ID=70496144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/086275 WO2021098140A1 (fr) 2019-11-21 2020-04-23 Procédé de déploiement de réseau de chaîne de blocs, dispositif électronique et support de stockage lisible par ordinateur

Country Status (2)

Country Link
CN (1) CN111130841B (fr)
WO (1) WO2021098140A1 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312429A (zh) * 2021-06-22 2021-08-27 工银科技有限公司 区块链中的智能合约管理系统、方法、介质和产品
CN113572643A (zh) * 2021-07-24 2021-10-29 上海边界智能科技有限公司 一种基于容器化技术的区块链多链及跨链网络的部署方法
CN113590265A (zh) * 2021-08-02 2021-11-02 杭州云象网络技术有限公司 联盟链集群环境迁移方法、介质、装置和系统
CN114172804A (zh) * 2021-12-01 2022-03-11 杭州云象网络技术有限公司 一种联盟链分离部署方法、系统、介质和电子设备
CN114666060A (zh) * 2022-03-14 2022-06-24 北京工业大学 一种基于Hyperledger Fabric的电子数据保全方法及系统
CN115203330A (zh) * 2022-07-21 2022-10-18 深圳前海环融联易信息科技服务有限公司 智能合约部署方法及其装置、设备、介质、产品
CN115348168A (zh) * 2022-07-21 2022-11-15 金蝶软件(中国)有限公司 一种区块链网络的部署方法及装置
WO2023273994A1 (fr) * 2021-07-01 2023-01-05 支付宝(杭州)信息技术有限公司 Procédé, système, et appareil pour exécuter un contrat intelligent, et support de stockage
CN115811442A (zh) * 2023-02-09 2023-03-17 上海特高信息技术有限公司 一种基于积木形式的联盟链BaaS平台搭建方法

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813413B (zh) * 2020-06-28 2022-12-16 四川长虹电器股份有限公司 一种自动生成yaml文件的方法
CN111984271B (zh) * 2020-08-27 2023-11-03 京东科技信息技术有限公司 一种区块链应用程序处理方法、装置及区块链应用系统
CN112765586A (zh) * 2021-01-12 2021-05-07 湖北宸威玺链信息技术有限公司 一种基于区块链的部署文件分发方法、设备和存储介质
CN114465887B (zh) * 2021-12-23 2024-01-23 杭州溪塔科技有限公司 一种基于git的区块链配置管理方法和装置
CN114599036B (zh) * 2022-05-09 2022-08-05 北京乐开科技有限责任公司 一种多用户参与的nas文件安全操作方法及系统
CN116055308B (zh) * 2023-02-10 2024-01-05 青岛闪收付信息技术有限公司 一种供应链金融平台的底层区块链网络部署方法及装置

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108921551A (zh) * 2018-06-11 2018-11-30 西安纸贵互联网科技有限公司 基于Kubernetes平台的联盟区块链系统
CN109194506A (zh) * 2018-08-16 2019-01-11 北京京东尚科信息技术有限公司 区块链网络部署方法、平台及计算机存储介质
CN109800056A (zh) * 2019-01-16 2019-05-24 杭州趣链科技有限公司 一种基于容器的区块链部署方法
CN109976774A (zh) * 2019-04-11 2019-07-05 北京启迪区块链科技发展有限公司 区块链节点部署方法、装置、设备和存储介质
CN110098954A (zh) * 2019-03-29 2019-08-06 北京百度网讯科技有限公司 Hyperledger Fabric网络的创建方法、控制器及存储介质
CN110308903A (zh) * 2019-07-04 2019-10-08 明链科技(深圳)有限公司 创建区块链网络的方法、电子设备及介质
US20190319792A1 (en) * 2018-04-16 2019-10-17 Xage Security, Inc. Decentralized information protection for confidentiality and tamper-proofing on distributed database

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10469248B2 (en) * 2017-10-17 2019-11-05 Amrican Express Travel Related Services Company, Inc. API request and response balancing and control on blockchain
CN108737106B (zh) * 2018-05-09 2021-06-01 深圳壹账通智能科技有限公司 区块链系统上用户验证方法、装置、终端设备及存储介质
CN109710384B (zh) * 2018-12-29 2021-02-23 杭州趣链科技有限公司 一种安全的Java智能合约解释执行引擎及方法
CN110135992A (zh) * 2019-05-14 2019-08-16 北京智签科技有限公司 区块链网络Fabric-CA数字证书的获取方法和获取装置
CN110351263A (zh) * 2019-07-01 2019-10-18 昆明理工大学 一种基于超级账本fabric的物联网认证方法

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190319792A1 (en) * 2018-04-16 2019-10-17 Xage Security, Inc. Decentralized information protection for confidentiality and tamper-proofing on distributed database
CN108921551A (zh) * 2018-06-11 2018-11-30 西安纸贵互联网科技有限公司 基于Kubernetes平台的联盟区块链系统
CN109194506A (zh) * 2018-08-16 2019-01-11 北京京东尚科信息技术有限公司 区块链网络部署方法、平台及计算机存储介质
CN109800056A (zh) * 2019-01-16 2019-05-24 杭州趣链科技有限公司 一种基于容器的区块链部署方法
CN110098954A (zh) * 2019-03-29 2019-08-06 北京百度网讯科技有限公司 Hyperledger Fabric网络的创建方法、控制器及存储介质
CN109976774A (zh) * 2019-04-11 2019-07-05 北京启迪区块链科技发展有限公司 区块链节点部署方法、装置、设备和存储介质
CN110308903A (zh) * 2019-07-04 2019-10-08 明链科技(深圳)有限公司 创建区块链网络的方法、电子设备及介质

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312429A (zh) * 2021-06-22 2021-08-27 工银科技有限公司 区块链中的智能合约管理系统、方法、介质和产品
CN113312429B (zh) * 2021-06-22 2023-01-17 工银科技有限公司 区块链中的智能合约管理系统、方法、介质和产品
WO2023273994A1 (fr) * 2021-07-01 2023-01-05 支付宝(杭州)信息技术有限公司 Procédé, système, et appareil pour exécuter un contrat intelligent, et support de stockage
CN113572643A (zh) * 2021-07-24 2021-10-29 上海边界智能科技有限公司 一种基于容器化技术的区块链多链及跨链网络的部署方法
CN113572643B (zh) * 2021-07-24 2024-04-26 上海边界智能科技有限公司 一种基于容器化技术的区块链多链及跨链网络的部署方法
CN113590265A (zh) * 2021-08-02 2021-11-02 杭州云象网络技术有限公司 联盟链集群环境迁移方法、介质、装置和系统
CN114172804B (zh) * 2021-12-01 2024-03-01 杭州云象网络技术有限公司 一种联盟链分离部署方法、系统、介质和电子设备
CN114172804A (zh) * 2021-12-01 2022-03-11 杭州云象网络技术有限公司 一种联盟链分离部署方法、系统、介质和电子设备
CN114666060A (zh) * 2022-03-14 2022-06-24 北京工业大学 一种基于Hyperledger Fabric的电子数据保全方法及系统
CN114666060B (zh) * 2022-03-14 2024-03-12 北京工业大学 一种基于Hyperledger Fabric的电子数据保全方法及系统
CN115348168A (zh) * 2022-07-21 2022-11-15 金蝶软件(中国)有限公司 一种区块链网络的部署方法及装置
CN115203330A (zh) * 2022-07-21 2022-10-18 深圳前海环融联易信息科技服务有限公司 智能合约部署方法及其装置、设备、介质、产品
CN115203330B (zh) * 2022-07-21 2024-01-19 深圳前海环融联易信息科技服务有限公司 智能合约部署方法及其装置、设备、介质、产品
CN115348168B (zh) * 2022-07-21 2024-03-19 金蝶软件(中国)有限公司 一种区块链网络的部署方法及装置
CN115811442A (zh) * 2023-02-09 2023-03-17 上海特高信息技术有限公司 一种基于积木形式的联盟链BaaS平台搭建方法
CN115811442B (zh) * 2023-02-09 2023-05-05 上海特高信息技术有限公司 一种基于积木形式的联盟链BaaS平台搭建方法

Also Published As

Publication number Publication date
CN111130841B (zh) 2022-07-08
CN111130841A (zh) 2020-05-08

Similar Documents

Publication Publication Date Title
WO2021098140A1 (fr) Procédé de déploiement de réseau de chaîne de blocs, dispositif électronique et support de stockage lisible par ordinateur
US11720338B2 (en) Cloud service automation of common image management
US10609560B2 (en) Using derived credentials for enrollment with enterprise mobile device management services
EP3669512B1 (fr) Extension d'une signature unique à des parties utilisatrices de fournisseurs d'ouverture de session fédérée
US11343235B2 (en) Secure device notifications from remote applications
JP6782307B2 (ja) ホストされたアプリケーションへの動的アクセス
EP3137995B1 (fr) Modifier une application pour controller son execution
US10743357B2 (en) Virtual private networking based on peer-to-peer communication
US10397778B2 (en) Computer network providing secure mobile device enrollment features and related methods
WO2016011827A1 (fr) Procédé et système de réalisation de sécurité d'informations à base de certificat numérique
US11522847B2 (en) Local mapped accounts in virtual desktops
US11392552B2 (en) Sharing of data with applications
CN113992346A (zh) 一种基于国密加固的安全云桌面的实现方法
CA3166710A1 (fr) Representation pouvant etre optiquement balayee d'un artefact securise materiel
WO2018157787A1 (fr) Procédé d'initialisation de mot de passe destiné à un compte prédéfini et dispositif associé
US11489727B2 (en) Automatically replicating configuration parameters from securely identified connected systems
US20230254301A1 (en) Auto-Configuration of Security Features in Distributed System with Minimal User Interaction
CN111240868B (zh) 实例处理与调用方法、设备、系统及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20889834

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 29/09/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20889834

Country of ref document: EP

Kind code of ref document: A1