CN116232658A - User operation control method and system in blockchain as a service - Google Patents

Abstract

This application is applicable to the field of blockchain technology, and provides a user operation control method and system in blockchain as a service. The method includes: when the business microservice module responds to user operation requests, obtains user identity information, and User identity information, generate and send the user operation authentication request to the user microservice module, asynchronously wait for the user operation authentication result of the user microservice module, execute the business preparation process related to the user operation request, until it is confirmed that the user operation authentication is successful , and then execute the on-chain operation process related to the user operation request. In order to realize user manipulation authentication and control user operations, configure the blockchain-as-a-service architecture to establish a data connection between the front-end module and the business micro-service module, and then establish a data connection between the business micro-service module and the user micro-service module. The above method , which shortens the waiting time for user operation requests and ensures the security of operations on the chain.

Description

User operation control method and system in blockchain as a service

technical field

The present application belongs to the technical field of blockchain, and in particular relates to a user operation control method and system in blockchain as a service.

Background technique

Blockchain as a Service (BaaS, Blockchain as a Service) refers to embedding the blockchain framework into the cloud computing platform, taking advantage of the deployment and management advantages of the cloud service infrastructure, and providing convenient and high-performance blockchain services for application developers. Ecological environment and ecological supporting services, an open blockchain platform that supports developers' business expansion and operational support.

In the blockchain as a service, each user has a personal view and an organization view after logging in (there is an organization view after the user joins an organization). The user resources in the personal view belong to the individual, and user operations do not need to be authenticated. Users are assigned various roles, and all operations of each role under the organization view need to be authenticated, so as to prevent users under the organization from exceeding their authority. For example, if a user has a blockchain development role, he can create a chain, However, users with blockchain operation and maintenance roles are not allowed to create chains.

In addition to the above-mentioned user role authority authentication, the blockchain as a service also connects to an identity chain, and each user corresponds to an identity on the identity chain, that is, a distributed user identity, which determines the user's authority to operate on the chain. Therefore, it is also necessary to authenticate the user's on-chain operation authority.

Due to the particularity of the blockchain-as-a-service architecture, the existing authentication methods cannot implement user operation authentication and control user operations in the blockchain-as-a-service architecture, and because user identity information in the blockchain-as-a-service architecture It is processed by a certain microservice, so other microservices cannot obtain user identity information for authentication and control of user operations.

Contents of the invention

The embodiment of the present application provides a user operation control method and system in blockchain as a service, which can solve the above technical problems.

In the first aspect, the embodiment of the present application provides a user operation control method in the blockchain as a service, which is executed by the business microservice module, and the business microservice module establishes data connections with the front-end module and the user microservice module respectively. Including: in response to user operation requests, obtain user identity information, generate and send user operation authentication requests to the user microservice module according to user identity information; among them, user operation requests are sent by the front-end module through the gateway module; asynchronously wait for user operations The authentication result executes the business preparation process related to the user operation request; among them, the user operation authentication result is that the user microservice module responds to the user operation authentication request and obtains the user operation request view, organization ID, user role and distributed user Identity information is determined according to the user operation request view, organization identifier, user role, and distributed user identity information; until it is confirmed that the user operation authentication is successful, the on-chain operation process related to the user operation request is executed.

Further, until it is confirmed that the user operation authentication is successful, execute the on-chain operation process related to the user operation request, including: if the user operation authentication result is not waited for after executing the service preparation process related to the user operation request, block The on-chain operation process related to the user operation request waits for the user operation authentication result, and when the user operation authentication is confirmed to be successful according to the user operation authentication result, the on-chain operation process related to the user operation request is executed.

Further, the business microservice module responding to the user operation request is determined by the gateway module according to the microservice name carried in the user operation request and the corresponding relationship between the registered microservice name and the microservice address.

In the second aspect, the embodiment of the present application provides a user operation control method in blockchain as a service, which is executed by the user micro-service module, the user micro-service module establishes a data connection with the business micro-service module, and the business micro-service module and the front-end The module establishes a data connection, including: obtaining user identity information in response to a user operation authentication request; wherein, the user operation authentication request is generated according to the user identity information obtained by the business microservice module in response to the user operation request; According to the user identity information, get the user operation request view, organization ID, user role and user ID; determine the distributed user identity information of the user on the identity chain according to the user ID; User identity information, determine whether the user operation authorization is successfully authenticated, and send the user operation authentication result to the business microservice module.

Further, according to the user operation request view, organization identifier, user role and distributed user identity information, determine whether the user operation authorization is successfully authenticated, and send the user operation authentication result to the business microservice module, including: if the user operation request view is Organization view, to obtain the permissions corresponding to the current route; where the current route is the route associated with the business microservice module in response to the user operation request; determine whether the role permissions corresponding to the user roles under the organization corresponding to the organization ID include the permissions corresponding to the current route , if so, determine that the authentication of the user's role authority is successful; according to the distributed user identity information, determine whether the user has the on-chain operation authority related to the user operation request, and if so, determine that the user's on-chain authority authentication is successful; if the user role authority and the user's If all permissions on the chain are successfully authenticated, the user operation authentication result indicating that the user operation authentication is successful is sent to the business microservice module.

Further, according to the user operation request view, organization identifier, user role and distributed user identity information, determine whether the user operation authorization is successfully authenticated, send the user operation authentication result to the business microservice module, and also include: if the user operation request view For the personal view, send the user operation authentication result indicating that the user operation authentication is successful to the business microservice module.

In the third aspect, the embodiment of the present application provides a user operation control method in blockchain as a service, the front-end module establishes a data connection with the business micro-service module, and the business micro-service module establishes a data connection with the user micro-service module, including: The business microservice module obtains the user identity information in response to the user operation request, generates and sends the user operation authentication request to the user microservice module according to the user identity information; among them, the user operation request is sent by the front-end module through the gateway module; the user microservice module The service module obtains the user identity information in response to the user operation authentication request; obtains the user operation request view, institution ID, user role and user ID according to the user ID information; determines the distributed user ID information of the user on the identity chain according to the user ID ;According to the user operation request view, organization ID, user role and distributed user identity information, determine whether the user operation authorization is successfully authenticated, and send the user operation authentication result to the business microservice module; the business microservice module waits for user operation authentication asynchronously As a result, the business preparation process related to the user operation request is executed; the business microservice module executes the on-chain operation process related to the user operation request until it confirms that the user operation authentication is successful.

Further, before the business microservice module responds to the user operation request, it also includes: the gateway module receives the user operation request and the microservice name carried by the user operation request; the gateway module receives the microservice name carried by the user operation request and the registered microservice The corresponding relationship between the name and the microservice address obtains the microservice address corresponding to the user operation request, and sends the user operation request to the business microservice module on the microservice address corresponding to the user operation request.

In a fourth aspect, the embodiment of the present application provides a user operation control device in a blockchain as a service, including: a response request unit, configured to obtain user identity information in response to a user operation request, generate and Send the user operation authentication request to the user microservice module; among them, the user operation request is sent by the front-end module through the gateway module; the asynchronous waiting unit is used to asynchronously wait for the user operation authentication result, and execute the business preparation process related to the user operation request ; Among them, the user operation authentication result is that the user microservice module responds to the user operation authentication request, obtains the user operation request view, organization ID, user role and distributed user identity information, and according to the user operation request view, organization ID, user role and the distributed user identity information; the operation control unit is used to execute the on-chain operation process related to the user operation request until it is confirmed that the user operation authentication is successful.

Further, the operation control unit is specifically configured to: if the user operation authentication result is not waited for after executing the service preparation process related to the user operation request, then block the on-chain operation process related to the user operation request until the user operation request is received Operation authentication result. When the user operation authentication is confirmed to be successful according to the user operation authentication result, the on-chain operation process related to the user operation request is executed.

In the fifth aspect, the embodiment of the present application provides a user operation control device in blockchain as a service, including: a first acquisition unit, configured to acquire user identity information in response to a user operation authentication request; wherein, the user operation The authentication request is generated based on the user identity information obtained by the business microservice module in response to the user operation request; the second acquisition unit is used to obtain the user operation request view, organization ID, user role and User ID; the determination unit is used to determine the user's distributed user identity information on the identity chain according to the user ID; the authentication unit is used to determine the user's identity information according to the user operation request view, organization ID, user role and distributed user identity information Whether the operation authority is authenticated successfully, and the user operation authentication result is sent to the business microservice module.

Further, the authentication unit is specifically used to: if the user operation request view is an organization view, obtain the authority corresponding to the current route; wherein, the current route is the route associated with the business microservice module responding to the user operation request; determine the organization ID Whether the role authority corresponding to the user role under the corresponding organization includes the authority corresponding to the current route, if so, determine whether the user role authority authentication is successful; according to the distributed user identity information, determine whether the user has the on-chain operation authority related to the user operation request, If yes, it is determined that the authentication of the user's on-chain authority is successful; if both the user's role authority and the user's on-chain authority are successfully authenticated, the user operation authentication result indicating that the user operation authentication is successful is sent to the business microservice module.

Further, the authentication unit is also specifically configured to: obtain the current route in response to the user operation authentication request; wherein, the current route is the route associated with the business microservice module in response to the user operation request; if the current route is in the preconfigured In the whitelist route of , send the user operation authentication result indicating that the user operation authentication is successful to the business microservice module.

In the sixth aspect, the embodiment of the present application provides a user operation control device in blockchain as a service, including: a response request unit, used for the business microservice module to obtain user identity information in response to the user operation request, and according to the user identity information, generate and send the user operation authentication request to the user micro-service module; wherein, the user operation request is sent by the front-end module through the gateway module; the operation authentication unit is used for the user micro-service module to respond to the user operation authentication request and obtain User identity information; get the user operation request view, organization ID, user role and user ID according to the user ID information; determine the distributed user identity information of the user on the identity chain according to the user ID; role and distributed user identity information, to determine whether the user operation authority is successfully authenticated, and send the user operation authentication result to the business microservice module; the asynchronous waiting unit is used for the business microservice module to asynchronously wait for the user operation authentication result, and executes and communicates with the user The business preparation process related to the operation request; the operation control unit is used for the business micro-service module to execute the on-chain operation process related to the user operation request until the successful authentication of the user operation is confirmed.

Further, the user operation control device in the blockchain as a service also includes: a receiving unit for the gateway module to receive the user operation request and the microservice name carried in the user operation request; a sending unit for the gateway module to receive the user operation request according to the user operation request The carried microservice name and the registered microservice name are related to the microservice

Correspondence between service addresses, obtain the microservice address corresponding to the user operation request, and send the user operation 5 request to the business microservice module on the microservice address corresponding to the user operation request.

In the seventh aspect, the embodiment of the present application provides a user operation control system in blockchain as a service, including: the system includes a front-end module, a gateway module, a business microservice module, a user microservice module and an identity chain module. The front-end module establishes a data connection with the business micro-service module, and the business micro-service module and

The user microservice module establishes a data connection; the business microservice module is used to respond to user operation requests, obtain user identity information, generate and send user operation authentication requests to the user microservice module according to user identity information; among them, user operation The request is sent by the front-end module through the gateway module; the user micro-service module is used to obtain user identity information in response to the user operation authentication request; according to the user identity information, obtain the user operation request view, organization ID, user role and user ID; according to User ID determination

The distributed user identity information on the identity chain stored by the user in the identity chain module; according to the user operation request view, organization ID, user role and distributed user identity information, determine whether the user operation authority is successfully authenticated, and send the user operation The authentication result is sent to the business microservice module; the business microservice module is also used to asynchronously wait for the user operation authentication result, and executes the business preparation process related to the user operation request; the business microservice module is also used to confirm that the user operation authentication is successful , to execute the on-chain operation process related to the user operation request.

0 Further, the gateway module is used to receive the user operation request and the microservice name carried by the user operation request; according to the corresponding relationship between the microservice name carried by the user operation request and the registered microservice name and the microservice address, the user The microservice address corresponding to the operation request, and send the user operation request to the business microservice module on the microservice address corresponding to the user operation request.

In an eighth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the above-mentioned first aspect, second aspect or third aspect can be realized. aspects of the method.

In the embodiment of this application, in order to realize user manipulation authentication and control user operations, the blockchain-as-a-service architecture is configured to establish a data connection between the front-end module and the business micro-service module, and the business micro-service module and the user micro-service module Establish a data connection.

For the business microservice module, considering that under normal circumstances, user operation authentication should be fast and correct. Therefore, when the business microservice module responds to the user operation request sent by the front-end module through the gateway module, it will immediately obtain the user Identity information, according to the user identity information, generate and send user operation authentication requests to the user microservice module, and asynchronously wait for the user operation authentication results of the user microservice module, and execute the business preparation process related to the user operation request, thus shortening the The waiting time for user operation requests. Generally, user operation authentication is successful, but there is still the possibility of user operation authentication failure. Therefore, after the business preparation is completed, the business microservice module will wait for the user operation authentication result. Until the successful authentication of the user operation is confirmed, the on-chain operation process related to the user operation request is executed, thereby ensuring the security of the operation on the chain, effectively controlling the user operation, and avoiding unauthorized operations.

For the user microservice module, no matter which business microservice module responds to the user operation request, the user operation authentication will be performed through the user microservice module. Specifically, the user microservice module responds to the user Operate the authentication request to obtain user identity information. According to the user identity information, obtain the user operation request view, organization ID, user role and user ID, and determine the distributed user identity information of the user on the identity chain according to the user ID. Finally, according to the user Operation request view, organization ID, user role and distributed user identity information, determine whether the user operation authority is successfully authenticated, and send the user operation authentication result to the business microservice module. In this process, the user microservice module not only realizes the user role The authority authentication also integrates the distributed user identity information in the identity chain to realize the authority authentication on the user chain, thereby ensuring the effective control of user operations by the business microservice module through the user operation authentication results.

Description of drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the accompanying drawings that need to be used in the descriptions of the embodiments or the prior art will be briefly introduced below. Obviously, the accompanying drawings in the following description are only for the present application For some embodiments, those of ordinary skill in the art can also obtain other drawings based on these drawings without paying creative efforts.

FIG. 1 is a schematic diagram of the architecture of a user operation control system in a blockchain as a service provided in the first embodiment of the present application;

FIG. 2 is a schematic flowchart of a user operation control method in a blockchain as a service provided in the second embodiment of the present application;

Fig. 3 is a schematic flowchart of a user operation control method in a blockchain as a service provided in the third embodiment of the present application;

FIG. 4 is a schematic flowchart of S204 in a user operation control method in a blockchain as a service provided in the third embodiment of the present application;

FIG. 5 is another schematic flowchart of a user operation control method in a blockchain as a service provided in the third embodiment of the present application;

FIG. 6 is a schematic flowchart of a user operation control method in a blockchain as a service provided in the fourth embodiment of the present application;

Fig. 7 is a schematic diagram of a user-operated control device in the blockchain as a service provided by the fifth embodiment of the present application;

Fig. 8 is a schematic diagram of a user-operated control device in the blockchain as a service provided by the sixth embodiment of the present application;

FIG. 9 is a schematic diagram of a user-operated control device in the blockchain as a service provided by the seventh embodiment of the present application.

Detailed ways

In the following description, specific details such as specific system structures and technologies are presented for the purpose of illustration rather than limitation, so as to thoroughly understand the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments without these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.

It should be understood that when used in this specification and the appended claims, the term "comprising" indicates the presence of described features, integers, steps, operations, elements and/or components, but does not exclude one or more other Presence or addition of features, wholes, steps, operations, elements, components and/or collections thereof.

It should also be understood that the term "and/or" used in the description of the present application and the appended claims refers to any combination and all possible combinations of one or more of the associated listed items, and includes these combinations.

As used in this specification and the appended claims, the term "if" may be construed, depending on the context, as "when" or "once" or "in response to determining" or "in response to detecting ". Similarly, the phrase "if determined" or "if [the described condition or event] is detected" may be construed, depending on the context, to mean "once determined" or "in response to the determination" or "once detected [the described condition or event] ]” or “in response to detection of [described condition or event]”.

In addition, in the description of the specification and the appended claims of the present application, the terms "first", "second", "third" and so on are only used to distinguish descriptions, and should not be understood as indicating or implying relative importance.

Reference to "one embodiment" or "some embodiments" or the like in the specification of the present application means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," "in other embodiments," etc. in various places in this specification are not necessarily All refer to the same embodiment, but mean "one or more but not all embodiments" unless specifically stated otherwise. The terms "including", "comprising", "having" and variations thereof mean "including but not limited to", unless specifically stated otherwise.

Please refer to FIG. 1. FIG. 1 is a schematic diagram of the architecture of a user operation control system in blockchain as a service provided by the first embodiment of the present application. The system includes a front-end module 101, a gateway module 102, and a business microservice module 103. , the user microservice module 104 and the identity chain module 105.

The front-end module 101 interacts with the business microservice module 103 through the gateway module 102, the business microservice module 103 interacts with the user microservice module 104, and the user microservice module 104 interacts with the identity chain module 105. The above-mentioned interaction refers to the exchange of data through the establishment of a data connection.

It should be pointed out that there are various understandings of the concept of a module, for example, it can be understood as a program in a hardware device, or it can also be understood as a hardware device.

In this embodiment of the application, each module of the system refers to a hardware device, the front-end module 101 refers to a hardware device that realizes a front-end function, the gateway module 102 refers to a hardware device that realizes a gateway function, and the business microservice module 103 refers to a The hardware device of the microservice function, the user microservice module 104 refers to the hardware device carrying the user microservice function, and the identity chain module 105 refers to the storage identity chain (each user has a corresponding distributed user identity on the identity chain, that is, DID) hardware device.

The system may include several business microservice modules 103, and different business microservice modules 103 carry different business microservice functions, and each business microservice module 103 has a corresponding microservice address.

The business microservice module 103 interacts with the user microservice module 104, and triggers the user microservice module 104 to perform user operation authentication. The user microservice module 104 interacts with the identity chain module 105 during the authentication process. The architecture of the above-mentioned user operation control system can be well adapted to the blockchain as a service. The user operation control method in the blockchain as a service will be described in detail below through several embodiments to show that the above modules are integrated in the blockchain. That is, how to implement user operation authentication and user operation control in the service.

Please refer to FIG. 2 . FIG. 2 is a schematic flowchart of a user operation control method in blockchain as a service provided by the second embodiment of the present application. In this embodiment, the execution subject of a user operation control method in a blockchain as a service is a business micro-service module, and the business micro-service module can be a server, a server cluster, etc., or a processor in a server, a micro-processing devices, etc., and are not specifically limited. The user operation control method in the blockchain as a service shown in Figure 2 may include:

S101: Obtain user identity information in response to a user operation request, generate and send a user operation authentication request to the user microservice module according to the user identity information; wherein, the user operation request is sent by the front-end module through the gateway module.

In this embodiment, the business micro-service module respectively establishes data connections with the front-end module and the user micro-service module for data exchange and interaction.

The business microservice module obtains user identity information in response to the user operation request, generates and sends a user operation authentication request to the user microservice module according to the user identity information.

Wherein, the user operation request is sent by the front-end module through the gateway module. For business microservices, user microservice modules, and front-end modules, reference may be made to the description of the first embodiment, which will not be repeated here.

In a simple understanding, the user operates in the front-end module according to the requirement, triggers the front-end module to generate the user operation request, and the front-end module sends the user operation request to the business microservice module through the gateway module.

For example, a requirement could be deploying a contract or creating a new chain.

The user operation request includes at least user identity information. In an optional embodiment, the user identity information may refer to a user token (token), which may indicate the unique identity of the user and is used for user operation authentication.

Since blockchain-as-a-service may include several business microservice modules, different business microservice modules are used to process different user operations and solve different user needs. Therefore, it is necessary to determine the corresponding business microservice modules to respond to user operations ask.

In an optional implementation, the business microservice module responding to the user operation request is determined by the gateway module according to the microservice name carried in the user operation request and the corresponding relationship between the registered microservice name and the microservice address.

It is understandable that the user operation request will carry the corresponding micro-service name, and the gateway module stores the corresponding relationship between the registered micro-service name and the micro-service address, then according to the micro-service name carried by the user operation request, you can After obtaining a corresponding microservice address, the user operation request can be sent to the business microservice module on the microservice address.

After the business microservice module obtains the user identity information, it generates and sends a user operation authentication request to the user microservice module according to the user identity information.

S102: Asynchronously wait for the user operation authentication result, and execute the business preparation process related to the user operation request; wherein, the user operation authentication result is that the user microservice module responds to the user operation authentication request, and obtains the user operation request view, organization ID, User roles and distributed user identity information are determined according to the user operation request view, institution ID, user role and distributed user identity information.

The business microservice module asynchronously waits for the user operation authentication result, and executes the business preparation process related to the user operation request.

That is to say, after obtaining the user identity information, the business microservice module will generate and send the user operation authentication request to the user microservice module, and will asynchronously execute the business preparation process related to the user operation request, instead of waiting for the user to After operating the authentication result, execute the business preparation process related to the user operation request.

Because under normal circumstances, the processing logic of user operation authentication should be fast and correct. For example, the user's normal page operation will not have the problem of no permission. Therefore, user operation authentication will succeed under normal circumstances. After receiving the user operation request, the business microservice module asynchronously waits for the user operation authentication result of the user microservice module, which can greatly reduce the request waiting time and shorten the feedback time of the user operation request.

User operation authentication is performed by the user microservice module. Specifically, the user operation authentication result is that the user microservice module responds to the user operation authentication request and obtains the user operation request view, organization ID, user role and distributed user Identity information, determined according to user operation request view, institution ID, user role and distributed user identity information.

Among them, the user operation request view, organization ID, and user role are used to authenticate user role permissions, and distributed user identity information is used to authenticate user permissions on the chain.

For details on how to perform user operation authentication, please refer to the description of the third embodiment, which will not be further described here.

The user operation authentication result will indicate that the user operation authentication succeeds or the user operation authentication fails.

As mentioned above, it is necessary to authenticate user role permissions and user chain permissions. In this embodiment, when both permissions are successfully authenticated, it is determined that user operation authentication is successful.

It should also be noted that some user operations do not require authentication, and authentication-free operations are attributed to successful authentication of user operations. For example: the user's operation in the personal view does not require authentication.

The above execution of the business preparation process related to the user operation request can be understood as the execution of business logic processing related to the user operation request.

S103: Execute the on-chain operation process related to the user operation request until it is confirmed that the user operation authentication is successful.

The business microservice module executes the on-chain operation process related to the user operation request until it confirms that the user operation authentication is successful.

Specifically, if the business preparation process related to the user operation request is executed without waiting for the user operation authentication result, the business microservice module blocks the on-chain operation process related to the user operation request until it waits for the user operation authentication As a result, when the user operation authentication is confirmed to be successful according to the user operation authentication result, the on-chain operation process related to the user operation request is executed.

The blocking of the on-chain operation process related to the user operation request by the business microservice module can be understood as setting the on-chain operation process related to the user operation request to a blocked state.

For example, for a user operation request to deploy a contract, after the business preparation process related to the user operation request is completed, the business microservice module will not execute the related user operation request until it is confirmed that the user operation authentication is successful. The operation process on the chain, that is, deploying a contract on the chain.

In the embodiment of this application, in order to realize user manipulation authentication and control user operations, the blockchain-as-a-service architecture is configured to establish a data connection between the front-end module and the business micro-service module, and the business micro-service module and the user micro-service module To establish a data connection, for the business micro-service module, considering that under normal circumstances, user operation authentication should be fast and correct. Therefore, when the business micro-service module responds to the user operation request sent by the front-end module through the gateway module, It will immediately obtain the user identity information, generate and send the user operation authentication request to the user microservice module according to the user identity information, and asynchronously wait for the user operation authentication result of the user microservice module, and execute the business preparation process related to the user operation request , so that the waiting time for user operation requests can be shortened. Generally, user operation authentication is successful, but there is still the possibility of user operation authentication failure. Therefore, after the business preparation is completed, the business microservice module will wait for the user operation As a result of the authentication, until the successful authentication of the user operation is confirmed, the on-chain operation process related to the user operation request is executed, thereby ensuring the security of the operation on the chain, effectively controlling the user operation, and avoiding unauthorized operations.

Please refer to FIG. 3 . FIG. 3 is a schematic flowchart of a user operation control method in blockchain as a service provided by the third embodiment of the present application. In this embodiment, the execution subject of a user operation control method in blockchain as a service is a user microservice module. The user microservice module can be a server, a server cluster, etc., or a processor in a server, a microprocessor devices, etc., and are not specifically limited. The user operation control method in the blockchain as a service shown in Figure 3 may include:

S201: Obtain user identity information in response to a user operation authentication request; wherein, the user operation authentication request is generated according to the user identity information obtained by the business microservice module in response to the user operation request.

The user microservice module obtains user identity information in response to user operation authentication requests.

As mentioned above, the user microservice module establishes a data connection with the business microservice module, the business microservice module establishes a data connection with the front-end module, and the user microservice module performs user operation authentication.

Wherein, the user operation authentication request is generated according to the user identity information acquired by the business microservice module in response to the user operation request.

In an optional implementation manner, the user identity information may refer to a user token (token), which may indicate the unique identity of the user, and is used for user operation authentication.

S202: According to the user identity information, obtain a user operation request view, an institution ID, a user role, and a user ID.

According to the user identity information, the user micro-service module obtains the user operation request view, organization ID, user role and user ID.

In the blockchain as a service, each user has a personal view and an organization view after logging in (there is an organization view after the user joins an organization), user operations in the personal view do not require authentication, and users in the organization view are assigned various roles , all operations of each role in the organization view need to be authenticated, so as to prevent users under the organization from performing unauthorized operations.

The above user operation request view may be a personal view or an institutional view.

The organization ID is the unique ID corresponding to the organization in the blockchain as a service, and it is used here to indicate which organization the user joins.

The user role is the user's role in the organization corresponding to the organization ID. For example: blockchain development roles, blockchain operation and maintenance roles.

The user ID is the unique ID corresponding to the user in the blockchain as a service, and it is used here to indicate which user is to perform operation authentication.

S203: Determine the user's distributed user identity information on the identity chain according to the user identity.

In addition to authentication of user roles and permissions, blockchain-as-a-service is also connected to an identity chain. Each user corresponds to an identity on the identity chain, that is, a distributed user identity, which determines the user's authority to operate on the chain. Therefore, it is also necessary to authenticate the user's on-chain operation authority.

Before performing on-chain operation permission authentication, the user micro-service module needs to determine the user's distributed user identity information (ie, DID) on the identity chain according to the user ID.

S204: According to the user operation request view, organization identification, user role and distributed user identity information, determine whether the user operation authorization is successfully authenticated, and send the user operation authentication result to the business microservice module.

The user micro-service module determines whether the authentication of the user operation authority is successful according to the user operation request view, organization identification, user role and distributed user identity information, and sends the user operation authentication result to the business micro-service module.

Specifically, the user microservice module is used to authenticate user role permissions according to user operation request views, organization identifiers, and user roles, and the user microservice module performs authentication of user on-chain permissions based on distributed user identity information.

The user operation authentication result will indicate that the user operation authentication succeeds or the user operation authentication fails.

As mentioned above, it is necessary to authenticate user role permissions and user chain permissions. In this embodiment, when both permissions are successfully authenticated, it is determined that user operation authentication is successful.

It should also be noted that some user operations do not require authentication, and authentication-free operations are attributed to successful authentication of user operations.

In an optional implementation, please refer to FIG. 4. FIG. 4 is a schematic flowchart of S204 in a user operation control method in a blockchain as a service provided in the third embodiment of the present application. S204 includes:

S2041: If the user operation request view is an organization view, obtain the authority corresponding to the current route; wherein, the current route is the route associated with the business microservice module responding to the user operation request.

S2042: Determine whether the role authority corresponding to the user role under the organization corresponding to the organization identifier includes the authority corresponding to the current route, and if so, determine that the authentication of the user role authority is successful.

Regarding steps S2041-S2042, if the user operation request view is an organization view, the authority corresponding to the current route is obtained. The current route refers to the route associated with the business microservice module that responds to the user operation request. It is understandable that when the business microservice module sends the user operation authentication request to the user microservice module, it will pass through the route. Each business microservice module has its associated route. There are routes and permissions in the blockchain as a service. For example, the authority corresponding to the route of this operation of deploying the contract is A, the user microservice module needs to obtain the authority corresponding to the current route, and judge whether the role authority corresponding to the user role under the organization corresponding to the organization ID includes the corresponding authority of the current route If yes, it is determined that the authentication of the user role authority is successful, and if not, it is determined that the authentication of the user role authority fails.

S2043: According to the distributed user identity information, determine whether the user has the on-chain operation authority related to the user operation request, and if so, determine that the user's on-chain authority authentication is successful.

Each distributed user identity information has its corresponding on-chain operation authority, and the user micro-service module judges whether the user has the on-chain operation authority related to the user operation request based on the distributed user identity information, and if so, determines the user's on-chain authority If the authentication is successful, if not, it is determined that the authentication of the user's on-chain authority has failed.

The user role authority authentication in steps S2041-S2042 and the user on-chain authority authentication in step S2043 can be implemented in parallel, or the user role authority authentication can be performed first, and then the user on-chain authority authentication can be performed. If the user role authority authentication is performed first, and then the user on-chain authority authentication is performed, when the user role authority authentication fails, there is no need to perform user on-chain authority authentication, and vice versa.

S2044: If both the user role authority and the user chain authority are successfully authenticated, send the user operation authentication result indicating that the user operation authentication is successful to the business microservice module.

If both the user role authority and the user chain authority are successfully authenticated, the user microservice module sends the user operation authentication result indicating that the user operation authentication is successful to the business microservice module.

In an optional implementation manner, S204 further includes: S2045: If the user operation request view is a personal view, send a user operation authentication result indicating successful user operation authentication to the business microservice module.

Since no authentication is required when the user operation request view is a personal view, the user microservice module sends the user operation authentication result indicating that the user operation authentication is successful to the business microservice module.

Please refer to FIG. 5. FIG. 5 is another schematic flowchart of a user operation control method in a blockchain as a service provided in the third embodiment of the present application. S204 includes:

S205: Obtain the current route in response to the user operation authentication request; wherein, the current route is the route associated with the business microservice module responding to the user operation request.

S206: If the current route is in the pre-configured whitelist route, send the user operation authentication result indicating that the user operation authentication is successful to the business microservice module.

In response to the user operation authentication request, the user micro-service module will first obtain the current route to determine whether the current route is in the pre-configured whitelist route. The operation authentication result is sent to the business microservice module.

For example, if the user login route is in the pre-configured whitelist, then the current route is the user login route, which means that it does not need to be authenticated, and the user operation authentication result indicating that the user operation authentication is successful can be directly sent to the business microservice module .

By first judging whether the current route is in the pre-configured whitelist route when responding to the user operation authentication request, the user operation authentication result can be returned more quickly when no authentication is required.

In the embodiment of this application, in order to realize user manipulation authentication and control user operations, the blockchain-as-a-service architecture is configured to establish a data connection between the front-end module and the business micro-service module, and the business micro-service module and the user micro-service module Establish a data connection. For the user microservice module, no matter which business microservice module responds to the user operation request, the user operation authentication will be performed through the user microservice module. Specifically, the user microservice module responds to the user Operate the authentication request to obtain user identity information. According to the user identity information, obtain the user operation request view, organization ID, user role and user ID, and determine the distributed user identity information of the user on the identity chain according to the user ID. Finally, according to the user Operation request view, organization ID, user role and distributed user identity information, determine whether the user operation authority is successfully authenticated, and send the user operation authentication result to the business microservice module. In this process, the user microservice module not only realizes the user role The authority authentication also integrates the distributed user identity information in the identity chain to realize the authority authentication on the user chain, thereby ensuring the effective control of user operations by the business microservice module through the user operation authentication results.

Please refer to FIG. 6 . FIG. 6 is a schematic flowchart of a user operation control method in blockchain as a service provided by the fourth embodiment of the present application. In this embodiment, the execution subject of a user operation control method in blockchain as a service includes at least: a business microservice module and a user microservice module, which control user operations in blockchain as a service from the perspective of multi-party interaction The method is explained. The user operation control method in the blockchain as a service shown in Figure 6 may include:

S301: The business microservice module obtains user identity information in response to the user operation request, generates and sends a user operation authentication request to the user microservice module according to the user identity information; wherein, the user operation request is sent by the front-end module through the gateway module.

S302: The user micro-service module obtains user identity information in response to the user operation authentication request; obtains the user operation request view, organization ID, user role, and user ID according to the user ID information; determines the user's distribution on the identity chain according to the user ID According to the user operation request view, organization ID, user role and distributed user identity information, determine whether the user operation authorization is successfully authenticated, and send the user operation authentication result to the business microservice module.

S303: The business microservice module asynchronously waits for the user operation authentication result, and executes the business preparation process related to the user operation request.

S304: The business microservice module executes the on-chain operation process related to the user operation request until it confirms that the user operation authentication is successful.

In this embodiment, the front-end module establishes a data connection with the business microservice module, and the business microservice module establishes a data connection with the user microservice module. For steps S301, S303 to S304 performed by the business microservice module, refer to the second embodiment For the descriptions of S101 to S103, as for the step S302 performed by the user microservice module, reference may be made to the descriptions of S201 to S204 in the third embodiment, and the above steps will not be repeatedly explained here.

In this embodiment, further steps are included: the gateway module receives the user operation request and the microservice name carried by the user operation request; the gateway module communicates between the microservice name carried by the user operation request and the registered microservice name and the microservice address Corresponding relationship, obtain the microservice address corresponding to the user operation request, and send the user operation request to the business microservice module on the microservice address corresponding to the user operation request.

The user operation request will carry the corresponding microservice name, and the corresponding relationship between the registered microservice name and the microservice address is stored in the gateway module, so a corresponding microservice name can be obtained according to the microservice name carried in the user operation request. service address, and then the user operation request can be sent to the business microservice module on the microservice address.

Regarding the technical effects of this embodiment, reference may be made to the technical effects described in the second embodiment and the third embodiment.

It should be understood that the sequence numbers of the steps in the above embodiments do not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, and should not constitute any limitation to the implementation process of the embodiment of the present application.

Please refer to FIG. 7 . FIG. 7 is a schematic diagram of a user operation control device in the blockchain as a service provided by the fifth embodiment of the present application. Each included unit is used to execute each step in the embodiment corresponding to FIG. 2 . For details, refer to the relevant description in the embodiment corresponding to FIG. 2 . For ease of description, only the parts related to this embodiment are shown. Referring to Figure 7, the user operation control device 7 in the blockchain as a service includes:

The response request unit 71 is used to obtain user identity information in response to the user operation request, generate and send a user operation authentication request to the user microservice module according to the user identity information; wherein, the user operation request is sent by the front-end module through the gateway module ;

The asynchronous waiting unit 72 is used to asynchronously wait for the user operation authentication result, and execute the business preparation process related to the user operation request; wherein, the user operation authentication result is that the user microservice module responds to the user operation authentication request and obtains the user operation request View, organization ID, user role and distributed user identity information, determined according to user operation request view, organization ID, user role and distributed user identity information;

The operation control unit 73 is configured to execute the on-chain operation process related to the user operation request until it is confirmed that the user operation authentication is successful.

Further, the operation control unit 73 is specifically configured to: if the user operation authentication result is not waited for after executing the service preparation process related to the user operation request, then block the on-chain operation process related to the user operation request until the waiting time is reached. User operation authentication result. When the user operation authentication is confirmed to be successful according to the user operation authentication result, the on-chain operation process related to the user operation request is executed.

Please refer to FIG. 8 . FIG. 8 is a schematic diagram of a user-operated control device in the blockchain as a service provided by the sixth embodiment of the present application. Each included unit is used to execute each step in the embodiment corresponding to FIG. 3 . For details, refer to the relevant description in the embodiment corresponding to FIG. 3 . For ease of description, only the parts related to this embodiment are shown. Referring to Figure 8, the user operation control device 8 in the blockchain as a service includes:

The first obtaining unit 81 is configured to obtain user identity information in response to a user operation authentication request; wherein, the user operation authentication request is a business microservice module that responds to a user operation request to obtain user identity information, and is generated according to the user identity information ;

The second acquiring unit 82 is configured to obtain a user operation request view, an organization identifier, a user role, and a user identifier according to the user identity information;

A determining unit 83, configured to determine the distributed user identity information of the user on the identity chain according to the user identifier;

The authentication unit 84 is used to determine whether the authentication of the user operation authority is successful according to the user operation request view, organization identifier, user role and distributed user identity information, and send the user operation authentication result to the business microservice module.

Further, the authentication unit 84 is specifically configured to: if the user operation request view is an organization view, obtain the authority corresponding to the current route; wherein, the current route is the route associated with the business microservice module that responds to the user operation request; Whether the role authority corresponding to the user role under the corresponding organization includes the authority corresponding to the current route, if so, determine whether the user role authority authentication is successful; according to the distributed user identity information, determine whether the user has the on-chain operation authority related to the user operation request , if so, determine that the authentication of the user's on-chain authority is successful; if both the user's role authority and the user's on-chain authority are successfully authenticated, the user operation authentication result indicating that the user operation authentication is successful is sent to the business microservice module.

Further, the authentication unit 84 is also specifically configured to: obtain the current route in response to the user operation authentication request; wherein, the current route is the route associated with the business microservice module in response to the user operation request; if the current route is in the preset In the configured whitelist route, the user operation authentication result indicating that the user operation authentication is successful is sent to the business microservice module.

Please refer to FIG. 9 . FIG. 9 is a schematic diagram of a user operation control device in the blockchain as a service provided by the seventh embodiment of the present application. Each included unit is used to execute each step in the embodiment corresponding to FIG. 6 . For details, refer to the relevant description in the embodiment corresponding to FIG. 6 . For ease of description, only the parts related to this embodiment are shown. Referring to Figure 9, the user operation control device 9 in the blockchain as a service includes:

The response request unit 91 is used for the business microservice module to respond to the user operation request, obtain the user identity information, generate and send the user operation authentication request to the user microservice module according to the user identity information; wherein, the user operation request is the front-end module through Sent by the gateway module;

The operation authentication unit 92 is used for the user microservice module to obtain user identity information in response to the user operation authentication request; obtain the user operation request view, organization identifier, user role and user identifier according to the user identity information; determine the user ID according to the user identifier Distributed user identity information on the identity chain; according to the user operation request view, organization ID, user role and distributed user identity information, determine whether the user operation authorization is successfully authenticated, and send the user operation authentication result to the business microservice module;

The asynchronous waiting unit 93 is used for the business microservice module to asynchronously wait for the user operation authentication result, and execute the business preparation process related to the user operation request;

The operation control unit 94 is used for the business microservice module to execute the on-chain operation process related to the user operation request until it is confirmed that the user operation authentication is successful.

Further, the user operation control device 9 in the blockchain as a service also includes:

The receiving unit is used for the gateway module to receive the user operation request and the microservice name carried by the user operation request;

The sending unit is used for the gateway module to obtain the microservice address corresponding to the user operation request according to the corresponding relationship between the microservice name carried by the user operation request and the registered microservice name and the microservice address, and send the user operation request to the user The business microservice module on the microservice address corresponding to the operation request.

It should be noted that the information interaction and execution process between the above-mentioned devices/units are based on the same concept as the method embodiment of the present application, and its specific functions and technical effects can be found in the method embodiment section. I won't repeat them here.

The following is a more detailed description of the user operation control system in the blockchain as a service, please refer to Figure 1, Figure 1 is a user operation control system in the blockchain as a service provided in the first embodiment of the application Schematic diagram of the architecture.

The system includes a front-end module 101 , a gateway module 102 , a business microservice module 103 , a user microservice module 104 and an identity chain module 105 .

The front-end module 101 establishes a data connection with the business microservice module 103, and the business microservice module 103 establishes a data connection with the user microservice module 104;

The business microservice module 103 is used to obtain user identity information in response to the user operation request, and generate and send a user operation authentication request to the user microservice module 104 according to the user identity information; wherein, the user operation request is that the front-end module 101 passes through the gateway module sent by 102;

The user microservice module 104 is used to respond to the user operation authentication request and obtain the user identity information; according to the user identity information, obtain the user operation request view, organization identification, user role and user identification; Distributed user identity information stored in the identity chain; according to the user operation request view, organization ID, user role and distributed user identity information, determine whether the user operation authority is successfully authenticated, and send the user operation authentication result to the business microservice module 103;

The business microservice module 103 is also used to asynchronously wait for the user operation authentication result, and execute the business preparation process related to the user operation request;

The business microservice module 103 is also used to execute the on-chain operation process related to the user operation request until it is confirmed that the user operation authentication is successful.

Further, the gateway module 102 is used to receive the user operation request and the microservice name carried in the user operation request; according to the corresponding relationship between the microservice name carried in the user operation request and the registered microservice name and the microservice address, the user The microservice address corresponding to the operation request sends the user operation request to the business microservice module 103 on the microservice address corresponding to the user operation request.

It should be noted that the content of the user operation control system in the blockchain-as-a-service proposed above is based on the same concept as the method embodiment of this application, and its specific functions and technical effects can be found in the method embodiment section. , which will not be repeated here.

The embodiment of the present application also provides a network device, which includes: at least one processor, a memory, and a computer program stored in the memory and operable on the at least one processor, and the processor executes The computer program implements the steps in any of the above method embodiments.

The embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps in each of the foregoing method embodiments can be realized.

An embodiment of the present application provides a computer program product. When the computer program product is run on a mobile terminal, the mobile terminal can implement the steps in the foregoing method embodiments when executed.

If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, all or part of the procedures in the method of the above-mentioned embodiments in the present application can be completed by instructing related hardware through a computer program. The computer program can be stored in a computer-readable storage medium. The computer program When executed by a processor, the steps in the above-mentioned various method embodiments can be realized. Wherein, the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file or some intermediate form. The computer-readable medium may at least include: any entity or device capable of carrying computer program codes to a photographing device/terminal device, a recording medium, a computer memory, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), electrical carrier signal, telecommunication signal, and software distribution medium. Such as U disk, mobile hard disk, magnetic disk or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunication signals under legislation and patent practice.

In the above-mentioned embodiments, the descriptions of each embodiment have their own emphases, and for parts that are not detailed or recorded in a certain embodiment, refer to the relevant descriptions of other embodiments.

Those skilled in the art can appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

In the embodiments provided in this application, it should be understood that the disclosed device/network device and method may be implemented in other ways. For example, the device/network device embodiments described above are only illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be other division methods, such as multiple units Or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

The above-described embodiments are only used to illustrate the technical solutions of the present application, rather than to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still implement the foregoing embodiments Modifications to the technical solutions described in the examples, or equivalent replacements for some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the application, and should be included in the Within the protection scope of this application.

Claims (11)

1. The user operation control method in the block chain as a service is characterized by being executed by a business micro-service module, wherein the business micro-service module respectively establishes data connection with a front-end module and a user micro-service module, and comprises the following steps:

Responding to a user operation request, acquiring user identity information, and generating and sending a user operation authentication request to the user micro-service module according to the user identity information; the user operation request is sent by the front-end module through a gateway module;

asynchronously waiting for a user operation authentication result, and executing a service preparation process related to the user operation request; the user operation authentication result is that the user micro-service module responds to the user operation authentication request to acquire a user operation request view, an organization identifier, a user role and distributed user identity information, and the user operation request view, the organization identifier, the user role and the distributed user identity information are determined according to the user operation request view;

and executing the operation process on the chain related to the user operation request until the user operation authentication is confirmed to be successful.

2. The blockchain as in claim 1, wherein the performing the on-chain operation process associated with the user operation request until the user operation authentication is confirmed to be successful comprises:

and if the service preparation process related to the user operation request is not waiting for the user operation authentication result when the service preparation process related to the user operation request is executed, blocking the on-chain operation process related to the user operation request until the user operation authentication result is waiting for, and executing the on-chain operation process related to the user operation request when the user operation authentication is confirmed to be successful according to the user operation authentication result.

3. The blockchain as in claim 1 or 2, wherein the user operation control method in service is characterized by:

and the business micro-service module responding to the user operation request is determined for the gateway module according to the micro-service name carried by the user operation request and the corresponding relation between the registered micro-service name and the micro-service address.

4. The user operation control method in the block chain as a service is characterized by being executed by a user micro-service module, wherein the user micro-service module establishes data connection with a business micro-service module, and the business micro-service module establishes data connection with a front-end module, and the method comprises the following steps:

responding to a user operation authentication request, and acquiring user identity information; the user operation authentication request is generated according to the user identity information by the service micro-service module responding to the user operation request and acquiring the user identity information;

obtaining a user operation request view, an organization identifier, a user role and a user identifier according to the user identity information;

determining distributed user identity information of a user on an identity chain according to the user identification;

and determining whether the user operation authority is successfully authenticated according to the user operation request view, the mechanism identification, the user role and the distributed user identity information, and sending a user operation authentication result to the business micro-service module.

5. The method for authenticating user operations in a blockchain as a service of claim 4, wherein determining whether user operation authority is authenticated successfully according to the user operation request view, the organization identifier, the user role and the distributed user identity information, and sending a user operation authentication result to the service microservice module comprises:

if the user operation request view is a mechanism view, acquiring the authority corresponding to the current route; the current route is a route associated with a business micro-service module responding to the user operation request;

judging whether the role authority corresponding to the user role under the mechanism corresponding to the mechanism identifier contains the authority corresponding to the current route, if so, determining that the authentication of the user role authority is successful;

judging whether a user has on-chain operation authority related to the user operation request according to the distributed user identity information, if so, determining that the on-chain authority authentication of the user is successful;

and if the authority of the user role and the authority on the user chain are successfully authenticated, transmitting a user operation authentication result indicating that the user operation authentication is successful to the service micro-service module.

6. The method for authenticating user operations in a blockchain as a service of claim 5, wherein determining whether user operation authority is authenticated successfully according to the user operation request view, the organization identifier, the user role and the distributed user identity information, and sending a user operation authentication result to the service microservice module, further comprises:

and if the user operation request view is a personal view, sending a user operation authentication result indicating that the user operation authentication is successful to the service micro-service module.

7. A blockchain as in any of claims 4 to 6, wherein prior to the obtaining the user identity information, further comprising:

responding to the user operation authentication request to acquire a current route; the current route is a route associated with a business micro-service module responding to the user operation request;

and if the current route is in the pre-configured white list route, sending a user operation authentication result indicating that the user operation authentication is successful to the service micro-service module.

8. A user operation control method in block chain as service is characterized in that a front end module establishes data connection with a business micro service module, the business micro service module establishes data connection with a user micro service module, and the method comprises the following steps:

The business micro-service module responds to a user operation request, acquires user identity information, and generates and sends a user operation authentication request to the user micro-service module according to the user identity information; the user operation request is sent by the front-end module through a gateway module;

the user micro-service module responds to a user operation authentication request to acquire the user identity information; obtaining a user operation request view, an organization identifier, a user role and a user identifier according to the user identity information; determining distributed user identity information of a user on an identity chain according to the user identification; determining whether the user operation authority is successfully authenticated according to the user operation request view, the mechanism identification, the user role and the distributed user identity information, and sending a user operation authentication result to the business micro-service module;

the service micro-service module asynchronously waits for the authentication result of the user operation and executes a service preparation process related to the user operation request;

and the service micro-service module executes the on-chain operation process related to the user operation request until the user operation authentication is confirmed to be successful.

9. The blockchain as in-service user operation control method of claim 8, wherein before the business micro service module responds to the user operation request, further comprising:

the gateway module receives the user operation request and a micro-service name carried by the user operation request;

and the gateway module obtains the micro-service address corresponding to the user operation request according to the micro-service name carried by the user operation request and the corresponding relation between the registered micro-service name and the micro-service address, and sends the user operation request to the business micro-service module on the micro-service address corresponding to the user operation request.

10. A blockchain as-a-service user operation control system, comprising: the system comprises a front-end module, a gateway module, a business micro-service module, a user micro-service module and an identity chain module;

the front-end module establishes data connection with the business micro-service module, and the business micro-service module establishes data connection with the user micro-service module;

the business micro-service module is used for responding to a user operation request, acquiring user identity information, and generating and sending a user operation authentication request to the user micro-service module according to the user identity information; the user operation request is sent by the front-end module through a gateway module;

The user micro-service module is used for responding to a user operation authentication request and acquiring the user identity information; obtaining a user operation request view, an organization identifier, a user role and a user identifier according to the user identity information; determining distributed user identity information of a user on an identity chain stored in an identity chain module according to the user identification; determining whether the user operation authority is successfully authenticated according to the user operation request view, the mechanism identification, the user role and the distributed user identity information, and sending a user operation authentication result to the business micro-service module;

the business micro-service module is also used for asynchronously waiting for the authentication result of the user operation and executing a business preparation process related to the user operation request;

the service micro-service module is further used for executing an on-chain operation process related to the user operation request until the user operation authentication is confirmed to be successful.

11. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, implements the steps of the method according to any one of claims 1 to 3, or claims 4 to 7, or claims 8 to 9.

Images