CN106533678A - Multi-signature-based login method and system thereof - Google Patents
Multi-signature-based login method and system thereof Download PDFInfo
- Publication number
- CN106533678A CN106533678A CN201710009045.9A CN201710009045A CN106533678A CN 106533678 A CN106533678 A CN 106533678A CN 201710009045 A CN201710009045 A CN 201710009045A CN 106533678 A CN106533678 A CN 106533678A
- Authority
- CN
- China
- Prior art keywords
- signature
- address
- server
- private key
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000012790 confirmation Methods 0.000 claims 1
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a multi-signature-based login method, which is applied to a server and a client. The server is provided with M private keys, and M is an integer which is greater than or equal to 1; the client is provided with N private keys, and N is an integer which is greater than or equal to 2. The method comprises the following steps that the server generates a multi-signature address for the client and presets M+X private keys to sign the multi-signature address, so that the client logs in to the server, wherein X is an integer which is smaller than or equal to N; the client utilizes the X private keys to sign the multi-signature address for the first time; the server affirms that the signature of the client is an available signature; and the server utilizes the M private keys to sign the multi-signature address for the second time, so that the client logs in to the server. According to the method and the system, the secure login of a user is guaranteed.
Description
Technical field
A kind of the present invention relates to data processing field, more particularly to login method and its system based on multi-signature.
Background technology
At present, it is a kind of common login mode to be logged in using username and password.But in actual application, user
Password can be lost, causes the user cannot login service device;User makes up password, and flow process is loaded down with trivial details, and during making up, if occurring close
In the case that code is stolen by third party, third party can be carried out damaging the behavior of the user with the username and password of the user.
Therefore, when the password loss of user, whether user can be sent to clothes by a kind of mechanism by the information of password loss
Business device, the server no longer allow the password login;Additionally, during password is made up, whether user can be by standby close
Code carries out login service device, and does not affect user's normal experience.Namely guarantee experience and the safety of User logs in, become urgently
Problem to be solved.
The content of the invention
The application provides a kind of login method and device based on multi-signature, and the method can be private in user's loss one
During key, it is ensured that user can be with login service device;And the private key before ensureing user can not login service device again, so as to protect
The secure log of card user.
The application first aspect provides a kind of login method based on multi-signature, is applied in server and client side,
Server possesses the corresponding public key in M address and address, private key, and M is the integer more than or equal to 1;Client possess N number of address and
The corresponding public key in address, private key, N are the integer more than or equal to 2;Methods described includes:The server is given birth to for the client
Into the address of a multi-signature, and preset M+X private key the address of the multi-signature is signed, the client
End could log in the server;Wherein, X is the integer less than or equal to N;X private key of the client is to described multiple
Signature address carries out first time signature;The server confirms that the signature of the client is effectively signature;The server M
Individual private key carries out second signature to the multi-signature address, logs in the server in order to the client.
The application second aspect provides a kind of login system based on multi-signature, and the system includes server and client
There are the corresponding public key in M address and address, private key in end, the server, and M is the integer more than or equal to 1;Client has N number ofly
The corresponding public key in location and address, private key, N is the integer more than or equal to 2;The server will be M+N address and address institute right
The public key answered, generates the address of a multi-signature, and presets M+X private key and the address of the multi-signature is signed,
The client could log in the server;Wherein, X is the integer less than or equal to N;Client described in the server authentication
The X private key at end carries out first time signature to the address of the multi-signature, and after being proved to be successful, the server is to described multiple
The address of signature carries out second signature, it is then determined that the client logs in the server.
The application can be when user loses a private key, it is ensured that user can be with login service device;And ensure user
Private key before can not login service device again, so as to ensure the secure log of user.
Description of the drawings
Fig. 1 is a kind of login method schematic flow sheet based on multi-signature provided in an embodiment of the present invention;
Fig. 2 is the login method schematic flow sheet that a kind of client private key provided in an embodiment of the present invention is lost;
Fig. 3 is a kind of login system block schematic illustration based on multi-signature provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings the embodiment of the present invention is described in detail.It will be appreciated that described embodiment is only
The a part of embodiment of the present invention, rather than the embodiment of whole.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Below by taking Fig. 1 as an example, the embodiment of the present invention is illustrated.
As shown in figure 1, a kind of login method based on multi-signature, including step S101-S105:
S101, server possess M private key, and M is the integer more than or equal to 1;Client possesses N number of private key, N be more than etc.
In 2 integer.
In a kind of possible implementation of the present invention, client possesses the corresponding public key in M+N address and address
And private key;Client is sent to the corresponding private key in M address of server and address and public key.Each private key correspondence one
Public key, one address of a public key correspondence.
In the implementation of the another possibility of the present invention, the corresponding private key in M address of server and address,
Public key is generated by server.
It should be noted that the address that possessed of client or server and the private key corresponding to address are all unique.
S102, the server are the address that the client generates a multi-signature, and preset M+X private key
The address of the multi-signature is signed, the client could log in the server;Wherein, X is less than or equal to N
Integer.
The corresponding public key in N number of address and address is sent to server by client, and server is according to M+N address and ground
The corresponding public key in location generates the address of the multi-signature of the client, for example, generated with createmultisig orders,
createmultisig<n><' [" key ", " key ", " key "] '>, n represent unblock address required for private key quantity.
The value of the server settings n, it is many that the setting of n values ensure that the server can not unlock this with M private key
Sign again address, and the private key for being necessarily required to the client participates in unblock.Therefore it is set as that M+X private key could unlock ground
Location, and X is the integer less than or equal to N, behind unblock address, the client can login service device.
It should be noted that the private key of above-mentioned n unblock address refers to the multi-signature that only generates above-mentioned client
Private key corresponding to M+N public key of address, could unlock the address of multi-signature, could login service device after unblock.Service
Device includes the server of the various websites for needing registered user name and password.
S103, the client carry out first time signature with X private key to the multi-signature address.
S104, the server confirm that the signature of the client is effectively signature.
Effectively signature refers to that server confirms the private key that X private key of signature for the first time is the client, and the X private key institute
Corresponding address is not transferred into address blacklist.When certain private key of client is lost, in order to prevent being stolen by people, the visitor is given
Family end causes damage, and the address information corresponding to the loss private key can be sent to server by client, and the server will be lost
Private key corresponding to address proceed to address blacklist.
S105, the server carry out second signature with M private key to the multi-signature address, in order to the visitor
Family end logs in the server.
The server is carried out to multi-signature address after second signature with M private key, and the multi-signature address is solved
Lock, logs in the server in order to the client.
It should be noted that the client in the embodiment of the present invention includes individual client end and institutional client end, to this not
It is construed as limiting;Server includes credit investigation system server, Website server etc., and this is not construed as limiting.
Below by taking Fig. 2 as an example, when server only possesses a private key, when client has two private keys, to present invention enforcement
The login process of example is illustrated.
Fig. 2 is the login method schematic flow sheet that a kind of client private key provided in an embodiment of the present invention is lost.Such as Fig. 2 institutes
Show, including step S201-S205,
S201, server possess a private key, and client possesses two private keys, i.e. the first private key and the second private key.
S202, server are the address that client generates a multi-signature, and set at least two private keys to described many
The address signed again is signed, and the client could log in the server.
S203, when the first private key of the client is lost, the second private key of the client is to the multi-signature
Address carries out first time signature.
When the first private key of client is lost, in order to prevent being stolen by people, cause damage to the client, client can be by
The address corresponding to the first private key lost is sent to server, and the address corresponding to the first private key that the server will be lost turns
Enter address blacklist.
S204, the server confirm the first time signature for effectively signature.
Effectively signature refers to that server confirms the private key that the second private key of signature for the first time is the client, and the second private key institute
Corresponding address is not transferred into address blacklist.
S205, the private key of the server carry out second signature to the multi-signature address, in order to the client
End logs in the server.
Signed by first time signature and second, unlocked the address of multi-signature, now client can just be logged in
The server.
The embodiment of the present invention also provides a kind of login system based on multi-signature, and the system includes server and client
There are the corresponding public key in M address and address, private key in end, the server, and M is the integer more than or equal to 1;Client has N number ofly
The corresponding public key in location and address, private key, N is the integer more than or equal to 2;The server will be M+N address and address institute right
The public key answered, generates the address of a multi-signature, and presets M+X private key and the address of the multi-signature is signed,
The client could log in the server;Wherein, X is the integer less than or equal to N;Client described in the server authentication
The X private key at end carries out first time signature to the address of the multi-signature, and after being proved to be successful, the server is to described multiple
The address of signature carries out second signature, it is then determined that the client logs in the server.
Specifically, the server is verified to the private key that the first time signs, and confirms the first time signature
Private key is that the address corresponding to the private key of the default private key of the multi-signature address and first signature is not black in address
In list.
It is intended to as a example by 3 below, the multi-signature login system of the embodiment of the present invention is illustrated.Fig. 3 is real for the present invention
A kind of login system block schematic illustration based on multi-signature of example offer is provided.
S301, the public key corresponding to the N number of address of user end to server transmission and address.
The public key corresponding to M+N address and address is generated the multi-signature address of the client for S302, server.
S303, server preset M+X private key and the multi-signature address are signed, and the client can just be stepped on
Record server.
S304, client carry out first time signature with X private key to the multi-signature address.
To first time signature, S305, server verify that, after first time signature verification success, server is with M private key
Second signature is carried out to the multi-signature address.
S306, the server confirm that client is logged in.
The present invention can be when user loses a private key, it is ensured that user can be with login service device;And ensure user
Private key before can not login service device again, so as to ensure the secure log of user.
Professional should further appreciate that, with reference to each example of the embodiments described herein description
Unit and algorithm steps, can be realized with electronic hardware, be generally described respectively according to function in the above description
The composition of example and step.Use different methods to realize to each specific application described function, but this reality
Now it is not considered that beyond the scope of the embodiment of the present invention.Specifically, the computing and control section can dredging collateral logic hardwares
Realize, which can be the logical integrated circuit manufactured using integrated circuit technology, the present embodiment is not construed as limiting to this.
Can be with hardware, computing device with reference to the method for the embodiments described herein description or the step of algorithm
Software module, or the combination of the two is implementing.Software module can be placed in random access memory (RAM), internal memory, read only memory
(ROM), electrically programmable ROM, electrically erasable ROM, depositor, hard disk, moveable magnetic disc, CD-ROM or technical field
In any other form of storage medium well known to interior.
Above-described specific embodiment, the purpose, technical scheme and beneficial effect to the embodiment of the present invention are carried out
Further describe, the be should be understood that specific embodiment that the foregoing is only the embodiment of the present invention, and without
In limit the embodiment of the present invention protection domain, all any modifications within the spirit and principle of the embodiment of the present invention, made,
Equivalent, improvement etc., should be included within the protection domain of the embodiment of the present invention.
Claims (7)
1. a kind of login method based on multi-signature, is applied in server and client side, it is characterised in that server possesses
The corresponding public key in M address and address, private key, M is the integer more than or equal to 1;Client possesses N number of address and address is corresponding
Public key, private key, N are the integer more than or equal to 2;Methods described includes:
The server is the address that the client generates a multi-signature, and presets M+X private key to described many
The address signed again is signed, and the client could log in the server;Wherein, X is the integer less than or equal to N;
The client carries out first time signature with X private key to the multi-signature address;
The server confirms that the signature of the client is effectively signature;
The server carries out second signature with M private key to the multi-signature address, logs in order to the client
The server.
2. method according to claim 1, it is characterised in that the server confirms that the signature of the client is effective
Signature step is specially:
The server verifies that to the private key that the first time signs the private key of the confirmation first time signature is described many
The address signed corresponding to the default private key and the private key of first signature of address again is not in the blacklist of address.
3. method according to claim 1, it is characterised in that as M=1, N=2, i.e. client possess the first private key and
Second private key, methods described include:
The server is that the client generates a multi-signature address, and presets
The address for stating multi-signature is signed, and the client could log in the server;
The client carries out first time signature with the first private key to the multi-signature address;
The server confirms the first time signature for effectively signature;
The private key of the server carries out second signature to the multi-signature address, logs in order to the client described
Server.
4. method according to claim 3, it is characterised in that when the first private key of the client is lost, the side
Method includes:
The client carries out first time signature with the second private key to the multi-signature address;
The server confirms the first time signature for effectively signature;
The private key of the server carries out second signature to the multi-signature address, logs in order to the client described
Server.
5. method according to claim 3, it is characterised in that methods described also includes:
When the first private key of the client is lost, the address corresponding to first private key is sent to institute by the client
State server;
Address corresponding to first private key is proceeded to address blacklist by the server;
The server confirms that the signature of first private key is invalid signature.
6. a kind of login system based on multi-signature, the system include server and client side, it is characterised in that the service
Device has the corresponding public key in M address and address, private key, and M is the integer more than or equal to 1;Client has N number of address corresponding with address
Public key, private key, N is the integer more than or equal to 2;
Public key corresponding to M+N address and address is generated the address of a multi-signature, and default M+ by the server
X private key is signed to the address of the multi-signature, and the client could log in the server;Wherein, X be less than
Or equal to the integer of N;
X private key of client described in the server authentication carries out first time signature to the address of the multi-signature, checking
After success, the server carries out second signature to the address of the multi-signature, it is then determined that the client logs in institute
State server.
7. system according to claim 6, it is characterised in that the server is carried out to the private key that the first time signs
Checking, confirms that the private key of the first time signature is the private of the default private key and first signature of the multi-signature address
Address corresponding to key is not in the blacklist of address.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610527028X | 2016-07-06 | ||
| CN201610527028 | 2016-07-06 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106533678A true CN106533678A (en) | 2017-03-22 |
| CN106533678B CN106533678B (en) | 2019-09-13 |
Family
ID=58336889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710009045.9A Active CN106533678B (en) | 2016-07-06 | 2017-01-06 | A kind of login method and its system based on multi-signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106533678B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110825811A (en) * | 2019-11-06 | 2020-02-21 | 腾讯科技(深圳)有限公司 | Block chain resource processing method and system |
| CN111401888A (en) * | 2020-03-05 | 2020-07-10 | 海南新软软件有限公司 | Method and device for generating multiple signature wallets |
| CN112184960A (en) * | 2020-09-28 | 2021-01-05 | 杭州安恒信息技术股份有限公司 | Intelligent lock control method and device, intelligent lock system and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997685A (en) * | 2009-08-27 | 2011-03-30 | 阿里巴巴集团控股有限公司 | Single sign-on method, single sign-on system and associated equipment |
| CN105827412A (en) * | 2016-03-14 | 2016-08-03 | 中金金融认证中心有限公司 | Authentication method, server and client |
| CN105871867A (en) * | 2016-04-27 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Identity authentication method, system and equipment |
-
2017
- 2017-01-06 CN CN201710009045.9A patent/CN106533678B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997685A (en) * | 2009-08-27 | 2011-03-30 | 阿里巴巴集团控股有限公司 | Single sign-on method, single sign-on system and associated equipment |
| CN105827412A (en) * | 2016-03-14 | 2016-08-03 | 中金金融认证中心有限公司 | Authentication method, server and client |
| CN105871867A (en) * | 2016-04-27 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Identity authentication method, system and equipment |
Non-Patent Citations (1)
| Title |
|---|
| 孙玉: "安全高效无证书有序多重签名方案", 《重庆邮电大学学报》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110825811A (en) * | 2019-11-06 | 2020-02-21 | 腾讯科技(深圳)有限公司 | Block chain resource processing method and system |
| CN110825811B (en) * | 2019-11-06 | 2024-05-28 | 腾讯科技(深圳)有限公司 | Block chain resource processing method and system |
| CN111401888A (en) * | 2020-03-05 | 2020-07-10 | 海南新软软件有限公司 | Method and device for generating multiple signature wallets |
| CN111401888B (en) * | 2020-03-05 | 2023-07-07 | 北京庚金科技有限公司 | Method and device for generating multi-signature wallet |
| CN112184960A (en) * | 2020-09-28 | 2021-01-05 | 杭州安恒信息技术股份有限公司 | Intelligent lock control method and device, intelligent lock system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106533678B (en) | 2019-09-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111723383B (en) | Data storage and verification method and device | |
| CN104081409B (en) | Method for protecting computing device | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN110287739B (en) | Data security management method and system based on hardware private key storage technology | |
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| CN101986325A (en) | Computer security access control system and method | |
| CN105453102A (en) | Systems and methods for identifying private keys that have been compromised | |
| CN101827101A (en) | Information asset protection method based on credible isolated operating environment | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN108023873A (en) | channel establishing method and terminal device | |
| KR20200102213A (en) | Method and System for Providing Security on in-Vehicle Network | |
| CN105809007A (en) | Privacy protection method and device | |
| CN106533678B (en) | A kind of login method and its system based on multi-signature | |
| CN106686585A (en) | Binding method and system | |
| CN110837634B (en) | Electronic signature method based on hardware encryption machine | |
| CN104363093A (en) | Method for encrypting file data by dynamic authorization code | |
| De Cock et al. | Threat modelling for security tokens in web applications | |
| CN113660268A (en) | Login authorization management method, system, device and medium | |
| CN116506134B (en) | Digital certificate management method, device, equipment, system and readable storage medium | |
| CN107273725A (en) | A kind of data back up method and system for classified information | |
| CN202009397U (en) | Remote fingerprint USB (Universal Serial Bus) flash disk erasion system | |
| CN103873586A (en) | Public account number management method based on digital certificates and micro blog management platform | |
| CN102542698B (en) | Safety protective method of electric power mobile payment terminal | |
| CN106817385A (en) | Cloud terminal network access system based on high speed reliable hardware module | |
| CN103944726B (en) | Operation requests processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201015 Address after: Room 1201, No. 136, banhe Road, Huangpu District, Guangzhou City, Guangdong Province Patentee after: Guangzhou Tai Yun Technology Co.,Ltd. Address before: 301708, No. 22, South Government Road, Huanghua Town, Wuqing District, Tianjin Patentee before: TIANJIN MIYOU TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221226 Address after: 101100 3586, Floor 1, Building 3, No. 6, Guoxing Second Street, Tongzhou District, Beijing Patentee after: Beijing Taiyi Digital Technology Co.,Ltd. Address before: 510535 room 1201, No. 136, Panhe Road, Huangpu District, Guangzhou City, Guangdong Province Patentee before: Guangzhou Tai Yun Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231113 Address after: 903-76, 9th Floor, Building 17, Yard 30, Shixing Street, Shijingshan District, Beijing, 100000 Patentee after: Beijing Qinhai Technology Co.,Ltd. Address before: 101100 3586, Floor 1, Building 3, No. 6, Guoxing Second Street, Tongzhou District, Beijing Patentee before: Beijing Taiyi Digital Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |