CN106533678B - A kind of login method and its system based on multi-signature - Google Patents
A kind of login method and its system based on multi-signature Download PDFInfo
- Publication number
- CN106533678B CN106533678B CN201710009045.9A CN201710009045A CN106533678B CN 106533678 B CN106533678 B CN 106533678B CN 201710009045 A CN201710009045 A CN 201710009045A CN 106533678 B CN106533678 B CN 106533678B
- Authority
- CN
- China
- Prior art keywords
- address
- signature
- server
- private key
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000012790 confirmation Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of login method based on multi-signature, is applied in server and client side, and server possesses M private key, and M is the integer more than or equal to 1;Client possesses N number of private key, N is the integer more than or equal to 2, include: the address that the server is the client one multi-signature of generation, and preset M+X private key and sign to the address of the multi-signature, the client could log in the server;Wherein, X is the integer less than or equal to N;The client carries out first time signature to the multi-signature address with X private key;The server confirms that the signature of the client is effectively to sign;The server carries out second to the multi-signature address with M private key and signs, in order to which the client logs in the server.The secure log of present invention guarantee user.
Description
Technical field
The present invention relates to data processing field more particularly to a kind of login methods and its system based on multi-signature.
Background technique
Currently, being logged in using username and password is a kind of common login mode.But in actual application, user
Password can be lost, causes user can not login service device;User makes up password, and process is cumbersome, and during making up, if occurring close
In the case that code is stolen by third party, third party damage with the username and password of the user behavior of the user.
Therefore, when the password loss of user, whether user can be sent to clothes for the information of password loss by a kind of mechanism
Business device, the server no longer allow the password login;In addition, during password is made up, whether user can be by spare close
Code carries out login service device, without influencing user's normal experience.Namely ensure experience and safety that user logs in, becomes urgently
Problem to be solved.
Summary of the invention
The application provides a kind of login method and device based on multi-signature, and this method can lose a private in user
When key, it is ensured that user can be with login service device;And guarantee the private key before user can not login service device again, to protect
Demonstrate,prove the secure log of user.
The application first aspect provides a kind of login method based on multi-signature, is applied in server and client side,
Server possesses the corresponding public key in M address and address, private key, and M is the integer more than or equal to 1;Client possess N number of address and
The corresponding public key in address, private key, N are the integer more than or equal to 2;The described method includes: the server is raw for the client
At the address of a multi-signature, and presets M+X private key and sign to the address of the multi-signature, the client
End could log in the server;Wherein, X is the integer less than or equal to N;The client is with X private key to described multiple
Signature address carries out first time signature;The server confirms that the signature of the client is effectively to sign;The server M
A private key carries out second to the multi-signature address and signs, in order to which the client logs in the server.
The application second aspect provides a kind of login system based on multi-signature, which includes server and client
End, the server have the corresponding public key in M address and address, private key, and M is the integer more than or equal to 1;Client has N number ofly
The corresponding public key in location and address, private key, N are the integer more than or equal to 2;The server is right by M+N address and address institute
The public key answered generates the address of a multi-signature, and default M+X private key signs to the address of the multi-signature,
The client could log in the server;Wherein, X is the integer less than or equal to N;Client described in the server authentication
The X private key at end carries out first time signature to the address of the multi-signature, and after being proved to be successful, the server is to described multiple
The address of signature carries out second and signs, and then determines that the client logs in the server.
The application can be when user loses a private key, it is ensured that user can be with login service device;And guarantee user
Private key before can not login service device again, to guarantee the secure log of user.
Detailed description of the invention
Fig. 1 is a kind of login method flow diagram based on multi-signature provided in an embodiment of the present invention;
Fig. 2 is the login method flow diagram that a kind of client private key provided in an embodiment of the present invention is lost;
Fig. 3 is a kind of login system block schematic illustration based on multi-signature provided in an embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described in detail with reference to the accompanying drawing.It will be appreciated that described embodiment is only
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Below by taking Fig. 1 as an example, the embodiment of the present invention is illustrated.
As shown in Figure 1, a kind of login method based on multi-signature, including step S101-S105:
S101, server possess M private key, and M is the integer more than or equal to 1;Client possesses N number of private key, N be greater than etc.
In 2 integer.
In a kind of possible implementation of the invention, client possesses the corresponding public key in M+N address and address
And private key;Client is sent to the corresponding private key in M address and address and public key of server.Each private key is one corresponding
Public key, the corresponding address of a public key.
In the implementation of another possibility of the invention, the corresponding private key in M address of server and address,
Public key is generated by server.
It should be noted that private key corresponding to address and address that client or server are possessed all is unique.
S102, the server is the address that the client generates a multi-signature, and presets M+X private key
It signs to the address of the multi-signature, the client could log in the server;Wherein, X is less than or equal to N
Integer.
The corresponding public key in N number of address and address is sent to server by client, and server is according to M+N address and ground
The corresponding public key in location generates the address of the multi-signature of the client, such as is generated with createmultisig order,
Createmultisig<n><' [" key ", " key ", " key "] '>, n indicates private key quantity required for unlock address.
The value of the server settings n, the setting of n value can guarantee the server cannot enough M private keys to unlock this more
It signs again address, and the private key for being necessarily required to the client participates in unlock.Therefore being set as M+X private key could unlock ground
Location, and X is the integer less than or equal to N, the client can login service device after unlocking address.
It should be noted that the private key of above-mentioned n unlock address refers to the multi-signature for only generating above-mentioned client
Private key corresponding to M+N public key of address, could unlock the address of multi-signature, could login service device after unlock.Service
Device includes the server of the various websites for needing to register username and password.
S103, the client carry out first time signature to the multi-signature address with X private key.
S104, the server confirm that the signature of the client is effectively to sign.
Effectively signature refers to private key of the X private key of server confirmation signature for the first time for the client, and the X private key institute
Corresponding address is not transferred into address blacklist.When some private key loss of client, is stolen in order to prevent by people, give the visitor
Family end causes damages, and address information corresponding to the loss private key can be sent to server by client, which will lose
Private key corresponding to address be transferred to address blacklist.
S105, the server carries out second to the multi-signature address with M private key and signs, in order to the visitor
Family end logs in the server.
The server carries out second after signing multi-signature address with M private key, which is solved
Lock, in order to which the client logs in the server.
It should be noted that the client in the embodiment of the present invention includes individual client end and institutional client end, not to this
It limits;Server includes credit investigation system server, Website server etc., is not construed as limiting to this.
Below by taking Fig. 2 as an example, when server only possesses a private key, client is implemented the present invention there are two when private key
The login process of example is illustrated.
Fig. 2 is the login method flow diagram that a kind of client private key provided in an embodiment of the present invention is lost.Such as Fig. 2 institute
Show, including step S201-S205,
S201, server possess a private key, and client gathers around that there are two private keys, i.e. the first private key and the second private key.
S202, server are the address that client generates a multi-signature, and set at least two private keys to described more
The address signed again is signed, and the client could log in the server.
S203, when the first private key of the client is lost, the client is with the second private key to the multi-signature
Address carries out first time signature.
It when the first private key loss of client, is stolen by people, causes damages to the client in order to prevent, client can incite somebody to action
Address corresponding to the first private key lost is sent to server, and address corresponding to the first private key of the server by loss turns
Enter address blacklist.
S204, the server confirm the first time signature for effectively signature.
Effectively signature refers to that the second private key of server confirmation signature for the first time is the private key of the client, and the second private key institute
Corresponding address is not transferred into address blacklist.
S205, the private key of the server carries out second to the multi-signature address and signs, in order to the client
End logs in the server.
It is signed by first time signature and second, has unlocked the address of multi-signature, client can log at this time
The server.
The embodiment of the present invention also provides a kind of login system based on multi-signature, which includes server and client
End, the server have the corresponding public key in M address and address, private key, and M is the integer more than or equal to 1;Client has N number ofly
The corresponding public key in location and address, private key, N are the integer more than or equal to 2;The server is right by M+N address and address institute
The public key answered generates the address of a multi-signature, and default M+X private key signs to the address of the multi-signature,
The client could log in the server;Wherein, X is the integer less than or equal to N;Client described in the server authentication
The X private key at end carries out first time signature to the address of the multi-signature, and after being proved to be successful, the server is to described multiple
The address of signature carries out second and signs, and then determines that the client logs in the server.
Specifically, the private key that the server signs to the first time is verified, and confirms the first time signature
Private key is that address corresponding to the private key of the preset private key of the multi-signature address and first signature is not black in address
In list.
It is intended to for 3 below, the multi-signature login system of the embodiment of the present invention is illustrated.Fig. 3 is that the present invention is real
A kind of login system block schematic illustration based on multi-signature of example offer is provided.
S301, user end to server send public key corresponding to N number of address and address.
Public key corresponding to M+N address and address is generated the multi-signature address of the client by S302, server.
S303, server preset M+X private key and sign to the multi-signature address, which can just step on
Record server.
S304, client carry out first time signature to the multi-signature address with X private key.
S305, server verify first time signature, after first time signature verification success, M private key of server
Second is carried out to the multi-signature address to sign.
S306, the server confirmation client log in.
The present invention can be when user loses a private key, it is ensured that user can be with login service device;And guarantee user
Private key before can not login service device again, to guarantee the secure log of user.
Professional should further appreciate that, described in conjunction with the examples disclosed in the embodiments of the present disclosure
Unit and algorithm steps can be realized with electronic hardware, in the above description be generally described respectively according to function
Exemplary composition and step.Each specific application is used different methods to achieve the described function, but this reality
Now it is not considered that exceeding the range of the embodiment of the present invention.Specifically, the operation and control section can dredging collateral logic hardwares
It realizes, can be the logical integrated circuit manufactured using integrated circuit technology, the present embodiment is not construed as limiting this.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can be executed with hardware, processor
The combination of software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only memory
(ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field
In any other form of storage medium well known to interior.
Above-described specific embodiment carries out the purpose of the embodiment of the present invention, technical scheme and beneficial effects
It is further described, it should be understood that the foregoing is merely the specific embodiments of the embodiment of the present invention, and does not have to
It is all within the spirit and principle of the embodiment of the present invention in the protection scope for limiting the embodiment of the present invention, any modification for being made,
Equivalent replacement, improvement etc., should be included within the protection scope of the embodiment of the present invention.
Claims (7)
1. a kind of login method based on multi-signature is applied in server and client side, which is characterized in that server possesses
The corresponding public key in M address and address, private key, M are the integer more than or equal to 1;Client possesses N number of address and address is corresponding
Public key, private key, N are the integer more than or equal to 2;The described method includes:
The server is the address that the client generates a multi-signature, and presets M+X private key to described more
The address signed again is signed, and the client could log in the server;Wherein, X is the integer less than or equal to N;
The client carries out first time signature to the multi-signature address with X private key;
The server confirms that the signature of the client is effectively to sign;
The server carries out second to the multi-signature address with M private key and signs, in order to client login
The server.
2. the method according to claim 1, wherein the server confirms that the signature of the client is effective
Signature step specifically:
The private key that the server signs to the first time is verified, and confirms that the private key of the first time signature is described more
Address corresponding to the private key of the preset private key of signature address and first time signature is not in the blacklist of address again.
3. the method according to claim 1, wherein as M=1, N=2, i.e., client possess the first private key and
Second private key, which comprises
The server is that the client generates a multi-signature address, and presets and at least need two private keys to institute
The address for stating multi-signature is signed, and the client could log in the server;
The client carries out first time signature to the multi-signature address with the first private key;
The server confirms the first time signature for effectively signature;
The private key of the server carries out second to the multi-signature address and signs, in order to described in client login
Server.
4. according to the method described in claim 3, it is characterized in that, when the client the first private key lose when, the side
Method includes:
The client carries out first time signature to the multi-signature address with the second private key;
The server confirms the first time signature for effectively signature;
The private key of the server carries out second to the multi-signature address and signs, in order to described in client login
Server.
5. according to the method described in claim 3, it is characterized in that, the method also includes:
When the first private key of the client is lost, address corresponding to first private key is sent to institute by the client
State server;
Address corresponding to first private key is transferred to address blacklist by the server;
The server confirms that the signature of first private key is invalid signature.
6. a kind of login system based on multi-signature, the system include server and client side, which is characterized in that the service
Device has the corresponding public key in M address and address, private key, and M is the integer more than or equal to 1;Client has N number of address and address corresponding
Public key, private key, N is integer more than or equal to 2;
Public key corresponding to M+N address and address is generated the address of a multi-signature, and default M+ by the server
X private key signs to the address of the multi-signature, and the client could log in the server;Wherein, X be less than
Or the integer equal to N;
X private key of client described in the server authentication carries out first time signature, verifying to the address of the multi-signature
After success, the server carries out second to the address of the multi-signature and signs, and then determines that the client logs in institute
State server.
7. system according to claim 6, which is characterized in that the server carries out the private key that the first time signs
Verifying confirms that the private key of the first time signature is the preset private key and first time signature of the multi-signature address
Address corresponding to private key is not in the blacklist of address.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610527028X | 2016-07-06 | ||
| CN201610527028 | 2016-07-06 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106533678A CN106533678A (en) | 2017-03-22 |
| CN106533678B true CN106533678B (en) | 2019-09-13 |
Family
ID=58336889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710009045.9A Active CN106533678B (en) | 2016-07-06 | 2017-01-06 | A kind of login method and its system based on multi-signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106533678B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110825811B (en) * | 2019-11-06 | 2024-05-28 | 腾讯科技(深圳)有限公司 | Block chain resource processing method and system |
| CN111401888B (en) * | 2020-03-05 | 2023-07-07 | 北京庚金科技有限公司 | Method and device for generating multi-signature wallet |
| CN112184960B (en) * | 2020-09-28 | 2022-08-02 | 杭州安恒信息技术股份有限公司 | Intelligent lock control method and device, intelligent lock system and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997685A (en) * | 2009-08-27 | 2011-03-30 | 阿里巴巴集团控股有限公司 | Single sign-on method, single sign-on system and associated equipment |
| CN105827412A (en) * | 2016-03-14 | 2016-08-03 | 中金金融认证中心有限公司 | Authentication method, server and client |
| CN105871867A (en) * | 2016-04-27 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Identity authentication method, system and equipment |
-
2017
- 2017-01-06 CN CN201710009045.9A patent/CN106533678B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101997685A (en) * | 2009-08-27 | 2011-03-30 | 阿里巴巴集团控股有限公司 | Single sign-on method, single sign-on system and associated equipment |
| CN105827412A (en) * | 2016-03-14 | 2016-08-03 | 中金金融认证中心有限公司 | Authentication method, server and client |
| CN105871867A (en) * | 2016-04-27 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Identity authentication method, system and equipment |
Non-Patent Citations (1)
| Title |
|---|
| 安全高效无证书有序多重签名方案;孙玉;《重庆邮电大学学报》;20160630;第28卷(第3期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106533678A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7152424B6 (en) | Computer-implemented system and method for providing a decentralized protocol for recovery of crypto-assets | |
| US7793340B2 (en) | Cryptographic binding of authentication schemes | |
| CN109905247B (en) | Block chain based digital signature method, device, equipment and storage medium | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN109937419A (en) | The initial method for the equipment that security function is strengthened and the firmware update of equipment | |
| JP2008527565A (en) | The last line of defense to ensure that it is sufficiently legitimate / latest code | |
| CN106533678B (en) | A kind of login method and its system based on multi-signature | |
| CN110224811B (en) | Internet of things encryption processing method, device and system | |
| CN111404696A (en) | Collaborative signature method, security service middleware, related platform and system | |
| KR20200102213A (en) | Method and System for Providing Security on in-Vehicle Network | |
| CN113626802A (en) | Login verification system and method for equipment password | |
| CN110837634B (en) | Electronic signature method based on hardware encryption machine | |
| CN107070881B (en) | Key management method, system and user terminal | |
| CN116506134B (en) | Digital certificate management method, device, equipment, system and readable storage medium | |
| De Cock et al. | Threat modelling for security tokens in web applications | |
| Sagarin et al. | The path of least resistance | |
| CN112069515B (en) | Safe EFUSE burning method and system | |
| CN104333451A (en) | Trusted self-help service system | |
| CN104333541A (en) | Trusted self-help service system | |
| CN109687967B (en) | Electronic signature method and device | |
| CN109714148B (en) | Method for remote multi-party authentication of user identity | |
| CN103944726B (en) | Operation requests processing system | |
| CN106549766A (en) | A kind of processing method and relevant device of assessment report | |
| CN108449753B (en) | Method for reading data in trusted computing environment by mobile phone device | |
| CN104601328A (en) | Component safety calling system and calling method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201015 Address after: Room 1201, No. 136, banhe Road, Huangpu District, Guangzhou City, Guangdong Province Patentee after: Guangzhou Tai Yun Technology Co.,Ltd. Address before: 301708, No. 22, South Government Road, Huanghua Town, Wuqing District, Tianjin Patentee before: TIANJIN MIYOU TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221226 Address after: 101100 3586, Floor 1, Building 3, No. 6, Guoxing Second Street, Tongzhou District, Beijing Patentee after: Beijing Taiyi Digital Technology Co.,Ltd. Address before: 510535 room 1201, No. 136, Panhe Road, Huangpu District, Guangzhou City, Guangdong Province Patentee before: Guangzhou Tai Yun Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231113 Address after: 903-76, 9th Floor, Building 17, Yard 30, Shixing Street, Shijingshan District, Beijing, 100000 Patentee after: Beijing Qinhai Technology Co.,Ltd. Address before: 101100 3586, Floor 1, Building 3, No. 6, Guoxing Second Street, Tongzhou District, Beijing Patentee before: Beijing Taiyi Digital Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |