CN107742212B - Asset verification method, device and system based on block chain - Google Patents
Asset verification method, device and system based on block chain Download PDFInfo
- Publication number
- CN107742212B CN107742212B CN201710951476.7A CN201710951476A CN107742212B CN 107742212 B CN107742212 B CN 107742212B CN 201710951476 A CN201710951476 A CN 201710951476A CN 107742212 B CN107742212 B CN 107742212B
- Authority
- CN
- China
- Prior art keywords
- service provider
- authentication
- qualification
- authentication center
- asset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
Abstract
The invention discloses an asset verification method, device and system based on a block chain. The method comprises the following steps: the node receives asset identity information of an asset to be verified, and acquires asset verification information matched with the asset identity information from a block chain; wherein the asset validation information comprises: the certification center qualification verification information, the service provider qualification verification information and the asset authentication information; the node verifies the qualification of the authentication center according to the qualification verification information of the authentication center; if the node determines that the qualification verification of the authentication center passes, verifying the qualification of the service provider according to the qualification verification information of the authentication center and the qualification verification information of the service provider; and if the node determines that the qualification verification of the service provider passes, verifying the assets to be verified according to the qualification verification information of the service provider and the asset authentication information. By the technical scheme of the invention, the asset verification service can be stably, safely and effectively provided.
Description
Technical Field
The embodiment of the invention relates to a block chain technology, in particular to an asset verification method, device and system based on a block chain.
Background
Digital assets (such as bitcoins) are always on a chain from the beginning of generation, a blockchain can cover the whole service life cycle of the digital assets, the technical credible environment established by the blockchain is a digital closed system naturally, but in reality, most of the assets relate to the online physical assets, and if the closed system is endorsed and managed without a credible organization or some mechanism, the authenticity of the physical assets before entering the closed system cannot be guaranteed. Some business scenes need to make account-actual coincidence all the time, and chains are synchronized at any time. At present, a block chain is difficult to completely cover all links on the full life cycle of a physical asset service, the digitization work and the chaining authenticity of the physical asset are ensured, more credible organization endorsements and centralized responsibility guarantee mechanisms are required, and the block chain only solves the circulation consistency and traceability of the offline physical asset at different nodes after digitization.
For example, in the field of luxury high-grade wine anti-counterfeiting, the way for a user to detect the current wine is as follows: scanning an external IC (Integrated Circuit) chip of a wine bottle to acquire the identity information (Product GUID) of the current wine, and then judging whether the wine is true or false according to a service interface provided by a wine manufacturer. The uniqueness of the chip IC identity identification improves the counterfeiting difficulty, and the service interface is called in an intelligent contract and can link the detection process completely. However, this method is based on a centralized Service interface provided by a Service provider, is naturally vulnerable to DDOS (Distributed Denial of Service) attacks, may be affected by data tampering by insiders, and the like, and thus cannot stably and effectively provide asset verification services.
Disclosure of Invention
The invention provides an asset verification method, device and system based on a block chain, which are used for realizing stable, safe and effective provision of asset verification services.
In a first aspect, an embodiment of the present invention provides an asset verification method based on a blockchain, including:
the node receives asset identity information of an asset to be verified, and acquires asset verification information matched with the asset identity information from a block chain;
wherein the asset validation information comprises: the certification center qualification verification information, the service provider qualification verification information and the asset authentication information; the qualification verification information of the authentication center is correspondingly updated after the authentication center completes authentication; the service provider qualification verification information is correspondingly updated after the service provider completes authentication; the asset authentication information is correspondingly updated after the asset is authenticated;
the node verifies the qualification of the authentication center according to the qualification verification information of the authentication center;
if the node determines that the qualification verification of the authentication center passes, verifying the qualification of the service provider according to the qualification verification information of the authentication center and the qualification verification information of the service provider;
and if the node determines that the qualification verification of the service provider passes, verifying the assets to be verified according to the qualification verification information of the service provider and the asset authentication information.
In a second aspect, an embodiment of the present invention further provides an authentication method for an authentication center, including:
the authentication center sends authentication application information to each node included in the network periodically, wherein the node includes a representative node and a miner node;
the authentication center receives qualification judgment results of the authentication center returned by the representative nodes, wherein after receiving the authentication application information, the representative nodes judge whether the qualification of the authentication center is qualified according to the authentication application information and return corresponding judgment results;
if the authentication center determines that the qualification of the authentication center is qualified according to the representative nodes exceeding the preset proportion in the nodes, the authentication center determines that the qualification authentication is successful, and triggers at least one miner node to update the block chain according to first special transaction information generated in the authentication process of the authentication center;
wherein the first special transaction information comprises: and the certification center qualification verification information of the certification center.
In a third aspect, an embodiment of the present invention further provides a service provider authentication method, including:
the service provider provides a service provider qualification certificate to an authentication center, wherein after the authentication center receives the service provider qualification certificate, if the qualification examination of the service provider is determined to pass according to the service provider qualification certificate, a service provider identifier is distributed to the service provider;
if the service provider receives the service provider identification distributed by the authentication center, encrypting the service provider identification by using a service provider private key to obtain a service provider identification signature;
the service provider returns the service provider identification and the service provider identification signature to the authentication center so that the authentication center encrypts the service provider identification and the service provider identification signature by using an authentication center private key to generate a service provider identification signature authentication center re-signature, publishes the service provider identification, the service provider identification signature authentication center re-signature and a service provider public key matched with the service provider private key to the whole network, and triggers at least one miner node to update a block chain according to second special transaction information generated in the authentication process of the service provider;
wherein the second special transaction information comprises: and the service provider qualification verification information of the service provider.
In a fourth aspect, an embodiment of the present invention further provides an asset verification apparatus based on a block chain, where the asset verification apparatus is configured on a node device, and the apparatus includes:
the verification information acquisition module is used for receiving asset identity information of an asset to be verified and acquiring asset verification information matched with the asset identity information from a block chain;
wherein the asset validation information comprises: the certification center qualification verification information, the service provider qualification verification information and the asset authentication information; the qualification verification information of the authentication center is correspondingly updated after the authentication center completes authentication; the service provider qualification verification information is correspondingly updated after the service provider completes authentication; the asset authentication information is correspondingly updated after the asset is authenticated;
the central qualification verification module is used for verifying the qualification of the authentication center according to the qualification verification information of the authentication center;
the service provider qualification verification module is used for verifying the qualification of the service provider according to the qualification verification information of the authentication center and the qualification verification information of the service provider if the qualification verification of the authentication center is determined to pass;
and the to-be-verified asset verification module is used for verifying the to-be-verified asset according to the qualification verification information of the service provider and the asset authentication information if the qualification verification of the service provider is determined to pass.
In a fifth aspect, an embodiment of the present invention further provides an authentication apparatus configured on a device of an authentication center, where the apparatus includes:
the system comprises an application information sending module, a receiving module and a sending module, wherein the application information sending module is used for sending authentication application information to each node included in a network periodically, and the node includes a representative node and a miner node;
a judgment result receiving module, configured to receive a qualification judgment result of the authentication center returned by each representative node, where after receiving the authentication application information, the representative node judges whether the qualification of the authentication center is qualified according to the authentication application information, and returns a corresponding judgment result;
the authentication success determining module is used for determining that qualification authentication is successful and triggering at least one miner node to update a block chain according to first special transaction information generated in the authentication process of the authentication center if the representative node exceeding the preset proportion in the nodes is determined to judge that the qualification of the authentication center is qualified;
wherein the first special transaction information comprises: and the certification center qualification verification information of the certification center.
In a sixth aspect, an embodiment of the present invention further provides an apparatus for authenticating a service provider, where the apparatus is configured on a device of the service provider, and the apparatus includes:
the qualification certification providing module is used for providing a service provider qualification certification for an authentication center, wherein after the authentication center receives the service provider qualification certification, if the qualification examination of the service provider is determined to pass according to the service provider qualification certification, a service provider identifier is distributed to the service provider;
the server identification encryption module is used for encrypting the server identification by using a server private key to obtain a server identification signature if the server identification distributed by the authentication center is received;
the identification signature returning module is used for returning the service provider identification and the service provider identification signature to the authentication center so that the authentication center encrypts the service provider identification and the service provider identification signature by using an authentication center private key to generate a service provider identification signature authentication center re-signature, publishes the service provider identification, the service provider identification signature authentication center re-signature and a service provider public key matched with the service provider private key to the whole network, and triggers at least one miner node to update a block chain according to second special transaction information generated in the authentication process of the service provider;
wherein the second special transaction information comprises: and the service provider qualification verification information of the service provider.
In a seventh aspect, an embodiment of the present invention further provides an asset verification system, where the asset verification system includes a plurality of nodes, at least one authentication center, and at least one service provider, where the nodes are configured to execute any of the asset verification methods based on a blockchain in the embodiments of the present invention; the authentication center is used for executing the authentication method of the authentication center in the embodiment of the invention; the server is used for executing the server authentication method in any embodiment of the invention.
The embodiment of the invention respectively verifies the qualification of the authentication center and the service provider through the node according to the acquired asset verification information, verifies the asset to be verified after the qualification of the authentication center and the qualification of the service provider are verified, utilizes the advantage of carrying out layer-by-layer verification during the online verification of the asset to be verified, solves the problems of low safety, instability and the like caused by single-layer verification only by a centralized interface provided by the service provider in the prior art, and realizes the stable, safe and effective provision of asset verification service.
Drawings
Fig. 1 is a schematic flowchart of an asset verification method based on a blockchain according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating an authentication method of an authentication center according to a second embodiment of the present invention;
fig. 3 is a schematic flowchart of a service provider authentication method according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an asset verification apparatus based on a block chain according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an authentication device of an authentication center according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an authentication apparatus for a service provider according to a sixth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a schematic flowchart of an asset verification method based on a blockchain according to an embodiment of the present invention. The method is applicable to the case of asset verification on a blockchain, and can be executed by a blockchain-based asset verification device, which can be composed of hardware and/or software and can be generally integrated in a computer, a mobile phone and other terminal equipment which can be used as a network node. The method specifically comprises the following steps:
s110, the node receives asset identity information of an asset to be verified, and acquires asset verification information matched with the asset identity information from the block chain; wherein the asset validation information comprises: the certification center qualification verification information, the service provider qualification verification information and the asset certification information.
Specifically, the qualification verification information of the authentication center is correspondingly updated after the authentication center completes authentication; the service provider qualification verification information is correspondingly updated after the service provider completes authentication; and correspondingly updating the asset authentication information after the asset is authenticated.
In a narrow sense, the blockchain is a distributed account book which is a chain data structure formed by combining data blocks in a sequential connection mode according to a time sequence and is guaranteed in a cryptographic mode and cannot be tampered and forged. Broadly speaking, the blockchain technique is a completely new distributed infrastructure and computing paradigm that utilizes blockchain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, cryptographically secure data transmission and access, and utilizes intelligent contracts composed of automated script code to program and manipulate data. The block chain is a string of data blocks generated by using a cryptographic method, each data block contains information of one network transaction and is used for verifying the validity (anti-counterfeiting) of the information and generating the next block, so that the assets to be verified can be verified only after being generated into digital assets and written into the block chain, namely, after being subjected to uplink chain, and optionally, after being subjected to offline verification by different mechanisms, the assets to be verified are reliably uplink chain-connected by a specific mechanism to generate the digital assets.
Optionally, the asset identity information may be, for example, an ID number of the product, or information that can uniquely identify the product, such as two-dimensional code information of the product. Illustratively, the corresponding asset verification information is extracted from a transaction record that matches the asset identity information, wherein the transaction record may be generated and written into the blockchain upon authentication of the authentication center, the facilitator, and the asset. Optionally, a blockchain program may be installed on the device of each node to provide an asset verification interface.
And S120, the node verifies the qualification of the authentication center according to the qualification verification information of the authentication center.
Optionally, the qualification verification information of the authentication center may be information capable of assisting in verifying the qualification of the authentication center, and the information may be character information. For example, the certification center is a basis for all qualification certifications, and may correspond to a national organization with an audit right, which is a basis for verifying the entire asset to be verified, and needs to be certified through the whole network, so that the certification basis, i.e. the qualification of the certification center, is needed before verifying the asset.
The method has the advantages that the trust foundation of the whole verification process can be established, and whether the assets to be verified are trusted or not is verified from the source, so that the problem that the down-link assets corresponding to the up-link assets cannot be identified due to the fact that the assets are verified by a false organization without investigation is solved, and the reliability of the asset verification process is improved.
Preferably, the certification authority qualification verification information includes: the system comprises an authentication center identifier, an authentication center public key and an authentication center identifier signature.
The certificate authority identifier may be an identifier assigned to the certificate authority by another authority government entity, or an identifier set by the certificate authority to represent the identity of the certificate authority, and may be characters such as numbers and letters, which is not limited herein. The public key of the authentication center corresponds to the private key of the authentication center, the signature of the identification of the authentication center can be obtained by encrypting the identification of the authentication center by using the private key of the authentication center, and correspondingly, the public key of the authentication center can be used for decrypting the signature of the identification of the authentication center.
Preferably, the node verifies the qualification of the authentication center according to the qualification verification information of the authentication center, including:
the node decrypts the certificate authority identification signature by using the certificate authority public key;
and if the node determines that the decryption result is consistent with the identification of the authentication center, determining that the qualification verification of the authentication center passes.
Optionally, the certificate authority identification signature may be obtained by encrypting the certificate authority identification by using a certificate authority private key, and the encryption mode used in the signature may be asymmetric encryption, such as an RSA encryption algorithm, which uses a public key cryptosystem, where the public key cryptosystem uses different encryption keys and decryption keys, and is a cryptosystem in which "deriving a decryption key from a known encryption key is computationally infeasible". Therefore, the certification center identification signature obtained by encrypting the encrypted key (namely, the certification center private key) can be decrypted by using the decryption key (namely, the certification center public key), and if the decryption result obtained by decrypting the certification center identification signature by using the obtained certification center public key is consistent with the certification center identification obtained from the block chain, the information of the certification center is true and effective, so that the qualification verification of the certification center can be determined to pass.
S130, if the node determines that the qualification verification of the authentication center passes, verifying the qualification of the service provider according to the qualification verification information of the authentication center and the qualification verification information of the service provider.
Optionally, since the asset is endorsed layer by the authentication center and the service provider, the qualification of the service provider needs to be verified after the qualification verification of the authentication center passes. For example, the service provider can be authenticated by the authentication center during uplink, so that the qualification of the service provider needs to be verified according to the qualification verification information of the authentication center and the qualification verification information of the service provider when the qualification of the service provider is verified, so as to ensure the authenticity of the qualification of the service provider through endorsement of the authentication center and improve the reliability of the asset verification process.
Preferably, the service provider qualification verification information includes: the server identification, the server public key, the server identification signature and the server identification signature authentication center re-signature.
The service provider identifier may be a unique identifier assigned to the authenticated service provider after offline authentication by the authentication center, and may be characters such as numbers and letters, which are not limited herein. The service provider public key corresponds to the service provider private key, the service provider identification signature can be obtained by encrypting the service provider identification by using the service provider private key, the service provider identification signature authentication center re-signature can be obtained by re-encrypting the service provider identification and a synthetic identification of the service provider identification signature by using the authentication center private key, correspondingly, the service provider public key can be used for decrypting the service provider identification signature, and the authentication center public key can be used for decrypting the authentication center signature and decrypting the service provider identification signature authentication center re-signature.
Preferably, the node verifies the qualification of the service provider according to the qualification verification information of the authentication center and the qualification verification information of the service provider, and the method comprises the following steps:
the node decrypts the re-signature of the service mark identification and signature authentication center by using the public key of the authentication center;
the node removes the service provider mark from the decryption result and then decrypts by using the service provider public key;
and if the node determines that the re-decryption result obtained by re-decryption is consistent with the service provider identification, determining that the qualification verification of the service provider is passed.
Optionally, the service provider identifier signature may be obtained by encrypting the service provider identifier using a service provider private key, and the encryption mode used in the service provider identifier signature may be asymmetric encryption, such as an RSA encryption algorithm. Accordingly, when verifying the qualification of the service provider, the service provider may first use the decryption key (i.e., the authentication center public key) of the authentication center to re-sign the service provider identifier obtained by encrypting the encryption key (i.e., the authentication center private key) of the authentication center to the authentication center, then remove the service provider identifier obtained from the blockchain in a default manner from the decrypted result, and use the service provider public key to re-decrypt the result after removing the service provider identifier, and if the result obtained after re-decryption is consistent with the service provider identifier obtained from the blockchain, it is indicated that the service provider is authenticated by the qualified authentication center, so that the qualification verification of the service provider can be determined to pass.
S140, if the node determines that the qualification verification of the service provider passes, verifying the assets to be verified according to the qualification verification information of the service provider and the asset authentication information.
Optionally, if the certification center for the asset endorsement and the qualification verification of the service provider both pass through in sequence, it may be started to verify whether the asset to be verified is trusted. For example, since the asset can be authenticated by the authenticated facilitator when being linked, the qualification verification needs to be performed according to the qualification verification information of the facilitator and the asset authentication information when the asset to be verified is verified, so as to ensure the authenticity of the asset to be verified through the endorsement of the facilitator and improve the reliability of the asset verification process. In addition, because the authentication center and the service provider which are the asset endorsements are verified layer by layer, the problems that the data of the exposed interface is easy to be distorted and the like because only single-layer verification is carried out in the verification process can be avoided, and the safety and the stability of the asset verification process are improved.
Preferably, the asset authentication information includes: asset unique identification, asset unique identification facilitator signature.
The asset unique identifier may be a unique identifier assigned to the asset by the service provider after offline authentication, the identifier may be assigned according to the characteristics of the asset itself, and the content of the asset identity information and the content of the asset unique identifier may be identical and are both used to characterize the identity characteristics of the asset, so that the asset unique identifier has exclusivity, such as an anti-counterfeit IC chip embedded in high-end wine, a natural appearance of a diamond, coordinates and an area of a house contract, and may be characters such as numbers and letters, and the like, which is not limited herein. The asset unique identifier server signature may be obtained by the server encrypting the asset unique identifier with a server private key, and correspondingly, the server public key may be used to decrypt the asset unique identifier server signature.
Preferably, the node verifies the asset to be verified according to the service provider qualification verification information and the asset authentication information, and the method includes:
the node decrypts the asset unique identification service provider signature by using the service provider public key;
and if the node determines that the decryption result is consistent with the asset unique identifier, determining that the asset to be verified passes the verification.
Optionally, the asset unique identifier server signature may be obtained by encrypting the asset unique identifier with a server private key, and the encryption mode used in the asset unique identifier server signature may be asymmetric encryption, such as an RSA encryption algorithm. Accordingly, when the authenticity of the asset to be verified is verified, the asset unique identifier server signature obtained by encrypting the encrypted key (i.e. the server private key) can be decrypted by using the decryption key (i.e. the server public key), and if the decryption result obtained by decryption is consistent with the asset unique identifier obtained from the block chain, the identity information of the asset to be verified is true, so that the verification of the asset to be verified can be determined to be passed.
According to the technical scheme of the embodiment, the node verifies the qualification of the authentication center and the qualification of the service provider according to the acquired asset verification information, the asset to be verified is verified after the qualification of the authentication center and the qualification of the service provider are verified, the advantage that the asset to be verified is verified layer by layer when the asset to be verified is verified on line is utilized, the problems of low safety, instability and the like caused by single-layer verification only through a centralized interface provided by the service provider in the prior art are solved, and the stable, safe and effective asset verification service is realized.
On the basis of the above embodiment, each node may include a representative node for authenticating the target authentication center in addition to the node for verifying the asset to be verified.
Preferably, the node specifically includes: the representative node correspondingly further comprises the following steps of:
the representative node receives authentication application information periodically sent by a target authentication center;
and the representative node judges whether the qualification of the target authentication center is qualified or not according to the authentication application information and returns a corresponding judgment result.
Illustratively, each authentication center needs to initiate an authentication application to all nodes of the whole network when being online, and simultaneously sends authentication application information, so that all nodes (including a representative node) can authenticate the authentication center, optionally, the representative node can be a national supervision authority, and is used for performing supervision functions online and offline, if the representative node receives the authentication application initiated by the target authentication center, it is determined whether the qualification of the target authentication center is qualified according to the authentication application information sent by the representative node, the determination process can include online examination and/or offline examination, and the determination result is returned to the target authentication center to inform the target authentication center of the result, meanwhile, if the qualification application is successful, the target authentication center needs to initiate an authentication application periodically according to the validity period of the security certificate to perform qualification examination, and if the examination is successful, authentication eligibility continues to be preserved while the security credentials are updated.
Preferably, the authentication application information includes: the system comprises a target authentication center identifier, a target authentication center identifier signature, a target authentication center public key and target offline qualification data;
correspondingly, the representative node judges whether the qualification of the target authentication center is qualified according to the authentication application information, and the method specifically comprises the following steps:
the representative node verifies whether the offline resources of the target authentication center are qualified or not according to the target offline qualification data;
the representative node decrypts the target authentication center identifier signature by using the target authentication center public key and judges whether the decryption result is consistent with the target authentication center identifier;
and if the representative node determines that the offline resources of the target authentication center are qualified and the decryption result is consistent with the target authentication center identifier, judging that the qualification of the target authentication center is qualified.
Optionally, when the authentication center applies for uplink, the representative node may respectively audit the qualification of the target authentication center in combination with the offline and online resources and information, the offline resources may be audited manually, and the auditing process of the online information may refer to the verification process of the authentication center, which is not described herein again. For example, the qualification of the target authentication center can be determined only if the off-line and on-line examinations of the target authentication center pass; otherwise, determining that the qualification of the target authentication center is unqualified.
Example two
Fig. 2 is a schematic flowchart of authentication in an authentication center according to a second embodiment of the present invention. The method is applicable to the case of chaining by a certificate authority, and can be executed by a certificate authority authentication device, which can be composed of hardware and/or software and can be generally integrated in a certificate authority device with an authentication function, such as a server of a certificate authority. The method specifically comprises the following steps:
s210, the authentication center sends authentication application information to each node included in the network periodically, wherein the node includes a representative node and a miner node.
For example, each time the uplink authentication of the authentication center is successful, the security certificate of the authentication center is updated, and in order to ensure the security and reliability of the authentication center, authentication application information needs to be periodically sent to each node included in the whole network to periodically update the security certificate, thereby improving the reliability of the whole verification basis.
Optionally, the representative node in the nodes may be configured to authenticate the qualification of the authentication center, and the miner node in the nodes may be configured to package and write information to be stored into the block chain.
Preferably, the authentication application information includes: the authentication center identification, the authentication center identification signature, the authentication center public key and the offline qualification certification data; the authentication center identification signature is obtained by encrypting the authentication center identification by the authentication center by using an authentication center private key; the certification authority public key is matched with the certification authority private key.
Wherein, off-line qualification data (such as website information and the like) can be published to the network in a text and/or picture mode so as to facilitate the auditing of each node. Optionally, the authentication center may use an asymmetric encryption method, for example, an RSA encryption algorithm, to encrypt the authentication center identifier using the authentication center private key.
And S220, the authentication center receives qualification judgment results of the authentication center returned by the representative nodes, wherein after receiving the authentication application information, the representative nodes judge whether the qualification of the authentication center is qualified according to the authentication application information, and return corresponding judgment results.
Illustratively, when a representative node with supervision function in each node receives authentication application information sent by an authentication center, whether the qualification of a target authentication center is qualified or not can be judged according to the authentication application information, and a judgment result is returned to the target authentication center to inform the target authentication center of the verification result of the representative node, the authentication center can receive qualification judgment results of the authentication center returned by a plurality of representative nodes to determine whether the qualification is successfully authenticated or not according to the judgment results returned by the plurality of representative nodes, and the reliability of the authentication process of the authentication center can be improved by the multi-auditing mechanism.
And S230, if the certification center determines that the qualification of the certification center is qualified according to the representative nodes exceeding the preset proportion in the nodes, the certification center determines that the qualification certification is successful, and triggers at least one miner node to update the block chain according to the first special transaction information generated in the certification process of the certification center.
Wherein the first special transaction information includes: and the certification center of the certification center qualifies the verification information.
Optionally, the preset proportion may be 50%, that is, if more than 50% of the judgment results returned by each representative node received by the authentication center are all qualified, it may be determined that the qualification authentication of the authentication center is successful; otherwise, the authentication is unsuccessful. For example, after the certification authority successfully certifies, the certification authority and the data involved in the certification authority may be published to at least one mineworker node in the network, so as to trigger the mineworker node to use a series of data information generated in the certification authority as a special transaction, that is, to generate first special transaction information, which is written in the blockchain to update the data stored in the blockchain. Optionally, the qualification verification information of the authentication center included in the first special transaction information may be used to perform qualification verification on the authentication center and a service provider authenticated by the authentication center in an asset verification process.
According to the technical scheme of the embodiment, the authentication application information is periodically sent to each node in the network through the authentication center, the qualification judgment result of the authentication center returned by the representative node is received, if the representative node exceeding the preset proportion in each node is determined to judge that the qualification of the authentication center is qualified, the qualification authentication of the authentication center is determined to be successful, and at least one miner node is triggered to update the block chain according to the first special transaction information generated in the authentication process, so that the reliable uplink of the authentication center is realized, and the online trust basis is established for the whole asset information chain.
Based on the above embodiment, after the authentication center successfully enters the block chain, the authentication center can be used for authenticating the service provider in the uplink process of the service provider.
Preferably, the method further comprises the following steps:
the authentication center receives a service provider qualification certificate provided by a service provider;
the authentication center carries out qualification examination on the service provider according to the qualification certification of the service provider;
if the certification center determines that the qualification examination passes, the certification center distributes a service provider identifier for the service provider;
the authentication center receives a service provider identification and a service provider identification signature returned by a service provider, wherein the service provider encrypts the service provider identification by using a service provider private key after receiving the service provider identification to obtain a service provider identification signature, and returns the service provider identification and the service provider identification signature;
the authentication center encrypts the service mark identification and the service provider mark signature by using a private key of the authentication center to generate a service mark identification signature authentication center and then signs;
the authentication center publishes the service provider identification, the service provider identification signature authentication center re-signature and a service provider public key matched with the service provider private key to the whole network, and triggers at least one miner node to update a block chain according to second special transaction information generated in the authentication process of the service provider;
wherein the second special transaction information includes: the facilitator qualification verification information for the facilitator.
Optionally, the process of qualification audit of the service provider by the authentication center according to the qualification certification of the service provider can be performed through actual investigation under the line. For example, after combining the service provider identifier and the service provider identifier signature returned by the service provider in a default manner, the authentication center encrypts the combined information by using a private key of the authentication center, where the encryption manner may be asymmetric encryption, and specifically, for example, the encryption may be performed by using an RSA algorithm. For example, when the authentication center publishes information generated in the authentication process of the facilitator to the whole network, at least one miner node in the network may be triggered to write a series of data information generated in the authentication process of the facilitator as a special transaction, that is, to generate second special transaction information into the blockchain, so as to update data stored in the blockchain. Optionally, the facilitator qualification verification information of the facilitator included in the second special transaction information may be used to perform qualification verification on the facilitator and perform true and false verification on the asset authenticated by the facilitator in the asset verification process.
Preferably, the step of the authentication center allocating the service identifier to the service provider includes:
and the authentication center distributes the service provider identification for the service provider according to a preset format.
Optionally, the preset format may be to increase the number of significant digits of the facilitator identifier, for example, to increase the number of consecutive zeros after each facilitator identifier, so as to increase the difficulty of cracking and prevent a false facilitator from generating false service qualification using a brute force cracking method, thereby improving the security of the whole asset information chain.
EXAMPLE III
Fig. 3 is a schematic flowchart of a service provider authentication method according to a third embodiment of the present invention. The method is applicable to the uplink situation of the service provider, and can be executed by a service provider authentication device, which can be composed of hardware and/or software and can be generally integrated in service provider equipment with authentication function, such as a server of the service provider. The method specifically comprises the following steps:
and S310, the service provider provides the qualification certification of the service provider to the authentication center, wherein after the authentication center receives the qualification certification of the service provider, if the qualification examination of the service provider is determined to pass according to the qualification certification of the service provider, the service provider is allocated with a service provider identifier.
For example, after the certification center links, the service provider needs to link the assets, so as to add an endorsement mechanism to the asset linking process, thereby improving the security and reliability of the digital assets. Specifically, the uplink process of the service provider needs the authentication of the authentication center to enter the block chain, the service provider provides the qualification certification of the service provider to the authentication center in an online and/or offline mode, so that after the qualification certification is received by the authentication center, corresponding qualification examination can be performed, and if the authentication center passes the examination of the service provider, the service provider identifier can be distributed to the service provider.
S320, if the service provider receives the service provider identification distributed by the authentication center, the service provider private key is used for encrypting the service provider identification to obtain a service provider identification signature.
For example, after the authentication center assigns the service provider identifier to the service provider, the service provider needs to encrypt the service provider identifier, and the encryption manner may be asymmetric encryption, such as RSA algorithm encryption. The advantage of encrypting the service provider identification by using the service provider private key is that the service provider identification can be signed and endorsed by using the asymmetry between the service provider private key (namely, encryption key) and the service provider public key (namely, decryption key), and because the private key is not open to the outside, a pseudo service provider cannot acquire the encryption process, and cannot acquire the correct service provider identification and/or service provider identification signature according to the service provider public key, so that the pseudo service provider can be prevented from falsely acting as a true service provider during asset verification, and the reliability of the verification process is improved.
And S330, the service provider returns the service provider identification and the service provider identification signature to the authentication center.
The service provider returns the service provider identification and the service provider identification signature to the authentication center, so that the authentication center encrypts the service provider identification and the service provider identification signature by using a private key of the authentication center to generate a re-signature of the service provider identification signature authentication center, publishes the service provider identification, the service provider identification signature, the re-signature of the service provider identification signature authentication center and a service provider public key matched with a service provider private key to the whole network, and triggers at least one miner node to update a block chain according to second special transaction information generated in the authentication process of the service provider.
Wherein the second special transaction information includes: the facilitator qualification verification information for the facilitator.
According to the technical scheme of the embodiment, the service provider qualification certificate is provided for the authentication center in the process of chain certification by the service provider, the service provider identification distributed by the authentication center is encrypted when the service provider identification passes the authentication, the service provider identification signature is obtained, finally, the signature is returned to the authentication center to complete re-encryption of the authentication center, and at least one miner node is triggered to update second special transaction information generated in the authentication process to the block chain, so that reliable chain certification of the authentication center is realized, and online trust guarantee is further provided for the chain asset information.
Preferably, the method further comprises the following steps:
the service provider authenticates the product of the down-link assets;
if the service provider determines that the down-link asset authentication is successful, the service provider allocates an asset unique identifier for the down-link asset;
the service provider encrypts the asset unique identifier by using a service provider private key to obtain an asset unique identifier service provider signature;
the service provider publishes the asset unique identification and the asset unique identification service provider signature to the whole network, and triggers at least one miner node to update the block chain according to third special transaction information generated in the process of identifying the assets under the chain;
wherein the third special transaction information includes: asset authentication information for the down-link assets.
Optionally, the service provider may perform product authentication on the linked asset in an offline authentication manner. For example, the service provider may encrypt the asset unique identifier assigned to the certified linked asset by using a service provider private key, and the encryption may be asymmetric encryption, for example, an RSA algorithm may be used for encryption. For example, when the facilitator publishes the information generated during the authentication of the asset down-link to the entire network, at least one mineworker node in the network may be triggered to write a series of data information generated during the authentication of the asset down-link as a special transaction, that is, to generate third special transaction information into the blockchain, so as to update the data stored in the blockchain. Optionally, the asset authentication information of the linked asset included in the third special transaction information may be used for the final true-false verification of the asset in the asset verification process.
On the basis of the above embodiments, the embodiment of the present invention further provides an asset verification system, which may include a plurality of nodes, at least one authentication center, and at least one service provider, where the nodes may be configured to execute the block chain-based asset verification method in the embodiment of the present invention; the authentication center can be used for executing the authentication method of the authentication center in the embodiment of the invention; the server is used for executing the server authentication method in the embodiment of the invention. The system can execute the corresponding technical scheme of each method and can achieve the corresponding beneficial effect.
Example four
Fig. 4 is a schematic structural diagram of an asset verification apparatus based on a block chain according to a fourth embodiment of the present invention. The blockchain-based asset verification apparatus may be configured on a device of a network node, and referring to fig. 4, the blockchain-based asset verification apparatus includes: the verification information obtaining module 410, the central qualification verification module 420, the facilitator qualification verification module 430, and the to-be-verified asset verification module 440, which are described in detail below.
The verification information acquisition module 410 is configured to receive asset identity information of an asset to be verified, and acquire asset verification information matched with the asset identity information from a block chain;
wherein the asset validation information comprises: the certification center qualification verification information, the service provider qualification verification information and the asset authentication information; the qualification verification information of the authentication center is correspondingly updated after the authentication center completes authentication; the service provider qualification verification information is correspondingly updated after the service provider completes authentication; the asset authentication information is correspondingly updated after the asset is authenticated;
a central qualification verification module 420, configured to verify the qualification of the authentication center according to the certification verification information of the authentication center;
the facilitator qualification verification module 430 is used for verifying the qualification of the facilitator according to the qualification verification information of the authentication center and the facilitator qualification verification information if the qualification verification of the authentication center is passed;
and the to-be-verified asset verification module 440 is configured to verify the to-be-verified asset according to the facilitator qualification verification information and the asset authentication information if it is determined that the qualification verification of the facilitator passes.
The asset verification device based on the block chain provided by the embodiment verifies the qualification of the authentication center and the qualification of the service provider respectively through the node according to the acquired asset verification information, verifies the asset to be verified after the qualification of the authentication center and the qualification of the service provider are verified, utilizes the advantage of performing layer-by-layer verification during online verification of the asset to be verified, solves the problems of low safety, instability and the like caused by single-layer verification only through a centralized interface provided by the service provider in the prior art, and realizes stable, safe and effective asset verification service provision.
Optionally, the qualification verification information of the authentication center may include: the authentication center identification, the authentication center public key and the authentication center identification signature;
the facilitator qualification verification information may include: the server identifier, the server public key, the server identifier signature and the server identifier signature authentication center re-signature;
the asset authentication information may include: asset unique identification, asset unique identification facilitator signature.
Optionally, the central qualification verification module 420 may be specifically configured to:
decrypting the certificate authority identification signature by using the certificate authority public key;
and if the decryption result is consistent with the identification of the authentication center, determining that the qualification verification of the authentication center passes.
Optionally, the facilitator qualification verification module 430 may be specifically configured to:
decrypting the re-signature of the service mark identification and signature authentication center by using the public key of the authentication center;
after removing the service provider identification from the decryption result, carrying out re-decryption by using the service provider public key;
and if the re-decryption result obtained by re-decryption is consistent with the service provider identification, determining that the qualification verification of the service provider is passed.
Optionally, the to-be-verified asset verification module 440 may be specifically configured to:
decrypting the asset unique identification service provider signature by using the service provider public key;
and if the decryption result is consistent with the unique asset identification, determining that the asset to be verified passes the verification.
Optionally, the node specifically includes: the representative node, the asset verification device based on the block chain further comprises:
the application information receiving module is used for receiving authentication application information periodically sent by a target authentication center;
and the judgment result returning module is used for judging whether the qualification of the target authentication center is qualified or not according to the authentication application information and returning a corresponding judgment result.
Optionally, the authentication application information includes: the system comprises a target authentication center identifier, a target authentication center identifier signature, a target authentication center public key and target offline qualification data;
correspondingly, the judgment result returning module may be specifically configured to:
verifying whether the offline resources of the target authentication center are qualified or not according to the target offline qualification data;
decrypting the target authentication center identification signature by using the target authentication center public key, and judging whether the decryption result is consistent with the target authentication center identification;
and if the offline resources of the target authentication center are qualified and the decryption result is consistent with the target authentication center identification, judging that the qualification of the target authentication center is qualified.
The product can execute the asset verification method based on the block chain provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing the asset verification method based on the block chain.
EXAMPLE five
Fig. 5 is a schematic structural diagram of an authentication device of an authentication center according to a fifth embodiment of the present invention. The certificate authority can be configured on the equipment of the certificate authority, and referring to fig. 5, the certificate authority comprises: an application information sending module 510, a judgment result receiving module 520, and an authentication success determining module 530, which are described in detail below.
An application information sending module 510, configured to send authentication application information to each node included in a network periodically, where the node includes a representative node and a miner node;
a judgment result receiving module 520, configured to receive the qualification judgment result of the authentication center returned by each representative node, where after receiving the authentication application information, the representative node judges whether the qualification of the authentication center is qualified according to the authentication application information, and returns a corresponding judgment result;
an authentication success determining module 530, configured to determine that qualification authentication is successful if it is determined that the qualification of the authentication center is qualified by the representative node exceeding the preset proportion in each node, and trigger at least one miner node to update a block chain according to first special transaction information generated in the authentication process of the authentication center;
wherein the first special transaction information includes: and the certification center of the certification center qualifies the verification information.
The authentication center authentication device provided in this embodiment periodically sends authentication application information to each node in a network through an authentication center, and receives a qualification judgment result of the authentication center returned by a representative node, and if it is determined that the qualification of the authentication center is judged to be qualified by the representative node exceeding a preset proportion in each node, it is determined that the qualification authentication of the authentication center is successful, and at least one miner node is triggered to update a block chain according to first special transaction information generated in an authentication process, so that a reliable uplink of the authentication center is realized, and an online trust basis is established for the whole asset information chain.
Optionally, the authentication application information includes: the authentication center identification, the authentication center identification signature, the authentication center public key and the offline qualification certification data; the authentication center identification signature is obtained by encrypting the authentication center identification by the authentication center by using an authentication center private key; the certification authority public key is matched with the certification authority private key.
Optionally, the method further includes:
the qualification certification receiving module is used for receiving the service provider qualification certification provided by the service provider;
the service provider qualification examination module is used for carrying out qualification examination on the service provider according to the service provider qualification certification;
the service provider identifier distribution module is used for distributing service provider identifiers for service providers if the qualification examination is passed;
the identification signature receiving module is used for receiving the service provider identification and the service provider identification signature returned by the service provider, wherein the service provider encrypts the service provider identification by using a service provider private key after receiving the service provider identification to obtain the service provider identification signature, and returns the service provider identification and the service provider identification signature;
the signature generation module is used for encrypting the service mark identification and the service provider mark signature by using a private key of the authentication center to generate a service mark identification signature authentication center and then sign;
the service provider information publishing module is used for publishing a service provider identifier, a service provider identifier signature authentication center re-signature and a service provider public key matched with a service provider private key to the whole network and triggering at least one miner node to update a block chain according to second special transaction information generated in the authentication process of the service provider;
wherein the second special transaction information includes: the facilitator qualification verification information for the facilitator.
Optionally, the service identifier allocating module may be specifically configured to:
and distributing the service provider identification for the service provider according to a preset format.
The product can execute the authentication center authentication method provided by any embodiment of the invention, and has the corresponding functional module and beneficial effect of executing the authentication center authentication method.
EXAMPLE six
Fig. 6 is a schematic structural diagram of a service provider authentication apparatus according to a fifth embodiment of the present invention. The facilitator authentication apparatus may be configured on a facilitator's equipment, and referring to fig. 6, the facilitator authentication apparatus includes: a certification providing module 610, a service identifier encrypting module 620 and an identifier signature returning module 630, which are described in detail below.
The qualification certification providing module 610 is configured to provide a service provider qualification certification to the authentication center, where after the authentication center receives the service provider qualification certification, if the qualification certification of the service provider is determined to pass according to the service provider qualification certification, the service provider is assigned with a service provider identifier;
the server identifier encryption module 620 is configured to encrypt the server identifier with a server private key if the server identifier allocated by the authentication center is received, so as to obtain a server identifier signature;
the identification signature returning module 630 is configured to return the service provider identification and the service provider identification signature to the authentication center, so that the authentication center encrypts the service provider identification and the service provider identification signature by using the authentication center private key to generate a service provider identification signature authentication center re-signature, publish the service provider identification, the service provider identification signature authentication center re-signature, and a service provider public key matched with the service provider private key to the whole network, and trigger at least one miner node to update a block chain according to second special transaction information generated in the authentication process of the service provider;
wherein the second special transaction information includes: the facilitator qualification verification information for the facilitator.
The service provider authentication device provided in this embodiment provides a service provider qualification certificate to the authentication center in the process of uplink authentication by the service provider, encrypts the service provider identifier allocated by the authentication center when the service provider is authenticated, obtains a service provider identifier signature, returns the signature to the authentication center to complete re-encryption of the authentication center, and triggers at least one miner node to update second special transaction information generated in the authentication process to the block chain, thereby realizing reliable uplink of the authentication center and further providing online trust guarantee for the asset information on the chain.
Optionally, the method further includes:
the product authentication module is used for performing product authentication on the down-link assets;
the asset identification distribution module is used for distributing an asset unique identification for the down-link asset if the down-link asset authentication is determined to be successful;
the asset identification encryption module is used for encrypting the asset unique identification by using a service provider private key to obtain an asset unique identification service provider signature;
the asset information publishing module is used for publishing the asset unique identifier and the asset unique identifier service provider signature to the whole network and triggering at least one miner node to update the block chain according to third special transaction information generated in the process of identifying the assets under the chain;
wherein the third special transaction information includes: asset authentication information for the down-link assets.
The product can execute the service provider authentication method provided by any embodiment of the invention, and has the corresponding functional module and beneficial effect of executing the service provider authentication method.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments illustrated herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (17)
1. A block chain based asset verification method is characterized by comprising the following steps:
the node receives asset identity information of an asset to be verified, and acquires asset verification information matched with the asset identity information from a block chain;
wherein the asset validation information comprises: the certification center qualification verification information, the service provider qualification verification information and the asset authentication information; the qualification verification information of the authentication center is correspondingly updated after the authentication center completes authentication; the service provider qualification verification information is correspondingly updated after the service provider completes authentication; the asset authentication information is correspondingly updated after the asset is authenticated;
the node verifies the qualification of the authentication center according to the qualification verification information of the authentication center;
if the node determines that the qualification verification of the authentication center passes, verifying the qualification of the service provider according to the qualification verification information of the authentication center and the qualification verification information of the service provider;
and if the node determines that the qualification verification of the service provider passes, verifying the assets to be verified according to the qualification verification information of the service provider and the asset authentication information.
2. The blockchain-based asset verification method according to claim 1, wherein the certification authority qualification verification information includes: the authentication center identification, the authentication center public key and the authentication center identification signature;
the service provider qualification verification information comprises: the server identifier, the server public key, the server identifier signature and the server identifier signature authentication center re-signature;
the asset authentication information includes: asset unique identification, asset unique identification facilitator signature.
3. The method according to claim 2, wherein the node verifies the qualification of the certification center according to the certification center qualification verification information, comprising:
the node decrypts the certificate authority identification signature by using the certificate authority public key;
and if the node determines that the decryption result is consistent with the identification of the authentication center, determining that the qualification verification of the authentication center passes.
4. The blockchain-based asset verification method according to claim 2, wherein the node verifies the qualification of the facilitator according to the certification authority qualification verification information and the facilitator qualification verification information, including:
the node decrypts the re-signature of the service mark identification signature authentication center by using the public key of the authentication center;
the node removes the service provider identification from the decryption result, and then decrypts by using the service provider public key;
and if the node determines that the re-decryption result obtained by re-decryption is consistent with the service provider identification, determining that the qualification verification of the service provider passes.
5. The blockchain-based asset verification method according to claim 2, wherein the verifying the asset to be verified by the node according to the facilitator qualification verification information and the asset authentication information includes:
the node decrypts the asset unique identification service provider signature by using the service provider public key;
and if the node determines that the decryption result is consistent with the unique asset identification, determining that the asset to be verified passes the verification.
6. The blockchain-based asset validation method according to any one of claims 1 to 5, wherein the node specifically includes: a delegate node, the method further comprising:
the representative node receives authentication application information periodically sent by a target authentication center;
and the representative node judges whether the qualification of the target authentication center is qualified or not according to the authentication application information and returns a corresponding judgment result.
7. The method of claim 6, wherein the authentication application information comprises: the system comprises a target authentication center identifier, a target authentication center identifier signature, a target authentication center public key and target offline qualification data;
correspondingly, the step of judging whether the qualification of the target authentication center is qualified or not by the representative node according to the authentication application information specifically comprises the following steps:
the representative node verifies whether the offline resources of the target authentication center are qualified or not according to the target offline qualification data;
the representative node decrypts the target authentication center identification signature by using the target authentication center public key and judges whether the decryption result is consistent with the target authentication center identification;
and if the representative node determines that the offline resources of the target authentication center are qualified and the decryption result is consistent with the target authentication center identifier, judging that the qualification of the target authentication center is qualified.
8. A certification method of a certification center is characterized by comprising the following steps:
the authentication center sends authentication application information to each node included in the network periodically, wherein the node includes a representative node and a miner node;
the authentication center receives qualification judgment results of the authentication center returned by the representative nodes, wherein after receiving the authentication application information, the representative nodes judge whether the qualification of the authentication center is qualified according to the authentication application information and return corresponding judgment results;
if the authentication center determines that the qualification of the authentication center is qualified according to the representative nodes exceeding the preset proportion in the nodes, the authentication center determines that the qualification authentication is successful, and triggers at least one miner node to update the block chain according to first special transaction information generated in the authentication process of the authentication center;
wherein the first special transaction information comprises: and the certification center qualification verification information of the certification center.
9. The certificate authority authentication method according to claim 8, wherein the authentication application information includes: the authentication center identification, the authentication center identification signature, the authentication center public key and the offline qualification certification data; the authentication center identification signature is obtained by encrypting an authentication center identification by the authentication center by using an authentication center private key; and the certification center public key is matched with the certification center private key.
10. The certificate authority authentication method according to claim 9, further comprising:
the authentication center receives a service provider qualification certificate provided by a service provider;
the authentication center carries out qualification examination on the service provider according to the qualification certification of the service provider;
if the certification center determines that the qualification examination passes, the certification center distributes a service provider identifier to the service provider;
the authentication center receives the service mark identification and the service mark identification signature returned by the service provider, wherein the service provider encrypts the service mark identification by using a service provider private key after receiving the service provider identification to obtain the service mark identification signature, and returns the service mark identification and the service mark identification signature;
the authentication center encrypts the service provider identification and the service provider identification signature by using the authentication center private key to generate a service provider identification signature authentication center and then signs;
the authentication center publishes the service provider identification, the service provider identification signature authentication center re-signature and a service provider public key matched with the service provider private key to a whole network, and triggers at least one miner node to update a block chain according to second special transaction information generated in the authentication process of the service provider;
wherein the second special transaction information comprises: and the service provider qualification verification information of the service provider.
11. The certificate authority authentication method according to claim 10, wherein the certificate authority allocating a service identity to the service provider comprises:
and the authentication center distributes the service provider identification to the service provider according to a preset format.
12. A method for facilitator authentication, comprising:
the service provider provides a service provider qualification certificate to an authentication center, wherein after the authentication center receives the service provider qualification certificate, if the qualification examination of the service provider is determined to pass according to the service provider qualification certificate, a service provider identifier is distributed to the service provider;
if the service provider receives the service provider identification distributed by the authentication center, encrypting the service provider identification by using a service provider private key to obtain a service provider identification signature;
the service provider returns the service provider identification and the service provider identification signature to the authentication center so that the authentication center encrypts the service provider identification and the service provider identification signature by using an authentication center private key to generate a service provider identification signature authentication center re-signature, publishes the service provider identification, the service provider identification signature authentication center re-signature and a service provider public key matched with the service provider private key to the whole network, and triggers at least one miner node to update a block chain according to second special transaction information generated in the authentication process of the service provider;
wherein the second special transaction information comprises: and the service provider qualification verification information of the service provider.
13. The facilitator authentication method of claim 12, further comprising:
the service provider authenticates the product of the down-link assets;
if the service provider determines that the down-link asset authentication is successful, allocating an asset unique identifier for the down-link asset;
the service provider encrypts the asset unique identifier by using the service provider private key to obtain an asset unique identifier service provider signature;
the facilitator publishes the asset unique identification and the asset unique identification facilitator signature to the whole network, and triggers at least one miner node to update a block chain according to third special transaction information generated in the process of the asset authentication under the chain;
wherein the third special transaction information comprises: asset authentication information for the linked asset.
14. An asset verification device based on a blockchain, configured on a node apparatus, comprising:
the verification information acquisition module is used for receiving asset identity information of an asset to be verified and acquiring asset verification information matched with the asset identity information from a block chain;
wherein the asset validation information comprises: the certification center qualification verification information, the service provider qualification verification information and the asset authentication information; the qualification verification information of the authentication center is correspondingly updated after the authentication center completes authentication; the service provider qualification verification information is correspondingly updated after the service provider completes authentication; the asset authentication information is correspondingly updated after the asset is authenticated;
the central qualification verification module is used for verifying the qualification of the authentication center according to the qualification verification information of the authentication center;
the service provider qualification verification module is used for verifying the qualification of the service provider according to the qualification verification information of the authentication center and the qualification verification information of the service provider if the qualification verification of the authentication center is determined to pass;
and the to-be-verified asset verification module is used for verifying the to-be-verified asset according to the qualification verification information of the service provider and the asset authentication information if the qualification verification of the service provider is determined to pass.
15. An authentication apparatus of an authentication center, which is provided in a device of the authentication center, comprising:
the system comprises an application information sending module, a receiving module and a sending module, wherein the application information sending module is used for sending authentication application information to each node included in a network periodically, and the node includes a representative node and a miner node;
a judgment result receiving module, configured to receive a qualification judgment result of the authentication center returned by each representative node, where after receiving the authentication application information, the representative node judges whether the qualification of the authentication center is qualified according to the authentication application information, and returns a corresponding judgment result;
the authentication success determining module is used for determining that qualification authentication is successful and triggering at least one miner node to update a block chain according to first special transaction information generated in the authentication process of the authentication center if the representative node exceeding the preset proportion in the nodes is determined to judge that the qualification of the authentication center is qualified;
wherein the first special transaction information comprises: and the certification center qualification verification information of the certification center.
16. An facilitator authentication apparatus which is provided in a facilitator apparatus, comprising:
the qualification certification providing module is used for providing a service provider qualification certification for an authentication center, wherein after the authentication center receives the service provider qualification certification, if the qualification examination of the service provider is determined to pass according to the service provider qualification certification, a service provider identifier is distributed to the service provider;
the server identification encryption module is used for encrypting the server identification by using a server private key to obtain a server identification signature if the server identification distributed by the authentication center is received;
the identification signature returning module is used for returning the service provider identification and the service provider identification signature to the authentication center so that the authentication center encrypts the service provider identification and the service provider identification signature by using an authentication center private key to generate a service provider identification signature authentication center re-signature, publishes the service provider identification, the service provider identification signature authentication center re-signature and a service provider public key matched with the service provider private key to the whole network, and triggers at least one miner node to update a block chain according to second special transaction information generated in the authentication process of the service provider;
wherein the second special transaction information comprises: and the service provider qualification verification information of the service provider.
17. An asset verification system comprising a plurality of nodes, at least one certification center and at least one facilitator, wherein the nodes are configured to perform the blockchain-based asset verification method of any of claims 1-7; the certificate authority is used for executing the certificate authority certification method of any one of claims 8-11; the server is configured to perform the server authentication method of any one of claims 12-13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710951476.7A CN107742212B (en) | 2017-10-13 | 2017-10-13 | Asset verification method, device and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710951476.7A CN107742212B (en) | 2017-10-13 | 2017-10-13 | Asset verification method, device and system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107742212A CN107742212A (en) | 2018-02-27 |
| CN107742212B true CN107742212B (en) | 2021-01-01 |
Family
ID=61237577
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710951476.7A Active CN107742212B (en) | 2017-10-13 | 2017-10-13 | Asset verification method, device and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107742212B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109325018A (en) * | 2018-08-10 | 2019-02-12 | 山东超越数控电子股份有限公司 | A kind of data assets management method and device based on block number evidence and distributed account book technology |
| DE102018122997A1 (en) * | 2018-09-19 | 2020-03-19 | Infineon Technologies Ag | BLOCK CHAIN ENTITY, EXTERNAL CHAIN ENTITY, CERTIFICATION DEVICE FOR BLOCK CHAIN OPERATIONS AND METHOD FOR CARRYING OUT A COOPERATION BETWEEN A BLOCK CHAIN ENTITY AND AN EXTERNAL CHAIN ENTITY |
| CN111600716B (en) * | 2018-10-26 | 2023-09-29 | 创新先进技术有限公司 | Authentication method and device and electronic equipment |
| CN109409749A (en) * | 2018-10-30 | 2019-03-01 | 四川长虹电器股份有限公司 | A kind of IT assets management method based on block chain |
| CN111199404B (en) * | 2018-11-19 | 2024-03-05 | 同方威视科技江苏有限公司 | AEO qualification dynamic authentication system based on block chain and authentication method using same |
| CN109685665B (en) * | 2018-12-20 | 2020-09-29 | 姚前 | System and method for under-chain asset hosting transfer |
| CN109636391A (en) * | 2018-12-20 | 2019-04-16 | 姚前 | The confirmation method and system of assets under a kind of chain to trustship cochain |
| CN110033270A (en) * | 2019-03-21 | 2019-07-19 | 阿里巴巴集团控股有限公司 | Authentication information processing method, device and electronic equipment based on alliance's chain |
| CN110096903B (en) * | 2019-03-26 | 2021-04-30 | 罗克佳华科技集团股份有限公司 | Asset verification method based on block chain and block chain network system |
| CN110009499B (en) * | 2019-04-17 | 2021-05-11 | 北京八分量信息科技有限公司 | Transaction method and system based on block chain and hidden address |
| CN110245186B (en) * | 2019-05-21 | 2023-04-07 | 深圳壹账通智能科技有限公司 | Service processing method based on block chain and related equipment |
| CN111738726B (en) * | 2020-08-04 | 2020-11-20 | 卓尔智联(武汉)研究院有限公司 | Resource verification method and device based on block chain and computer equipment |
| CN114553515A (en) * | 2022-02-17 | 2022-05-27 | 支付宝(杭州)信息技术有限公司 | Block chain based NFT asset inspection method, service processing method and hardware |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160171622A1 (en) * | 2014-12-15 | 2016-06-16 | Loss of Use, Inc. | Insurance Asset Verification and Claims Processing System |
| CN105701372A (en) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | Block chain identity construction and verification method |
| CN106845960A (en) * | 2017-01-24 | 2017-06-13 | 上海亿账通区块链科技有限公司 | Method for secure transactions and system based on block chain |
| CN106972931A (en) * | 2017-02-22 | 2017-07-21 | 中国科学院数据与通信保护研究教育中心 | A kind of method of certificate transparence in PKI |
-
2017
- 2017-10-13 CN CN201710951476.7A patent/CN107742212B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160171622A1 (en) * | 2014-12-15 | 2016-06-16 | Loss of Use, Inc. | Insurance Asset Verification and Claims Processing System |
| CN105701372A (en) * | 2015-12-18 | 2016-06-22 | 布比(北京)网络技术有限公司 | Block chain identity construction and verification method |
| CN106845960A (en) * | 2017-01-24 | 2017-06-13 | 上海亿账通区块链科技有限公司 | Method for secure transactions and system based on block chain |
| CN106972931A (en) * | 2017-02-22 | 2017-07-21 | 中国科学院数据与通信保护研究教育中心 | A kind of method of certificate transparence in PKI |
Non-Patent Citations (2)
| Title |
|---|
| Blockchain Technologies: The Foreseeable Impact on Society and Industry;Tomaso Aste等;《Institute of Electrical and Electronics Engineers》;20170922;第18-28页 * |
| 区块链技术的金融行业应用前景及挑战;巴洁如;《金融理论与实践》;20170415;第109-112页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107742212A (en) | 2018-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107742212B (en) | Asset verification method, device and system based on block chain | |
| US11799668B2 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| CN107566116B (en) | Method and apparatus for digital asset weight registration | |
| CN110519260B (en) | Information processing method and information processing device | |
| CN106548345B (en) | Method and system for realizing block chain private key protection based on key partitioning | |
| CN101145906B (en) | Method and system for authenticating legality of receiving terminal in unidirectional network | |
| CN102271042B (en) | Certificate authorization method, system, universal serial bus (USB) Key equipment and server | |
| CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
| CN107171794A (en) | A kind of electronic document based on block chain and intelligent contract signs method | |
| CN106789090A (en) | Public key infrastructure system and semi-random participating certificate endorsement method based on block chain | |
| WO2018145127A1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| CN111224788B (en) | Electronic contract management method, device and system based on block chain | |
| CN109981255B (en) | Method and system for updating key pool | |
| WO2020038137A1 (en) | Two-dimensional code generation method, data processing method, apparatus, and server | |
| CN112565265B (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
| CN106790045A (en) | One kind is based on cloud environment distributed virtual machine broker architecture and data integrity support method | |
| CN111355591A (en) | Block chain account safety management method based on real-name authentication technology | |
| JP2010231404A (en) | System, method, and program for managing secret information | |
| CN113761578A (en) | Document true checking method based on block chain | |
| CN110492989A (en) | The processing method of private key, the medium of access method and corresponding method, device | |
| CN108418692B (en) | On-line writing method of authentication certificate | |
| CN112948894A (en) | Block chain-based anti-counterfeiting method, device, equipment and medium for tally inspection report | |
| KR20130100032A (en) | Method for distributting smartphone application by using code-signing scheme | |
| CN113872986B (en) | Power distribution terminal authentication method and device and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |